hiesenberg
-
Posts
44 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by hiesenberg
-
-
-
Kevin-
Here is a shot of the 2 folders in control panel, (file uploaded). So to clarify, there is no need to remove those entries b/c they are inactive. Got it! Thanks.
-
keviin:
I still have the following:
> 2 folders marked Network Connections, pretty sure there should only be one in the control panel
> the win-xp search tool, search companion, still opens an empty window not allowing search criteria to be entered
> the 2 registry changes do not stay deleted, (list below). they always come back on reboot. Is there a way to manually delete
these from within the reg editor? Thanks!
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED -
kevin-
that log is from before I deleted them, but I delete them over and over and still they reappear. are you saying that in spite of those registry entries constantly returning after each deletion that they are safe and are not actually affecting the registry..?
I ran the pc in clean boot for a short period and yes it was obvious that the svchost/taskbar issue seemed to be resolved but that is very similar to when I run it in safe mode. I won't be home for a couple of days, then I will run it for a longer while and slowly starting adding back services as you suggested.
your patience is very much appreciated. Thanks!!
-
kevin- that's fine, so those hooked drivers are safe and pose no threat. but what about the registry constantly changing..?
I think that's what has me worried the most. what/where is the source of what causes those entries to consistently reactivate
themselves? I believe there is something residing on this p/c that executes on reboot to make those changes.. are you saying that a non-ms service clash, if there is one, can cause those repeated registry changes..? i have deleted them over and over
to only watch them pop up again after rescanning. I'm off for holiday time here in the states! Happy Thanksgiving! (not sure you folks even know what that is)
RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : RICH [Admin rights]
Mode : Scan -- Date : 11/27/2013 00:39:28
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
[inline] EAT @explorer.exe (@Oledb@DBOBJECT_DOMAIN) : rtl70.bpl -> HOOKED (Unknown @ 0x33CFF34F)
[inline] EAT @explorer.exe (@Oledb@DBOBJECT_SCHEMA) : rtl70.bpl -> HOOKED (Unknown @ 0x33CFF33F)
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG SP1604N +++++
--- User ---
[MBR] 9c24779718baa28a177f1792c868d0f9
[bSP] 85f5c2091b2e329b4ea8d90f28511751 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 50225 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 102861360 | Size: 102399 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished :
-
kevin:
I'm not sure when I can complete that rather long task.. and we have a Holiday starting tomorrow so it might be a few days,
(please do not close my topic). I'm particularly interested to know what those 2 drivers are found by rogue kill:
¤¤¤ Driver : [LOADED] ¤¤¤
[inline] EAT @explorer.exe (@Oledb@DBOBJECT_DOMAIN) : rtl70.bpl -> HOOKED (Unknown @ 0x33CFF34F)
[inline] EAT @explorer.exe (@Oledb@DBOBJECT_SCHEMA) : rtl70.bpl -> HOOKED (Unknown @ 0x33CFF33F)are these harmless or how serious are they? They reappeared on the RK scan and when I tried to delete the pc froze. I will try again later. Thanks!
-
Kevin-
I ran it in a clean boot and it looks alot like running in safe mode, minimal processes... I did not see the svchost/tasbar
issue, it was inactive just like when I run the p/c in safemode. So I ran Rogue Killer and it found 6 new entries.
Please note, I also noticed that a previous RK log,(added at the bottom) correctly list my h-d as a Samsung but the
latest log does not identify it all...? and the 2nd Network Connection folder did not appear while in clean-boot status
but the internet does not connect either. the win search tool coming up blank is opened by clicking the start button, 2nd column on the right. hopefully this info will provide some new clues. you'll deserve a medal
if you can actually solve this one!! :-) Thanks!!
RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : RICH [Admin rights]
Mode : Scan -- Date : 11/25/2013 13:35:49
| ARK || FAK || MBR |
¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH][DLL] explorer.exe -- C:\Documents and Settings\Administrator\Desktop\zebranMalwarebytes' Anti-Malware\mbamext.dll [x] -> UNLOADED
¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\RunOnce : 4DF37C11-28CE-42CF-9F83-1D4723EEBDE8 (cmd.exe /C start /D "C:\DOCUME~1\RICH\LOCALS~1\Temp" /B 4DF37C11-28CE-42CF-9F83-1D4723EEBDE8.exe -activeimages -postboot [x][-][x]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
[inline] EAT @explorer.exe (@Oledb@DBOBJECT_DOMAIN) : rtl70.bpl -> HOOKED (Unknown @ 0x33CFF34F)
[inline] EAT @explorer.exe (@Oledb@DBOBJECT_SCHEMA) : rtl70.bpl -> HOOKED (Unknown @ 0x33CFF33F)
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ( @ ) +++++
--- User ---
[MBR] 9c24779718baa28a177f1792c868d0f9
[bSP] 85f5c2091b2e329b4ea8d90f28511751 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 50225 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 102861360 | Size: 102399 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_S_11252013_133549.txt >>
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX OLD RK LOG ADDED BELOW XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG SP1604N +++++
--- User ---
[MBR] 9c24779718baa28a177f1792c868d0f9
[bSP] 85f5c2091b2e329b4ea8d90f28511751 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 50225 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 102861360 | Size: 102399 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_D_08282013_132750.txt >>
RKreport[0]_S_08282013_132204.txt
-
I will able to run that first thing in the morning, not home now. Do you have any other scanner options to uncover deeply rooted infections? I just feel like we're hitting a wall and not making more progress. i'm guessing that this bug has evolved to were it is evading most av-scans we've run.
couple of new issues:
> 2 folders marked network connections in control panel, (there should only be one)
> win file search tool, comes up blank. no way to run a file search
I await your next steps
-
kevin- pretty sure those files are going to be clean. Iexplore is actually a mcaffe utility that I renamed.
> c:\windows\system32\drivers\lswd2yhn.sys belongs to this utility> Vba32 AntiRootkit driver, by VirusBlokAda Ltd.
> Iexplore.exe--McAfee Labs Rootkit Removerlet me know if you still want them removed.
-
kevin- just noticed, the winXP file search tool is no longer available, that window now comes up blank. Thanks!
ComboFix 13-11-22.01 - RICH 11/22/2013 17:10:44.8.1 - x86
Running from: c:\documents and settings\RICH\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\RICH\Desktop\CFScript.txt
.
FILE ::
"C:\Iexplore.exe.exe"
"c:\windows\system32\drivers\lswd2yhn.sys"
.
.
((((((((((((((((((((((((( Files Created from 2013-10-22 to 2013-11-22 )))))))))))))))))))))))))))))))
.
.
2013-11-21 20:19 . 2013-11-21 20:20 -------- dc-h--w- c:\windows\ie8
2013-11-21 20:13 . 2013-11-21 20:12 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2013-11-21 04:13 . 2013-11-21 04:13 -------- d-sh--w- c:\documents and settings\RICH\IECompatCache
2013-11-21 01:12 . 2013-11-21 16:48 -------- d-----w- c:\windows\system32\XPSViewer
2013-11-21 01:12 . 2013-11-21 01:12 -------- d-----w- c:\program files\MSBuild
2013-11-21 01:12 . 2013-11-21 01:12 -------- d-----w- c:\program files\Reference Assemblies
2013-11-21 01:11 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-11-21 01:10 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2013-11-21 01:10 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2013-11-21 01:10 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2013-11-21 01:10 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2013-11-21 01:10 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2013-11-21 01:10 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2013-11-21 01:10 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2013-11-21 01:10 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2013-11-21 01:10 . 2013-11-21 01:11 -------- d-----w- C:\5fb5562cc79d999f538320a3b6f889a1
2013-11-20 23:05 . 2013-11-20 23:05 -------- d-----w- c:\windows\Microsoft Antimalware
2013-11-20 20:28 . 2013-11-20 20:28 -------- d-----w- C:\27326b470d00a276235bd9c056b86c70
2013-11-20 20:19 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{543B7A6C-B61D-4C7A-94BA-D84BBD9C6BFE}\mpengine.dll
2013-11-19 17:13 . 2013-11-21 01:53 -------- d-----w- c:\windows\system32\MRT
2013-11-14 22:37 . 2013-11-14 22:37 -------- d-sh--w- c:\documents and settings\RICH\PrivacIE
2013-11-13 14:10 . 2013-10-14 06:39 7796464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-13 00:06 . 2013-10-13 07:25 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-11-12 18:29 . 2013-06-12 18:10 31848 ----a-w- c:\windows\system32\drivers\DasPtct.SYS
2013-10-31 23:44 . 2013-10-31 23:44 -------- d-----w- C:\FRST
2013-10-31 20:43 . 2013-10-31 20:43 35904 ----a-w- c:\windows\system32\drivers\lswd2yhn.sys
2013-10-31 20:01 . 2013-10-31 20:01 782640 ----a-w- C:\Iexplore.exe.exe
2013-10-28 16:18 . 2013-11-20 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-18 07:25 . 2013-10-04 04:13 47064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-10-31 19:59 . 2013-10-31 19:59 1472131 ----a-w- C:\vba32arkit.zip
2013-10-19 07:33 . 2013-10-19 07:33 30976 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-10-18 05:11 . 2013-10-23 01:12 24064 ----a-w- c:\windows\zoek-delete.exe
2013-10-12 15:56 . 2008-04-14 12:00 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2008-04-14 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2008-04-14 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14 . 2013-04-19 21:58 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-01 23:31 . 2013-10-01 23:32 1207928 ----a-w- c:\program files\rc-installer.exe
2013-09-27 14:53 . 2013-01-20 19:59 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-19 07:54 . 2013-09-19 07:40 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-09-17 15:26 . 2013-09-17 15:26 325960 ----a-w- c:\program files\lua5.1.dll
2013-09-04 03:02 . 2013-07-19 00:22 1966080 ----a-w- c:\program files\Repair_Windows.exe
2013-08-29 01:31 . 2008-04-14 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-04-19 22:40 . 2013-04-19 22:40 11091432 ----a-w- c:\program files\MSEInstall.exe
2013-03-25 03:24 . 2013-03-25 03:24 2483904 ----a-w- c:\program files\Procmon.exe
2011-03-08 17:54 . 2013-07-19 00:22 229376 ----a-w- c:\program files\pcwintech_tabs.ocx
2009-03-24 19:52 . 2013-07-19 00:22 1069376 ----a-w- c:\program files\MSCOMCTL.OCX
2009-03-24 19:52 . 2013-07-19 00:22 136008 ----a-w- c:\program files\msinet.ocx
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-04-12 49152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\40286280.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\65300409.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\80392994.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\86660297.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"AlcxMonitor"=ALCXMNTR.EXE
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" -hide -runkey
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-10 45288]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-10-19 30976]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-11-27 594048]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2013-04-16 01:09]
.
2013-11-22 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 20:01]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\RICH\Application Data\Mozilla\Firefox\Profiles\ud60wonb.default\
FF - ExtSQL: 2013-11-20 20:15; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-22 17:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1388)
c:\windows\system32\ieframe.dll
c:\windows\System32\OneX.DLL
c:\windows\System32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-11-22 17:22:47
ComboFix-quarantined-files.txt 2013-11-22 22:22
ComboFix2.txt 2013-11-22 18:14
.
Pre-Run: 91,163,914,240 bytes free
Post-Run: 91,117,903,872 bytes free
.
- - End Of File - - 5FA2572DC48D59076759FCC2A6721310
8F558EB6672622401DA993E1E865C861
-
kevin,
ran a fresh download of Combofix in normal mode. during the scan it gave me an error that "PEV.EXE encountered a problem", but it finished scanning with no other issues. yesterday while testing, I let the pc run win-updates.
ComboFix 13-11-22.01 - RICH 11/22/2013 12:48:13.7.1 - x86
Running from: c:\documents and settings\RICH\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-10-22 to 2013-11-22 )))))))))))))))))))))))))))))))
.
.
2013-11-21 20:19 . 2013-11-21 20:20 -------- dc-h--w- c:\windows\ie8
2013-11-21 20:13 . 2013-11-21 20:12 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2013-11-21 04:13 . 2013-11-21 04:13 -------- d-sh--w- c:\documents and settings\RICH\IECompatCache
2013-11-21 01:12 . 2013-11-21 16:48 -------- d-----w- c:\windows\system32\XPSViewer
2013-11-21 01:12 . 2013-11-21 01:12 -------- d-----w- c:\program files\MSBuild
2013-11-21 01:12 . 2013-11-21 01:12 -------- d-----w- c:\program files\Reference Assemblies
2013-11-21 01:11 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-11-21 01:10 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2013-11-21 01:10 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2013-11-21 01:10 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2013-11-21 01:10 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2013-11-21 01:10 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2013-11-21 01:10 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2013-11-21 01:10 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2013-11-21 01:10 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2013-11-21 01:10 . 2013-11-21 01:11 -------- d-----w- C:\5fb5562cc79d999f538320a3b6f889a1
2013-11-20 23:05 . 2013-11-20 23:05 -------- d-----w- c:\windows\Microsoft Antimalware
2013-11-20 20:28 . 2013-11-20 20:28 -------- d-----w- C:\27326b470d00a276235bd9c056b86c70
2013-11-20 20:19 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{543B7A6C-B61D-4C7A-94BA-D84BBD9C6BFE}\mpengine.dll
2013-11-19 17:13 . 2013-11-21 01:53 -------- d-----w- c:\windows\system32\MRT
2013-11-14 22:37 . 2013-11-14 22:37 -------- d-sh--w- c:\documents and settings\RICH\PrivacIE
2013-11-13 14:10 . 2013-10-14 06:39 7796464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-13 00:06 . 2013-10-13 07:25 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-11-12 18:29 . 2013-06-12 18:10 31848 ----a-w- c:\windows\system32\drivers\DasPtct.SYS
2013-10-31 23:44 . 2013-10-31 23:44 -------- d-----w- C:\FRST
2013-10-31 20:43 . 2013-10-31 20:43 35904 ----a-w- c:\windows\system32\drivers\lswd2yhn.sys
2013-10-31 20:01 . 2013-10-31 20:01 782640 ----a-w- C:\Iexplore.exe.exe
2013-10-28 16:18 . 2013-11-20 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-18 07:25 . 2013-10-04 04:13 47064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-10-31 19:59 . 2013-10-31 19:59 1472131 ----a-w- C:\vba32arkit.zip
2013-10-19 07:33 . 2013-10-19 07:33 30976 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-10-18 05:11 . 2013-10-23 01:12 24064 ----a-w- c:\windows\zoek-delete.exe
2013-10-12 15:56 . 2008-04-14 12:00 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2008-04-14 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2008-04-14 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14 . 2013-04-19 21:58 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-01 23:31 . 2013-10-01 23:32 1207928 ----a-w- c:\program files\rc-installer.exe
2013-09-27 14:53 . 2013-01-20 19:59 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-19 07:54 . 2013-09-19 07:40 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-09-17 15:26 . 2013-09-17 15:26 325960 ----a-w- c:\program files\lua5.1.dll
2013-09-04 03:02 . 2013-07-19 00:22 1966080 ----a-w- c:\program files\Repair_Windows.exe
2013-08-29 01:31 . 2008-04-14 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-04-19 22:40 . 2013-04-19 22:40 11091432 ----a-w- c:\program files\MSEInstall.exe
2013-03-25 03:24 . 2013-03-25 03:24 2483904 ----a-w- c:\program files\Procmon.exe
2011-03-08 17:54 . 2013-07-19 00:22 229376 ----a-w- c:\program files\pcwintech_tabs.ocx
2009-03-24 19:52 . 2013-07-19 00:22 1069376 ----a-w- c:\program files\MSCOMCTL.OCX
2009-03-24 19:52 . 2013-07-19 00:22 136008 ----a-w- c:\program files\msinet.ocx
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-04-12 49152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\40286280.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\65300409.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\80392994.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\86660297.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"AlcxMonitor"=ALCXMNTR.EXE
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" -hide -runkey
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-10 45288]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-10-19 30976]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-11-27 594048]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2013-04-16 01:09]
.
2013-11-22 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 20:01]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\RICH\Application Data\Mozilla\Firefox\Profiles\ud60wonb.default\
FF - ExtSQL: 2013-11-20 20:15; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-22 13:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(160)
c:\windows\System32\OneX.DLL
c:\windows\System32\eappprxy.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-11-22 13:14:37
ComboFix-quarantined-files.txt 2013-11-22 18:14
.
Pre-Run: 91,164,995,584 bytes free
Post-Run: 91,201,699,840 bytes free
.
- - End Of File - - E0A5E85F14D9C90DA3FF0DF7ADD3023F
8F558EB6672622401DA993E1E865C861 -
kevin-
I also found this, "https //$talisma_url$" within my list of IE trusted sites. hopefully this is somewhat of a clue as to what the hell we're fighting here.
-
thanks for hanging in there. great admiration for your persistence!
Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 11/21/2013 03:33:52 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* C:\WINDOWS\System32\ws2_32.dll : 82,432 : 04/14/2008 07:00 AM : 2ccc474eb85ceaa3e1fa1726580a3e5a [NoSig]
+-> C:\WINDOWS\erdnt\cache\ws2_32.dll : 82,432 : 04/14/2008 07:00 AM : 2ccc474eb85ceaa3e1fa1726580a3e5a [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ws2_32.dll : 82,432 : 04/14/2008 07:00 AM : 2ccc474eb85ceaa3e1fa1726580a3e5a [Pos Repl]
* C:\WINDOWS\System32\ws2help.dll : 19,968 : 04/14/2008 07:00 AM : 9789e95e1d88eeb4b922bf3ea7779c28 [NoSig]
+-> C:\WINDOWS\erdnt\cache\ws2help.dll : 19,968 : 04/14/2008 07:00 AM : 9789e95e1d88eeb4b922bf3ea7779c28 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ws2help.dll : 19,968 : 04/14/2008 07:00 AM : 9789e95e1d88eeb4b922bf3ea7779c28 [Pos Repl]
* C:\WINDOWS\System32\wscntfy.exe : 13,824 : 04/14/2008 07:00 AM : f92e1076c42fcd6db3d72d8cfe9816d5 [NoSig]
+-> C:\WINDOWS\erdnt\cache\wscntfy.exe : 13,824 : 04/14/2008 07:00 AM : f92e1076c42fcd6db3d72d8cfe9816d5 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\wscntfy.exe : 13,824 : 04/14/2008 07:00 AM : f92e1076c42fcd6db3d72d8cfe9816d5 [Pos Repl]
* C:\WINDOWS\System32\xmlprov.dll : 129,024 : 04/14/2008 07:00 AM : 295d21f14c335b53cb8154e5b1f892b9 [NoSig]
+-> C:\WINDOWS\erdnt\cache\xmlprov.dll : 129,024 : 04/14/2008 07:00 AM : 295d21f14c335b53cb8154e5b1f892b9 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\xmlprov.dll : 129,024 : 04/14/2008 07:00 AM : 295d21f14c335b53cb8154e5b1f892b9 [Pos Repl]
* C:\WINDOWS\explorer.exe : 1,033,728 : 04/14/2008 07:00 AM : 12896823fb95bfb3dc9b46bcaedc9923 [NoSig]
+-> C:\WINDOWS\erdnt\cache\explorer.exe : 1,033,728 : 04/14/2008 07:00 AM : 12896823fb95bfb3dc9b46bcaedc9923 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\explorer.exe : 1,033,728 : 04/14/2008 07:00 AM : 12896823fb95bfb3dc9b46bcaedc9923 [Pos Repl]
* C:\WINDOWS\System32\drivers\acpiec.sys : 11,648 : 04/14/2008 07:00 AM : 9859c0f6936e723e4892d7141b1327d5 [NoSig]
+-> C:\WINDOWS\erdnt\cache\acpiec.sys : 11,648 : 04/14/2008 07:00 AM : 9859c0f6936e723e4892d7141b1327d5 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\acpiec.sys : 11,648 : 04/14/2008 07:00 AM : 9859c0f6936e723e4892d7141b1327d5 [Pos Repl]
* C:\WINDOWS\System32\drivers\acpi.sys : 187,776 : 04/14/2008 07:00 AM : 8fd99680a539792a30e97944fdaecf17 [NoSig]
+-> C:\WINDOWS\system32\dllcache\acpi.sys : 187,776 : 04/14/2008 07:00 AM : 8fd99680a539792a30e97944fdaecf17 [Pos Repl]
* C:\WINDOWS\System32\drivers\aec.sys : 142,592 : 04/14/2008 07:00 AM : 8bed39e3c35d6a489438b8141717a557 [NoSig]
+-> C:\WINDOWS\erdnt\cache\aec.sys : 142,592 : 04/14/2008 07:00 AM : 8bed39e3c35d6a489438b8141717a557 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\aec.sys : 142,592 : 04/14/2008 07:00 AM : 8bed39e3c35d6a489438b8141717a557 [Pos Repl]
* C:\WINDOWS\System32\drivers\afd.sys : 138,496 : 08/17/2011 08:49 AM : 1e44bc1e83d8fd2305f8d452db109cf9 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys : 138,496 : 10/16/2008 10:07 AM : 38d7b715504da4741df35e3594fe2099 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys : 138,496 : 08/17/2011 08:41 AM : f6b7b1ecd7b41736bdb6ff4b092bcb79 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2509553$\afd.sys : 138,112 : 04/14/2008 07:00 AM : 322d0e36693d6e24a2398bee62a268cd [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2592799$\afd.sys : 138,496 : 10/16/2008 09:43 AM : 7618d5218f2a614672ec61a80d854a37 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\afd.sys : 138,496 : 08/17/2011 08:49 AM : 1e44bc1e83d8fd2305f8d452db109cf9 [Pos Repl]
* C:\WINDOWS\System32\drivers\agp440.sys : 42,368 : 04/14/2008 07:00 AM : 08fd04aa961bdc77fb983f328334e3d7 [NoSig]
+-> C:\WINDOWS\erdnt\cache\agp440.sys : 42,368 : 04/14/2008 07:00 AM : 08fd04aa961bdc77fb983f328334e3d7 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\agp440.sys : 42,368 : 04/14/2008 07:00 AM : 08fd04aa961bdc77fb983f328334e3d7 [Pos Repl]
* C:\WINDOWS\System32\drivers\amdk6.sys : 37,376 : 04/14/2008 07:00 AM : d7701d7e72243286cc88c9973d891057 [NoSig]
+-> C:\WINDOWS\system32\dllcache\amdk6.sys : 37,376 : 04/14/2008 07:00 AM : d7701d7e72243286cc88c9973d891057 [Pos Repl]
* C:\WINDOWS\System32\drivers\amdk7.sys : 37,760 : 04/14/2008 07:00 AM : 8fce268cdbdd83b23419d1f35f42c7b1 [NoSig]
+-> C:\WINDOWS\system32\dllcache\amdk7.sys : 37,760 : 04/14/2008 07:00 AM : 8fce268cdbdd83b23419d1f35f42c7b1 [Pos Repl]
* C:\WINDOWS\System32\drivers\arp1394.sys : 60,800 : 04/14/2008 07:00 AM : b5b8a80875c1dededa8b02765642c32f [NoSig]
+-> C:\WINDOWS\system32\dllcache\arp1394.sys : 60,800 : 04/14/2008 07:00 AM : b5b8a80875c1dededa8b02765642c32f [Pos Repl]
* C:\WINDOWS\System32\drivers\asyncmac.sys : 14,336 : 04/14/2008 07:00 AM : b153affac761e7f5fcfa822b9c4e97bc [NoSig]
+-> C:\WINDOWS\erdnt\cache\asyncmac.sys : 14,336 : 04/14/2008 07:00 AM : b153affac761e7f5fcfa822b9c4e97bc [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\asyncmac.sys : 14,336 : 04/14/2008 07:00 AM : b153affac761e7f5fcfa822b9c4e97bc [Pos Repl]
* C:\WINDOWS\System32\drivers\atapi.sys : 96,512 : 04/14/2008 07:00 AM : 9f3a2f5aa6875c72bf062c712cfa2674 [NoSig]
+-> C:\WINDOWS\erdnt\cache\atapi.sys : 96,512 : 04/14/2008 07:00 AM : 9f3a2f5aa6875c72bf062c712cfa2674 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\atapi.sys : 96,512 : 04/14/2008 07:00 AM : 9f3a2f5aa6875c72bf062c712cfa2674 [Pos Repl]
* C:\WINDOWS\System32\drivers\audstub.sys : 3,072 : 08/17/2001 08:59 AM : d9f724aa26c010a217c97606b160ed68 [NoSig]
+-> C:\WINDOWS\system32\dllcache\audstub.sys : 3,072 : 08/17/2001 08:59 AM : d9f724aa26c010a217c97606b160ed68 [Pos Repl]
* C:\WINDOWS\System32\drivers\beep.sys : 4,224 : 04/14/2008 07:00 AM : da1f27d85e0d1525f6621372e7b685e9 [NoSig]
+-> C:\WINDOWS\erdnt\cache\beep.sys : 4,224 : 04/14/2008 07:00 AM : da1f27d85e0d1525f6621372e7b685e9 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\beep.sys : 4,224 : 04/14/2008 07:00 AM : da1f27d85e0d1525f6621372e7b685e9 [Pos Repl]
* C:\WINDOWS\System32\drivers\bridge.sys : 71,552 : 04/14/2008 07:00 AM : f934d1b230f84e1d19dd00ac5a7a83ed [NoSig]
+-> C:\WINDOWS\system32\dllcache\bridge.sys : 71,552 : 04/14/2008 07:00 AM : f934d1b230f84e1d19dd00ac5a7a83ed [Pos Repl]
* C:\WINDOWS\System32\drivers\bthport.sys : 272,128 : 06/13/2008 06:05 AM : 662bfd909447dd9cc15b1a1c366583b4 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys : 272,128 : 06/13/2008 06:27 AM : 51d05d5a8a7d93ab0b1a8d6a38db3ca4 [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\bthport.sys : 272,128 : 06/13/2008 06:05 AM : 662bfd909447dd9cc15b1a1c366583b4 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\bthport.sys : 272,128 : 06/13/2008 06:05 AM : 662bfd909447dd9cc15b1a1c366583b4 [Pos Repl]
* C:\WINDOWS\System32\drivers\cbidf2k.sys : 13,952 : 04/14/2008 07:00 AM : 90a673fc8e12a79afbed2576f6a7aaf9 [NoSig]
+-> C:\WINDOWS\system32\dllcache\cbidf2k.sys : 13,952 : 04/14/2008 07:00 AM : 90a673fc8e12a79afbed2576f6a7aaf9 [Pos Repl]
* C:\WINDOWS\System32\drivers\cdaudio.sys : 18,688 : 04/14/2008 07:00 AM : c1b486a7658353d33a10cc15211a873b [NoSig]
+-> C:\WINDOWS\system32\dllcache\cdaudio.sys : 18,688 : 04/14/2008 07:00 AM : c1b486a7658353d33a10cc15211a873b [Pos Repl]
* C:\WINDOWS\System32\drivers\cdfs.sys : 63,744 : 04/14/2008 07:00 AM : c885b02847f5d2fd45a24e219ed93b32 [NoSig]
+-> C:\WINDOWS\system32\dllcache\cdfs.sys : 63,744 : 04/14/2008 07:00 AM : c885b02847f5d2fd45a24e219ed93b32 [Pos Repl]
* C:\WINDOWS\System32\drivers\cdrom.sys : 62,976 : 04/14/2008 07:00 AM : 1f4260cc5b42272d71f79e570a27a4fe [NoSig]
+-> C:\WINDOWS\system32\dllcache\cdrom.sys : 62,976 : 04/14/2008 07:00 AM : 1f4260cc5b42272d71f79e570a27a4fe [Pos Repl]
* C:\WINDOWS\System32\drivers\classpnp.sys : 49,536 : 04/14/2008 07:00 AM : fe47dd8fe6d7768ff94ebec6c74b2719 [NoSig]
+-> C:\WINDOWS\system32\dllcache\classpnp.sys : 49,536 : 04/14/2008 07:00 AM : fe47dd8fe6d7768ff94ebec6c74b2719 [Pos Repl]
* C:\WINDOWS\System32\drivers\cpqdap01.sys : 11,776 : 04/14/2008 07:00 AM : 9624293e55ad405415862b504ca95b73 [NoSig]
+-> C:\WINDOWS\system32\dllcache\cpqdap01.sys : 11,776 : 04/14/2008 07:00 AM : 9624293e55ad405415862b504ca95b73 [Pos Repl]
* C:\WINDOWS\System32\drivers\crusoe.sys : 36,736 : 04/14/2008 07:00 AM : f50d9bdbb25cce075e514dc07472a22f [NoSig]
+-> C:\WINDOWS\system32\dllcache\crusoe.sys : 36,736 : 04/14/2008 07:00 AM : f50d9bdbb25cce075e514dc07472a22f [Pos Repl]
* C:\WINDOWS\System32\drivers\diskdump.sys : 14,208 : 04/14/2008 07:00 AM : e65e2353a5d74ea89971cb918eeeb2f6 [NoSig]
+-> C:\WINDOWS\system32\dllcache\diskdump.sys : 14,208 : 04/14/2008 07:00 AM : e65e2353a5d74ea89971cb918eeeb2f6 [Pos Repl]
* C:\WINDOWS\System32\drivers\disk.sys : 36,352 : 04/14/2008 07:00 AM : 044452051f3e02e7963599fc8f4f3e25 [NoSig]
+-> C:\WINDOWS\system32\dllcache\disk.sys : 36,352 : 04/14/2008 07:00 AM : 044452051f3e02e7963599fc8f4f3e25 [Pos Repl]
* C:\WINDOWS\System32\drivers\dmboot.sys : 799,744 : 04/14/2008 07:00 AM : d992fe1274bde0f84ad826acae022a41 [NoSig]
+-> C:\WINDOWS\system32\dllcache\dmboot.sys : 799,744 : 04/14/2008 07:00 AM : d992fe1274bde0f84ad826acae022a41 [Pos Repl]
* C:\WINDOWS\System32\drivers\dmio.sys : 153,344 : 04/14/2008 07:00 AM : 7c824cf7bbde77d95c08005717a95f6f [NoSig]
+-> C:\WINDOWS\system32\dllcache\dmio.sys : 153,344 : 04/14/2008 07:00 AM : 7c824cf7bbde77d95c08005717a95f6f [Pos Repl]
* C:\WINDOWS\System32\drivers\dmload.sys : 5,888 : 04/14/2008 07:00 AM : e9317282a63ca4d188c0df5e09c6ac5f [NoSig]
+-> C:\WINDOWS\system32\dllcache\dmload.sys : 5,888 : 04/14/2008 07:00 AM : e9317282a63ca4d188c0df5e09c6ac5f [Pos Repl]
* C:\WINDOWS\System32\drivers\DMusic.sys : 52,864 : 04/13/2008 11:15 PM : 8a208dfcf89792a484e76c40e5f50b45 [NoSig]
+-> C:\WINDOWS\system32\dllcache\dmusic.sys : 52,864 : 04/13/2008 11:15 PM : 8a208dfcf89792a484e76c40e5f50b45 [Pos Repl]
* C:\WINDOWS\System32\drivers\drmkaud.sys : 2,944 : 04/14/2008 07:00 AM : 8f5fcff8e8848afac920905fbd9d33c8 [NoSig]
+-> C:\WINDOWS\system32\dllcache\drmkaud.sys : 2,944 : 04/14/2008 07:00 AM : 8f5fcff8e8848afac920905fbd9d33c8 [Pos Repl]
* C:\WINDOWS\System32\drivers\drmk.sys : 60,160 : 04/13/2008 11:15 PM : 6cb08593487f5701d2d2254e693eafce [NoSig]
+-> C:\WINDOWS\system32\dllcache\drmk.sys : 60,160 : 04/13/2008 11:15 PM : 6cb08593487f5701d2d2254e693eafce [Pos Repl]
* C:\WINDOWS\System32\drivers\dxapi.sys : 10,496 : 04/14/2008 07:00 AM : fe97d0343acfdebdd578fc67cc91fa87 [NoSig]
+-> C:\WINDOWS\system32\dllcache\dxapi.sys : 10,496 : 04/14/2008 07:00 AM : fe97d0343acfdebdd578fc67cc91fa87 [Pos Repl]
* C:\WINDOWS\System32\drivers\dxg.sys : 71,168 : 04/14/2008 07:00 AM : ac7280566a7bb85cb3291f04ddc1198e [NoSig]
+-> C:\WINDOWS\system32\dllcache\dxg.sys : 71,168 : 04/14/2008 07:00 AM : ac7280566a7bb85cb3291f04ddc1198e [Pos Repl]
* C:\WINDOWS\System32\drivers\dxgthk.sys : 3,328 : 04/14/2008 07:00 AM : a73f5d6705b1d820c19b18782e176efd [NoSig]
+-> C:\WINDOWS\system32\dllcache\dxgthk.sys : 3,328 : 04/14/2008 07:00 AM : a73f5d6705b1d820c19b18782e176efd [Pos Repl]
* C:\WINDOWS\System32\drivers\fastfat.sys : 143,744 : 04/14/2008 07:00 AM : 38d332a6d56af32635675f132548343e [NoSig]
+-> C:\WINDOWS\system32\dllcache\fastfat.sys : 143,744 : 04/14/2008 07:00 AM : 38d332a6d56af32635675f132548343e [Pos Repl]
* C:\WINDOWS\System32\drivers\fdc.sys : 27,392 : 04/14/2008 07:00 AM : 92cdd60b6730b9f50f6a1a0c1f8cdc81 [NoSig]
+-> C:\WINDOWS\system32\dllcache\fdc.sys : 27,392 : 04/14/2008 07:00 AM : 92cdd60b6730b9f50f6a1a0c1f8cdc81 [Pos Repl]
* C:\WINDOWS\System32\drivers\fips.sys : 44,544 : 04/14/2008 07:00 AM : d45926117eb9fa946a6af572fbe1caa3 [NoSig]
+-> C:\WINDOWS\system32\dllcache\fips.sys : 44,544 : 04/14/2008 07:00 AM : d45926117eb9fa946a6af572fbe1caa3 [Pos Repl]
* C:\WINDOWS\System32\drivers\flpydisk.sys : 20,480 : 04/14/2008 07:00 AM : 9d27e7b80bfcdf1cdd9b555862d5e7f0 [NoSig]
+-> C:\WINDOWS\system32\dllcache\flpydisk.sys : 20,480 : 04/14/2008 07:00 AM : 9d27e7b80bfcdf1cdd9b555862d5e7f0 [Pos Repl]
* C:\WINDOWS\System32\drivers\fltMgr.sys : 129,792 : 04/14/2008 07:00 AM : b2cf4b0786f8212cb92ed2b50c6db6b0 [NoSig]
+-> C:\WINDOWS\system32\dllcache\fltmgr.sys : 129,792 : 04/14/2008 07:00 AM : b2cf4b0786f8212cb92ed2b50c6db6b0 [Pos Repl]
* C:\WINDOWS\System32\drivers\fs_rec.sys : 7,936 : 04/14/2008 07:00 AM : 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a [NoSig]
+-> C:\WINDOWS\system32\dllcache\fs_rec.sys : 7,936 : 04/14/2008 07:00 AM : 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a [Pos Repl]
* C:\WINDOWS\System32\drivers\fsvga.sys : 12,160 : 04/14/2008 07:00 AM : 455f778ee14368468560bd7cb8c854d0 [NoSig]
+-> C:\WINDOWS\system32\dllcache\fsvga.sys : 12,160 : 04/14/2008 07:00 AM : 455f778ee14368468560bd7cb8c854d0 [Pos Repl]
* C:\WINDOWS\System32\drivers\ftdisk.sys : 125,056 : 04/14/2008 07:00 AM : 6ac26732762483366c3969c9e4d2259d [NoSig]
+-> C:\WINDOWS\system32\dllcache\ftdisk.sys : 125,056 : 04/14/2008 07:00 AM : 6ac26732762483366c3969c9e4d2259d [Pos Repl]
* C:\WINDOWS\System32\drivers\hidclass.sys : 36,864 : 04/14/2008 07:00 AM : 1af592532532a402ed7c060f6954004f [NoSig]
+-> C:\WINDOWS\system32\dllcache\hidclass.sys : 36,864 : 04/14/2008 07:00 AM : 1af592532532a402ed7c060f6954004f [Pos Repl]
* C:\WINDOWS\System32\drivers\hidparse.sys : 25,088 : 07/02/2013 09:12 PM : c569ef030b11f896e123a30ac92678db [NoSig]
+-> C:\WINDOWS\$NtUninstallKB2862335$\hidparse.sys : 24,960 : 04/14/2008 07:00 AM : 96eccf28fdbf1b2cc12725818a63628d [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\hidparse.sys : 25,088 : 07/02/2013 09:12 PM : c569ef030b11f896e123a30ac92678db [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\80d0a80404d440ef21afe2a803e22ea8\SP3QFE\hidparse.sys : 25,088 : 07/02/2013 09:12 PM : c569ef030b11f896e123a30ac92678db [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\hidparse.sys : 25,088 : 07/02/2013 09:12 PM : c569ef030b11f896e123a30ac92678db [Pos Repl]
* C:\WINDOWS\System32\drivers\hidusb.sys : 10,368 : 04/13/2008 11:15 PM : ccf82c5ec8a7326c3066de870c06daf1 [NoSig]
+-> C:\WINDOWS\system32\dllcache\hidusb.sys : 10,368 : 04/13/2008 11:15 PM : ccf82c5ec8a7326c3066de870c06daf1 [Pos Repl]
* C:\WINDOWS\System32\drivers\http.sys : 265,728 : 10/20/2009 11:20 AM : f80a415ef82cd06ffaf0d971528ead38 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB970430\SP3QFE\http.sys : 265,728 : 10/20/2009 10:21 AM : 937031c085718c1c04a9c0864625ec6b [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB970430$\http.sys : 264,832 : 04/14/2008 07:00 AM : f6aacf5bce2893e0c1754afeb672e5c9 [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\http.sys : 265,728 : 10/20/2009 11:20 AM : f80a415ef82cd06ffaf0d971528ead38 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\http.sys : 265,728 : 10/20/2009 11:20 AM : f80a415ef82cd06ffaf0d971528ead38 [Pos Repl]
* C:\WINDOWS\System32\drivers\i8042prt.sys : 52,480 : 04/14/2008 07:00 AM : 4a0b06aa8943c1e332520f7440c0aa30 [NoSig]
+-> C:\WINDOWS\system32\dllcache\i8042prt.sys : 52,480 : 04/14/2008 07:00 AM : 4a0b06aa8943c1e332520f7440c0aa30 [Pos Repl]
* C:\WINDOWS\System32\drivers\imapi.sys : 42,112 : 04/14/2008 07:00 AM : 083a052659f5310dd8b6a6cb05edcf8e [NoSig]
+-> C:\WINDOWS\system32\dllcache\imapi.sys : 42,112 : 04/14/2008 07:00 AM : 083a052659f5310dd8b6a6cb05edcf8e [Pos Repl]
* C:\WINDOWS\System32\drivers\intelppm.sys : 36,352 : 04/14/2008 07:00 AM : 8c953733d8f36eb2133f5bb58808b66b [NoSig]
+-> C:\WINDOWS\system32\dllcache\intelppm.sys : 36,352 : 04/14/2008 07:00 AM : 8c953733d8f36eb2133f5bb58808b66b [Pos Repl]
* C:\WINDOWS\System32\drivers\ip6fw.sys : 36,608 : 04/14/2008 07:00 AM : 3bb22519a194418d5fec05d800a19ad0 [NoSig]
+-> C:\WINDOWS\erdnt\cache\ip6fw.sys : 36,608 : 04/14/2008 07:00 AM : 3bb22519a194418d5fec05d800a19ad0 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ip6fw.sys : 36,608 : 04/14/2008 07:00 AM : 3bb22519a194418d5fec05d800a19ad0 [Pos Repl]
* C:\WINDOWS\System32\drivers\ipfltdrv.sys : 32,896 : 04/14/2008 07:00 AM : 731f22ba402ee4b62748adaf6363c182 [NoSig]
+-> C:\WINDOWS\system32\dllcache\ipfltdrv.sys : 32,896 : 04/14/2008 07:00 AM : 731f22ba402ee4b62748adaf6363c182 [Pos Repl]
* C:\WINDOWS\System32\drivers\ipinip.sys : 20,864 : 04/14/2008 07:00 AM : b87ab476dcf76e72010632b5550955f5 [NoSig]
+-> C:\WINDOWS\system32\dllcache\ipinip.sys : 20,864 : 04/14/2008 07:00 AM : b87ab476dcf76e72010632b5550955f5 [Pos Repl]
* C:\WINDOWS\System32\drivers\ipnat.sys : 152,832 : 04/14/2008 07:00 AM : cc748ea12c6effde940ee98098bf96bb [NoSig]
+-> C:\WINDOWS\system32\dllcache\ipnat.sys : 152,832 : 04/14/2008 07:00 AM : cc748ea12c6effde940ee98098bf96bb [Pos Repl]
* C:\WINDOWS\System32\drivers\ipsec.sys : 75,264 : 04/14/2008 07:00 AM : 23c74d75e36e7158768dd63d92789a91 [NoSig]
+-> C:\WINDOWS\erdnt\cache\ipsec.sys : 75,264 : 04/14/2008 07:00 AM : 23c74d75e36e7158768dd63d92789a91 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ipsec.sys : 75,264 : 04/14/2008 07:00 AM : 23c74d75e36e7158768dd63d92789a91 [Pos Repl]
* C:\WINDOWS\System32\drivers\irenum.sys : 11,264 : 04/14/2008 07:00 AM : c93c9ff7b04d772627a3646d89f7bf89 [NoSig]
+-> C:\WINDOWS\system32\dllcache\irenum.sys : 11,264 : 04/14/2008 07:00 AM : c93c9ff7b04d772627a3646d89f7bf89 [Pos Repl]
* C:\WINDOWS\System32\drivers\isapnp.sys : 37,248 : 04/14/2008 07:00 AM : 05a299ec56e52649b1cf2fc52d20f2d7 [NoSig]
+-> C:\WINDOWS\system32\dllcache\isapnp.sys : 37,248 : 04/14/2008 07:00 AM : 05a299ec56e52649b1cf2fc52d20f2d7 [Pos Repl]
* C:\WINDOWS\System32\drivers\kbdclass.sys : 24,576 : 04/14/2008 07:00 AM : 463c1ec80cd17420a542b7f36a36f128 [NoSig]
+-> C:\WINDOWS\erdnt\cache\kbdclass.sys : 24,576 : 04/14/2008 07:00 AM : 463c1ec80cd17420a542b7f36a36f128 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\kbdclass.sys : 24,576 : 04/14/2008 07:00 AM : 463c1ec80cd17420a542b7f36a36f128 [Pos Repl]
* C:\WINDOWS\System32\drivers\kmixer.sys : 172,416 : 04/14/2008 07:00 AM : 692bcf44383d056aed41b045a323d378 [NoSig]
+-> C:\WINDOWS\system32\dllcache\kmixer.sys : 172,416 : 04/14/2008 07:00 AM : 692bcf44383d056aed41b045a323d378 [Pos Repl]
* C:\WINDOWS\System32\drivers\ksecdd.sys : 92,928 : 06/24/2009 06:18 AM : b467646c54cc746128904e1654c750c1 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\ksecdd.sys : 92,928 : 06/24/2009 05:28 AM : c6ebf1d6ad71df30db49b8d3287e1368 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB968389$\ksecdd.sys : 92,288 : 04/14/2008 07:00 AM : 1705745d900dabf2d89f90ebaddc7517 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ksecdd.sys : 92,928 : 06/24/2009 06:18 AM : b467646c54cc746128904e1654c750c1 [Pos Repl]
* C:\WINDOWS\System32\drivers\ks.sys : 141,056 : 04/13/2008 11:46 PM : 0753515f78df7f271a5e61c20bcd36a1 [NoSig]
+-> C:\WINDOWS\system32\dllcache\ks.sys : 141,056 : 04/13/2008 11:46 PM : 0753515f78df7f271a5e61c20bcd36a1 [Pos Repl]
* C:\WINDOWS\System32\drivers\mcd.sys : 7,680 : 04/14/2008 07:00 AM : d1f8be91ed4ddb671d42e473e3fe71ab [NoSig]
+-> C:\WINDOWS\system32\dllcache\mcd.sys : 7,680 : 04/14/2008 07:00 AM : d1f8be91ed4ddb671d42e473e3fe71ab [Pos Repl]
* C:\WINDOWS\System32\drivers\mf.sys : 63,744 : 04/14/2008 07:00 AM : a7da20ab18a1bdae28b0f349e57da0d1 [NoSig]
+-> C:\WINDOWS\system32\dllcache\mf.sys : 63,744 : 04/14/2008 07:00 AM : a7da20ab18a1bdae28b0f349e57da0d1 [Pos Repl]
* C:\WINDOWS\System32\drivers\mnmdd.sys : 4,224 : 04/14/2008 07:00 AM : 4ae068242760a1fb6e1a44bf4e16afa6 [NoSig]
+-> C:\WINDOWS\system32\dllcache\mnmdd.sys : 4,224 : 04/14/2008 07:00 AM : 4ae068242760a1fb6e1a44bf4e16afa6 [Pos Repl]
* C:\WINDOWS\System32\drivers\modem.sys : 30,080 : 04/14/2008 07:00 AM : dfcbad3cec1c5f964962ae10e0bcc8e1 [NoSig]
+-> C:\WINDOWS\system32\dllcache\modem.sys : 30,080 : 04/14/2008 07:00 AM : dfcbad3cec1c5f964962ae10e0bcc8e1 [Pos Repl]
* C:\WINDOWS\System32\drivers\mouclass.sys : 23,040 : 04/14/2008 07:00 AM : 35c9e97194c8cfb8430125f8dbc34d04 [NoSig]
+-> C:\WINDOWS\system32\dllcache\mouclass.sys : 23,040 : 04/14/2008 07:00 AM : 35c9e97194c8cfb8430125f8dbc34d04 [Pos Repl]
* C:\WINDOWS\System32\drivers\mouhid.sys : 12,160 : 08/17/2001 12:48 AM : b1c303e17fb9d46e87a98e4ba6769685 [NoSig]
+-> C:\WINDOWS\system32\dllcache\mouhid.sys : 12,160 : 08/17/2001 12:48 AM : b1c303e17fb9d46e87a98e4ba6769685 [Pos Repl]
* C:\WINDOWS\System32\drivers\mountmgr.sys : 42,368 : 04/14/2008 07:00 AM : a80b9a0bad1b73637dbcbba7df72d3fd [NoSig]
+-> C:\WINDOWS\system32\dllcache\mountmgr.sys : 42,368 : 04/14/2008 07:00 AM : a80b9a0bad1b73637dbcbba7df72d3fd [Pos Repl]
* C:\WINDOWS\System32\drivers\mrxdav.sys : 180,608 : 04/14/2008 07:00 AM : 11d42bb6206f33fbb3ba0288d3ef81bd [NoSig]
+-> C:\WINDOWS\system32\dllcache\mrxdav.sys : 180,608 : 04/14/2008 07:00 AM : 11d42bb6206f33fbb3ba0288d3ef81bd [Pos Repl]
* C:\WINDOWS\System32\drivers\mrxsmb.sys : 456,320 : 07/15/2011 08:29 AM : 7d304a5eb4344ebeeab53a2fe3ffb9f0 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2536276-v2\SP3QFE\mrxsmb.sys : 457,856 : 07/15/2011 08:29 AM : fb2fccc70f7174c7bf64f48e96d3adf4 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2536276-v2$\mrxsmb.sys : 456,576 : 04/14/2008 07:00 AM : 68755f0ff16070178b54674fe5b847b0 [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\mrxsmb.sys : 456,320 : 07/15/2011 08:29 AM : 7d304a5eb4344ebeeab53a2fe3ffb9f0 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mrxsmb.sys : 456,320 : 07/15/2011 08:29 AM : 7d304a5eb4344ebeeab53a2fe3ffb9f0 [Pos Repl]
* C:\WINDOWS\System32\drivers\msfs.sys : 19,072 : 04/14/2008 07:00 AM : c941ea2454ba8350021d774daf0f1027 [NoSig]
+-> C:\WINDOWS\system32\dllcache\msfs.sys : 19,072 : 04/14/2008 07:00 AM : c941ea2454ba8350021d774daf0f1027 [Pos Repl]
* C:\WINDOWS\System32\drivers\msgpc.sys : 35,072 : 04/14/2008 07:00 AM : 0a02c63c8b144bd8c86b103dee7c86a2 [NoSig]
+-> C:\WINDOWS\system32\dllcache\msgpc.sys : 35,072 : 04/14/2008 07:00 AM : 0a02c63c8b144bd8c86b103dee7c86a2 [Pos Repl]
* C:\WINDOWS\System32\drivers\MSKSSRV.sys : 7,552 : 04/13/2008 11:09 PM : d1575e71568f4d9e14ca56b7b0453bf1 [NoSig]
+-> C:\WINDOWS\system32\dllcache\mskssrv.sys : 7,552 : 04/13/2008 11:09 PM : d1575e71568f4d9e14ca56b7b0453bf1 [Pos Repl]
* C:\WINDOWS\System32\drivers\MSPCLOCK.sys : 5,376 : 04/13/2008 11:09 PM : 325bb26842fc7ccc1fcce2c457317f3e [NoSig]
+-> C:\WINDOWS\system32\dllcache\mspclock.sys : 5,376 : 04/13/2008 11:09 PM : 325bb26842fc7ccc1fcce2c457317f3e [Pos Repl]
* C:\WINDOWS\System32\drivers\MSPQM.sys : 4,992 : 04/13/2008 11:09 PM : bad59648ba099da4a17680b39730cb3d [NoSig]
+-> C:\WINDOWS\system32\dllcache\mspqm.sys : 4,992 : 04/13/2008 11:09 PM : bad59648ba099da4a17680b39730cb3d [Pos Repl]
* C:\WINDOWS\System32\drivers\mssmbios.sys : 15,488 : 04/14/2008 07:00 AM : af5f4f3f14a8ea2c26de30f7a1e17136 [NoSig]
+-> C:\WINDOWS\system32\dllcache\mssmbios.sys : 15,488 : 04/14/2008 07:00 AM : af5f4f3f14a8ea2c26de30f7a1e17136 [Pos Repl]
* C:\WINDOWS\System32\drivers\mup.sys : 105,472 : 04/21/2011 08:37 AM : de6a75f5c270e756c5508d94b6cf68f5 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2535512\SP3QFE\mup.sys : 105,472 : 04/21/2011 08:52 AM : f7b1ad991491f02af6da70b00b8bf114 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2535512$\mup.sys : 105,344 : 04/14/2008 07:00 AM : 2f625d11385b1a94360bfc70aaefdee1 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mup.sys : 105,472 : 04/21/2011 08:37 AM : de6a75f5c270e756c5508d94b6cf68f5 [Pos Repl]
* C:\WINDOWS\System32\drivers\ndis.sys : 182,656 : 04/14/2008 07:00 AM : 1df7f42665c94b825322fae71721130d [NoSig]
+-> C:\WINDOWS\erdnt\cache\ndis.sys : 182,656 : 04/14/2008 07:00 AM : 1df7f42665c94b825322fae71721130d [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ndis.sys : 182,656 : 04/14/2008 07:00 AM : 1df7f42665c94b825322fae71721130d [Pos Repl]
* C:\WINDOWS\System32\drivers\ndistapi.sys : 10,496 : 07/08/2011 09:02 AM : 0109c4f3850dfbab279542515386ae22 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2566454\SP3QFE\ndistapi.sys : 10,496 : 07/08/2011 08:51 AM : 091735a5f20acb1dc147383a905ae002 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2566454$\ndistapi.sys : 10,112 : 04/14/2008 07:00 AM : 1ab3d00c991ab086e69db84b6c0ed78f [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ndistapi.sys : 10,496 : 07/08/2011 09:02 AM : 0109c4f3850dfbab279542515386ae22 [Pos Repl]
* C:\WINDOWS\System32\drivers\ndisuio.sys : 14,592 : 04/14/2008 07:00 AM : f927a4434c5028758a842943ef1a3849 [NoSig]
+-> C:\WINDOWS\system32\dllcache\ndisuio.sys : 14,592 : 04/14/2008 07:00 AM : f927a4434c5028758a842943ef1a3849 [Pos Repl]
* C:\WINDOWS\System32\drivers\ndiswan.sys : 91,520 : 04/14/2008 07:00 AM : edc1531a49c80614b2cfda43ca8659ab [NoSig]
+-> C:\WINDOWS\system32\dllcache\ndiswan.sys : 91,520 : 04/14/2008 07:00 AM : edc1531a49c80614b2cfda43ca8659ab [Pos Repl]
* C:\WINDOWS\System32\drivers\ndproxy.sys : 40,960 : 11/02/2010 10:17 AM : 9282bd12dfb069d3889eb3fcc1000a9b [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2440591\SP3QFE\ndproxy.sys : 40,960 : 11/03/2010 00:55 AM : 816460bd4b4acd27937d1d0813e2e9e9 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2440591$\ndproxy.sys : 40,576 : 04/14/2008 07:00 AM : 6215023940cfd3702b46abc304e1d45a [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ndproxy.sys : 40,960 : 11/02/2010 10:17 AM : 9282bd12dfb069d3889eb3fcc1000a9b [Pos Repl]
* C:\WINDOWS\System32\drivers\netbios.sys : 34,688 : 04/14/2008 07:00 AM : 5d81cf9a2f1a3a756b66cf684911cdf0 [NoSig]
+-> C:\WINDOWS\system32\dllcache\netbios.sys : 34,688 : 04/14/2008 07:00 AM : 5d81cf9a2f1a3a756b66cf684911cdf0 [Pos Repl]
* C:\WINDOWS\System32\drivers\netbt.sys : 162,816 : 04/14/2008 07:00 AM : 74b2b2f5bea5e9a3dc021d685551bd3d [NoSig]
+-> C:\WINDOWS\system32\dllcache\netbt.sys : 162,816 : 04/14/2008 07:00 AM : 74b2b2f5bea5e9a3dc021d685551bd3d [Pos Repl]
* C:\WINDOWS\System32\drivers\nic1394.sys : 61,824 : 04/14/2008 07:00 AM : e9e47cfb2d461fa0fc75b7a74c6383ea [NoSig]
+-> C:\WINDOWS\system32\dllcache\nic1394.sys : 61,824 : 04/14/2008 07:00 AM : e9e47cfb2d461fa0fc75b7a74c6383ea [Pos Repl]
* C:\WINDOWS\System32\drivers\nikedrv.sys : 12,032 : 04/14/2008 07:00 AM : be984d604d91c217355cdd3737aad25d [NoSig]
+-> C:\WINDOWS\system32\dllcache\nikedrv.sys : 12,032 : 04/14/2008 07:00 AM : be984d604d91c217355cdd3737aad25d [Pos Repl]
* C:\WINDOWS\System32\drivers\nmnt.sys : 40,320 : 04/14/2008 07:00 AM : 1e421a6bcf2203cc61b821ada9de878b [NoSig]
+-> C:\WINDOWS\system32\dllcache\nmnt.sys : 40,320 : 04/14/2008 07:00 AM : 1e421a6bcf2203cc61b821ada9de878b [Pos Repl]
* C:\WINDOWS\System32\drivers\npfs.sys : 30,848 : 04/14/2008 07:00 AM : 3182d64ae053d6fb034f44b6def8034a [NoSig]
+-> C:\WINDOWS\system32\dllcache\npfs.sys : 30,848 : 04/14/2008 07:00 AM : 3182d64ae053d6fb034f44b6def8034a [Pos Repl]
* C:\WINDOWS\System32\drivers\ntfs.sys : 574,976 : 04/14/2008 07:00 AM : 78a08dd6a8d65e697c18e1db01c5cdca [NoSig]
+-> C:\WINDOWS\erdnt\cache\ntfs.sys : 574,976 : 04/14/2008 07:00 AM : 78a08dd6a8d65e697c18e1db01c5cdca [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ntfs.sys : 574,976 : 04/14/2008 07:00 AM : 78a08dd6a8d65e697c18e1db01c5cdca [Pos Repl]
* C:\WINDOWS\System32\drivers\null.sys : 2,944 : 04/14/2008 07:00 AM : 73c1e1f395918bc2c6dd67af7591a3ad [NoSig]
+-> C:\WINDOWS\erdnt\cache\null.sys : 2,944 : 04/14/2008 07:00 AM : 73c1e1f395918bc2c6dd67af7591a3ad [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\null.sys : 2,944 : 04/14/2008 07:00 AM : 73c1e1f395918bc2c6dd67af7591a3ad [Pos Repl]
* C:\WINDOWS\System32\drivers\nwlnkflt.sys : 12,416 : 04/14/2008 07:00 AM : b305f3fad35083837ef46a0bbce2fc57 [NoSig]
+-> C:\WINDOWS\system32\dllcache\nwlnkflt.sys : 12,416 : 04/14/2008 07:00 AM : b305f3fad35083837ef46a0bbce2fc57 [Pos Repl]
* C:\WINDOWS\System32\drivers\nwlnkfwd.sys : 32,512 : 04/14/2008 07:00 AM : c99b3415198d1aab7227f2c88fd664b9 [NoSig]
+-> C:\WINDOWS\system32\dllcache\nwlnkfwd.sys : 32,512 : 04/14/2008 07:00 AM : c99b3415198d1aab7227f2c88fd664b9 [Pos Repl]
* C:\WINDOWS\System32\drivers\nwlnkipx.sys : 88,320 : 04/14/2008 07:00 AM : 8b8b1be2dba4025da6786c645f77f123 [NoSig]
+-> C:\WINDOWS\system32\dllcache\nwlnkipx.sys : 88,320 : 04/14/2008 07:00 AM : 8b8b1be2dba4025da6786c645f77f123 [Pos Repl]
* C:\WINDOWS\System32\drivers\nwlnknb.sys : 63,232 : 04/14/2008 07:00 AM : 56d34a67c05e94e16377c60609741ff8 [NoSig]
+-> C:\WINDOWS\system32\dllcache\nwlnknb.sys : 63,232 : 04/14/2008 07:00 AM : 56d34a67c05e94e16377c60609741ff8 [Pos Repl]
* C:\WINDOWS\System32\drivers\nwlnkspx.sys : 55,936 : 04/14/2008 07:00 AM : c0bb7d1615e1acbdc99757f6ceaf8cf0 [NoSig]
+-> C:\WINDOWS\system32\dllcache\nwlnkspx.sys : 55,936 : 04/14/2008 07:00 AM : c0bb7d1615e1acbdc99757f6ceaf8cf0 [Pos Repl]
* C:\WINDOWS\System32\drivers\oprghdlr.sys : 3,456 : 04/14/2008 07:00 AM : 4bb30ddc53ebc76895e38694580cdfe9 [NoSig]
+-> C:\WINDOWS\system32\dllcache\oprghdlr.sys : 3,456 : 04/14/2008 07:00 AM : 4bb30ddc53ebc76895e38694580cdfe9 [Pos Repl]
* C:\WINDOWS\System32\drivers\p3.sys : 42,752 : 04/14/2008 07:00 AM : c90018bafdc7098619a4a95b046b30f3 [NoSig]
+-> C:\WINDOWS\system32\dllcache\p3.sys : 42,752 : 04/14/2008 07:00 AM : c90018bafdc7098619a4a95b046b30f3 [Pos Repl]
* C:\WINDOWS\System32\drivers\parport.sys : 80,128 : 04/14/2008 07:00 AM : 5575faf8f97ce5e713d108c2a58d7c7c [NoSig]
+-> C:\WINDOWS\system32\dllcache\parport.sys : 80,128 : 04/14/2008 07:00 AM : 5575faf8f97ce5e713d108c2a58d7c7c [Pos Repl]
* C:\WINDOWS\System32\drivers\partmgr.sys : 19,712 : 04/14/2008 07:00 AM : beb3ba25197665d82ec7065b724171c6 [NoSig]
+-> C:\WINDOWS\system32\dllcache\partmgr.sys : 19,712 : 04/14/2008 07:00 AM : beb3ba25197665d82ec7065b724171c6 [Pos Repl]
* C:\WINDOWS\System32\drivers\parvdm.sys : 6,784 : 04/14/2008 07:00 AM : 70e98b3fd8e963a6a46a2e6247e0bea1 [NoSig]
+-> C:\WINDOWS\system32\dllcache\parvdm.sys : 6,784 : 04/14/2008 07:00 AM : 70e98b3fd8e963a6a46a2e6247e0bea1 [Pos Repl]
* C:\WINDOWS\System32\drivers\pciidex.sys : 24,960 : 04/14/2008 07:00 AM : 52e60f29221d0d1ac16737e8dbf7c3e9 [NoSig]
+-> C:\WINDOWS\system32\dllcache\pciidex.sys : 24,960 : 04/14/2008 07:00 AM : 52e60f29221d0d1ac16737e8dbf7c3e9 [Pos Repl]
* C:\WINDOWS\System32\drivers\pci.sys : 68,224 : 04/14/2008 07:00 AM : a219903ccf74233761d92bef471a07b1 [NoSig]
+-> C:\WINDOWS\system32\dllcache\pci.sys : 68,224 : 04/14/2008 07:00 AM : a219903ccf74233761d92bef471a07b1 [Pos Repl]
* C:\WINDOWS\System32\drivers\pcmcia.sys : 120,192 : 04/14/2008 07:00 AM : 9e89ef60e9ee05e3f2eef2da7397f1c1 [NoSig]
+-> C:\WINDOWS\system32\dllcache\pcmcia.sys : 120,192 : 04/14/2008 07:00 AM : 9e89ef60e9ee05e3f2eef2da7397f1c1 [Pos Repl]
* C:\WINDOWS\System32\drivers\portcls.sys : 146,048 : 04/13/2008 11:49 PM : e82a496c3961efc6828b508c310ce98f [NoSig]
+-> C:\WINDOWS\system32\dllcache\portcls.sys : 146,048 : 04/13/2008 11:49 PM : e82a496c3961efc6828b508c310ce98f [Pos Repl]
* C:\WINDOWS\System32\drivers\processr.sys : 35,840 : 04/14/2008 07:00 AM : a32bebaf723557681bfc6bd93e98bd26 [NoSig]
+-> C:\WINDOWS\system32\dllcache\processr.sys : 35,840 : 04/14/2008 07:00 AM : a32bebaf723557681bfc6bd93e98bd26 [Pos Repl]
* C:\WINDOWS\System32\drivers\psched.sys : 69,120 : 04/14/2008 07:00 AM : 09298ec810b07e5d582cb3a3f9255424 [NoSig]
+-> C:\WINDOWS\system32\dllcache\psched.sys : 69,120 : 04/14/2008 07:00 AM : 09298ec810b07e5d582cb3a3f9255424 [Pos Repl]
* C:\WINDOWS\System32\drivers\ptilink.sys : 17,792 : 04/14/2008 07:00 AM : 80d317bd1c3dbc5d4fe7b1678c60cadd [NoSig]
+-> C:\WINDOWS\system32\dllcache\ptilink.sys : 17,792 : 04/14/2008 07:00 AM : 80d317bd1c3dbc5d4fe7b1678c60cadd [Pos Repl]
* C:\WINDOWS\System32\drivers\rasacd.sys : 8,832 : 04/14/2008 07:00 AM : fe0d99d6f31e4fad8159f690d68ded9c [NoSig]
+-> C:\WINDOWS\system32\dllcache\rasacd.sys : 8,832 : 04/14/2008 07:00 AM : fe0d99d6f31e4fad8159f690d68ded9c [Pos Repl]
* C:\WINDOWS\System32\drivers\rasl2tp.sys : 51,328 : 04/14/2008 07:00 AM : 11b4a627bc9614b885c4969bfa5ff8a6 [NoSig]
+-> C:\WINDOWS\system32\dllcache\rasl2tp.sys : 51,328 : 04/14/2008 07:00 AM : 11b4a627bc9614b885c4969bfa5ff8a6 [Pos Repl]
* C:\WINDOWS\System32\drivers\raspppoe.sys : 41,472 : 04/14/2008 07:00 AM : 5bc962f2654137c9909c3d4603587dee [NoSig]
+-> C:\WINDOWS\system32\dllcache\raspppoe.sys : 41,472 : 04/14/2008 07:00 AM : 5bc962f2654137c9909c3d4603587dee [Pos Repl]
* C:\WINDOWS\System32\drivers\raspptp.sys : 48,384 : 04/14/2008 07:00 AM : efeec01b1d3cf84f16ddd24d9d9d8f99 [NoSig]
+-> C:\WINDOWS\system32\dllcache\raspptp.sys : 48,384 : 04/14/2008 07:00 AM : efeec01b1d3cf84f16ddd24d9d9d8f99 [Pos Repl]
* C:\WINDOWS\System32\drivers\raspti.sys : 16,512 : 04/14/2008 07:00 AM : fdbb1d60066fcfbb7452fd8f9829b242 [NoSig]
+-> C:\WINDOWS\system32\dllcache\raspti.sys : 16,512 : 04/14/2008 07:00 AM : fdbb1d60066fcfbb7452fd8f9829b242 [Pos Repl]
* C:\WINDOWS\System32\drivers\rawwan.sys : 34,432 : 04/14/2008 07:00 AM : 01524cd237223b18adbb48f70083f101 [NoSig]
+-> C:\WINDOWS\system32\dllcache\rawwan.sys : 34,432 : 04/14/2008 07:00 AM : 01524cd237223b18adbb48f70083f101 [Pos Repl]
* C:\WINDOWS\System32\drivers\rdbss.sys : 175,744 : 04/14/2008 07:00 AM : 7ad224ad1a1437fe28d89cf22b17780a [NoSig]
+-> C:\WINDOWS\system32\dllcache\rdbss.sys : 175,744 : 04/14/2008 07:00 AM : 7ad224ad1a1437fe28d89cf22b17780a [Pos Repl]
* C:\WINDOWS\System32\drivers\rdpcdd.sys : 4,224 : 04/14/2008 07:00 AM : 4912d5b403614ce99c28420f75353332 [NoSig]
+-> C:\WINDOWS\system32\dllcache\rdpcdd.sys : 4,224 : 04/14/2008 07:00 AM : 4912d5b403614ce99c28420f75353332 [Pos Repl]
* C:\WINDOWS\System32\drivers\rdpdr.sys : 196,224 : 04/13/2008 11:02 PM : 15cabd0f7c00c47c70124907916af3f1 [NoSig]
+-> C:\WINDOWS\system32\dllcache\rdpdr.sys : 196,224 : 04/13/2008 11:02 PM : 15cabd0f7c00c47c70124907916af3f1 [Pos Repl]
* C:\WINDOWS\System32\drivers\rdpwd.sys : 139,784 : 07/04/2012 09:05 AM : 43af5212bd8fb5ba6eed9754358bd8f7 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2723135-v2\SP3QFE\rdpwd.sys : 139,784 : 07/04/2012 08:59 AM : c7d9bc54354b8c706abf172d48313f1b [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2723135-v2$\rdpwd.sys : 139,656 : 04/14/2008 07:00 AM : 6728e45b66f93c08f11de2e316fc70dd [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\rdpwd.sys : 139,784 : 07/04/2012 09:05 AM : 43af5212bd8fb5ba6eed9754358bd8f7 [Pos Repl]
* C:\WINDOWS\System32\drivers\redbook.sys : 57,600 : 04/13/2008 11:10 PM : f828dd7e1419b6653894a8f97a0094c5 [NoSig]
+-> C:\WINDOWS\system32\dllcache\redbook.sys : 57,600 : 04/13/2008 11:10 PM : f828dd7e1419b6653894a8f97a0094c5 [Pos Repl]
* C:\WINDOWS\System32\drivers\rmcast.sys : 203,136 : 05/08/2008 09:02 AM : 96f7a9a7bf0c9c0440a967440065d33c [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB950762\SP3QFE\rmcast.sys : 203,136 : 05/08/2008 08:58 AM : c711645c76b8ed87c021bf6165e52795 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB950762$\rmcast.sys : 202,624 : 04/14/2008 07:00 AM : ecff394d65671efde5a872eb9ef4f2d5 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\rmcast.sys : 203,136 : 05/08/2008 09:02 AM : 96f7a9a7bf0c9c0440a967440065d33c [Pos Repl]
* C:\WINDOWS\System32\drivers\rndismp.sys : 30,592 : 04/14/2008 07:00 AM : 601844cbcf617ff8c868130ca5b2039d [NoSig]
+-> C:\WINDOWS\system32\dllcache\rndismp.sys : 30,592 : 04/14/2008 07:00 AM : 601844cbcf617ff8c868130ca5b2039d [Pos Repl]
* C:\WINDOWS\System32\drivers\rootmdm.sys : 5,888 : 04/14/2008 07:00 AM : d8b0b4ade32574b2d9c5cc34dc0dbbe7 [NoSig]
+-> C:\WINDOWS\system32\dllcache\rootmdm.sys : 5,888 : 04/14/2008 07:00 AM : d8b0b4ade32574b2d9c5cc34dc0dbbe7 [Pos Repl]
* C:\WINDOWS\System32\drivers\scsiport.sys : 96,384 : 04/14/2008 07:00 AM : 76c465f570e90c28942d52ccb2580a10 [NoSig]
+-> C:\WINDOWS\system32\dllcache\scsiport.sys : 96,384 : 04/14/2008 07:00 AM : 76c465f570e90c28942d52ccb2580a10 [Pos Repl]
* C:\WINDOWS\System32\drivers\sdbus.sys : 79,232 : 04/14/2008 07:00 AM : 8d04819a3ce51b9eb47e5689b44d43c4 [NoSig]
+-> C:\WINDOWS\system32\dllcache\sdbus.sys : 79,232 : 04/14/2008 07:00 AM : 8d04819a3ce51b9eb47e5689b44d43c4 [Pos Repl]
* C:\WINDOWS\System32\drivers\serenum.sys : 15,744 : 04/14/2008 07:00 AM : 0f29512ccd6bead730039fb4bd2c85ce [NoSig]
+-> C:\WINDOWS\system32\dllcache\serenum.sys : 15,744 : 04/14/2008 07:00 AM : 0f29512ccd6bead730039fb4bd2c85ce [Pos Repl]
* C:\WINDOWS\System32\drivers\serial.sys : 64,512 : 04/14/2008 07:00 AM : cca207a8896d4c6a0c9ce29a4ae411a7 [NoSig]
+-> C:\WINDOWS\system32\dllcache\serial.sys : 64,512 : 04/14/2008 07:00 AM : cca207a8896d4c6a0c9ce29a4ae411a7 [Pos Repl]
* C:\WINDOWS\System32\drivers\sffdisk.sys : 11,904 : 04/14/2008 07:00 AM : 0fa803c64df0914b41f807ea276bf2a6 [NoSig]
+-> C:\WINDOWS\system32\dllcache\sffdisk.sys : 11,904 : 04/14/2008 07:00 AM : 0fa803c64df0914b41f807ea276bf2a6 [Pos Repl]
* C:\WINDOWS\System32\drivers\sffp_sd.sys : 11,008 : 04/14/2008 07:00 AM : c17c331e435ed8737525c86a7557b3ac [NoSig]
+-> C:\WINDOWS\system32\dllcache\sffp_sd.sys : 11,008 : 04/14/2008 07:00 AM : c17c331e435ed8737525c86a7557b3ac [Pos Repl]
* C:\WINDOWS\System32\drivers\sfloppy.sys : 11,392 : 04/14/2008 07:00 AM : 8e6b8c671615d126fdc553d1e2de5562 [NoSig]
+-> C:\WINDOWS\system32\dllcache\sfloppy.sys : 11,392 : 04/14/2008 07:00 AM : 8e6b8c671615d126fdc553d1e2de5562 [Pos Repl]
* C:\WINDOWS\System32\drivers\smclib.sys : 14,592 : 04/14/2008 07:00 AM : 017daecf0ed3aa731313433601ec40fa [NoSig]
+-> C:\WINDOWS\system32\dllcache\smclib.sys : 14,592 : 04/14/2008 07:00 AM : 017daecf0ed3aa731313433601ec40fa [Pos Repl]
* C:\WINDOWS\System32\drivers\sonydcam.sys : 25,344 : 04/14/2008 07:00 AM : 489703624dac94ed943c2abda022a1cd [NoSig]
+-> C:\WINDOWS\system32\dllcache\sonydcam.sys : 25,344 : 04/14/2008 07:00 AM : 489703624dac94ed943c2abda022a1cd [Pos Repl]
* C:\WINDOWS\System32\drivers\splitter.sys : 6,272 : 04/13/2008 11:15 PM : ab8b92451ecb048a4d1de7c3ffcb4a9f [NoSig]
+-> C:\WINDOWS\system32\dllcache\splitter.sys : 6,272 : 04/13/2008 11:15 PM : ab8b92451ecb048a4d1de7c3ffcb4a9f [Pos Repl]
* C:\WINDOWS\System32\drivers\sr.sys : 73,472 : 04/14/2008 07:00 AM : 76bb022c2fb6902fd5bdd4f78fc13a5d [NoSig]
+-> C:\WINDOWS\system32\dllcache\sr.sys : 73,472 : 04/14/2008 07:00 AM : 76bb022c2fb6902fd5bdd4f78fc13a5d [Pos Repl]
* C:\WINDOWS\System32\drivers\srv.sys : 357,888 : 02/17/2011 08:18 AM : 47ddfc2f003f7f9f0592c6874962a2e7 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2345886\SP3QFE\srv.sys : 357,248 : 08/26/2010 08:37 AM : 70cd8b8dd2a680b128617c19eb0ab94f [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB2508429\SP3QFE\srv.sys : 357,888 : 02/17/2011 08:19 AM : 9b390283569ea58d43d2586032b892f5 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2508429$\srv.sys : 334,848 : 04/14/2008 07:00 AM : 5252605079810904e31c332e241cd59b [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\srv.sys : 357,888 : 02/17/2011 08:18 AM : 47ddfc2f003f7f9f0592c6874962a2e7 [Pos Repl]
* C:\WINDOWS\System32\drivers\stream.sys : 49,408 : 04/13/2008 11:15 PM : 3e5d89099ded9e86e5639f411693218f [NoSig]
+-> C:\WINDOWS\system32\dllcache\stream.sys : 49,408 : 04/13/2008 11:15 PM : 3e5d89099ded9e86e5639f411693218f [Pos Repl]
* C:\WINDOWS\System32\drivers\swenum.sys : 4,352 : 04/14/2008 07:00 AM : 3941d127aef12e93addf6fe6ee027e0f [NoSig]
+-> C:\WINDOWS\system32\dllcache\swenum.sys : 4,352 : 04/14/2008 07:00 AM : 3941d127aef12e93addf6fe6ee027e0f [Pos Repl]
* C:\WINDOWS\System32\drivers\swmidi.sys : 56,576 : 04/14/2008 07:00 AM : 8ce882bcc6cf8a62f2b2323d95cb3d01 [NoSig]
+-> C:\WINDOWS\system32\dllcache\swmidi.sys : 56,576 : 04/14/2008 07:00 AM : 8ce882bcc6cf8a62f2b2323d95cb3d01 [Pos Repl]
* C:\WINDOWS\System32\drivers\sysaudio.sys : 60,800 : 04/14/2008 07:00 AM : 8b83f3ed0f1688b4958f77cd6d2bf290 [NoSig]
+-> C:\WINDOWS\system32\dllcache\sysaudio.sys : 60,800 : 04/14/2008 07:00 AM : 8b83f3ed0f1688b4958f77cd6d2bf290 [Pos Repl]
* C:\WINDOWS\System32\drivers\tape.sys : 14,976 : 04/14/2008 07:00 AM : fd6093e3decd925f1cffc8a0dd539d72 [NoSig]
+-> C:\WINDOWS\system32\dllcache\tape.sys : 14,976 : 04/14/2008 07:00 AM : fd6093e3decd925f1cffc8a0dd539d72 [Pos Repl]
* C:\WINDOWS\System32\drivers\tcpip6.sys : 226,880 : 02/11/2010 07:02 AM : 4e53bbcc4be37d7a4bd6ef1098c89ff7 [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip6.sys : 225,856 : 06/20/2008 06:16 AM : 026a94e4eb2960fdc96a447b5391d56a [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB978338\SP3QFE\tcpip6.sys : 226,880 : 02/11/2010 06:36 AM : f4a3c6abe7818b1b53f58fa1adb605cd [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB978338$\tcpip6.sys : 225,664 : 04/14/2008 07:00 AM : aa7a55536096d646dc7ab0ac5641e9e8 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\tcpip6.sys : 226,880 : 02/11/2010 07:02 AM : 4e53bbcc4be37d7a4bd6ef1098c89ff7 [Pos Repl]
* C:\WINDOWS\System32\Drivers\tcpip.sys : 361,600 : 06/20/2008 06:51 AM : 9aefa14bd6b182d61e3119fa5f436d3d [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys : 361,600 : 06/20/2008 06:59 AM : ad978a1b783b5719720cff204b666c8e [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2509553$\tcpip.sys : 361,344 : 04/14/2008 07:00 AM : 93ea8d04ec73a85db02eb8805988f733 [Pos Repl]
+-> C:\WINDOWS\erdnt\cache\tcpip.sys : 361,600 : 06/20/2008 06:51 AM : 9aefa14bd6b182d61e3119fa5f436d3d [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\tcpip.sys : 361,600 : 06/20/2008 06:51 AM : 9aefa14bd6b182d61e3119fa5f436d3d [Pos Repl]
* C:\WINDOWS\System32\drivers\tdi.sys : 19,072 : 04/14/2008 07:00 AM : 0539d5e53587f82d1b4fd74c5be205cf [NoSig]
+-> C:\WINDOWS\system32\dllcache\tdi.sys : 19,072 : 04/14/2008 07:00 AM : 0539d5e53587f82d1b4fd74c5be205cf [Pos Repl]
* C:\WINDOWS\System32\drivers\tdpipe.sys : 12,040 : 04/14/2008 07:00 AM : 6471a66807f5e104e4885f5b67349397 [NoSig]
+-> C:\WINDOWS\system32\dllcache\tdpipe.sys : 12,040 : 04/14/2008 07:00 AM : 6471a66807f5e104e4885f5b67349397 [Pos Repl]
* C:\WINDOWS\System32\drivers\tdtcp.sys : 21,896 : 04/14/2008 07:00 AM : c56b6d0402371cf3700eb322ef3aaf61 [NoSig]
+-> C:\WINDOWS\system32\dllcache\tdtcp.sys : 21,896 : 04/14/2008 07:00 AM : c56b6d0402371cf3700eb322ef3aaf61 [Pos Repl]
* C:\WINDOWS\System32\drivers\termdd.sys : 40,840 : 04/14/2008 04:43 AM : 88155247177638048422893737429d9e [NoSig]
+-> C:\WINDOWS\system32\dllcache\termdd.sys : 40,840 : 04/14/2008 04:43 AM : 88155247177638048422893737429d9e [Pos Repl]
* C:\WINDOWS\System32\drivers\tosdvd.sys : 51,712 : 04/14/2008 07:00 AM : 699450901c5ccfd82357cbc531cedd23 [NoSig]
+-> C:\WINDOWS\system32\dllcache\tosdvd.sys : 51,712 : 04/14/2008 07:00 AM : 699450901c5ccfd82357cbc531cedd23 [Pos Repl]
* C:\WINDOWS\System32\drivers\tunmp.sys : 12,288 : 04/14/2008 07:00 AM : 8f861eda21c05857eb8197300a92501c [NoSig]
+-> C:\WINDOWS\system32\dllcache\tunmp.sys : 12,288 : 04/14/2008 07:00 AM : 8f861eda21c05857eb8197300a92501c [Pos Repl]
* C:\WINDOWS\System32\drivers\udfs.sys : 66,048 : 04/14/2008 07:00 AM : 5787b80c2e3c5e2f56c2a233d91fa2c9 [NoSig]
+-> C:\WINDOWS\system32\dllcache\udfs.sys : 66,048 : 04/14/2008 07:00 AM : 5787b80c2e3c5e2f56c2a233d91fa2c9 [Pos Repl]
* C:\WINDOWS\System32\drivers\update.sys : 384,768 : 04/14/2008 07:00 AM : 402ddc88356b1bac0ee3dd1580c76a31 [NoSig]
+-> C:\WINDOWS\system32\dllcache\update.sys : 384,768 : 04/14/2008 07:00 AM : 402ddc88356b1bac0ee3dd1580c76a31 [Pos Repl]
* C:\WINDOWS\System32\drivers\usb8023.sys : 12,928 : 02/11/2013 07:32 PM : 2a7a8ad9d39a2faf9d9293b5daff3a4b [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2807986\SP3QFE\usb8023.sys : 12,928 : 02/11/2013 07:43 PM : c74f25c77d6c3edf58221e4060d8cd16 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB2807986$\usb8023.sys : 12,800 : 04/14/2008 07:00 AM : bee793d4a059caea55d6ac20e19b3a8f [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\usb8023.sys : 12,928 : 02/11/2013 07:32 PM : 2a7a8ad9d39a2faf9d9293b5daff3a4b [Pos Repl]
* C:\WINDOWS\System32\drivers\usbcamd2.sys : 25,728 : 04/14/2008 07:00 AM : ce97845d2e3f0d274b8bac1ed07c6149 [NoSig]
+-> C:\WINDOWS\system32\dllcache\usbcamd2.sys : 25,728 : 04/14/2008 07:00 AM : ce97845d2e3f0d274b8bac1ed07c6149 [Pos Repl]
* C:\WINDOWS\System32\drivers\usbcamd.sys : 25,600 : 04/14/2008 07:00 AM : 1c1a47b40c23358245aa8d0443b6935e [NoSig]
+-> C:\WINDOWS\system32\dllcache\usbcamd.sys : 25,600 : 04/14/2008 07:00 AM : 1c1a47b40c23358245aa8d0443b6935e [Pos Repl]
* C:\WINDOWS\System32\drivers\usbccgp.sys : 32,384 : 08/08/2013 07:55 PM : 1b611611c28d2df25bc057d79c6f13fc [NoSig]
+-> C:\WINDOWS\$NtUninstallKB2862330$\usbccgp.sys : 32,128 : 04/13/2008 11:15 PM : 173f317ce0db8e21322e71b7e60a27e8 [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\usbccgp.sys : 32,384 : 08/08/2013 07:55 PM : 1b611611c28d2df25bc057d79c6f13fc [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\102823955b46c36a71487909615a4bf0\SP3QFE\usbccgp.sys : 32,384 : 08/08/2013 07:55 PM : 1b611611c28d2df25bc057d79c6f13fc [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\usbccgp.sys : 32,384 : 08/08/2013 07:55 PM : 1b611611c28d2df25bc057d79c6f13fc [Pos Repl]
* C:\WINDOWS\System32\drivers\usbd.sys : 5,376 : 08/08/2013 07:55 PM : 04fe5ef6ed4818ec4839ea5c611a6310 [NoSig]
+-> C:\WINDOWS\$NtUninstallKB2862330$\usbd.sys : 4,736 : 04/14/2008 07:00 AM : 596eb39b50d6ebd9b734dc4ae0544693 [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\usbd.sys : 5,376 : 08/08/2013 07:55 PM : 04fe5ef6ed4818ec4839ea5c611a6310 [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\102823955b46c36a71487909615a4bf0\SP3QFE\usbd.sys : 5,376 : 08/08/2013 07:55 PM : 04fe5ef6ed4818ec4839ea5c611a6310 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\usbd.sys : 5,376 : 08/08/2013 07:55 PM : 04fe5ef6ed4818ec4839ea5c611a6310 [Pos Repl]
* C:\WINDOWS\System32\drivers\usbehci.sys : 30,336 : 03/18/2009 06:02 AM : 4bac8df07f1d8434fc640e677a62204e [NoSig]
+-> C:\WINDOWS\$NtUninstallKB2862330$\usbehci.sys : 30,208 : 04/14/2008 07:00 AM : 65dcf09d0e37d4c6b11b5b0b76d470a7 [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\usbehci.sys : 30,336 : 03/18/2009 06:02 AM : 4bac8df07f1d8434fc640e677a62204e [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\102823955b46c36a71487909615a4bf0\SP3QFE\usbehci.sys : 30,336 : 03/18/2009 06:02 AM : 4bac8df07f1d8434fc640e677a62204e [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\usbehci.sys : 30,336 : 03/18/2009 06:02 AM : 4bac8df07f1d8434fc640e677a62204e [Pos Repl]
* C:\WINDOWS\System32\drivers\usbhub.sys : 59,520 : 04/14/2008 07:00 AM : 1ab3cdde553b6e064d2e754efe20285c [NoSig]
+-> C:\WINDOWS\system32\dllcache\usbhub.sys : 59,520 : 04/14/2008 07:00 AM : 1ab3cdde553b6e064d2e754efe20285c [Pos Repl]
* C:\WINDOWS\System32\drivers\usbintel.sys : 15,872 : 04/14/2008 07:00 AM : 290913dc4f1125e5a82de52579a44c43 [NoSig]
+-> C:\WINDOWS\system32\dllcache\usbintel.sys : 15,872 : 04/14/2008 07:00 AM : 290913dc4f1125e5a82de52579a44c43 [Pos Repl]
* C:\WINDOWS\System32\drivers\usbport.sys : 144,128 : 08/08/2013 07:55 PM : 6df35ca139c3bc15cc74390abb114efe [NoSig]
+-> C:\WINDOWS\$NtUninstallKB2862330$\usbport.sys : 143,872 : 04/14/2008 07:00 AM : 791912e524cc2cc6f50b5f2b52d1eb71 [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\usbport.sys : 144,128 : 08/08/2013 07:55 PM : 6df35ca139c3bc15cc74390abb114efe [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\102823955b46c36a71487909615a4bf0\SP3QFE\usbport.sys : 144,128 : 08/08/2013 07:55 PM : 6df35ca139c3bc15cc74390abb114efe [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\usbport.sys : 144,128 : 08/08/2013 07:55 PM : 6df35ca139c3bc15cc74390abb114efe [Pos Repl]
* C:\WINDOWS\System32\drivers\USBSTOR.sys : 26,368 : 04/14/2008 07:00 AM : a32426d9b14a089eaa1d922e0c5801a9 [NoSig]
+-> C:\WINDOWS\system32\dllcache\usbstor.sys : 26,368 : 04/14/2008 07:00 AM : a32426d9b14a089eaa1d922e0c5801a9 [Pos Repl]
* C:\WINDOWS\System32\drivers\vga.sys : 20,992 : 04/14/2008 07:00 AM : 0d3a8fafceacd8b7625cd549757a7df1 [NoSig]
+-> C:\WINDOWS\system32\dllcache\vga.sys : 20,992 : 04/14/2008 07:00 AM : 0d3a8fafceacd8b7625cd549757a7df1 [Pos Repl]
* C:\WINDOWS\System32\drivers\videoprt.sys : 81,664 : 04/14/2008 07:00 AM : e28726b72c46821a28830e077d39a55b [NoSig]
+-> C:\WINDOWS\system32\dllcache\videoprt.sys : 81,664 : 04/14/2008 07:00 AM : e28726b72c46821a28830e077d39a55b [Pos Repl]
* C:\WINDOWS\System32\drivers\volsnap.sys : 52,352 : 04/14/2008 07:00 AM : 4c8fcb5cc53aab716d810740fe59d025 [NoSig]
+-> C:\WINDOWS\system32\dllcache\volsnap.sys : 52,352 : 04/14/2008 07:00 AM : 4c8fcb5cc53aab716d810740fe59d025 [Pos Repl]
* C:\WINDOWS\System32\drivers\wanarp.sys : 34,560 : 04/14/2008 07:00 AM : e20b95baedb550f32dd489265c1da1f6 [NoSig]
+-> C:\WINDOWS\system32\dllcache\wanarp.sys : 34,560 : 04/14/2008 07:00 AM : e20b95baedb550f32dd489265c1da1f6 [Pos Repl]
* C:\WINDOWS\System32\drivers\wdmaud.sys : 83,072 : 04/14/2008 07:00 AM : 6768acf64b18196494413695f0c3a00f [NoSig]
+-> C:\WINDOWS\system32\dllcache\wdmaud.sys : 83,072 : 04/14/2008 07:00 AM : 6768acf64b18196494413695f0c3a00f [Pos Repl]
* C:\WINDOWS\System32\drivers\wmilib.sys : 4,352 : 04/14/2008 07:00 AM : 2f31b7f954bed437f2c75026c65caf7b [NoSig]
+-> C:\WINDOWS\system32\dllcache\wmilib.sys : 4,352 : 04/14/2008 07:00 AM : 2f31b7f954bed437f2c75026c65caf7b [Pos Repl]
* C:\WINDOWS\System32\drivers\ws2ifsl.sys : 12,032 : 04/14/2008 07:00 AM : 6abe6e225adb5a751622a9cc3bc19ce8 [NoSig]
+-> C:\WINDOWS\system32\dllcache\ws2ifsl.sys : 12,032 : 04/14/2008 07:00 AM : 6abe6e225adb5a751622a9cc3bc19ce8 [Pos Repl]
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 11/21/2013 03:36:45 PM
Execution time: 0 hours(s), 2 minute(s), and 53 seconds(s)
-
okay lots going on...
>could not locate the combo log but I will look again
> taskbar change is back, this time the blue version added a 2nd level, like 2 rows of icons. very weird.
> while svchost was running at 90-100%, I ran Rkill and it listed well over a 100 drivers as unsigned. it ran for much longer period than what it usually takes, (I saved the log-can be posted)
> also ran Junkware-jrt and it found 2 registry entries. previously, JRT has always come up clean.
please tell me if these jrt findings are serious or harmless..?
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Thu 11/21/2013 at 16:16:48.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 11/21/2013 at 16:20:44.26
End of JRT log -
kevin-
machine is quiet, nothing weird going on, looks good in normal mode so far.. combo & mbam logs attached.
ComboFix 13-11-18.01 - RICH 11/20/2013 18:14:38.6.1 - x86 NETWORK
Running from: C:\Documents and Settings\RICH\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\RICH\Desktop\cfscript.txt
FILE ::
"C:\Iexplore.exe.exe"
"c:\windows\\SystemRoot\system32\drivers\DasBoot.SYS"
"c:\windows\\SystemRoot\system32\drivers\DasBootF.SYS"
"c:\windows\\SystemRoot\system32\drivers\PRSBDRVR.SYS"
"c:\windows\System32\Drivers\lswd2yhn.sys"
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.11.20.14
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
RICH :: RICH-BIZ [administrator]
11/20/2013 6:49:07 PMmbam-log-2013-11-20 (18-49-07).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 213770
Time elapsed: 11 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end) -
kevin:
Just a few minutes ago, the gray taskbar issue appeared again preceeded by the svchost.exe running at 100%. UUGGGHH!!!!
I was curious to know if the last combofix scan had any obvious findings on it?
What about a system restore? Can these infections hide/disguise so well that they may go undetected by all the scanners available
on this forum? What are our options at this point? this is soooo frustrating.
Thanks.
-
pretty sure I did that. found it under network adapters, it was a pci modem and I have uninstalled it only to watch it come back... not sure how. Thanks!
-
Hi Kevin:
Pc seems to be working good, all quiet with the taskbar issue for now. But I would like to give it a couple of days to make sure if that's okay? How do I get rid of a "found new hardware" recurring alert at boot-up? It keeps trying to install some pci modem of some kind? Thanks!
-
fresh download, combo fix log/normal mode-
ComboFix 13-11-18.01 - RICH 11/18/2013 21:10:22.5.1 - x86
Running from: c:\documents and settings\RICH\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-10-19 to 2013-11-19 )))))))))))))))))))))))))))))))
.
.
2013-11-14 22:37 . 2013-11-14 22:37 -------- d-sh--w- c:\documents and settings\RICH\PrivacIE
2013-11-14 22:01 . 2013-11-18 07:29 105176 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-14 21:42 . 2013-11-14 21:42 40392 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FEE87E2C-C873-4D68-BDF5-94E530539335}\MpKsla794a8f9.sys
2013-11-13 14:10 . 2013-10-14 06:39 7796464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FEE87E2C-C873-4D68-BDF5-94E530539335}\mpengine.dll
2013-11-13 00:06 . 2013-10-13 07:25 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-11-12 18:29 . 2013-06-12 18:10 31848 ----a-w- c:\windows\system32\drivers\DasPtct.SYS
2013-11-12 18:25 . 2013-11-13 04:49 -------- d-----w- c:\program files\Panda Security
2013-10-31 23:44 . 2013-10-31 23:44 -------- d-----w- C:\FRST
2013-10-31 20:43 . 2013-10-31 20:43 35904 ----a-w- c:\windows\system32\drivers\lswd2yhn.sys
2013-10-31 20:01 . 2013-10-31 20:01 782640 ----a-w- C:\Iexplore.exe.exe
2013-10-28 16:18 . 2013-11-18 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-10-24 15:19 . 2013-10-14 06:39 7796464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-23 01:12 . 2013-10-18 05:11 24064 ----a-w- c:\windows\zoek-delete.exe
2013-10-23 01:08 . 2013-10-23 01:08 -------- d-----w- C:\zoek_backup
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-18 07:25 . 2013-10-04 04:13 47064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-10-31 19:59 . 2013-10-31 19:59 1472131 ----a-w- C:\vba32arkit.zip
2013-10-19 07:33 . 2013-10-19 07:33 30976 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-10-13 07:25 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24 . 2008-04-14 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-10-12 15:56 . 2008-04-14 12:00 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2008-04-14 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2008-04-14 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14 . 2013-04-19 21:58 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-01 23:31 . 2013-10-01 23:32 1207928 ----a-w- c:\program files\rc-installer.exe
2013-09-19 07:54 . 2013-09-19 07:40 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-09-17 15:26 . 2013-09-17 15:26 325960 ----a-w- c:\program files\lua5.1.dll
2013-09-04 03:02 . 2013-07-19 00:22 1966080 ----a-w- c:\program files\Repair_Windows.exe
2013-08-29 01:31 . 2008-04-14 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-04-19 22:40 . 2013-04-19 22:40 11091432 ----a-w- c:\program files\MSEInstall.exe
2013-03-25 03:24 . 2013-03-25 03:24 2483904 ----a-w- c:\program files\Procmon.exe
2011-03-08 17:54 . 2013-07-19 00:22 229376 ----a-w- c:\program files\pcwintech_tabs.ocx
2009-03-24 19:52 . 2013-07-19 00:22 1069376 ----a-w- c:\program files\MSCOMCTL.OCX
2009-03-24 19:52 . 2013-07-19 00:22 136008 ----a-w- c:\program files\msinet.ocx
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-04-12 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\40286280.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\65300409.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"AlcxMonitor"=ALCXMNTR.EXE
"combofix"=c:\combofix\CF2841.3XE /c c:\combofix\Combobatch.bat
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" -hide -runkey
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 DasBoot;Panda AntiMalware Support;c:\windows\\SystemRoot\system32\drivers\DasBoot.SYS [x]
R0 DasBootF;Panda AntiMalware Support MF;c:\windows\\SystemRoot\system32\drivers\DasBootF.SYS [x]
R0 PRSBDRVR;Nemesis Link;c:\windows\\SystemRoot\system32\drivers\PRSBDRVR.SYS [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-10 45288]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-10-19 30976]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-11-18 47064]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2013-11-18 105176]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-11-27 594048]
S0 lswd2yhn;Vba32 Armour Driver;c:\windows\System32\Drivers\lswd2yhn.sys [2013-10-31 35904]
S1 MpKsla794a8f9;MpKsla794a8f9;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FEE87E2C-C873-4D68-BDF5-94E530539335}\MpKsla794a8f9.sys [2013-11-14 40392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2013-04-16 01:09]
.
2013-11-19 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 15:11]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\RICH\Application Data\Mozilla\Firefox\Profiles\ud60wonb.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-18 21:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1024)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-11-18 21:20:41
ComboFix-quarantined-files.txt 2013-11-19 02:20
ComboFix2.txt 2013-11-18 07:19
.
Pre-Run: 93,742,182,400 bytes free
Post-Run: 93,730,934,784 bytes free
.
- - End Of File - - DA98046EA348473320B250C20A2F49A6
8F558EB6672622401DA993E1E865C861
-
kevin:
I followed the steps from #39, made all those changes you requested prior to my last reply. Here is the comb log. Thanks!!
ComboFix 13-11-16.01 - RICH 11/18/2013 2:10.5.1 - x86 NETWORK
Running from: c:\documents and settings\Administrator\desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_qcihrtv
.
.
((((((((((((((((((((((((( Files Created from 2013-10-18 to 2013-11-18 )))))))))))))))))))))))))))))))
.
.
2013-11-14 22:37 . 2013-11-14 22:37 -------- d-sh--w- c:\documents and settings\RICH\PrivacIE
2013-11-14 22:01 . 2013-11-14 22:01 105176 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-14 21:42 . 2013-11-14 21:42 40392 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FEE87E2C-C873-4D68-BDF5-94E530539335}\MpKsla794a8f9.sys
2013-11-13 14:10 . 2013-10-14 06:39 7796464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FEE87E2C-C873-4D68-BDF5-94E530539335}\mpengine.dll
2013-11-13 00:06 . 2013-10-13 07:25 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-11-12 18:29 . 2013-06-12 18:10 31848 ----a-w- c:\windows\system32\drivers\DasPtct.SYS
2013-11-12 18:25 . 2013-11-13 04:49 -------- d-----w- c:\program files\Panda Security
2013-10-31 23:44 . 2013-10-31 23:44 -------- d-----w- C:\FRST
2013-10-31 20:43 . 2013-10-31 20:43 35904 ----a-w- c:\windows\system32\drivers\lswd2yhn.sys
2013-10-31 20:01 . 2013-10-31 20:01 782640 ----a-w- C:\Iexplore.exe.exe
2013-10-28 16:18 . 2013-11-14 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-10-24 15:19 . 2013-10-14 06:39 7796464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-23 01:12 . 2013-10-18 05:11 24064 ----a-w- c:\windows\zoek-delete.exe
2013-10-23 01:08 . 2013-10-23 01:08 -------- d-----w- C:\zoek_backup
2013-10-19 07:33 . 2013-10-19 07:33 30976 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-10-19 07:28 . 2013-10-19 07:28 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-14 22:01 . 2013-10-04 04:13 47064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-10-31 19:59 . 2013-10-31 19:59 1472131 ----a-w- C:\vba32arkit.zip
2013-10-13 07:25 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24 . 2008-04-14 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-10-12 15:56 . 2008-04-14 12:00 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2008-04-14 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2008-04-14 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14 . 2013-04-19 21:58 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-01 23:31 . 2013-10-01 23:32 1207928 ----a-w- c:\program files\rc-installer.exe
2013-09-19 07:54 . 2013-09-19 07:40 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-09-17 15:26 . 2013-09-17 15:26 325960 ----a-w- c:\program files\lua5.1.dll
2013-09-04 03:02 . 2013-07-19 00:22 1966080 ----a-w- c:\program files\Repair_Windows.exe
2013-08-29 01:31 . 2008-04-14 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-04-19 22:40 . 2013-04-19 22:40 11091432 ----a-w- c:\program files\MSEInstall.exe
2013-03-25 03:24 . 2013-03-25 03:24 2483904 ----a-w- c:\program files\Procmon.exe
2011-03-08 17:54 . 2013-07-19 00:22 229376 ----a-w- c:\program files\pcwintech_tabs.ocx
2009-03-24 19:52 . 2013-07-19 00:22 1069376 ----a-w- c:\program files\MSCOMCTL.OCX
2009-03-24 19:52 . 2013-07-19 00:22 136008 ----a-w- c:\program files\msinet.ocx
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-04-12 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\40286280.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\65300409.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"AlcxMonitor"=ALCXMNTR.EXE
"combofix"=c:\combofix\CF2841.3XE /c c:\combofix\Combobatch.bat
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" -hide -runkey
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 DasBoot;Panda AntiMalware Support;c:\windows\\SystemRoot\system32\drivers\DasBoot.SYS [x]
R0 DasBootF;Panda AntiMalware Support MF;c:\windows\\SystemRoot\system32\drivers\DasBootF.SYS [x]
R0 PRSBDRVR;Nemesis Link;c:\windows\\SystemRoot\system32\drivers\PRSBDRVR.SYS [x]
R1 MpKsla794a8f9;MpKsla794a8f9;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FEE87E2C-C873-4D68-BDF5-94E530539335}\MpKsla794a8f9.sys [2013-11-14 40392]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-10 45288]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-10-19 30976]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-11-14 47064]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-11-27 594048]
S0 lswd2yhn;Vba32 Armour Driver;c:\windows\System32\Drivers\lswd2yhn.sys [2013-10-31 35904]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2013-04-16 01:09]
.
2013-11-18 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 15:11]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\RICH\Application Data\Mozilla\Firefox\Profiles\ud60wonb.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-18 02:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(540)
c:\windows\system32\WININET.dll
.
Completion time: 2013-11-18 02:19:17
ComboFix-quarantined-files.txt 2013-11-18 07:19
ComboFix2.txt 2013-10-23 17:28
.
Pre-Run: 93,735,489,536 bytes free
Post-Run: 93,736,230,912 bytes free
.
- - End Of File - - A231F0EA2F9322BBFCA011F0F7F37137
8F558EB6672622401DA993E1E865C861
-
Kevin:
Sorry for the delay but there was an issue with the reply button on here. So I thought we had finally won the battle but earlier today the svchost.exe returned, ran at 100% and instantly the taskbar did its usual color change routine. After that I ran Rougue killer and sure enough the same entries I deleted previously had returned, (text in red). How serious are these registry changes?
Are these returning entries a sure sign that there is some type of infection? Thanks for your patience.
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.11.12.14
Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: RICH-BIZ [administrator]
11/12/2013 5:12:49 PM
mbam-log-2013-11-12 (17-12-49).txt
Scan type: Full scan (C:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 245830
Time elapsed: 53 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User : Administrator [Admin rights]
Mode : Scan -- Date : 11/14/2013 17:59:12
| ARK || FAK || MBR |
¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH][DLL] explorer.exe -- C:\Documents and Settings\Administrator\Desktop\zebranMalwarebytes' Anti-Malware\mbamext.dll [x] -> UNLOADED
¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\RunOnce : (A0) (cmd /c "C:\Documents and Settings\RICH\desktop\mbar\mbar.exe" /rdv /s [7]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x2] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG SP1604N +++++
--- User ---
[MBR] 9c24779718baa28a177f1792c868d0f9
[bSP] 85f5c2091b2e329b4ea8d90f28511751 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 50225 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 102861360 | Size: 102399 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_S_11142013_175912.txt >>
-
tdss log was unusually long-part 2.
11:59:24.0562 0x0590 ViaIde - ok
11:59:24.0609 0x0590 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:59:24.0765 0x0590 VolSnap - ok
11:59:24.0906 0x0590 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
11:59:25.0015 0x0590 VSS - ok
11:59:25.0125 0x0590 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\system32\w32time.dll
11:59:25.0265 0x0590 W32Time - ok
11:59:25.0296 0x0590 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:59:25.0421 0x0590 Wanarp - ok
11:59:25.0640 0x0590 [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
11:59:25.0750 0x0590 Wdf01000 - ok
11:59:25.0765 0x0590 WDICA - ok
11:59:25.0828 0x0590 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:59:25.0984 0x0590 wdmaud - ok
11:59:26.0062 0x0590 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
11:59:26.0218 0x0590 WebClient - ok
11:59:26.0359 0x0590 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:59:26.0484 0x0590 winmgmt - ok
11:59:26.0562 0x0590 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:59:26.0578 0x0590 WmdmPmSN - ok
11:59:26.0671 0x0590 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:59:26.0828 0x0590 WmiApSrv - ok
11:59:27.0234 0x0590 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
11:59:27.0515 0x0590 WMPNetworkSvc - ok
11:59:27.0562 0x0590 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:59:27.0703 0x0590 WS2IFSL - ok
11:59:27.0765 0x0590 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:59:27.0890 0x0590 wscsvc - ok
11:59:27.0953 0x0590 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:59:28.0093 0x0590 wuauserv - ok
11:59:28.0156 0x0590 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:59:28.0171 0x0590 WudfPf - ok
11:59:28.0234 0x0590 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:59:28.0250 0x0590 WudfRd - ok
11:59:28.0296 0x0590 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:59:28.0328 0x0590 WudfSvc - ok
11:59:28.0562 0x0590 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:59:28.0781 0x0590 WZCSVC - ok
11:59:28.0875 0x0590 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:59:29.0031 0x0590 xmlprov - ok
11:59:29.0109 0x0590 ================ Scan global ===============================
11:59:29.0156 0x0590 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
11:59:29.0296 0x0590 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
11:59:29.0437 0x0590 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
11:59:29.0500 0x0590 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
11:59:29.0500 0x0590 [ Global ] - ok
11:59:29.0500 0x0590 ================ Scan MBR ==================================
11:59:29.0546 0x0590 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:59:29.0968 0x0590 \Device\Harddisk0\DR0 - ok
11:59:29.0968 0x0590 ================ Scan VBR ==================================
11:59:30.0031 0x0590 [ C1CE2C6DD1F09FD1A59EBE5FB39F004E ] \Device\Harddisk0\DR0\Partition1
11:59:30.0031 0x0590 \Device\Harddisk0\DR0\Partition1 - ok
11:59:30.0046 0x0590 [ 8A849E41DA83B97D28AC9D0D0509E4AC ] \Device\Harddisk0\DR0\Partition2
11:59:30.0046 0x0590 \Device\Harddisk0\DR0\Partition2 - ok
11:59:30.0062 0x0590 ================ Scan active images ========================
11:59:30.0062 0x0590 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] C:\WINDOWS\system32\drivers\imapi.sys
11:59:30.0062 0x0590 C:\WINDOWS\system32\drivers\imapi.sys - ok
11:59:30.0093 0x0590 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] C:\WINDOWS\system32\drivers\cdrom.sys
11:59:30.0093 0x0590 C:\WINDOWS\system32\drivers\cdrom.sys - ok
11:59:30.0109 0x0590 [ 0753515F78DF7F271A5E61C20BCD36A1, A8D600CD0C592DFB875DE2D4F1AEDB207B80A43CF724051B6552BB6E539E9AFC ] C:\WINDOWS\system32\drivers\ks.sys
11:59:30.0109 0x0590 C:\WINDOWS\system32\drivers\ks.sys - ok
11:59:30.0125 0x0590 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] C:\WINDOWS\system32\drivers\redbook.sys
11:59:30.0125 0x0590 C:\WINDOWS\system32\drivers\redbook.sys - ok
11:59:30.0140 0x0590 [ 791912E524CC2CC6F50B5F2B52D1EB71, 2B269372E5B39B03089F781CC69AE519D1C840A80ADBE15EA3787FBCDE97F1A8 ] C:\WINDOWS\system32\drivers\usbport.sys
11:59:30.0140 0x0590 C:\WINDOWS\system32\drivers\usbport.sys - ok
11:59:30.0156 0x0590 [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] C:\WINDOWS\system32\drivers\usbohci.sys
11:59:30.0156 0x0590 C:\WINDOWS\system32\drivers\usbohci.sys - ok
11:59:30.0171 0x0590 [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] C:\WINDOWS\system32\drivers\usbehci.sys
11:59:30.0171 0x0590 C:\WINDOWS\system32\drivers\usbehci.sys - ok
11:59:30.0187 0x0590 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] C:\WINDOWS\system32\drivers\i8042prt.sys
11:59:30.0187 0x0590 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
11:59:30.0218 0x0590 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] C:\WINDOWS\system32\drivers\mouclass.sys
11:59:30.0218 0x0590 C:\WINDOWS\system32\drivers\mouclass.sys - ok
11:59:30.0234 0x0590 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] C:\WINDOWS\system32\drivers\kbdclass.sys
11:59:30.0234 0x0590 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
11:59:30.0250 0x0590 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] C:\WINDOWS\system32\drivers\termdd.sys
11:59:30.0250 0x0590 C:\WINDOWS\system32\drivers\termdd.sys - ok
11:59:30.0265 0x0590 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] C:\WINDOWS\system32\drivers\swenum.sys
11:59:30.0265 0x0590 C:\WINDOWS\system32\drivers\swenum.sys - ok
11:59:30.0281 0x0590 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] C:\WINDOWS\system32\drivers\update.sys
11:59:30.0281 0x0590 C:\WINDOWS\system32\drivers\update.sys - ok
11:59:30.0296 0x0590 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] C:\WINDOWS\system32\drivers\mssmbios.sys
11:59:30.0296 0x0590 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
11:59:30.0312 0x0590 [ 596EB39B50D6EBD9B734DC4AE0544693, EFCA2CFFFB8467BAC63F5174F125FEEFFA1F29491285C5BF99B3A2B2A6A25934 ] C:\WINDOWS\system32\drivers\usbd.sys
11:59:30.0312 0x0590 C:\WINDOWS\system32\drivers\usbd.sys - ok
11:59:30.0328 0x0590 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] C:\WINDOWS\system32\drivers\usbhub.sys
11:59:30.0328 0x0590 C:\WINDOWS\system32\drivers\usbhub.sys - ok
11:59:30.0343 0x0590 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] C:\WINDOWS\system32\drivers\fdc.sys
11:59:30.0343 0x0590 C:\WINDOWS\system32\drivers\fdc.sys - ok
11:59:30.0359 0x0590 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] C:\WINDOWS\system32\drivers\flpydisk.sys
11:59:30.0359 0x0590 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
11:59:30.0375 0x0590 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] C:\WINDOWS\system32\drivers\sfloppy.sys
11:59:30.0375 0x0590 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
11:59:30.0406 0x0590 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] C:\WINDOWS\system32\drivers\cdaudio.sys
11:59:30.0406 0x0590 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
11:59:30.0421 0x0590 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] C:\WINDOWS\system32\drivers\fs_rec.sys
11:59:30.0421 0x0590 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
11:59:30.0437 0x0590 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] C:\WINDOWS\system32\drivers\beep.sys
11:59:30.0437 0x0590 C:\WINDOWS\system32\drivers\beep.sys - ok
11:59:30.0453 0x0590 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] C:\WINDOWS\system32\drivers\null.sys
11:59:30.0453 0x0590 C:\WINDOWS\system32\drivers\null.sys - ok
11:59:30.0468 0x0590 [ E28726B72C46821A28830E077D39A55B, 66BE8A1055544C8CEBB7125726C1C306A026F3A1764589FCDDF3792076AF891F ] C:\WINDOWS\system32\drivers\videoprt.sys
11:59:30.0468 0x0590 C:\WINDOWS\system32\drivers\videoprt.sys - ok
11:59:30.0500 0x0590 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] C:\WINDOWS\system32\drivers\vga.sys
11:59:30.0500 0x0590 C:\WINDOWS\system32\drivers\vga.sys - ok
11:59:30.0515 0x0590 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] C:\WINDOWS\system32\drivers\msfs.sys
11:59:30.0515 0x0590 C:\WINDOWS\system32\drivers\msfs.sys - ok
11:59:30.0531 0x0590 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] C:\WINDOWS\system32\drivers\npfs.sys
11:59:30.0531 0x0590 C:\WINDOWS\system32\drivers\npfs.sys - ok
11:59:30.0546 0x0590 [ 5F816C1F539266D2D4C78694239DA0B5, 10BFCCF4EFFC3813A563D528DC5464827BEF10AE21D6B9C1138930228E7047D1 ] C:\WINDOWS\system32\smss.exe
11:59:30.0546 0x0590 C:\WINDOWS\system32\smss.exe - ok
11:59:30.0562 0x0590 [ F8F0D25CA553E39DDE485D8FC7FCCE89, 54DF909101AAEC63234A5C33B51D6689FEF58B943942BFFA9606864F43EC1085 ] C:\WINDOWS\system32\ntdll.dll
11:59:30.0562 0x0590 C:\WINDOWS\system32\ntdll.dll - ok
11:59:30.0578 0x0590 [ 23043C91A0F9DFB4B9E9F87B680863B4, 318A6F6DB4A1EDE7D3758E324350EA852449ABD2A7BB77004FBC403CF9FFB08B ] C:\WINDOWS\system32\autochk.exe
11:59:30.0578 0x0590 C:\WINDOWS\system32\autochk.exe - ok
11:59:30.0593 0x0590 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] C:\WINDOWS\system32\drivers\usbstor.sys
11:59:30.0593 0x0590 C:\WINDOWS\system32\drivers\usbstor.sys - ok
11:59:30.0609 0x0590 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] C:\WINDOWS\system32\drivers\usbprint.sys
11:59:30.0609 0x0590 C:\WINDOWS\system32\drivers\usbprint.sys - ok
11:59:30.0625 0x0590 [ 9DD07AF82244867CA36681EA2D29CE79, 84926A50CB38C322D1CDFD4C0D5F8FFE3B2EF3080B3401F5D5AE8CBD0A719685 ] C:\WINDOWS\system32\sfcfiles.dll
11:59:30.0625 0x0590 C:\WINDOWS\system32\sfcfiles.dll - ok
11:59:30.0640 0x0590 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] C:\WINDOWS\system32\drivers\cdfs.sys
11:59:30.0640 0x0590 C:\WINDOWS\system32\drivers\cdfs.sys - ok
11:59:30.0656 0x0590 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] C:\WINDOWS\system32\drivers\atapi.sys
11:59:30.0656 0x0590 C:\WINDOWS\system32\drivers\atapi.sys - ok
11:59:30.0687 0x0590 [ 2F31B7F954BED437F2C75026C65CAF7B, 1F8D6CBB01AD403BC89D1E987012E2F63CDFD9C49F402F358B64B31C13E4DD14 ] C:\WINDOWS\system32\drivers\wmilib.sys
11:59:30.0687 0x0590 C:\WINDOWS\system32\drivers\wmilib.sys - ok
11:59:30.0703 0x0590 [ FE97D0343ACFDEBDD578FC67CC91FA87, FE26FBA13079189EF96A1C994036EA472A4BF34FA14C163C693AD481BF31E676 ] C:\WINDOWS\system32\drivers\dxapi.sys
11:59:30.0703 0x0590 C:\WINDOWS\system32\drivers\dxapi.sys - ok
11:59:30.0718 0x0590 [ 9A10AACBFDC4922715375FB4065EC930, E407953587C04F75DDB163420A5121FF520D31F74753D452E316042C42D360CF ] C:\WINDOWS\system32\watchdog.sys
11:59:30.0718 0x0590 C:\WINDOWS\system32\watchdog.sys - ok
11:59:30.0734 0x0590 [ FC8A1F72A8097910A11D5184BC3F887B, 7641BB8816469678F822C5CB62337EC190F86363F05643BADDC802965FF6BB86 ] C:\WINDOWS\system32\win32k.sys
11:59:30.0734 0x0590 C:\WINDOWS\system32\win32k.sys - ok
11:59:30.0750 0x0590 [ 44F275C64738EA2056E3D9580C23B60F, 5D4B7306E71A44440E7F0B32A373AEC120C01B69F87756589E39EB85C40CD742 ] C:\WINDOWS\system32\csrss.exe
11:59:30.0750 0x0590 C:\WINDOWS\system32\csrss.exe - ok
11:59:30.0765 0x0590 [ DD40363ABAD230A84C5E2178B11EFA88, E4B406C0B10686CF245EC0053A03424CE1FB8AC7FB3545525F13BB3BC5086FF1 ] C:\WINDOWS\system32\csrsrv.dll
11:59:30.0765 0x0590 C:\WINDOWS\system32\csrsrv.dll - ok
11:59:30.0796 0x0590 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
11:59:30.0796 0x0590 C:\WINDOWS\system32\basesrv.dll - ok
11:59:30.0812 0x0590 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
11:59:30.0812 0x0590 C:\WINDOWS\system32\winsrv.dll - ok
11:59:30.0828 0x0590 [ 8B1F3320AEBB536E021A5014409862DE, AF87414100C16882B5CB6852C94205EC646A42B2616C5EC8AD5010611427FAF1 ] C:\WINDOWS\system32\gdi32.dll
11:59:30.0828 0x0590 C:\WINDOWS\system32\gdi32.dll - ok
11:59:30.0843 0x0590 [ 6FE42512AB1B89F32A7407F261B1D2D0, 30DCC1044BCC7108087462E173707DC8D947C4F37281686A79D3D40273901878 ] C:\WINDOWS\system32\kernel32.dll
11:59:30.0843 0x0590 C:\WINDOWS\system32\kernel32.dll - ok
11:59:30.0859 0x0590 [ B26B135FF1B9F60C9388B4A7D16F600B, ACD0AE7B4D5F871E148276C6CC4AE3A216E33F67FC78D827C16986E1F945438C ] C:\WINDOWS\system32\user32.dll
11:59:30.0859 0x0590 C:\WINDOWS\system32\user32.dll - ok
11:59:30.0875 0x0590 [ 012DF358CEBAA23ACB26D82077820817, FEDD177BD4F0EB589E23AEE20FA9492FA4824478B34B46377C43E3A12F8A96D8 ] C:\WINDOWS\system32\lpk.dll
11:59:30.0875 0x0590 C:\WINDOWS\system32\lpk.dll - ok
11:59:30.0890 0x0590 [ 9E03DC5AB51CFD0190541CE2038D819D, 55DA924168C44F33FEA38E84DF66ED285C7F2C226E6D70CAAA3A305D6014173C ] C:\WINDOWS\system32\usp10.dll
11:59:30.0890 0x0590 C:\WINDOWS\system32\usp10.dll - ok
11:59:30.0906 0x0590 [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] C:\WINDOWS\system32\advapi32.dll
11:59:30.0906 0x0590 C:\WINDOWS\system32\advapi32.dll - ok
11:59:30.0921 0x0590 [ D4502F124289A31976130CCCB014C9AA, 54A54C5CAA73F4B872AE04B984EFD65F812AED1461C8B3D543413502C92C42AD ] C:\WINDOWS\system32\rpcrt4.dll
11:59:30.0921 0x0590 C:\WINDOWS\system32\rpcrt4.dll - ok
11:59:30.0937 0x0590 [ 5357826C8A8DD6A07F17C48BB45BE46E, E081B04F8C8A31951A0ADEC889E6CA4DEED5FF738446D5A5614B11B113000BCA ] C:\WINDOWS\system32\secur32.dll
11:59:30.0937 0x0590 C:\WINDOWS\system32\secur32.dll - ok
11:59:30.0953 0x0590 [ AC7280566A7BB85CB3291F04DDC1198E, 7640BC4C28B5D5167A10C4B0DA0FC8C7A255334D4BA11FD3E28A697A5B58583C ] C:\WINDOWS\system32\drivers\dxg.sys
11:59:30.0953 0x0590 C:\WINDOWS\system32\drivers\dxg.sys - ok
11:59:30.0984 0x0590 [ A73F5D6705B1D820C19B18782E176EFD, C36486504C3A596FDCA487143F6D3B43C0BEE01321F6F1F3071976556533C419 ] C:\WINDOWS\system32\drivers\dxgthk.sys
11:59:30.0984 0x0590 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
11:59:31.0000 0x0590 [ ECB7591870F8BFB1A4C17B718AD5A4AA, 67E8D218F107F78F9C62999F560E47AEC799E4B4DC4AB3EBC0DC61670BFE3E3D ] C:\WINDOWS\system32\vga.dll
11:59:31.0000 0x0590 C:\WINDOWS\system32\vga.dll - ok
11:59:31.0015 0x0590 [ C669A8B0A436641AAD3C2EADA780CBB9, A2D8154A31D8AD00E4BC70C9C1E138D7D8820D7A5C0A1CF33A4745E933797525 ] C:\WINDOWS\system32\framebuf.dll
11:59:31.0015 0x0590 C:\WINDOWS\system32\framebuf.dll - ok
11:59:31.0046 0x0590 [ 1FB5E4AD68B9091148D2A28CF6831D77, 8ABF5F65F8509C633C24856C808854AE1AC8870A98B3DDBF9ED98B7D3CA48383 ] C:\WINDOWS\system32\vga256.dll
11:59:31.0046 0x0590 C:\WINDOWS\system32\vga256.dll - ok
11:59:31.0062 0x0590 [ D5A9D4E5DFD788A5F427DEC60A278FBD, 2E4F11FC9AC6761EA6D044E40A382B226C0E2B119416DD2B78D3B4B067983484 ] C:\WINDOWS\system32\vga64k.dll
11:59:31.0062 0x0590 C:\WINDOWS\system32\vga64k.dll - ok
11:59:31.0078 0x0590 [ ED0EF0A136DEC83DF69F04118870003E, 45377CB8E9F0120F836FC8261C711F7DBF7199117AFB3652EBF100D5F0429B1E ] C:\WINDOWS\system32\winlogon.exe
11:59:31.0078 0x0590 C:\WINDOWS\system32\winlogon.exe - ok
11:59:31.0093 0x0590 [ 714705F29A917993536A6AB2DEDB0B7F, 5C3EA97044A7AF8027000DFA40901C0097EC935A7149C0A46AA2C6A2F9FD6CC1 ] C:\WINDOWS\system32\authz.dll
11:59:31.0093 0x0590 C:\WINDOWS\system32\authz.dll - ok
11:59:31.0109 0x0590 [ 355EDBB4D412B01F1740C17E3F50FA00, 8619D345C864CD8EA704EFAA0A391F5F31AA56BB6D30F62FC60F465873CC1BF9 ] C:\WINDOWS\system32\msvcrt.dll
11:59:31.0109 0x0590 C:\WINDOWS\system32\msvcrt.dll - ok
11:59:31.0125 0x0590 [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1, EA90CA8DC82F2273B4CD8F8C3B7C5AB9856AE0E8B5AC0CA2604776CDC9FE40B2 ] C:\WINDOWS\system32\crypt32.dll
11:59:31.0125 0x0590 C:\WINDOWS\system32\crypt32.dll - ok
11:59:31.0140 0x0590 [ 04D898830DF96A17A20FD35D7590F87E, 09C75D1D434FF6BBE9B3F5E0A8E63944ACB34E364C4A89676DED2204DBD1AEF5 ] C:\WINDOWS\system32\msasn1.dll
11:59:31.0140 0x0590 C:\WINDOWS\system32\msasn1.dll - ok
11:59:31.0156 0x0590 [ 013C1148C1EC025596896E093F60F608, E19D20E0852372ED7DA66939E995F8F7ECC52ED5B650E8B833944788C0A34F61 ] C:\WINDOWS\system32\nddeapi.dll
11:59:31.0156 0x0590 C:\WINDOWS\system32\nddeapi.dll - ok
11:59:31.0171 0x0590 [ FCFA1C55971CC229D353B3A15ACCD995, 6C21D6EAD676AF8C100666261CE7AA5AA86671883B78092AD61008234C96BBBA ] C:\WINDOWS\system32\profmap.dll
11:59:31.0171 0x0590 C:\WINDOWS\system32\profmap.dll - ok
11:59:31.0187 0x0590 [ CAC752BF84DB4666ED3CE0948E6EA937, C84F9D57C076DE6ACC1720B66147D0CA963C65714593FAFD7FB1FE1F01CC464B ] C:\WINDOWS\system32\netapi32.dll
11:59:31.0187 0x0590 C:\WINDOWS\system32\netapi32.dll - ok
11:59:31.0203 0x0590 [ 43D13C80EBEC0135A3611E0F616F179B, 9C5409ECBD2C3B89C80F0A59B96220178E790A7D78967C6281D56EB1965E9ECD ] C:\WINDOWS\system32\userenv.dll
11:59:31.0203 0x0590 C:\WINDOWS\system32\userenv.dll - ok
11:59:31.0234 0x0590 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31, CC0A76B55B38183B8C6141C290D1858A9D118333C804784AB305FE76A0FCE775 ] C:\WINDOWS\system32\psapi.dll
11:59:31.0234 0x0590 C:\WINDOWS\system32\psapi.dll - ok
11:59:31.0250 0x0590 [ AF11C591F2F4AFF4A6CF699D376F618B, B61C0D1944D5D8F536AB5422017C99773BD89EA59784969E4F8F269BF9EF57C3 ] C:\WINDOWS\system32\regapi.dll
11:59:31.0250 0x0590 C:\WINDOWS\system32\regapi.dll - ok
11:59:31.0265 0x0590 [ 24192246760E0E64435522E246B1D6C2, B1C5A16A73250DEA900FF6ECE71F604E2411B4FDFD497564BEB7D867A75640BF ] C:\WINDOWS\system32\setupapi.dll
11:59:31.0265 0x0590 C:\WINDOWS\system32\setupapi.dll - ok
11:59:31.0281 0x0590 [ C7CE131408739B0B3A318BE2D0032719, CAEEED45F6BAB22F611B2200DC91E68426F169F5646247893CF3AC7EFDDD07B8 ] C:\WINDOWS\system32\version.dll
11:59:31.0281 0x0590 C:\WINDOWS\system32\version.dll - ok
11:59:31.0296 0x0590 [ 430CEB794F6E6EF8AC86958C242366D6, 48066566EDC18654095EAD7F4449CD42B44AD758465A6B36A42B489F32C7E64B ] C:\WINDOWS\system32\winsta.dll
11:59:31.0296 0x0590 C:\WINDOWS\system32\winsta.dll - ok
11:59:31.0312 0x0590 [ D458B738B4C2CE33174CFB2CE12412DB, C8FCA4B1BE8358B1F14BB25F39899A18804133544701DFCF40E8782C2487C912 ] C:\WINDOWS\system32\wintrust.dll
11:59:31.0312 0x0590 C:\WINDOWS\system32\wintrust.dll - ok
11:59:31.0328 0x0590 [ FFC01A72D1C25CCB39F61B202CE60819, 31A5C01E30B064BDBD378AF691DB99F6AA33A639C086ADC6C8408C3CB171C990 ] C:\WINDOWS\system32\imagehlp.dll
11:59:31.0328 0x0590 C:\WINDOWS\system32\imagehlp.dll - ok
11:59:31.0343 0x0590 [ 2CCC474EB85CEAA3E1FA1726580A3E5A, 6E99D2FB4997E54E8B1B7D769CF2C0FAE296A6441DC39984850EA26BFEB7E500 ] C:\WINDOWS\system32\ws2_32.dll
11:59:31.0343 0x0590 C:\WINDOWS\system32\ws2_32.dll - ok
11:59:31.0359 0x0590 [ 9789E95E1D88EEB4B922BF3EA7779C28, 2D17FD78E71BDB5D51B69DE6B36D7481A7AA3C61EA7636CD71638AF501883A91 ] C:\WINDOWS\system32\ws2help.dll
11:59:31.0359 0x0590 C:\WINDOWS\system32\ws2help.dll - ok
11:59:31.0390 0x0590 [ 0DA85218E92526972A821587E6A8BF8F, 9377F61D4B10974D5962E03F54BB89C8F804883245D61C670E51228AFE4559EB ] C:\WINDOWS\system32\imm32.dll
11:59:31.0390 0x0590 C:\WINDOWS\system32\imm32.dll - ok
11:59:31.0406 0x0590 [ 56C5B179FE3308B655EB6208C3256FEC, C70BCE54E5DF47D37C835804EAAEC7C06C1A226EFA2003226BE290D1D552126F ] C:\WINDOWS\system32\kbdus.dll
11:59:31.0406 0x0590 C:\WINDOWS\system32\kbdus.dll - ok
11:59:31.0421 0x0590 [ D7B7A57C0E57C836F18CF12A4C62A1CA, 651B16027B4F4B0ED2F827E32B7E66188CDB023DB8C7B1A9A1A44063FB35B9DE ] C:\WINDOWS\system32\msgina.dll
11:59:31.0421 0x0590 C:\WINDOWS\system32\msgina.dll - ok
11:59:31.0437 0x0590 [ 93AFB83FBC1F9443CAC722FCA63D73BF, 853C4A03A153F232E5CAF219F7FD732CB82CB62171F077DE737B32169F7832AB ] C:\WINDOWS\system32\comctl32.dll
11:59:31.0437 0x0590 C:\WINDOWS\system32\comctl32.dll - ok
11:59:31.0453 0x0590 [ 40B0F98BAD16AD5DEF894E88C3EF8014, 916B7BFC23BB5A3F757160BCF2013A8260D9382EFDE6AADAFC4D297828C71003 ] C:\WINDOWS\system32\odbc32.dll
11:59:31.0453 0x0590 C:\WINDOWS\system32\odbc32.dll - ok
11:59:31.0468 0x0590 [ 86987A5000DFA3EBE2275C0456BCF2FE, 31B699E8FD11DD59ADBAE56650C1B7AE80484091B3B6D9015A95F590E2C3EB05 ] C:\WINDOWS\system32\comdlg32.dll
11:59:31.0468 0x0590 C:\WINDOWS\system32\comdlg32.dll - ok
11:59:31.0500 0x0590 [ 6843D54BC4A40CC8C5741AF750233D10, D998B54B7D23A986DD14D8BC56169A10EE43267F4F1914FBDD55B6B028993FAC ] C:\WINDOWS\system32\shell32.dll
11:59:31.0500 0x0590 C:\WINDOWS\system32\shell32.dll - ok
11:59:31.0515 0x0590 [ C448A248B743F5FB935C787A5D97268B, 26E88FF449F938B218FAED6D8F3F095577216A29D656D17ACEA7F6C16E638BED ] C:\WINDOWS\system32\shlwapi.dll
11:59:31.0515 0x0590 C:\WINDOWS\system32\shlwapi.dll - ok
11:59:31.0531 0x0590 [ 694503348B586E99D56C0E30AB5B3EF8, 53A0C2604574058F1520D8F0805F1247B15BB0E00A5B5BAFE027C702D55E5076 ] C:\WINDOWS\system32\sxs.dll
11:59:31.0531 0x0590 C:\WINDOWS\system32\sxs.dll - ok
11:59:31.0546 0x0590 [ 736B12B725AEB2B07F0241A9F680CB10, 9EF1406CAEE256117DA8C8904BCB20FB8F9421F02F812B4DC2CE1F16D2B315F2 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
11:59:31.0546 0x0590 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
11:59:31.0562 0x0590 [ 6B7C6B32F8E84D56C6260D684019FEA2, A10B4D413452D95B6B4087838F2FCE0B9F42D8C0CBE7A91DC080AE1163FB6D1A ] C:\WINDOWS\system32\odbcint.dll
11:59:31.0562 0x0590 C:\WINDOWS\system32\odbcint.dll - ok
11:59:31.0578 0x0590 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] C:\WINDOWS\system32\shsvcs.dll
11:59:31.0578 0x0590 C:\WINDOWS\system32\shsvcs.dll - ok
11:59:31.0593 0x0590 [ 96E1C926F22EE1BFBAE82901A35F6BF3, 95568F138216FFADCFC4BAE8A12825FFE53F2EA04C5CAC2AD10F65FC0C4E3CDB ] C:\WINDOWS\system32\sfc.dll
11:59:31.0593 0x0590 C:\WINDOWS\system32\sfc.dll - ok
11:59:31.0609 0x0590 [ 6B5DB6789177A4FD0DEBC248041D0739, 3E3239C3613CCBB9EE2539D78BC745ED19134E1D3BED88C3D5273796FA2507DA ] C:\WINDOWS\system32\sfc_os.dll
11:59:31.0609 0x0590 C:\WINDOWS\system32\sfc_os.dll - ok
11:59:31.0625 0x0590 [ 6BAD1BED9872E62049E487FB91AE2F3A, 0DBB7EA88CAEDA3471AC0437B62F61B769A8C4345874072CE10CCD2C52649F98 ] C:\WINDOWS\system32\ole32.dll
11:59:31.0625 0x0590 C:\WINDOWS\system32\ole32.dll - ok
11:59:31.0640 0x0590 [ CF492D7E9AF1C628B3536D20EF6F5CC7, 3D7A5A5D6B804C0A3F3E7256B3AC19397567700271CABCD7C4C8B51565958BC8 ] C:\WINDOWS\system32\apphelp.dll
11:59:31.0640 0x0590 C:\WINDOWS\system32\apphelp.dll - ok
11:59:31.0656 0x0590 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
11:59:31.0656 0x0590 C:\WINDOWS\system32\services.exe - ok
11:59:31.0671 0x0590 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] C:\WINDOWS\system32\lsass.exe
11:59:31.0671 0x0590 C:\WINDOWS\system32\lsass.exe - ok
11:59:31.0703 0x0590 [ EC29A79F1E76DC509E24D401F29D0678, 2CECCD7CE806152F6DD1A6812C7DAEC46FB197E63D14414808D713C829EE4260 ] C:\WINDOWS\system32\ncobjapi.dll
11:59:31.0703 0x0590 C:\WINDOWS\system32\ncobjapi.dll - ok
11:59:31.0718 0x0590 [ BD31DC6DBE9333C4FBD4BDF0899F2160, 545D83178CCD74C68B72C607201EF9E1C8A5FC26A08288F8D3A77106964D1034 ] C:\WINDOWS\system32\lsasrv.dll
11:59:31.0718 0x0590 C:\WINDOWS\system32\lsasrv.dll - ok
11:59:31.0734 0x0590 [ F404830F3CD9BF8F2515E489C0CDA297, 4FFFBBDD04B82623983B8B51E52E113EBF0E32E8328BFD3754B7A299E5673569 ] C:\WINDOWS\system32\msvcp60.dll
11:59:31.0734 0x0590 C:\WINDOWS\system32\msvcp60.dll - ok
11:59:31.0750 0x0590 [ B24A42A413E694AD73FDFB7FBD492C31, 52411B5C714ED7FCFF3A120980EB75BF5A64E022303D3E717048E0E44F604AC0 ] C:\WINDOWS\system32\scesrv.dll
11:59:31.0750 0x0590 C:\WINDOWS\system32\scesrv.dll - ok
11:59:31.0765 0x0590 [ DD7BD97FB8BD800963789158A5E4B41D, 4C265CB9AC1B8C398E625C1775A5AADD8A030D158B557E24F90CA57C0253FF0D ] C:\WINDOWS\system32\mpr.dll
11:59:31.0765 0x0590 C:\WINDOWS\system32\mpr.dll - ok
11:59:31.0781 0x0590 [ EC4C0D9BFD9F7E33F8B395AD54E13063, 18E60FF334376604F213F3323FAB81F392493496C6CA809FAD66BB8B0EEB3396 ] C:\WINDOWS\system32\ntdsapi.dll
11:59:31.0781 0x0590 C:\WINDOWS\system32\ntdsapi.dll - ok
11:59:31.0812 0x0590 [ 2EDFC2A8893435723AD80481803C6D5C, CD547E4749EE6466FD4F50CF2EAD37AD993C6BC89068BD51726869D5ADB2AF8E ] C:\WINDOWS\system32\umpnpmgr.dll
11:59:31.0812 0x0590 C:\WINDOWS\system32\umpnpmgr.dll - ok
11:59:31.0828 0x0590 [ 389496118B3B03C2328024AF320132AC, 11F85CA49596CE12B1F80B5BC059B6F5549FC09A43E2C47841A688F2ACEBB8B8 ] C:\WINDOWS\system32\dnsapi.dll
11:59:31.0828 0x0590 C:\WINDOWS\system32\dnsapi.dll - ok
11:59:31.0843 0x0590 [ 1F03103598BD817B1078DAB1326DDE11, 0F0D19E67E25E9D2113920166B7326B46BACD22BA08476EC91D9C564AFC1FAF3 ] C:\WINDOWS\system32\shimeng.dll
11:59:31.0843 0x0590 C:\WINDOWS\system32\shimeng.dll - ok
11:59:31.0859 0x0590 [ 0492CF5870F0E616B0C71695A433D162, 47C9FB64A4CF3DF54F664B2B31A834ACF75B504650007E6201546C2D0E44D9C2 ] C:\WINDOWS\system32\wldap32.dll
11:59:31.0859 0x0590 C:\WINDOWS\system32\wldap32.dll - ok
11:59:31.0875 0x0590 [ EA9EE60B408878E5F2012F9C783836DB, 354A6660705759C0E767BCD7FB6F1B4371B74784A986431A626DF3793D0421EC ] C:\WINDOWS\AppPatch\AcAdProc.dll
11:59:31.0875 0x0590 C:\WINDOWS\AppPatch\AcAdProc.dll - ok
11:59:31.0890 0x0590 [ 8329A39D5A402A75A74301D6A62ECDA1, 1947B2B19F2D0C690EC880B5A92F88903D78C6BB6EE47261B3D744B5A863D562 ] C:\WINDOWS\system32\samlib.dll
11:59:31.0890 0x0590 C:\WINDOWS\system32\samlib.dll - ok
11:59:31.0906 0x0590 [ F05B8CDB7FE0E55DCCFB1D946CE80064, E59BC2F25EBFF5F0CF459C9B8DEE882ADE227323F4768EBACFCC6784861BF260 ] C:\WINDOWS\system32\samsrv.dll
11:59:31.0906 0x0590 C:\WINDOWS\system32\samsrv.dll - ok
11:59:31.0921 0x0590 [ 17A1D675C12BBF80CAAC54A4855C41D0, F6185E42180218E932ADFFD63EF78EE8324B816BD57EA217322A46D1D2F47928 ] C:\WINDOWS\system32\cryptdll.dll
11:59:31.0921 0x0590 C:\WINDOWS\system32\cryptdll.dll - ok
11:59:31.0937 0x0590 [ 310C15FD8358B2C4CD7A5B98A112883F, CA656F066373B164A138032F5BF7EF68603EBDB0D49BD4663C99061F47F29085 ] C:\WINDOWS\AppPatch\AcGenral.dll
11:59:31.0937 0x0590 C:\WINDOWS\AppPatch\AcGenral.dll - ok
11:59:31.0953 0x0590 [ 4A953F13942867BA8FB41F141EC1B80C, BAE05A8CEDA4411324E38DB8A2153A988C6A3FAC8AD7CB27EE14E18FE7C47569 ] C:\WINDOWS\system32\winmm.dll
11:59:31.0953 0x0590 C:\WINDOWS\system32\winmm.dll - ok
11:59:31.0984 0x0590 [ EFF03460E542EEA6B0ABDEC6BF19C897, C2A0DDE6E8B49B152C295E97CFC35557391DEEE5A3A0B1BB4E445C405C716C55 ] C:\WINDOWS\system32\oleaut32.dll
11:59:31.0984 0x0590 C:\WINDOWS\system32\oleaut32.dll - ok
11:59:32.0000 0x0590 [ 2098AB52BD5316E59AA36F3437B13BE6, C4C9F2CFCAFF91B4A6F68E28EFE12EED216B41F081F8D577597C0634ECE57018 ] C:\WINDOWS\system32\msacm32.dll
11:59:32.0000 0x0590 C:\WINDOWS\system32\msacm32.dll - ok
11:59:32.0015 0x0590 [ 7A2CC3719B255E6B5D74396183B7715B, 2C4A2D5B42CFFE42BE72A652D1B0EED43D7EECF7CA3416660A3E0C539AA2AC34 ] C:\WINDOWS\system32\uxtheme.dll
11:59:32.0015 0x0590 C:\WINDOWS\system32\uxtheme.dll - ok
11:59:32.0046 0x0590 [ F24B12786D60A17008319E3F2AEE7799, BF916F65D770C61612678171CC184A0BF259992CEC0BF607D26834CE2A234FB3 ] C:\WINDOWS\system32\msapsspc.dll
11:59:32.0046 0x0590 C:\WINDOWS\system32\msapsspc.dll - ok
11:59:32.0062 0x0590 [ 7A660EDC0757849DF5F8706FB6E9F740, CA3820507A92EE9AB4EE8E804736FE1795224AE02D396AADB5BFD53223D9B7E2 ] C:\WINDOWS\system32\msvcrt40.dll
11:59:32.0062 0x0590 C:\WINDOWS\system32\msvcrt40.dll - ok
11:59:32.0078 0x0590 [ 0F64207B49390C8063C36AE7CBF9C2DB, 52C4A7A38EE11CA247001EB0A3C67BFEB1A09E9AC406486132D5AC38BE3A6A6F ] C:\WINDOWS\system32\schannel.dll
11:59:32.0078 0x0590 C:\WINDOWS\system32\schannel.dll - ok
11:59:32.0093 0x0590 [ 3D76DD0CBC536E0F8C45D23ED230BEB2, F74F94525AB7CE1E269452C9E1DD08411A668CFDD94F069C90FC2EE33CB35A12 ] C:\WINDOWS\system32\digest.dll
11:59:32.0093 0x0590 C:\WINDOWS\system32\digest.dll - ok
11:59:32.0109 0x0590 [ A4388DF80E52695AE92EE5F3F61F1619, A4B7C6E10B92B5022CA6E8FD9094098614FD63178EA86A7B035EB89B373BF033 ] C:\WINDOWS\system32\msnsspc.dll
11:59:32.0109 0x0590 C:\WINDOWS\system32\msnsspc.dll - ok
11:59:32.0125 0x0590 [ 5733177BCF16EE78B99543C9B0AB81EA, 6504D3D665AC8AB27A44F863F9C1A23FF3B68EAC0512F418712CC0D56F739E24 ] C:\WINDOWS\system32\MSCTFIME.IME
11:59:32.0125 0x0590 C:\WINDOWS\system32\MSCTFIME.IME - ok
11:59:32.0140 0x0590 [ C6BB1D1500DB4A0E224CB65E6C7E8A80, 32099A486457D1DC3B1269DE9570EE922F118C3BD443FE78ED051DD764EF4DE3 ] C:\WINDOWS\system32\msprivs.dll
11:59:32.0140 0x0590 C:\WINDOWS\system32\msprivs.dll - ok
11:59:32.0156 0x0590 [ A525C96C51D55111FDF3BEA9FFFFC7AE, AA5B080E01573B96A37E67F871F97AE975E1E9519EDB16476472AA3FA2144643 ] C:\WINDOWS\system32\kerberos.dll
11:59:32.0156 0x0590 C:\WINDOWS\system32\kerberos.dll - ok
11:59:32.0171 0x0590 [ 517561A1113B04E51D936CD018DE1C1F, A5F572C3557705F28F7A465970F0432F55B616EFD208BA0CBDFFBF7A41F07C04 ] C:\WINDOWS\system32\msv1_0.dll
11:59:32.0171 0x0590 C:\WINDOWS\system32\msv1_0.dll - ok
11:59:32.0187 0x0590 [ AF07DC9B7CC455629E732340C7B15F3A, 4403503F24FB76AB55D347273319B98BC0955AB3E537FA5ADA498B9AED76484A ] C:\WINDOWS\system32\iphlpapi.dll
11:59:32.0187 0x0590 C:\WINDOWS\system32\iphlpapi.dll - ok
11:59:32.0203 0x0590 [ C11D10A3C164AC222BC9AAB3650A88B3, C394F3840C0A8586358B23DDCB402C43567FCAC6C5F2691D5BC04D26767B1252 ] C:\WINDOWS\system32\atmfd.dll
11:59:32.0203 0x0590 C:\WINDOWS\system32\atmfd.dll - ok
11:59:32.0218 0x0590 [ 1B7F071C51B77C272875C3A23E1E4550, 9D6EA6DF4F4A531E35B843CE11AB6BDBEF0C2716773C14660E98038C1F68B7C4 ] C:\WINDOWS\system32\netlogon.dll
11:59:32.0218 0x0590 C:\WINDOWS\system32\netlogon.dll - ok
11:59:32.0234 0x0590 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] C:\WINDOWS\system32\w32time.dll
11:59:32.0234 0x0590 C:\WINDOWS\system32\w32time.dll - ok
11:59:32.0250 0x0590 [ 3AAF9B35939FF9E58CCD18D41655C2FC, AF7358AB0A507D77569A8D38D2392C224BFBEFD1264C069BBC6C677BC20C6B8B ] C:\WINDOWS\system32\wdigest.dll
11:59:32.0250 0x0590 C:\WINDOWS\system32\wdigest.dll - ok
11:59:32.0281 0x0590 [ 54DAE3EA34802B4ED9AE1C6B1209FA56, EEB1FA90DB44C821B371D5F7C323B4F88E843107BBA16DA2ACB124D6A848B257 ] C:\WINDOWS\system32\rsaenh.dll
11:59:32.0281 0x0590 C:\WINDOWS\system32\rsaenh.dll - ok
11:59:32.0296 0x0590 [ A86BB5E61BF3E39B62AB4C7E7085A084, B88446E007153BB58C5AE867AC3FB4C46618BBAA5A152687201E0E81F881465A ] C:\WINDOWS\system32\scecli.dll
11:59:32.0296 0x0590 C:\WINDOWS\system32\scecli.dll - ok
11:59:32.0312 0x0590 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18, 2910EBC692D833D949BFD56059E8106D324A276D5F165F874F3FB1B6C613CDD5 ] C:\WINDOWS\system32\svchost.exe
11:59:32.0312 0x0590 C:\WINDOWS\system32\svchost.exe - ok
11:59:32.0328 0x0590 [ 549290DBC280C887681D7652978DBBE0, CA2CA8561F11CDD5FD5D23D9D88A96A7FFE4AF6DFE8CE783B0969B6ED3C4CBF8 ] C:\WINDOWS\system32\ntmarta.dll
11:59:32.0328 0x0590 C:\WINDOWS\system32\ntmarta.dll - ok
11:59:32.0343 0x0590 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] C:\WINDOWS\system32\rpcss.dll
11:59:32.0343 0x0590 C:\WINDOWS\system32\rpcss.dll - ok
11:59:32.0359 0x0590 [ 6D4FEB43EE538FC5428CC7F0565AA656, 4091D82537198562F0CA1D032B2D4BEC75101342B7BCA7778FDA2D515300BC36 ] C:\WINDOWS\system32\eventlog.dll
11:59:32.0359 0x0590 C:\WINDOWS\system32\eventlog.dll - ok
11:59:32.0375 0x0590 [ 16403217AB6FC5C30C14C6B12098AD4B, DEA7C556BA9C91E056E6035E77A793A77E428D493518D1C6F796B003D4F07305 ] C:\WINDOWS\system32\xpsp2res.dll
11:59:32.0375 0x0590 C:\WINDOWS\system32\xpsp2res.dll - ok
11:59:32.0390 0x0590 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23, 032B6D1F541F180A2FE619664EF180D3FD748AEF7E311BA925FCED74E7ED4713 ] C:\WINDOWS\system32\logonui.exe
11:59:32.0390 0x0590 C:\WINDOWS\system32\logonui.exe - ok
11:59:32.0406 0x0590 [ 3D41A9326F0376FC73AF961DD23B1FB1, 1242F3B57599675D1E0E26615E206CE3DB15FA6A23BC5D21EB630EE9858EBC7B ] C:\WINDOWS\system32\duser.dll
11:59:32.0406 0x0590 C:\WINDOWS\system32\duser.dll - ok
11:59:32.0421 0x0590 [ AFFC87E2501FCE8F09D4C10BA6421CCF, E63837B281C4AE90A7CBA8E072E07A9A5A2FDD5B15E7FB5C2D7562FE72BE5408 ] C:\WINDOWS\system32\msimg32.dll
11:59:32.0421 0x0590 C:\WINDOWS\system32\msimg32.dll - ok
11:59:32.0437 0x0590 [ 20200EE3CFE10E9F0C028D8653BE11C6, 3ACF2110D72509CBA3BF780C5D6D662BAFEEA6CA423BE8B0F97288B953127035 ] C:\WINDOWS\system32\oleacc.dll
11:59:32.0437 0x0590 C:\WINDOWS\system32\oleacc.dll - ok
11:59:32.0453 0x0590 [ F137A0CA70003DB20448D540651FA003, 4D3095FD8431D0839B6EE785A979D005A1035368A152CDC705804E85B7673198 ] C:\WINDOWS\system32\clbcatq.dll
11:59:32.0453 0x0590 C:\WINDOWS\system32\clbcatq.dll - ok
11:59:32.0468 0x0590 [ 1280A158C722FA95A80FB7AEBE78FA7D, 9B6E8158E581500C5C417F6453A6414901020123D34FDBC04289750E8B072538 ] C:\WINDOWS\system32\comres.dll
11:59:32.0468 0x0590 C:\WINDOWS\system32\comres.dll - ok
11:59:32.0500 0x0590 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] C:\WINDOWS\system32\mswsock.dll
11:59:32.0500 0x0590 C:\WINDOWS\system32\mswsock.dll - ok
11:59:32.0515 0x0590 [ 3CB32D3B8CBE79899D63280BB7A83CD9, F34DB3B3DD65F0135F1F7005703B824D2C9B17F7A43062F1FFBEC53B3B26EFC3 ] C:\WINDOWS\system32\hnetcfg.dll
11:59:32.0515 0x0590 C:\WINDOWS\system32\hnetcfg.dll - ok
11:59:32.0531 0x0590 [ E5EDBD51476DB5001ABF5C82AE5C3DD1, 5C97ABF5802A7F886781788FE6107F9F06962F9D704A2A43A03062C9405F56C3 ] C:\WINDOWS\system32\shgina.dll
11:59:32.0531 0x0590 C:\WINDOWS\system32\shgina.dll - ok
11:59:32.0546 0x0590 [ 4E3D06D6E68EEDB52565080F55B460D3, A503BFC29D3936045488EDC1771914EC84BE80E422F772F53D7961F526D707E6 ] C:\WINDOWS\system32\wshtcpip.dll
11:59:32.0546 0x0590 C:\WINDOWS\system32\wshtcpip.dll - ok
11:59:32.0562 0x0590 [ 811BB60991FC03A63F2F844A3F9C6488, 4E26BEBA2B24516B447BFAFC405692C53121F28815B7312F1E4F38D5CBCEA678 ] C:\WINDOWS\system32\wshisn.dll
11:59:32.0562 0x0590 C:\WINDOWS\system32\wshisn.dll - ok
11:59:32.0578 0x0590 [ 67156D5A9AC356DC99D7BCCB388E3316, 449A140065197779C0F8588E5C53014BBF54A9C74818D5CFDCB88CC7B36F44CF ] C:\WINDOWS\system32\wsock32.dll
11:59:32.0578 0x0590 C:\WINDOWS\system32\wsock32.dll - ok
11:59:32.0609 0x0590 [ D72B9EC3337B247A666F098F3D6B43DE, 4BC52AD1116078B0B313AB6555024302225D6CC03CA428151F78B7C48821489F ] C:\WINDOWS\system32\winrnr.dll
11:59:32.0609 0x0590 C:\WINDOWS\system32\winrnr.dll - ok
11:59:32.0625 0x0590 [ 6F9BEF24C578D5D6740E080BEDD6A448, 72426D49BC31488261D226C7D0C98AD11192019E71654F53D1D17183C328CC7C ] C:\WINDOWS\system32\rasadhlp.dll
11:59:32.0625 0x0590 C:\WINDOWS\system32\rasadhlp.dll - ok
11:59:32.0640 0x0590 [ 515A7FAE2070C2B0242B2353443E2F11, 6121C5613784831F584B50E8DC91BBD7AC58BDB602FE4CDB4B237670B6BB4537 ] C:\WINDOWS\system32\cscdll.dll
11:59:32.0640 0x0590 C:\WINDOWS\system32\cscdll.dll - ok
11:59:32.0656 0x0590 [ E2092F0A1D7ABC243F9C2362483D150D, 50028400D6BA1C5B27BFC9AAC9D41539383F3EC723977CA937715E14094D846A ] C:\WINDOWS\system32\dimsntfy.dll
11:59:32.0656 0x0590 C:\WINDOWS\system32\dimsntfy.dll - ok
11:59:32.0671 0x0590 [ 2CC34E8BB667EEF78899546E12649196, 5BA2604041BF7C1D580D4D2AEDC7708F9E9B0AF6E0928663E3D9C7297296D721 ] C:\WINDOWS\system32\wlnotify.dll
11:59:32.0671 0x0590 C:\WINDOWS\system32\wlnotify.dll - ok
11:59:32.0687 0x0590 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] C:\WINDOWS\system32\cryptsvc.dll
11:59:32.0687 0x0590 C:\WINDOWS\system32\cryptsvc.dll - ok
11:59:32.0703 0x0590 [ 02988B904C386B500CD08639C4C20EEA, 66E96045957AABD7F5C364D64DE23A09D4C292C844FA00C45626A8D1EC21F206 ] C:\WINDOWS\system32\winscard.dll
11:59:32.0703 0x0590 C:\WINDOWS\system32\winscard.dll - ok
11:59:32.0718 0x0590 [ BD83ABA61E8ACCC8D9FFB869F29418CE, 45ED22E825047A1BE07B017F95FBF965A90602C59E6B110D0C604FBE07DE1562 ] C:\WINDOWS\system32\winspool.drv
11:59:32.0718 0x0590 C:\WINDOWS\system32\winspool.drv - ok
11:59:32.0734 0x0590 [ 0E2735281FBB9A764D5584C2A5DCBA59, B1EFF5D7BFDDFEC3A3E5B2F17A6A0F3F47C344A64AB57E6918B4DEC094FC9444 ] C:\WINDOWS\system32\wtsapi32.dll
11:59:32.0734 0x0590 C:\WINDOWS\system32\wtsapi32.dll - ok
11:59:32.0750 0x0590 [ 00709952D444EAE14DBBD30D36FBAE0F, A65B57C68F9119940133F6680AF3644866EEBDA5378F9B6AED441FB999B50526 ] C:\WINDOWS\system32\certcli.dll
11:59:32.0750 0x0590 C:\WINDOWS\system32\certcli.dll - ok
11:59:32.0781 0x0590 [ 224FB925C641DA16CEB6D60F40CA4C75, 2DDB3B019D2A22B359C5974DC366EC9B95F4382DB1BF7F1958CFF0EC277895C7 ] C:\WINDOWS\system32\atl.dll
11:59:32.0781 0x0590 C:\WINDOWS\system32\atl.dll - ok
11:59:32.0796 0x0590 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3, 9085384DD71F983E7FD8B6C8F54A3097412DA3C802C813C8AAB1F30558C416D6 ] C:\WINDOWS\system32\cryptui.dll
11:59:32.0796 0x0590 C:\WINDOWS\system32\cryptui.dll - ok
11:59:32.0812 0x0590 [ 552263502EA8C24D301A0C43FF90B3ED, 65ECCFF6889D867F452D48A1816E4D16B9ACC2426D793943F5889706219AFA0E ] C:\WINDOWS\system32\wininet.dll
11:59:32.0812 0x0590 C:\WINDOWS\system32\wininet.dll - ok
11:59:32.0828 0x0590 [ 10753A3ADC3E39A3B10CC3F08E98E6B4, 99C7B1B04CD593139917ED3D68BEC36C63BCE76663505CB5D026B62AF39BB383 ] C:\WINDOWS\system32\normaliz.dll
11:59:32.0828 0x0590 C:\WINDOWS\system32\normaliz.dll - ok
11:59:32.0843 0x0590 [ 496CE99BBBB7680323921DF30B405C36, A8DB64762CE3D52384B0DFA98E7C28FC67086B1FB0E76597DAA19AFF001F4998 ] C:\WINDOWS\system32\urlmon.dll
11:59:32.0843 0x0590 C:\WINDOWS\system32\urlmon.dll - ok
11:59:32.0859 0x0590 [ 1AB894FA897E26B23CA53BEED72F61F4, D4F177D0D21915E428672B5AC85FFFB0121E59F9A0566B7CF98CF776A3874A74 ] C:\WINDOWS\system32\iertutil.dll
11:59:32.0859 0x0590 C:\WINDOWS\system32\iertutil.dll - ok
11:59:32.0875 0x0590 [ F5B754CDEA20BBB3A31E16A776EDE6D6, C5D682FA9B86810C6E3D741E507EDA024C4554BEB5B6A1686F70E109EE9CD746 ] C:\WINDOWS\system32\esent.dll
11:59:32.0875 0x0590 C:\WINDOWS\system32\esent.dll - ok
11:59:32.0890 0x0590 [ C1FAEA15E41F62D7BFA7FBC395C24BA6, 5DAA7F6E1EEA128AEDEDCAF04EB83AED4BCF856BC123BC134E9FA634DC569C0B ] C:\WINDOWS\system32\riched20.dll
11:59:32.0890 0x0590 C:\WINDOWS\system32\riched20.dll - ok
11:59:32.0906 0x0590 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] C:\WINDOWS\system32\wbem\wmisvc.dll
11:59:32.0906 0x0590 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
11:59:32.0921 0x0590 [ ACACB8B14E66109B8ACD6644B5574B9A, 2373E67EB51F8045E7CD346F75B4BAD093E29CC609955BBC4C9FEF7A97A5FD86 ] C:\WINDOWS\system32\vssapi.dll
11:59:32.0921 0x0590 C:\WINDOWS\system32\vssapi.dll - ok
11:59:32.0953 0x0590 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] C:\WINDOWS\system32\srsvc.dll
11:59:32.0953 0x0590 C:\WINDOWS\system32\srsvc.dll - ok
11:59:32.0968 0x0590 [ 50A166237A0FA771261275A405646CC0, CFA9B2C8CDCDB56C27B89593A106AAE211E24D8EA433129A6E9BD2FBF39AB5BB ] C:\WINDOWS\system32\powrprof.dll
11:59:32.0968 0x0590 C:\WINDOWS\system32\powrprof.dll - ok
11:59:32.0984 0x0590 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:59:32.0984 0x0590 C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll - ok
11:59:33.0000 0x0590 [ 085ED2E391A871C7BAE87E0228B546BA, 15C050965A7377CDE1178A0C28C3E05B16838A1D7DEB1DD190E3C5D58511F5AC ] C:\WINDOWS\system32\cscui.dll
11:59:33.0000 0x0590 C:\WINDOWS\system32\cscui.dll - ok
11:59:33.0031 0x0590 [ 3E2F3E2F4A82B7FAE23BAB864FB0F837, 78FEB881B5F1C90AD13DD69BB8C95CDF60C84E127871916D1EE8A938849E6282 ] C:\WINDOWS\system32\dpcdll.dll
11:59:33.0031 0x0590 C:\WINDOWS\system32\dpcdll.dll - ok
11:59:33.0046 0x0590 [ A93AEE1928A9D7CE3E16D24EC7380F89, 944CD2135E171AF338352568AA7FE1B8004733A4281395AD6723E0CF43D5F53F ] C:\WINDOWS\system32\userinit.exe
11:59:33.0046 0x0590 C:\WINDOWS\system32\userinit.exe - ok
11:59:33.0062 0x0590 [ 12896823FB95BFB3DC9B46BCAEDC9923, 1E675CB7DF214172F7EB0497F7275556038A0D09C6E5A3E6862C5E26885EF455 ] C:\WINDOWS\explorer.exe
11:59:33.0062 0x0590 C:\WINDOWS\explorer.exe - ok
11:59:33.0078 0x0590 [ B14E6ED4CBAAF91A50C11807C55B6258, 91C423E2C163F46BA0EE436E152C8D5E89011BD6B239D739B4D97A4E4FBB96E7 ] C:\WINDOWS\system32\browseui.dll
11:59:33.0078 0x0590 C:\WINDOWS\system32\browseui.dll - ok
11:59:33.0093 0x0590 [ 616B0126D3C499F5B7EAE5B198F6F6F5, 65458E74E8C07BDCFF6B137795E457A2B200170A4DDDF86B7569D289EA367185 ] C:\WINDOWS\system32\shdocvw.dll
11:59:33.0093 0x0590 C:\WINDOWS\system32\shdocvw.dll - ok
11:59:33.0109 0x0590 [ B4ED498E3BFEE64E952BC44FC6057DB8, 1FB5ABAE69103BF477F704189D75B0395F587234BFE94F9F79961D8FE2CE55AC ] C:\WINDOWS\system32\desk.cpl
11:59:33.0109 0x0590 C:\WINDOWS\system32\desk.cpl - ok
11:59:33.0125 0x0590 [ A314EEA2A503A8E04085201E436384A5, F377590227E3BFC356996524AE2FF99B3ECEFFBC163F6AD9503B8AAD24AECDB3 ] C:\WINDOWS\system32\themeui.dll
11:59:33.0125 0x0590 C:\WINDOWS\system32\themeui.dll - ok
11:59:33.0140 0x0590 [ 2DC5A8019E2387987905F77C664E4BE2, 32FD8D0D3146A599CFB536955F9E93AA50467B2176A70E481133B61D4BD29AD9 ] C:\WINDOWS\system32\linkinfo.dll
11:59:33.0140 0x0590 C:\WINDOWS\system32\linkinfo.dll - ok
11:59:33.0156 0x0590 [ A70A2D85AD143D6BB823C246CEB699A5, D8ED98DC2964A2DAF448893718E6381FBABAB53DD7497266851E0F4221F1B01F ] C:\WINDOWS\system32\ntshrui.dll
11:59:33.0156 0x0590 C:\WINDOWS\system32\ntshrui.dll - ok
11:59:33.0171 0x0590 [ 2DE1190196EE9555DB548A57622022EB, 89DBC777BE06D008AABEDAC61AFC11B4FF7ABCA86C205109ED9D34D21C0B5146 ] C:\WINDOWS\system32\drprov.dll
11:59:33.0171 0x0590 C:\WINDOWS\system32\drprov.dll - ok
11:59:33.0187 0x0590 [ 36468087E22C57A83DF758B3F90DF73F, F6898D07CEE4F528A9F17A231CCB5E38F826A0C1926EFBF35ECCA06E0E8EE565 ] C:\WINDOWS\system32\ntlanman.dll
11:59:33.0187 0x0590 C:\WINDOWS\system32\ntlanman.dll - ok
11:59:33.0218 0x0590 [ AC5DF42FE314C1446B1DAD237BFCFFE0, FD53D9BCC619ED7AE4B7C29B7D457A2F61D6D340841A4E030329D7032C306AB6 ] C:\WINDOWS\system32\netui0.dll
11:59:33.0218 0x0590 C:\WINDOWS\system32\netui0.dll - ok
11:59:33.0234 0x0590 [ ED5A816D8E11E03F1937AC3C56826EE4, D01525B5BD9F9DDF149B78706C6C2F5AE26F5337F897C1B8763DBC67AB64F875 ] C:\WINDOWS\system32\netui1.dll
11:59:33.0234 0x0590 C:\WINDOWS\system32\netui1.dll - ok
11:59:33.0250 0x0590 [ B41D53899E37CC43DA85DA19998BEE81, CA92B8313338F0F8B1B630A0057B9C114E8D8BC10F09825C9008A5A824B91FDC ] C:\WINDOWS\system32\netrap.dll
11:59:33.0250 0x0590 C:\WINDOWS\system32\netrap.dll - ok
11:59:33.0265 0x0590 [ FB8F8EEC8D9C2157789472DD61CDC78B, D5306081621FFEFF585FAD292E60207E1BCB4EA67367E12872AF73C464110C68 ] C:\WINDOWS\system32\davclnt.dll
11:59:33.0265 0x0590 C:\WINDOWS\system32\davclnt.dll - ok
11:59:33.0281 0x0590 [ 91790D6749EBED90E2C40479C0A91879, 3C267950F13CCE412474C5228FC0E3D8D7F912E82464BD2CE6312A0326F84A80 ] C:\WINDOWS\system32\verclsid.exe
11:59:33.0281 0x0590 C:\WINDOWS\system32\verclsid.exe - ok
11:59:33.0296 0x0590 [ 0B8FB29CDA02015448C9F5260A013F19, 804C38F6B4CBCAFA679BE99E5359427BDC838E0F467FD7A952F8BE1FD4E85C3E ] C:\WINDOWS\system32\ieframe.dll
11:59:33.0296 0x0590 C:\WINDOWS\system32\ieframe.dll - ok
11:59:33.0312 0x0590 [ D3F72D50DE53F9F1F55240115AF4D42E, F8831B6B33EE2EE49615AE45A81C8434E154331BEB1E64C491E64C1348314F3C ] C:\WINDOWS\system32\msi.dll
11:59:33.0312 0x0590 C:\WINDOWS\system32\msi.dll - ok
11:59:33.0343 0x0590 [ 062F837C1FBDB6A0A75F82EFC2EE8E74, 3C0BFA381CBC2C55B58A8942A7148A6C27E244D26313EFB4708DD5858C689E02 ] C:\WINDOWS\system32\netshell.dll
11:59:33.0343 0x0590 C:\WINDOWS\system32\netshell.dll - ok
11:59:33.0359 0x0590 [ 235892E493845D64D890163CFEF90E97, 48FC98DD1E5F8F05DE6954FE26C0A448AA9838D7DC716518C715F35E3CFA227D ] C:\WINDOWS\system32\credui.dll
11:59:33.0359 0x0590 C:\WINDOWS\system32\credui.dll - ok
11:59:33.0375 0x0590 [ 8E2CC37BA87D8F681066E0E9C8A19F73, 90536FD502D92AE4FECE0C250373742D2E8AC9E9BE314070BB28C4A2BEA15508 ] C:\WINDOWS\system32\dot3api.dll
11:59:33.0375 0x0590 C:\WINDOWS\system32\dot3api.dll - ok
11:59:33.0390 0x0590 [ 876CCF164E08D6B903CD14398E056DD2, 9AC7887F992F20E10EB3ED9B3AEF47B5C840172FA7895531F4EF86D6EA642D0F ] C:\WINDOWS\system32\rtutils.dll
11:59:33.0390 0x0590 C:\WINDOWS\system32\rtutils.dll - ok
11:59:33.0406 0x0590 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C, 62E73A7D4C58F2E30670F6A72E734B618AF45F60A8CB2177A4D504283F829BE5 ] C:\WINDOWS\system32\dot3dlg.dll
11:59:33.0406 0x0590 C:\WINDOWS\system32\dot3dlg.dll - ok
11:59:33.0421 0x0590 [ CA04959077AFE36369D37B3504740C87, CBB90BC35A74EC03DC04CD60DAC966A9FA98DC9EEFB926089DBE7A47D3B710B1 ] C:\WINDOWS\system32\onex.dll
11:59:33.0421 0x0590 C:\WINDOWS\system32\onex.dll - ok
11:59:33.0437 0x0590 [ 5DB625E7D095604010CF84DE2D8ACFA6, DEED8055CD1F2E2D898C5C77283B56078414CC7D9FCA6FCF58BA0B66B565E826 ] C:\WINDOWS\system32\eappcfg.dll
11:59:33.0437 0x0590 C:\WINDOWS\system32\eappcfg.dll - ok
11:59:33.0453 0x0590 [ ABC4206543450C0666D152F4B65833B8, D78D5E719E7744805DF6DD1D9567E67E11223F4E3B13170E35F27D46FCB6C244 ] C:\WINDOWS\system32\eappprxy.dll
11:59:33.0453 0x0590 C:\WINDOWS\system32\eappprxy.dll - ok
11:59:33.0468 0x0590 [ 1C22A3866112ED41E1F3684DAE9AD5D2, 621989160B8DCE383242FA844CA63557F7BCD4520335E7EA1AF85E7720A760CA ] C:\WINDOWS\system32\mmcshext.dll
11:59:33.0468 0x0590 C:\WINDOWS\system32\mmcshext.dll - ok
11:59:33.0484 0x0590 [ D3E868700D9B5E3C54B7EED060215CC1, C066B0E63815018D6D345CE5DABD443C5CDA73200601FB51F67C602A4133A2C5 ] C:\WINDOWS\system32\hhsetup.dll
11:59:33.0484 0x0590 C:\WINDOWS\system32\hhsetup.dll - ok
11:59:33.0500 0x0590 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] C:\WINDOWS\system32\es.dll
11:59:33.0500 0x0590 C:\WINDOWS\system32\es.dll - ok
11:59:33.0531 0x0590 [ 72A0DF237F9118F18AD136E99266E816, 76CEB7AC5BE1F645423424641FE4F6087D20B5E066FBA6FF0D688467A48883BC ] C:\Program Files\Microsoft Office\Office10\MSOHEV.DLL
11:59:33.0531 0x0590 C:\Program Files\Microsoft Office\Office10\MSOHEV.DLL - ok
11:59:33.0546 0x0590 [ C444B433A340C24B51A2DACE9D13FC70, 32DF665A6267231245235CC90CC17BC8F9869642D2D848E6FC8F9A417BA570FD ] C:\WINDOWS\system32\zipfldr.dll
11:59:33.0546 0x0590 C:\WINDOWS\system32\zipfldr.dll - ok
11:59:33.0562 0x0590 [ 912B67BB8249925A5C972FC5839EAE09, 11F9F26C2D5EADD683F9FA4FDC8C25A1FB7EE9D6E3F4419C9DAB8C4E434F1857 ] C:\WINDOWS\system32\actxprxy.dll
11:59:33.0562 0x0590 C:\WINDOWS\system32\actxprxy.dll - ok
11:59:33.0578 0x0590 [ 526E1B1FB3ED5090E2A4489CA541CCE8, 638E2B652E143E6BD7512F0E7F39C5D701B0F204EBCFD9C77AB5C6250D27F2C5 ] C:\Documents and Settings\Administrator\desktop\wahooLSP.exe
11:59:33.0578 0x0590 C:\Documents and Settings\Administrator\desktop\wahooLSP.exe - ok
11:59:33.0593 0x0590 [ F0BF811622F2DD6C8E26EE4600D83731, 81CFC1118551E84F5BBD2A863419529AA32DA92E5834C71DA77D13854F6CF048 ] C:\WINDOWS\system32\wbem\wbemcore.dll
11:59:33.0593 0x0590 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
11:59:33.0609 0x0590 [ E4616430709F440CF1809D88DC2366EA, C2CBC0A21A892FD8341E5A29E7164172340E07A75A5D54493036156D907AEAE7 ] C:\WINDOWS\system32\wbem\esscli.dll
11:59:33.0609 0x0590 C:\WINDOWS\system32\wbem\esscli.dll - ok
11:59:33.0625 0x0590 [ D95C71052E5EF63B55997FB31483D02F, 829A559050680C039CA7AFCFE3246745D465ED11722A603AA32253FD413894C3 ] C:\WINDOWS\system32\wbem\wbemcomn.dll
11:59:33.0625 0x0590 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
11:59:33.0656 0x0590 [ 378A0AEFB11D8B0DC8C27B9F7604B88D, D0D6863FCE412B75B9B5FC38EA923759201E7193ED40CFBAA674630E2DE56FD3 ] C:\WINDOWS\system32\wbem\fastprox.dll
11:59:33.0656 0x0590 C:\WINDOWS\system32\wbem\fastprox.dll - ok
11:59:33.0671 0x0590 [ 3273D1565BF30225C115B480A3BB2C9D, DF802F845EFEE506A0D3CA1EA9AEE1EDE73BCC02F2B64EDFACE0BBEFCF965455 ] C:\WINDOWS\system32\wbem\wmiutils.dll
11:59:33.0671 0x0590 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
11:59:33.0687 0x0590 [ 942A17D2901A31EA68627CBFFCD268CC, C75E1C03929E16EDDBACFC37BD6C40E941F9D99E3E40ED3A07238343342685BD ] C:\WINDOWS\system32\wbem\repdrvfs.dll
11:59:33.0687 0x0590 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
11:59:33.0703 0x0590 [ 071143F687B4F887E21461CA6CC7EB29, 92C849517F985F19926E6425CD99E21029E1CA14FC92C9E40091DC79D4A723F2 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
11:59:33.0703 0x0590 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
11:59:33.0718 0x0590 [ 26D881D27CBE51D3614E68D7313EA026, BC84CFD5F382F6D844815065118793950E922B8FB52944E337DAA62874C103A3 ] C:\WINDOWS\system32\wbem\wbemess.dll
11:59:33.0718 0x0590 C:\WINDOWS\system32\wbem\wbemess.dll - ok
11:59:33.0734 0x0590 [ D26451B540720A7313A9BCBE794DAF62, 255B3594876F9D9222760A53D1119E73D3BA4E4766C9DFAD63DCB180C5F33846 ] C:\WINDOWS\system32\wbem\ncprov.dll
11:59:33.0734 0x0590 C:\WINDOWS\system32\wbem\ncprov.dll - ok
11:59:33.0750 0x0590 [ 6404807ABC7AF52FA3792697AE638B50, 75FB44348CCC53A4EA2C3677F42098A12CE882F3E015E3D847A07972C1E4AEF5 ] C:\WINDOWS\system32\wbem\wbemcons.dll
11:59:33.0750 0x0590 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
11:59:33.0781 0x0590 [ 5E28284F9B5F9097640D58A73D38AD4C, 865F34FE7BA81E9622DDBDFC511547D190367BBF3DAD21CEB6DA3EEC621044F5 ] C:\WINDOWS\system32\notepad.exe
11:59:33.0781 0x0590 C:\WINDOWS\system32\notepad.exe - ok
11:59:33.0796 0x0590 [ 0FA909FA83979CEEACE4B83F771AFE42, EFEA1BE4E077570AAEF4873D81827962C3D4C82AF3002436BB36D297F5ED29C6 ] C:\Documents and Settings\Administrator\desktop\zebranMalwarebytes' Anti-Malware\mbamext.dll
11:59:33.0796 0x0590 C:\Documents and Settings\Administrator\desktop\zebranMalwarebytes' Anti-Malware\mbamext.dll - ok
11:59:33.0812 0x0590 [ 33CD89ABAE17CEE01B056B56D0D0E056, 8611E58C2584CD0D2C83A2F2690E5F5C559A570C9014870E0B14D1670F5D976F ] C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL
11:59:33.0812 0x0590 C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL - ok
11:59:33.0828 0x0590 [ 0DCD17C9A3B135C61834C716A412A5BF, 0AA9423B17431BBFBE0A194AA0BF89F41A6A068ACB740C03ABB0330E7BF4EDE0 ] C:\PROGRA~1\GLARYU~1\rtl70.bpl
11:59:33.0828 0x0590 C:\PROGRA~1\GLARYU~1\rtl70.bpl - ok
11:59:33.0843 0x0590 [ 599DABD485B83B3DDBFCACFD60AC8774, 76857992D7384747F28C14931E9E22F5454B3357F9EAD94D4D67F07607864619 ] C:\PROGRA~1\GLARYU~1\vcl70.bpl
11:59:33.0843 0x0590 C:\PROGRA~1\GLARYU~1\vcl70.bpl - ok
11:59:33.0859 0x0590 [ 0B467F470CC9918FDCEEDCFD7DC4D697, 87C8BCC4DFF318FC393A8C0FB0B82CCC9DA83EC0F5811CF303F3AC265A575578 ] C:\WINDOWS\system32\oledlg.dll
11:59:33.0859 0x0590 C:\WINDOWS\system32\oledlg.dll - ok
11:59:33.0875 0x0590 [ EDBD9C27A8645FA78656926D4AC546AD, AABC10E863E3BFDD370854C65C4069F9D69AE1CAED0B0679C3F02A7FF20C9906 ] C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll
11:59:33.0875 0x0590 C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll - ok
11:59:33.0890 0x0590 [ 875E1A57B0D5469375F7060C226578DB, BFF5A74B106DD4F7B6BF62CA319EB26167B4F2612D18AD3C534980540B2CF73A ] C:\PROGRA~1\MICROS~2\shellext.dll
11:59:33.0890 0x0590 C:\PROGRA~1\MICROS~2\shellext.dll - ok
11:59:33.0906 0x0590 [ 118D81523EA80B9E252CB840E94754C6, 6DA6139B3312D56A2FDE7F24E1742DE08B1627AABE04697BEF942358C4CE9725 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
11:59:33.0906 0x0590 C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
11:59:33.0921 0x0590 [ ACFEE2392503DD5E457363A0510B8BCB, 60CFB4C077409ABA90F7C0B0D5B1A0F0D10DFA2DA3338AAA174C051724039517 ] C:\WINDOWS\system32\msxml3.dll
11:59:33.0921 0x0590 C:\WINDOWS\system32\msxml3.dll - ok
11:59:33.0937 0x0590 [ 1BB66A40744622E60E802B39F013DC64, 67A23F1E9E6123A3D7248213384D51D6166D146CACD679E244CE0F891A344B97 ] C:\Documents and Settings\Administrator\desktop\Iexplore.exe
11:59:33.0953 0x0590 C:\Documents and Settings\Administrator\desktop\Iexplore.exe - ok
11:59:33.0968 0x0590 [ 684559A03CBC1D05BA120A18B0D8BA5D, 7425F27C8EF8CEF26B071D7FD5FED538C74EF524AEF73E427B1781F3A3C16C42 ] C:\WINDOWS\system32\winhttp.dll
11:59:33.0968 0x0590 C:\WINDOWS\system32\winhttp.dll - ok
11:59:33.0984 0x0590 [ AF8841FEF8DE40D36E77C6662843EDAE, E7FAE0E448B7123CE4BBD20D5EBFCD8690F6902D7007C39733658EAD65A0A1DE ] C:\WINDOWS\AppPatch\aclayers.dll
11:59:33.0984 0x0590 C:\WINDOWS\AppPatch\aclayers.dll - ok
11:59:34.0000 0x0590 [ 9DD06F00898AA5CA7E24186EFC8E5E25, 51141D0D07DBC955B63281351D3F17163ACE9A5B08628EA1C82F33FD2913970E ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{74C700F1-273C-42C2-8418-052121B2C201}.tmp
11:59:34.0000 0x0590 C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{74C700F1-273C-42C2-8418-052121B2C201}.tmp - ok
11:59:34.0015 0x0590 [ 91A7771934C0D9D2DA7699D25BB5B348, 154A6EB866AF22B38AEE8DB5A864653FEB15DED69DE26E5B602B7C5056CDDF72 ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{DA218C46-96D2-4421-8C5F-96CEC43838D3}.tmp
11:59:34.0015 0x0590 C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{DA218C46-96D2-4421-8C5F-96CEC43838D3}.tmp - ok
11:59:34.0046 0x0590 [ 55C11301579A42639736EA3B17A3A588, CBEBDD7C883EF47DB86060AF0F09FD2218161D5FEB0CECEB4A068B9CC63499F8 ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{8B913043-78A5-4737-B390-63C40E01E06E}.tmp
11:59:34.0046 0x0590 C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{8B913043-78A5-4737-B390-63C40E01E06E}.tmp - ok
11:59:34.0062 0x0590 [ 205ADD80FF8099B1A8101EB490B933D1, 6B4D94F1683B1D30A1BB0019E2E3E0AE1AA85561D416708198EC2BDAB649E178 ] C:\WINDOWS\system32\wbem\wbemprox.dll
11:59:34.0062 0x0590 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
11:59:34.0078 0x0590 [ 010472D0AE758227C6F6E6933549C219, 4082365231756E2889BD9A19EEFA27665B9902F8C8BC376C70DC3AA80AEA541B ] C:\WINDOWS\system32\wbem\wbemsvc.dll
11:59:34.0078 0x0590 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
11:59:34.0093 0x0590 [ 798A9E6828997EEF4517ADA8A2259831, 64389FAD94D54E2D43A7292AD3C57CB16F90F2C80EA44099E02D11E19E390A5B ] C:\WINDOWS\system32\wbem\wmiprvse.exe
11:59:34.0093 0x0590 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
11:59:34.0109 0x0590 [ E837FDBB92E9873E538395B623F45462, E00D9F1471D9BDE7E53A5F8359B6F3B1606A432D4E94AB6B2A6898AB48E6751B ] C:\WINDOWS\system32\wbem\cimwin32.dll
11:59:34.0109 0x0590 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
11:59:34.0125 0x0590 [ 4306FA2F1099D7C606139255FDB62B19, 75A0A99B9D8B0E2B39A8093F72DC283D5F2D56FB731C2BA193579DCE916030A0 ] C:\WINDOWS\system32\wbem\framedyn.dll
11:59:34.0125 0x0590 C:\WINDOWS\system32\wbem\framedyn.dll - ok
11:59:34.0140 0x0590 [ 7B0770526801F05D58C51A3DFB87B4BD, 7A2858DD3AE8C26DE88F8CC71E8DC9A8A50C363BA4FB34EE6EE2D81C18845A96 ] C:\WINDOWS\system32\wmi.dll
11:59:34.0140 0x0590 C:\WINDOWS\system32\wmi.dll - ok
11:59:34.0156 0x0590 [ DF471F11CC78BE02FE6BA15F2D94F65B, 9AC230DE58CE40E78AE6872BCF4778B69EEBF17E0E41B1301FF364ABD4737A78 ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{18F639B5-4319-46D6-BA7E-452C20C806CD}.tmp
11:59:34.0156 0x0590 C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{18F639B5-4319-46D6-BA7E-452C20C806CD}.tmp - ok
11:59:34.0171 0x0590 [ 0FD19BDDD2513874FF6903F717367795, DFAF9C33F993BA26FC84EF66ABC7C483E62762F7E1FC763605A75ACC2E8AA4EE ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{B17DF1D2-474E-4130-BDFC-4FA35990A900}.tmp
11:59:34.0171 0x0590 C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{B17DF1D2-474E-4130-BDFC-4FA35990A900}.tmp - ok
11:59:34.0187 0x0590 [ DD88BBF87A43331A4E99E37F7BF59FDB, 872190F559FA0DD1F711E9FA101BA1AB6E6DE5ED0CCCE1AB7AFE45BC3B78A0F1 ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{58F312A3-5180-4489-9037-C700CA438D60}.tmp
11:59:34.0187 0x0590 C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{58F312A3-5180-4489-9037-C700CA438D60}.tmp - ok
11:59:34.0218 0x0590 [ 4261449C1CADA6B007E5C27522946D2B, 11E79D1C529E816CCCAC9266089C77A4DB44676CAEEE25C66D6DB420B18D3ACB ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{88FC1203-7C8E-4DB6-9FBD-0D4E208D1AB2}.tmp
11:59:34.0218 0x0590 C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{88FC1203-7C8E-4DB6-9FBD-0D4E208D1AB2}.tmp - ok
11:59:34.0234 0x0590 [ 6627AA675A5C1B0330487A02E23F0560, 256AE9BA4273D4247FFAD6099D5A4FC8E98EDB27293AC8CAF7A571EB3890FAA7 ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{A7DE12AA-C783-4E94-875C-EBF599922031}.tmp
11:59:34.0234 0x0590 C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{A7DE12AA-C783-4E94-875C-EBF599922031}.tmp - ok
11:59:34.0250 0x0590 [ 723B834A07F7DF7DE4CEB637D57ACEA3, B42867045DD3FB7682CDBD133970421010F0F14125E4992C73657CABA4659250 ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{F54D2A83-48CB-4842-A27A-DA8DE6F3FBE2}.tmp
11:59:34.0250 0x0590 C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{F54D2A83-48CB-4842-A27A-DA8DE6F3FBE2}.tmp - ok
11:59:34.0265 0x0590 [ C1DE893FAF6D7F6CFB479A1F61835482, AD5FA3CE73777704C67C933691F1F068E1A7FF545F728B97574F9C33AC4BBC01 ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{A7C9CF5C-0D3F-4618-B975-6685EAF62553}.tmp
11:59:34.0265 0x0590 C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{A7C9CF5C-0D3F-4618-B975-6685EAF62553}.tmp - ok
11:59:34.0281 0x0590 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] C:\WINDOWS\system32\dhcpcsvc.dll
11:59:34.0281 0x0590 C:\WINDOWS\system32\dhcpcsvc.dll - ok
11:59:34.0296 0x0590 [ 92C4F48B62B0B876194584C3FF09CCB6, B24FF5E8D4F09B8200395B68A20A083E7ED9A29B9E9FB85F42E1A6BBB911D1C4 ] C:\WINDOWS\system32\rasapi32.dll
11:59:34.0296 0x0590 C:\WINDOWS\system32\rasapi32.dll - ok
11:59:34.0312 0x0590 [ 4DEF926F6A0545AE486A03C84F2EE482, 2D209061632634D7338C0BBEEE8056E8085BE22FA6974A2CC6BAEDC14CF6F6B1 ] C:\WINDOWS\system32\rasman.dll
11:59:34.0312 0x0590 C:\WINDOWS\system32\rasman.dll - ok
11:59:34.0328 0x0590 [ 00AABF131B4823785818DB99A075A313, FF0F24D35325EC246C758C7CF51FDDEF13757DFD7BE5F6F5D51E0DD7C6673686 ] C:\WINDOWS\system32\tapi32.dll
11:59:34.0328 0x0590 C:\WINDOWS\system32\tapi32.dll - ok
11:59:34.0343 0x0590 [ C14350FC0D47D806699C4F907FC6785B, A8862B47A74F5FB03C9916A42B986D9B352549ED486AD2B9DAD405A98B5564B3 ] C:\WINDOWS\system32\cryptnet.dll
11:59:34.0343 0x0590 C:\WINDOWS\system32\cryptnet.dll - ok
11:59:34.0359 0x0590 [ 3CBA2210FA39C6ED7895634842E930DD, 9AFC6A7E1F936ED3636F89FD49B5C944594F88A5BFB597348AF2FB83DA2E4E40 ] C:\WINDOWS\system32\sensapi.dll
11:59:34.0359 0x0590 C:\WINDOWS\system32\sensapi.dll - ok
11:59:34.0375 0x0590 [ B714735C12A70171DE28657948FD91F1, DF7BF2D1BEBB016A8CB739EEE2670CF9F44A5CC2319A532E5C3DE0F5AA3AA144 ] C:\WINDOWS\system32\mlang.dll
11:59:34.0375 0x0590 C:\WINDOWS\system32\mlang.dll - ok
11:59:34.0406 0x0590 [ 9DD06F00898AA5CA7E24186EFC8E5E25, 51141D0D07DBC955B63281351D3F17163ACE9A5B08628EA1C82F33FD2913970E ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{AD4E72EA-85C1-4E54-BC61-28454E50D453}.tmp
11:59:34.0406 0x0590 C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{AD4E72EA-85C1-4E54-BC61-28454E50D453}.tmp - ok
11:59:34.0421 0x0590 [ 91A7771934C0D9D2DA7699D25BB5B348, 154A6EB866AF22B38AEE8DB5A864653FEB15DED69DE26E5B602B7C5056CDDF72 ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{38468190-A1D0-4D05-B30B-F9145E50FE38}.tmp
11:59:34.0421 0x0590 C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{38468190-A1D0-4D05-B30B-F9145E50FE38}.tmp - ok
11:59:34.0453 0x0590 [ 55C11301579A42639736EA3B17A3A588, CBEBDD7C883EF47DB86060AF0F09FD2218161D5FEB0CECEB4A068B9CC63499F8 ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{97C1E765-A5F0-4CC8-8BE1-92EA4EA97FC1}.tmp
11:59:34.0453 0x0590 C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{97C1E765-A5F0-4CC8-8BE1-92EA4EA97FC1}.tmp - ok
11:59:34.0468 0x0590 [ DF471F11CC78BE02FE6BA15F2D94F65B, 9AC230DE58CE40E78AE6872BCF4778B69EEBF17E0E41B1301FF364ABD4737A78 ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{2F1AA6AA-DC69-4906-8538-76B5C05172C7}.tmp
11:59:34.0468 0x0590 C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{2F1AA6AA-DC69-4906-8538-76B5C05172C7}.tmp - ok
11:59:34.0484 0x0590 [ 0FD19BDDD2513874FF6903F717367795, DFAF9C33F993BA26FC84EF66ABC7C483E62762F7E1FC763605A75ACC2E8AA4EE ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{81691B32-032C-47D3-B691-CAFADDE11D5A}.tmp
11:59:34.0484 0x0590 C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{81691B32-032C-47D3-B691-CAFADDE11D5A}.tmp - ok
11:59:34.0500 0x0590 [ DD88BBF87A43331A4E99E37F7BF59FDB, 872190F559FA0DD1F711E9FA101BA1AB6E6DE5ED0CCCE1AB7AFE45BC3B78A0F1 ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{1C183FE3-F8D4-4EC1-8FD3-DED2F0FD12AB}.tmp
11:59:34.0500 0x0590 C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{1C183FE3-F8D4-4EC1-8FD3-DED2F0FD12AB}.tmp - ok
11:59:34.0515 0x0590 [ 4261449C1CADA6B007E5C27522946D2B, 11E79D1C529E816CCCAC9266089C77A4DB44676CAEEE25C66D6DB420B18D3ACB ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{040934AC-4158-4973-8DC9-58400D21A76F}.tmp
11:59:34.0515 0x0590 C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{040934AC-4158-4973-8DC9-58400D21A76F}.tmp - ok
11:59:34.0531 0x0590 [ 6627AA675A5C1B0330487A02E23F0560, 256AE9BA4273D4247FFAD6099D5A4FC8E98EDB27293AC8CAF7A571EB3890FAA7 ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{9627928E-DBEA-4313-B255-D4FD92BCF0C5}.tmp
11:59:34.0531 0x0590 C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{9627928E-DBEA-4313-B255-D4FD92BCF0C5}.tmp - ok
11:59:34.0546 0x0590 [ 723B834A07F7DF7DE4CEB637D57ACEA3, B42867045DD3FB7682CDBD133970421010F0F14125E4992C73657CABA4659250 ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{6D72E8FF-C996-4995-A2CC-15B747B5547A}.tmp
11:59:34.0546 0x0590 C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{6D72E8FF-C996-4995-A2CC-15B747B5547A}.tmp - ok
11:59:34.0562 0x0590 [ C1DE893FAF6D7F6CFB479A1F61835482, AD5FA3CE73777704C67C933691F1F068E1A7FF545F728B97574F9C33AC4BBC01 ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{B2223C4F-C93E-4439-8324-553F4327A6FB}.tmp
11:59:34.0562 0x0590 C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{B2223C4F-C93E-4439-8324-553F4327A6FB}.tmp - ok
11:59:34.0609 0x0590 AV detected via SS1: Microsoft Security Essentials, 4.2.0223.0, disabled, outofdate
11:59:34.0609 0x0590 ============================================================
11:59:34.0609 0x0590 Scan finished
11:59:34.0609 0x0590 ============================================================
11:59:34.0640 0x0588 Detected object count: 2
11:59:34.0640 0x0588 Actual detected object count: 2
11:59:57.0562 0x0588 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
11:59:57.0562 0x0588 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:59:57.0578 0x0588 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
11:59:57.0578 0x0588 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:08.0765 0x0524 Deinitialize success
-
Kevin, plz see fss & tdss logs:
Farbar Service Scanner Version: 28-08-2013
Ran by Administrator (administrator) on 01-11-2013 at 11:13:21
Running from "C:\Documents and Settings\Administrator\desktop\zzmbar2"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Network
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is set to Auto. The default start type is 3.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".
Windows Autoupdate Disabled Policy:
============================
PlugPlay Service is not running. Checking service configuration:
The start type of PlugPlay service is set to Disabled. The default start type is Auto.
The ImagePath of PlugPlay service is OK.
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(9) NwlnkNb(10) PSched(7) Tcpip(4)
0x0A0000000500000001000000020000000300000004000000060000000700000008000000090000000A000000
IpSec Tag value is correct.
**** End of log **********************************************11:58:20.0421 0x0528 TDSS rootkit removing tool 3.0.0.16 Nov 1 2013 15:53:38
11:58:25.0250 0x0528 ============================================================
11:58:25.0250 0x0528 Current date / time: 2013/11/01 11:58:25.0250
11:58:25.0250 0x0528 SystemInfo:
11:58:25.0250 0x0528
11:58:25.0250 0x0528 OS Version: 5.1.2600 ServicePack: 3.0
11:58:25.0250 0x0528 Product type: Workstation
11:58:25.0250 0x0528 ComputerName: RICH-BIZ
11:58:25.0250 0x0528 UserName: Administrator
11:58:25.0250 0x0528 Windows directory: C:\WINDOWS
11:58:25.0250 0x0528 System windows directory: C:\WINDOWS
11:58:25.0250 0x0528 Processor architecture: Intel x86
11:58:25.0250 0x0528 Number of processors: 1
11:58:25.0250 0x0528 Page size: 0x1000
11:58:25.0250 0x0528 Boot type: Safe boot
11:58:25.0250 0x0528 ============================================================
11:58:25.0250 0x0528 BG loaded
11:58:26.0140 0x0528 System UUID: {CE56B001-652C-3DF5-3E32-CF7929F16BD5}
11:58:28.0187 0x0528 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
11:58:28.0250 0x0528 ============================================================
11:58:28.0250 0x0528 \Device\Harddisk0\DR0:
11:58:28.0250 0x0528 MBR partitions:
11:58:28.0250 0x0528 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x62189F1
11:58:28.0265 0x0528 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6218A6F, BlocksNum 0xC7FFCA1
11:58:28.0265 0x0528 ============================================================
11:58:28.0328 0x0528 C: <-> \Device\Harddisk0\DR0\Partition2
11:58:28.0375 0x0528 J: <-> \Device\Harddisk0\DR0\Partition1
11:58:28.0375 0x0528 ============================================================
11:58:28.0375 0x0528 Initialize success
11:58:28.0375 0x0528 ============================================================
11:58:39.0875 0x0590 ============================================================
11:58:39.0875 0x0590 Scan started
11:58:39.0875 0x0590 Mode: Manual; SigCheck; TDLFS;
11:58:39.0875 0x0590 ============================================================
11:58:39.0875 0x0590 KSN ping started
11:58:39.0906 0x0590 KSN ping finished: false
11:58:40.0453 0x0590 ================ Scan system memory ========================
11:58:40.0453 0x0590 System memory - ok
11:58:40.0453 0x0590 ================ Scan services =============================
11:58:40.0750 0x0590 Abiosdsk - ok
11:58:40.0781 0x0590 abp480n5 - ok
11:58:40.0890 0x0590 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:58:41.0281 0x0590 ACPI - ok
11:58:41.0515 0x0590 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
11:58:41.0687 0x0590 ACPIEC - ok
11:58:41.0703 0x0590 adpu160m - ok
11:58:41.0812 0x0590 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:58:42.0000 0x0590 aec - ok
11:58:42.0093 0x0590 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:58:42.0109 0x0590 AFD - ok
11:58:42.0125 0x0590 Aha154x - ok
11:58:42.0140 0x0590 aic78u2 - ok
11:58:42.0156 0x0590 aic78xx - ok
11:58:43.0062 0x0590 [ 781C5EC517C53F5214B61253B20C13C4, 1B87F20A518E8A62691A61794D11C1D1264F8669C5B796BC102B45B2E8A05E1D ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
11:58:43.0734 0x0590 ALCXWDM - ok
11:58:43.0812 0x0590 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:58:43.0968 0x0590 Alerter - ok
11:58:44.0015 0x0590 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
11:58:44.0078 0x0590 ALG - ok
11:58:44.0093 0x0590 AliIde - ok
11:58:44.0109 0x0590 amsint - ok
11:58:44.0125 0x0590 AppMgmt - ok
11:58:44.0187 0x0590 [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:58:44.0343 0x0590 Arp1394 - ok
11:58:44.0375 0x0590 asc - ok
11:58:44.0390 0x0590 asc3350p - ok
11:58:44.0406 0x0590 asc3550 - ok
11:58:44.0578 0x0590 [ 4EABF511B1AF176A971C3271E48FA3A8, D9F5A700BDC670CD59BFCBFC45F7F90D63F46B9B86AA129B8A18C0066F2A07A0 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:58:44.0609 0x0590 aspnet_state - ok
11:58:44.0625 0x0590 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:58:44.0781 0x0590 AsyncMac - ok
11:58:44.0890 0x0590 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:58:45.0062 0x0590 atapi - ok
11:58:45.0093 0x0590 Atdisk - ok
11:58:45.0140 0x0590 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:58:45.0281 0x0590 Atmarpc - ok
11:58:45.0328 0x0590 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:58:45.0500 0x0590 AudioSrv - ok
11:58:45.0546 0x0590 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:58:45.0703 0x0590 audstub - ok
11:58:45.0750 0x0590 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:58:45.0921 0x0590 Beep - ok
11:58:46.0109 0x0590 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
11:58:46.0359 0x0590 BITS - ok
11:58:46.0437 0x0590 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
11:58:46.0453 0x0590 Browser - ok
11:58:46.0500 0x0590 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:58:46.0656 0x0590 cbidf2k - ok
11:58:46.0671 0x0590 cd20xrnt - ok
11:58:46.0718 0x0590 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:58:46.0875 0x0590 Cdaudio - ok
11:58:46.0921 0x0590 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:58:47.0109 0x0590 Cdfs - ok
11:58:47.0171 0x0590 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:58:47.0343 0x0590 Cdrom - ok
11:58:47.0359 0x0590 Changer - ok
11:58:47.0406 0x0590 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:58:47.0562 0x0590 CiSvc - ok
11:58:47.0609 0x0590 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:58:47.0781 0x0590 ClipSrv - ok
11:58:47.0859 0x0590 [ 234B1BC2796483E1F5C3F26649FB3388, F412B31340B11418698F263A60C78CB086F3D973EDA0C15DF12331971EB3C9DC ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:58:47.0875 0x0590 clr_optimization_v2.0.50727_32 - ok
11:58:47.0890 0x0590 CmdIde - ok
11:58:47.0906 0x0590 COMSysApp - ok
11:58:47.0968 0x0590 Cpqarray - ok
11:58:48.0031 0x0590 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:58:48.0187 0x0590 CryptSvc - ok
11:58:48.0218 0x0590 dac2w2k - ok
11:58:48.0234 0x0590 dac960nt - ok
11:58:48.0296 0x0590 [ B7EF38C2C22A7805DE919CFF5E16A372, E4B33303765277011B03C4A502E8EB2C764122213974E2B3B76F12636A5D4C76 ] dc3d C:\WINDOWS\system32\DRIVERS\dc3d.sys
11:58:48.0328 0x0590 dc3d - ok
11:58:48.0500 0x0590 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:58:48.0625 0x0590 DcomLaunch - ok
11:58:48.0718 0x0590 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:58:48.0875 0x0590 Dhcp - ok
11:58:48.0937 0x0590 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:58:49.0078 0x0590 Disk - ok
11:58:49.0093 0x0590 dmadmin - ok
11:58:49.0453 0x0590 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:58:49.0750 0x0590 dmboot - ok
11:58:49.0859 0x0590 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:58:50.0046 0x0590 dmio - ok
11:58:50.0078 0x0590 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:58:50.0218 0x0590 dmload - ok
11:58:50.0265 0x0590 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
11:58:50.0406 0x0590 dmserver - ok
11:58:50.0468 0x0590 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:58:50.0625 0x0590 DMusic - ok
11:58:50.0687 0x0590 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:58:50.0718 0x0590 Dnscache - ok
11:58:50.0796 0x0590 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:58:50.0968 0x0590 Dot3svc - ok
11:58:50.0984 0x0590 dpti2o - ok
11:58:51.0046 0x0590 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:58:51.0203 0x0590 drmkaud - ok
11:58:51.0250 0x0590 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:58:51.0406 0x0590 EapHost - ok
11:58:51.0453 0x0590 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:58:51.0609 0x0590 ERSvc - ok
11:58:51.0687 0x0590 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
11:58:51.0718 0x0590 Eventlog - ok
11:58:51.0859 0x0590 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll
11:58:51.0906 0x0590 EventSystem - ok
11:58:52.0000 0x0590 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:58:52.0156 0x0590 Fastfat - ok
11:58:52.0250 0x0590 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:58:52.0281 0x0590 FastUserSwitchingCompatibility - ok
11:58:52.0312 0x0590 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
11:58:52.0468 0x0590 Fdc - ok
11:58:52.0531 0x0590 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:58:52.0703 0x0590 Fips - ok
11:58:52.0734 0x0590 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
11:58:52.0890 0x0590 Flpydisk - ok
11:58:53.0000 0x0590 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:58:53.0156 0x0590 FltMgr - ok
11:58:53.0187 0x0590 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:58:53.0312 0x0590 Fs_Rec - ok
11:58:53.0390 0x0590 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:58:53.0531 0x0590 Ftdisk - ok
11:58:53.0578 0x0590 [ 3A74C423CF6BCCA6982715878F450A3B, A98D6D377B48D05BE3927F6E93D0DE7741E115C43125C0E0DE6EEFE023DE73BC ] gagp30kx C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
11:58:53.0750 0x0590 gagp30kx - ok
11:58:53.0812 0x0590 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:58:54.0000 0x0590 Gpc - ok
11:58:54.0078 0x0590 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:58:54.0234 0x0590 helpsvc - ok
11:58:54.0296 0x0590 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
11:58:54.0453 0x0590 HidServ - ok
11:58:54.0484 0x0590 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:58:54.0640 0x0590 HidUsb - ok
11:58:54.0703 0x0590 [ CE77439BAF613019D6B7658292D1E4A6, EF0BCD841FB884F409102DED41EEB4B9E093B3B2FF9C2D932CE581767D892007 ] hitmanpro37 C:\WINDOWS\system32\drivers\hitmanpro37.sys
11:58:54.0718 0x0590 hitmanpro37 - ok
11:58:54.0781 0x0590 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:58:54.0968 0x0590 hkmsvc - ok
11:58:54.0984 0x0590 hpn - ok
11:58:55.0140 0x0590 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:58:55.0171 0x0590 HTTP - ok
11:58:55.0218 0x0590 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:58:55.0359 0x0590 HTTPFilter - ok
11:58:55.0375 0x0590 i2omgmt - ok
11:58:55.0390 0x0590 i2omp - ok
11:58:55.0468 0x0590 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:58:55.0609 0x0590 i8042prt - ok
11:58:55.0671 0x0590 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:58:55.0828 0x0590 Imapi - ok
11:58:55.0937 0x0590 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
11:58:56.0109 0x0590 ImapiService - ok
11:58:56.0125 0x0590 ini910u - ok
11:58:56.0156 0x0590 IntelIde - ok
11:58:56.0203 0x0590 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:58:56.0343 0x0590 Ip6Fw - ok
11:58:56.0406 0x0590 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:58:56.0562 0x0590 IpFilterDriver - ok
11:58:56.0578 0x0590 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:58:56.0718 0x0590 IpInIp - ok
11:58:56.0812 0x0590 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:58:57.0000 0x0590 IpNat - ok
11:58:57.0062 0x0590 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:58:57.0218 0x0590 IPSec - ok
11:58:57.0265 0x0590 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:58:57.0328 0x0590 IRENUM - ok
11:58:57.0406 0x0590 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:58:57.0562 0x0590 isapnp - ok
11:58:57.0593 0x0590 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:58:57.0734 0x0590 Kbdclass - ok
11:58:57.0796 0x0590 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:58:57.0953 0x0590 kbdhid - ok
11:58:58.0062 0x0590 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:58:58.0234 0x0590 kmixer - ok
11:58:58.0296 0x0590 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:58:58.0328 0x0590 KSecDD - ok
11:58:58.0406 0x0590 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
11:58:58.0453 0x0590 lanmanserver - ok
11:58:58.0546 0x0590 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:58:58.0578 0x0590 lanmanworkstation - ok
11:58:58.0593 0x0590 lbrtfdc - ok
11:58:58.0656 0x0590 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:58:58.0796 0x0590 LmHosts - ok
11:58:58.0859 0x0590 [ 04F76BC3AFF4DD42A0FF860C8E70ACC8, 4F064574C61D3D6F6D2D41C0B6DEDF978891B23C1CE2ECC892ECD9309118C771 ] lswd2yhn C:\WINDOWS\system32\Drivers\lswd2yhn.sys
11:58:58.0875 0x0590 lswd2yhn - ok
11:58:58.0906 0x0590 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:58:59.0093 0x0590 Messenger - ok
11:58:59.0203 0x0590 MFE_RR - ok
11:58:59.0250 0x0590 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:58:59.0406 0x0590 mnmdd - ok
11:58:59.0453 0x0590 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
11:58:59.0609 0x0590 mnmsrvc - ok
11:58:59.0656 0x0590 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:58:59.0796 0x0590 Modem - ok
11:58:59.0843 0x0590 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:59:00.0031 0x0590 Mouclass - ok
11:59:00.0046 0x0590 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:59:00.0203 0x0590 mouhid - ok
11:59:00.0281 0x0590 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:59:00.0406 0x0590 MountMgr - ok
11:59:00.0562 0x0590 [ 8EC2EAA7AD4110D76888D99A76F297A7, 325232D39A95C4FFA95DECFF8F1FF04ABF78667A28B55946826B8829A35B9555 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:59:00.0578 0x0590 MozillaMaintenance - ok
11:59:00.0703 0x0590 [ CF105EE42E3F71E648CEBB3F666E1CF0, 1839F989ED4D954A586CB8C327F8728C020537E617FB743F457ECEFCCFA4B6C4 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
11:59:00.0734 0x0590 MpFilter - ok
11:59:00.0750 0x0590 mraid35x - ok
11:59:00.0828 0x0590 [ 9BD4DCB5412921864A7AACDEDFBD1923, 46DEE9B9414D26203B62F0D6CAEBF37A3CEFD118556129547B2C5FC7B6FDBA05 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
11:59:00.0843 0x0590 MREMP50 - detected UnsignedFile.Multi.Generic ( 1 )
11:59:01.0015 0x0590 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
11:59:01.0062 0x0590 [ 07C02C892E8E1A72D6BF35004F0E9C5E, 09ECD59AADF08E2AA0C1BAF5D3D7CBB0948153E531E1F82ECACD43F14F88106B ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
11:59:01.0078 0x0590 MRESP50 - detected UnsignedFile.Multi.Generic ( 1 )
11:59:01.0078 0x0590 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
11:59:01.0171 0x0590 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:59:01.0312 0x0590 MRxDAV - ok
11:59:01.0546 0x0590 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:59:01.0671 0x0590 MRxSmb - ok
11:59:01.0718 0x0590 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\System32\msdtc.exe
11:59:01.0859 0x0590 MSDTC - ok
11:59:01.0921 0x0590 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:59:02.0093 0x0590 Msfs - ok
11:59:02.0109 0x0590 MSIServer - ok
11:59:02.0156 0x0590 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:59:02.0296 0x0590 MSKSSRV - ok
11:59:02.0359 0x0590 [ C1F19D2BACBEE9AB64D9AE69E9859AC0, 11F55350EF5219B132A1E04C8BF8A521089F62D7207D40F7F3C6E8B6E04090A1 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:59:02.0375 0x0590 MsMpSvc - ok
11:59:02.0390 0x0590 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:59:02.0531 0x0590 MSPCLOCK - ok
11:59:02.0562 0x0590 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:59:02.0703 0x0590 MSPQM - ok
11:59:02.0750 0x0590 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:59:02.0890 0x0590 mssmbios - ok
11:59:03.0000 0x0590 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:59:03.0015 0x0590 Mup - ok
11:59:03.0171 0x0590 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:59:03.0312 0x0590 napagent - ok
11:59:03.0406 0x0590 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:59:03.0593 0x0590 NDIS - ok
11:59:03.0640 0x0590 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:59:03.0671 0x0590 NdisTapi - ok
11:59:03.0750 0x0590 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:59:03.0890 0x0590 Ndisuio - ok
11:59:03.0937 0x0590 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:59:04.0078 0x0590 NdisWan - ok
11:59:04.0156 0x0590 [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:59:04.0187 0x0590 NDProxy - ok
11:59:04.0218 0x0590 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:59:04.0343 0x0590 NetBIOS - ok
11:59:04.0437 0x0590 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:59:04.0578 0x0590 NetBT - ok
11:59:04.0671 0x0590 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
11:59:04.0812 0x0590 NetDDE - ok
11:59:04.0859 0x0590 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:59:05.0046 0x0590 NetDDEdsdm - ok
11:59:05.0078 0x0590 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:59:05.0218 0x0590 Netlogon - ok
11:59:05.0343 0x0590 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
11:59:05.0484 0x0590 Netman - ok
11:59:05.0546 0x0590 [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:59:05.0687 0x0590 NIC1394 - ok
11:59:05.0812 0x0590 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
11:59:05.0843 0x0590 Nla - ok
11:59:05.0875 0x0590 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:59:06.0015 0x0590 Npfs - ok
11:59:06.0265 0x0590 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:59:06.0484 0x0590 Ntfs - ok
11:59:06.0515 0x0590 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:59:06.0656 0x0590 NtLmSsp - ok
11:59:06.0859 0x0590 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:59:07.0078 0x0590 NtmsSvc - ok
11:59:07.0109 0x0590 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
11:59:07.0250 0x0590 Null - ok
11:59:07.0296 0x0590 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:59:07.0437 0x0590 NwlnkFlt - ok
11:59:07.0484 0x0590 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:59:07.0625 0x0590 NwlnkFwd - ok
11:59:07.0671 0x0590 [ 8B8B1BE2DBA4025DA6786C645F77F123, E47D5EED2F3AF85E2332C325DA80AEF2C4EC989E38A175194EBBFA967BA8BF81 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
11:59:07.0828 0x0590 NwlnkIpx - ok
11:59:07.0859 0x0590 [ 56D34A67C05E94E16377C60609741FF8, ABE48D3E7D38DB20E9D4884FC6FE42FAE0C5FAFD3AC86F1E585A4BB17C6F09C5 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
11:59:08.0031 0x0590 NwlnkNb - ok
11:59:08.0109 0x0590 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0, 899905C0EB182ABCDAE0D0D749C0BC39CD231B9FAEE733D5DFDAE86EB8BC755B ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
11:59:08.0234 0x0590 NwlnkSpx - ok
11:59:08.0312 0x0590 [ 4B83FCBBE72AF5F99D109798653E8B78, E646F6D365392890A3618D54D25EC4E1182400C4FF258158DBA24F814BC8C990 ] NwSapAgent C:\WINDOWS\System32\ipxsap.dll
11:59:08.0437 0x0590 NwSapAgent - ok
11:59:08.0500 0x0590 [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:59:08.0640 0x0590 ohci1394 - ok
11:59:08.0703 0x0590 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
11:59:08.0843 0x0590 Parport - ok
11:59:08.0906 0x0590 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:59:09.0062 0x0590 PartMgr - ok
11:59:09.0093 0x0590 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:59:09.0234 0x0590 ParVdm - ok
11:59:09.0265 0x0590 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:59:09.0421 0x0590 PCI - ok
11:59:09.0421 0x0590 PCIDump - ok
11:59:09.0468 0x0590 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:59:09.0593 0x0590 PCIIde - ok
11:59:09.0671 0x0590 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
11:59:09.0812 0x0590 Pcmcia - ok
11:59:09.0828 0x0590 PDCOMP - ok
11:59:09.0859 0x0590 PDFRAME - ok
11:59:09.0875 0x0590 PDRELI - ok
11:59:09.0890 0x0590 PDRFRAME - ok
11:59:09.0937 0x0590 perc2 - ok
11:59:09.0953 0x0590 perc2hib - ok
11:59:10.0062 0x0590 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
11:59:10.0078 0x0590 PlugPlay - ok
11:59:10.0093 0x0590 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:59:10.0218 0x0590 PolicyAgent - ok
11:59:10.0281 0x0590 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:59:10.0437 0x0590 PptpMiniport - ok
11:59:10.0484 0x0590 [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
11:59:10.0625 0x0590 Processor - ok
11:59:10.0671 0x0590 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:59:10.0781 0x0590 ProtectedStorage - ok
11:59:10.0843 0x0590 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:59:11.0015 0x0590 PSched - ok
11:59:11.0031 0x0590 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:59:11.0171 0x0590 Ptilink - ok
11:59:11.0187 0x0590 ql1080 - ok
11:59:11.0218 0x0590 Ql10wnt - ok
11:59:11.0234 0x0590 ql12160 - ok
11:59:11.0250 0x0590 ql1240 - ok
11:59:11.0281 0x0590 ql1280 - ok
11:59:11.0312 0x0590 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:59:11.0437 0x0590 RasAcd - ok
11:59:11.0515 0x0590 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:59:11.0656 0x0590 RasAuto - ok
11:59:11.0718 0x0590 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:59:11.0843 0x0590 Rasl2tp - ok
11:59:11.0968 0x0590 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:59:12.0093 0x0590 RasMan - ok
11:59:12.0140 0x0590 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:59:12.0265 0x0590 RasPppoe - ok
11:59:12.0312 0x0590 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:59:12.0437 0x0590 Raspti - ok
11:59:12.0515 0x0590 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:59:12.0671 0x0590 Rdbss - ok
11:59:12.0703 0x0590 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:59:12.0843 0x0590 RDPCDD - ok
11:59:12.0953 0x0590 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:59:12.0984 0x0590 RDPWD - ok
11:59:13.0093 0x0590 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:59:13.0234 0x0590 RDSessMgr - ok
11:59:13.0312 0x0590 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:59:13.0453 0x0590 redbook - ok
11:59:13.0515 0x0590 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:59:13.0656 0x0590 RemoteAccess - ok
11:59:13.0718 0x0590 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
11:59:13.0843 0x0590 RpcLocator - ok
11:59:14.0062 0x0590 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\System32\rpcss.dll
11:59:14.0171 0x0590 RpcSs - ok
11:59:14.0265 0x0590 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:59:14.0390 0x0590 RSVP - ok
11:59:14.0671 0x0590 [ B29EEB1EA7971BD83069EB2E2258D224, A3DF2E4BA03BAB85EE7CBD6C3224999167DC8618328443855A4C280FBB889E1A ] RTL8192su C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
11:59:14.0859 0x0590 RTL8192su - ok
11:59:14.0890 0x0590 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
11:59:15.0046 0x0590 SamSs - ok
11:59:15.0140 0x0590 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardDrv C:\WINDOWS\System32\SCardSvr.exe
11:59:15.0281 0x0590 SCardDrv - ok
11:59:15.0328 0x0590 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:59:15.0468 0x0590 SCardSvr - ok
11:59:15.0593 0x0590 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:59:15.0734 0x0590 Schedule - ok
11:59:15.0781 0x0590 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:59:15.0828 0x0590 Secdrv - ok
11:59:15.0906 0x0590 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:59:16.0046 0x0590 seclogon - ok
11:59:16.0093 0x0590 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
11:59:16.0250 0x0590 SENS - ok
11:59:16.0265 0x0590 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
11:59:16.0406 0x0590 serenum - ok
11:59:16.0468 0x0590 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
11:59:16.0593 0x0590 Serial - ok
11:59:16.0625 0x0590 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:59:16.0750 0x0590 Sfloppy - ok
11:59:16.0906 0x0590 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:59:17.0140 0x0590 SharedAccess - ok
11:59:17.0218 0x0590 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:59:17.0250 0x0590 ShellHWDetection - ok
11:59:17.0265 0x0590 Simbad - ok
11:59:17.0406 0x0590 [ 509D96916C7D9218E4083940B8711B9B, 9432CBAAF056359EBBD4DA652025069052E257281B208811D0458B10DACB4C1B ] SiS315 C:\WINDOWS\system32\DRIVERS\sisgrp.sys
11:59:17.0421 0x0590 SiS315 - ok
11:59:17.0468 0x0590 [ 2C921A4CCE0B3EB372EBF448939FA3BF, 08C0CA7EB1A4ADA8CA0DC7CFC4A67F5B91405C70E39758C6A4BD848B30678A57 ] SiSkp C:\WINDOWS\system32\DRIVERS\srvkp.sys
11:59:17.0500 0x0590 SiSkp - ok
11:59:17.0546 0x0590 [ 3FBB6EF8B5A71A2FA11F5F461BB73219, E71F7BB8F690351ACB0C02B2BC01F8837F55645B9BF7682C0F9329BA00637F0A ] SISNIC C:\WINDOWS\system32\DRIVERS\sisnic.sys
11:59:17.0671 0x0590 SISNIC - ok
11:59:17.0703 0x0590 Sparrow - ok
11:59:17.0750 0x0590 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:59:17.0859 0x0590 splitter - ok
11:59:17.0921 0x0590 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:59:17.0937 0x0590 Spooler - ok
11:59:18.0015 0x0590 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:59:18.0078 0x0590 sr - ok
11:59:18.0171 0x0590 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
11:59:18.0250 0x0590 srservice - ok
11:59:18.0421 0x0590 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:59:18.0515 0x0590 Srv - ok
11:59:18.0593 0x0590 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:59:18.0640 0x0590 SSDPSRV - ok
11:59:18.0796 0x0590 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:59:19.0062 0x0590 stisvc - ok
11:59:19.0093 0x0590 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:59:19.0234 0x0590 swenum - ok
11:59:19.0265 0x0590 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:59:19.0406 0x0590 swmidi - ok
11:59:19.0421 0x0590 SwPrv - ok
11:59:19.0453 0x0590 symc810 - ok
11:59:19.0468 0x0590 symc8xx - ok
11:59:19.0484 0x0590 sym_hi - ok
11:59:19.0500 0x0590 sym_u3 - ok
11:59:19.0578 0x0590 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:59:19.0734 0x0590 sysaudio - ok
11:59:19.0796 0x0590 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:59:19.0984 0x0590 SysmonLog - ok
11:59:20.0125 0x0590 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:59:20.0265 0x0590 TapiSrv - ok
11:59:20.0453 0x0590 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:59:20.0562 0x0590 Tcpip - ok
11:59:20.0609 0x0590 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:59:20.0750 0x0590 TDPIPE - ok
11:59:20.0812 0x0590 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:59:20.0953 0x0590 TDTCP - ok
11:59:21.0031 0x0590 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:59:21.0156 0x0590 TermDD - ok
11:59:21.0312 0x0590 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
11:59:21.0468 0x0590 TermService - ok
11:59:21.0546 0x0590 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
11:59:21.0562 0x0590 Themes - ok
11:59:21.0578 0x0590 TosIde - ok
11:59:21.0640 0x0590 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:59:21.0781 0x0590 TrkWks - ok
11:59:21.0781 0x0590 TrueSight - ok
11:59:21.0843 0x0590 [ 8F861EDA21C05857EB8197300A92501C, 374FF9464F273610A051B9220C8D20F01FD4DD029095A7BE37244E20C5C8B5BB ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
11:59:21.0984 0x0590 tunmp - ok
11:59:22.0062 0x0590 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:59:22.0203 0x0590 Udfs - ok
11:59:22.0218 0x0590 ultra - ok
11:59:22.0406 0x0590 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:59:22.0625 0x0590 Update - ok
11:59:22.0734 0x0590 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
11:59:22.0796 0x0590 upnphost - ok
11:59:22.0843 0x0590 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
11:59:23.0000 0x0590 UPS - ok
11:59:23.0078 0x0590 [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:59:23.0218 0x0590 usbccgp - ok
11:59:23.0250 0x0590 [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:59:23.0375 0x0590 usbehci - ok
11:59:23.0406 0x0590 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:59:23.0531 0x0590 usbhub - ok
11:59:23.0593 0x0590 [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:59:23.0734 0x0590 usbohci - ok
11:59:23.0781 0x0590 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:59:23.0906 0x0590 usbprint - ok
11:59:23.0968 0x0590 [ A0B8CF9DEB1184FBDD20784A58FA75D4, D8AFD45BD9CF7B02F2554AA6085194DE82893AF794EDF479BC9B9E9C1758DC75 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:59:24.0093 0x0590 usbscan - ok
11:59:24.0109 0x0590 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:59:24.0265 0x0590 usbstor - ok
11:59:24.0328 0x0590 [ 2A7A8AD9D39A2FAF9D9293B5DAFF3A4B, 38C6F6A440B718C75F7A1361297ACE671FC258B75BDCE9E0C27D497E3DF03C61 ] usb_rndis C:\WINDOWS\system32\DRIVERS\usb8023.sys
11:59:24.0343 0x0590 usb_rndis - ok
11:59:24.0359 0x0590 [ 2A7A8AD9D39A2FAF9D9293B5DAFF3A4B, 38C6F6A440B718C75F7A1361297ACE671FC258B75BDCE9E0C27D497E3DF03C61 ] USB_RNDIS_XP C:\WINDOWS\system32\DRIVERS\usb8023.sys
11:59:24.0375 0x0590 USB_RNDIS_XP - ok
11:59:24.0406 0x0590 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:59:24.0546 0x0590 VgaSave - ok -
Kevin- see attached logs for gmer & frst & add. Does anything stand out?
It might be helpful to know- a few weeks ago, a diff forum/tech helped me with my laptop to remove alureon/tdss.
it pretty much had these same symptoms. I suspect its what we're fighting here. That machine is working fine now.
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-10-31 19:17:38
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SP1604N rev.TM100-24 149.05GB
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwtirpow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 015F1DC0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[272] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01D79671 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[272] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01D7964E C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[272] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 015F6ABA C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[272] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01D795CF C:\Program Files\Mozilla Firefox\xul.dll
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1
---- EOF - GMER 2.1 ----
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Administrator (administrator) on RICH-BIZ on 31-10-2013 19:45:11
Running from C:\Documents and Settings\Administrator\desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)
==================== Processes (Whitelisted) ===================
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [siSPower] - Rundll32.exe SiSPower.dll,ModeAgent
HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE [59392 2008-04-14] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1313640 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [iMJPMIG8.1] - C:\WINDOWS\ime\imjp8_1\imjpmig.exe [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [HPDJ Taskbar Utility] - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [188416 2003-07-28] (HP)
HKLM\...\Run: [combofix] - C:\ComboFix\CF2841.3XE [389120 2013-10-23] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com/forums/t/505084/alureon-was-found-but-keeps-coming-back-is-there-any-hope/?hl=%2Balureon#entry3141538
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1366407782720
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9ww7oghu.default-1379006515921
FF Homepage: https://accounts.google.com/ServiceLogin?service=mail&passive=true&continue=hxxp://mail.google.com/mail/x/ogb/gp/?tab%3Dwm&scc=1<mpl=ecobh&nui=5&btmpl=mobile&emr=1
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Extension: Adblock Plus - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9ww7oghu.default-1379006515921\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
========================== Services (Whitelisted) =================
S4 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S2 NwSapAgent; C:\Windows\System32\ipxsap.dll [66560 2008-04-14] (Microsoft Corporation)
S3 SCardDrv; C:\Windows\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [2317696 2005-04-20] (Realtek Semiconductor Corp.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30976 2013-10-19] ()
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [21248 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [20096 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
S2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
S2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
S3 SiS315; C:\Windows\System32\DRIVERS\sisgrp.sys [247296 2005-04-12] (Silicon Integrated Systems Corporation)
S1 SiSkp; C:\Windows\System32\DRIVERS\srvkp.sys [11904 2005-04-12] (Silicon Integrated Systems Corporation)
R3 SISNIC; C:\Windows\System32\DRIVERS\sisnic.sys [32768 2008-04-13] (SiS Corporation)
S3 usb_rndis; C:\Windows\System32\DRIVERS\usb8023.sys [12928 2013-02-11] (Microsoft Corporation)
S3 USB_RNDIS_XP; C:\Windows\System32\DRIVERS\usb8023.sys [12928 2013-02-11] (Microsoft Corporation)
S4 IntelIde; No ImagePath
S3 MFE_RR; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mfe_rr.sys [x]
U3 TlntSvr;
U3 TrueSight; \??\C:\WINDOWS\system32\TrueSight.sys [x]
U3 kwtirpow; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwtirpow.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-31 19:44 - 2013-10-31 19:44 - 00000000 ____D C:\FRST
2013-10-31 19:44 - 2013-10-31 19:43 - 01089445 _____ (Farbar) C:\Documents and Settings\Administrator\desktop\FRST.exe
2013-10-31 19:17 - 2013-10-31 19:17 - 00001897 _____ C:\Documents and Settings\Administrator\desktop\ark.txt
2013-10-31 18:12 - 2013-10-31 18:12 - 00368554 _____ C:\Documents and Settings\Administrator\desktop\gmer.zip
2013-10-31 14:44 - 2013-10-31 14:44 - 00001873 _____ C:\Documents and Settings\Administrator\desktop\RKreport[0]_S_10312013_144404.txt
2013-10-31 02:55 - 2013-10-31 02:55 - 00001514 _____ C:\Documents and Settings\Administrator\desktop\RKreport[0]_D_10312013_025508.txt
2013-10-31 02:55 - 2013-10-31 02:55 - 00000944 _____ C:\Documents and Settings\Administrator\desktop\RKreport[0]_H_10312013_025530.txt
2013-10-31 02:52 - 2013-10-31 02:52 - 00001476 _____ C:\Documents and Settings\Administrator\desktop\RKreport[0]_S_10312013_025219.txt
2013-10-29 22:40 - 2013-10-30 11:08 - 00002048 _____ C:\Documents and Settings\Administrator\desktop\RKreport[0]_S_10292013_224029.txt
2013-10-29 22:36 - 2013-10-31 02:55 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\RK_Quarantine
2013-10-29 20:01 - 2013-10-29 20:01 - 02359350 _____ C:\Documents and Settings\Administrator\desktop\start10-19_607pm(2).bmp
2013-10-29 19:57 - 2013-10-29 19:57 - 02359350 _____ C:\Documents and Settings\Administrator\desktop\start10-19_607pm(1).bmp
2013-10-29 18:01 - 2013-10-29 18:01 - 00000000 ____D C:\WINDOWS\pss
2013-10-28 18:09 - 2013-10-28 18:09 - 00000756 _____ C:\Documents and Settings\Administrator\desktop\SystemLook.txt
2013-10-28 18:08 - 2013-10-28 18:08 - 00139264 _____ C:\Documents and Settings\Administrator\desktop\SystemLook.exe
2013-10-23 20:27 - 2013-10-23 20:27 - 00000104 _____ C:\Documents and Settings\RICH\desktop\My Computer.lnk
2013-10-23 17:53 - 2013-10-23 18:06 - 00000000 ___SD C:\ComboFix
2013-10-23 17:47 - 2013-10-23 17:47 - 00000812 _____ C:\Documents and Settings\RICH\desktop\Shortcut to ComboFix.lnk
2013-10-23 13:17 - 2013-10-23 18:06 - 00000000 ____D C:\Qoobox
2013-10-23 13:17 - 2011-06-26 02:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-10-23 13:17 - 2010-11-07 13:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-10-23 13:17 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-10-23 13:17 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-10-23 13:17 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-10-23 13:17 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-10-23 13:17 - 2000-08-30 20:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-10-23 13:17 - 2000-08-30 20:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-10-23 13:17 - 2000-08-30 20:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-10-23 13:03 - 2013-10-23 13:03 - 05137218 ____R (Swearware) C:\Documents and Settings\Administrator\desktop\ComboFix.exe
2013-10-23 12:56 - 2013-10-23 12:56 - 00244224 _____ C:\Documents and Settings\Administrator\desktop\CF_UNINST.EXE
2013-10-22 21:12 - 2013-10-22 21:12 - 00000000 ____D C:\Program Files\HiJackThis
2013-10-22 21:12 - 2013-10-18 01:11 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2013-10-22 21:08 - 2013-10-22 21:08 - 00000000 ____D C:\zoek_backup
2013-10-22 21:03 - 2013-10-22 21:33 - 00020570 _____ C:\zoek-results.log
2013-10-22 09:42 - 2013-10-22 09:42 - 00000668 _____ C:\Documents and Settings\Administrator\desktop\muttons.txt
2013-10-19 18:12 - 2013-10-19 17:09 - 00180000 _____ (Kaspersky Lab) C:\Documents and Settings\RICH\desktop\google.exe5.exe
2013-10-19 15:14 - 2013-10-19 15:14 - 03053416 ____N (Symantec Corporation) C:\Documents and Settings\Administrator\desktop\NPE.exe
2013-10-19 15:14 - 2013-10-19 15:14 - 00000458 _____ C:\Documents and Settings\Administrator\desktop\Shortcut to NPE-old.lnk
2013-10-19 03:33 - 2013-10-19 03:33 - 00030976 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2013-10-19 03:28 - 2013-10-19 03:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-10-19 02:54 - 2013-10-31 13:29 - 00105176 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2013-10-19 02:25 - 2013-10-19 02:25 - 00000539 _____ C:\Documents and Settings\RICH\desktop\Shortcut (2) to iexplore.lnk
2013-10-17 19:42 - 2013-10-17 19:45 - 00000000 ____D C:\Documents and Settings\RICH\desktop\QUOTED-ONLY
2013-10-17 13:59 - 2013-10-17 14:00 - 01050644 _____ C:\Documents and Settings\Administrator\desktop\adwcleaner.exe
2013-10-17 13:32 - 2013-10-31 18:13 - 00407084 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-17 13:21 - 2013-10-23 18:04 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-10-17 13:21 - 2013-10-17 13:21 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-10-17 13:12 - 2013-10-23 18:04 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-16 17:24 - 2013-10-16 17:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2013-10-16 16:41 - 2013-10-16 16:41 - 00001703 _____ C:\Documents and Settings\All Users\desktop\Foxit Reader.lnk
2013-10-16 16:41 - 2013-06-09 21:59 - 00216064 _____ C:\WINDOWS\system32\gcapi_dll.dll
2013-10-08 12:57 - 2013-10-21 17:52 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\10-5_LOG
2013-10-04 11:22 - 2013-10-04 11:21 - 01030305 _____ (Thisisu) C:\Documents and Settings\Administrator\desktop\JRT.exe
2013-10-04 11:19 - 2013-10-20 14:48 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\ZJRT2
2013-10-04 01:37 - 2013-10-31 03:59 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-10-04 00:13 - 2013-10-31 13:28 - 00047064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-10-04 00:12 - 2013-10-31 19:43 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\zzmbar2
2013-10-02 01:44 - 2013-10-21 17:57 - 00002482 _____ C:\Documents and Settings\Administrator\desktop\AdwCleaner[s1]10-1.txt
2013-10-01 19:32 - 2013-10-01 19:31 - 01207928 _____ C:\Program Files\rc-installer.exe
2013-10-01 02:49 - 2013-10-01 02:49 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2013-10-01 02:49 - 2013-10-01 02:49 - 00000000 ____D C:\Program Files\Microsoft Security Client
==================== One Month Modified Files and Folders =======
2013-10-31 19:44 - 2013-10-31 19:44 - 00000000 ____D C:\FRST
2013-10-31 19:43 - 2013-10-31 19:44 - 01089445 _____ (Farbar) C:\Documents and Settings\Administrator\desktop\FRST.exe
2013-10-31 19:43 - 2013-10-04 00:12 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\zzmbar2
2013-10-31 19:41 - 2013-08-28 20:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-31 19:17 - 2013-10-31 19:17 - 00001897 _____ C:\Documents and Settings\Administrator\desktop\ark.txt
2013-10-31 18:13 - 2013-10-17 13:32 - 00407084 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-31 18:13 - 2013-08-28 11:04 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\KasperskyTDSSKillerPortable
2013-10-31 18:12 - 2013-10-31 18:12 - 00368554 _____ C:\Documents and Settings\Administrator\desktop\gmer.zip
2013-10-31 16:54 - 2013-04-12 14:45 - 00000178 ___SH C:\Documents and Settings\RICH\ntuser.ini
2013-10-31 16:54 - 2013-04-12 09:16 - 00000339 _____ C:\WINDOWS\wiadebug.log
2013-10-31 16:50 - 2013-04-12 09:16 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-31 16:48 - 2013-08-11 16:33 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-10-31 14:44 - 2013-10-31 14:44 - 00001873 _____ C:\Documents and Settings\Administrator\desktop\RKreport[0]_S_10312013_144404.txt
2013-10-31 14:43 - 2013-08-28 02:43 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\mbar
2013-10-31 14:20 - 2013-09-17 15:31 - 00000000 ____D C:\AdwCleaner
2013-10-31 14:16 - 2013-10-28 12:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-10-31 14:16 - 2013-08-25 14:54 - 00000000 ____D C:\Documents and Settings\RICH\desktop\mbar
2013-10-31 13:29 - 2013-10-19 02:54 - 00105176 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2013-10-31 13:28 - 2013-10-04 00:13 - 00047064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-10-31 11:38 - 2013-04-19 16:53 - 01043244 _____ C:\WINDOWS\setupapi.log
2013-10-31 03:59 - 2013-10-04 01:37 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-10-31 02:55 - 2013-10-31 02:55 - 00001514 _____ C:\Documents and Settings\Administrator\desktop\RKreport[0]_D_10312013_025508.txt
2013-10-31 02:55 - 2013-10-31 02:55 - 00000944 _____ C:\Documents and Settings\Administrator\desktop\RKreport[0]_H_10312013_025530.txt
2013-10-31 02:55 - 2013-10-29 22:36 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\RK_Quarantine
2013-10-31 02:52 - 2013-10-31 02:52 - 00001476 _____ C:\Documents and Settings\Administrator\desktop\RKreport[0]_S_10312013_025219.txt
2013-10-31 01:12 - 2013-04-12 14:42 - 00032600 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-31 01:12 - 2013-04-12 14:40 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-31 01:02 - 2002-08-29 08:00 - 00000517 _____ C:\WINDOWS\win.ini
2013-10-31 01:02 - 2002-08-29 08:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-10-30 11:08 - 2013-10-29 22:40 - 00002048 _____ C:\Documents and Settings\Administrator\desktop\RKreport[0]_S_10292013_224029.txt
2013-10-29 20:01 - 2013-10-29 20:01 - 02359350 _____ C:\Documents and Settings\Administrator\desktop\start10-19_607pm(2).bmp
2013-10-29 19:57 - 2013-10-29 19:57 - 02359350 _____ C:\Documents and Settings\Administrator\desktop\start10-19_607pm(1).bmp
2013-10-29 18:01 - 2013-10-29 18:01 - 00000000 ____D C:\WINDOWS\pss
2013-10-28 18:09 - 2013-10-28 18:09 - 00000756 _____ C:\Documents and Settings\Administrator\desktop\SystemLook.txt
2013-10-28 18:08 - 2013-10-28 18:08 - 00139264 _____ C:\Documents and Settings\Administrator\desktop\SystemLook.exe
2013-10-28 11:32 - 2002-08-29 08:00 - 00002444 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-24 12:55 - 2013-09-17 15:07 - 01060070 _____ C:\Documents and Settings\RICH\desktop\AdwCleaner.exe
2013-10-24 11:29 - 2013-09-16 16:54 - 00000000 ____D C:\Documents and Settings\RICH\desktop\ProcessExplorer
2013-10-23 21:26 - 2013-04-12 14:42 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-10-23 20:27 - 2013-10-23 20:27 - 00000104 _____ C:\Documents and Settings\RICH\desktop\My Computer.lnk
2013-10-23 18:06 - 2013-10-23 17:53 - 00000000 ___SD C:\ComboFix
2013-10-23 18:06 - 2013-10-23 13:17 - 00000000 ____D C:\Qoobox
2013-10-23 18:05 - 2013-04-12 09:13 - 00045056 _____ C:\WINDOWS\system32\config\SECURITY.bak
2013-10-23 18:05 - 2013-04-12 09:13 - 00024576 _____ C:\WINDOWS\system32\config\SAM.bak
2013-10-23 18:05 - 2013-04-12 09:11 - 20508672 _____ C:\WINDOWS\system32\config\software.bak
2013-10-23 18:05 - 2013-04-12 09:11 - 04980736 _____ C:\WINDOWS\system32\config\system.bak
2013-10-23 18:05 - 2013-04-12 09:11 - 00258048 _____ C:\WINDOWS\system32\config\default.bak
2013-10-23 18:04 - 2013-10-17 13:21 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-10-23 18:04 - 2013-10-17 13:12 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-23 17:47 - 2013-10-23 17:47 - 00000812 _____ C:\Documents and Settings\RICH\desktop\Shortcut to ComboFix.lnk
2013-10-23 13:03 - 2013-10-23 13:03 - 05137218 ____R (Swearware) C:\Documents and Settings\Administrator\desktop\ComboFix.exe
2013-10-23 12:56 - 2013-10-23 12:56 - 00244224 _____ C:\Documents and Settings\Administrator\desktop\CF_UNINST.EXE
2013-10-22 21:33 - 2013-10-22 21:03 - 00020570 _____ C:\zoek-results.log
2013-10-22 21:12 - 2013-10-22 21:12 - 00000000 ____D C:\Program Files\HiJackThis
2013-10-22 21:08 - 2013-10-22 21:08 - 00000000 ____D C:\zoek_backup
2013-10-22 09:42 - 2013-10-22 09:42 - 00000668 _____ C:\Documents and Settings\Administrator\desktop\muttons.txt
2013-10-21 17:57 - 2013-10-02 01:44 - 00002482 _____ C:\Documents and Settings\Administrator\desktop\AdwCleaner[s1]10-1.txt
2013-10-21 17:52 - 2013-10-08 12:57 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\10-5_LOG
2013-10-20 15:17 - 2013-08-11 18:51 - 00043264 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-20 15:12 - 2013-04-12 09:15 - 01078102 _____ C:\WINDOWS\FaxSetup.log
2013-10-20 15:12 - 2013-04-12 09:15 - 00626880 _____ C:\WINDOWS\ocgen.log
2013-10-20 15:12 - 2013-04-12 09:15 - 00426144 _____ C:\WINDOWS\tsoc.log
2013-10-20 15:12 - 2013-04-12 09:15 - 00374178 _____ C:\WINDOWS\comsetup.log
2013-10-20 15:12 - 2013-04-12 09:15 - 00234896 _____ C:\WINDOWS\ntdtcsetup.log
2013-10-20 15:12 - 2013-04-12 09:15 - 00152302 _____ C:\WINDOWS\iis6.log
2013-10-20 15:12 - 2013-04-12 09:15 - 00060020 _____ C:\WINDOWS\ocmsn.log
2013-10-20 15:12 - 2013-04-12 09:15 - 00055167 _____ C:\WINDOWS\msgsocm.log
2013-10-20 15:12 - 2013-04-12 09:15 - 00001943 _____ C:\WINDOWS\imsins.log
2013-10-20 14:48 - 2013-10-04 11:19 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\ZJRT2
2013-10-19 19:22 - 2013-04-19 17:10 - 00010635 _____ C:\WINDOWS\wmsetup.log
2013-10-19 18:08 - 2013-04-19 17:16 - 00043264 _____ C:\Documents and Settings\RICH\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-19 17:54 - 2013-08-25 20:09 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-10-19 17:09 - 2013-10-19 18:12 - 00180000 _____ (Kaspersky Lab) C:\Documents and Settings\RICH\desktop\google.exe5.exe
2013-10-19 16:28 - 2013-04-12 09:13 - 00196160 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-19 15:58 - 2013-08-11 19:04 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\NPE
2013-10-19 15:14 - 2013-10-19 15:14 - 03053416 ____N (Symantec Corporation) C:\Documents and Settings\Administrator\desktop\NPE.exe
2013-10-19 15:14 - 2013-10-19 15:14 - 00000458 _____ C:\Documents and Settings\Administrator\desktop\Shortcut to NPE-old.lnk
2013-10-19 03:46 - 2013-08-25 14:24 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\ZZTOP
2013-10-19 03:33 - 2013-10-19 03:33 - 00030976 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2013-10-19 03:28 - 2013-10-19 03:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-10-19 02:25 - 2013-10-19 02:25 - 00000539 _____ C:\Documents and Settings\RICH\desktop\Shortcut (2) to iexplore.lnk
2013-10-19 01:53 - 2013-04-12 14:42 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-10-18 01:11 - 2013-10-22 21:12 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2013-10-17 19:47 - 2013-04-30 15:15 - 00000000 ____D C:\Documents and Settings\RICH\desktop\MASSIMI DAYCARE
2013-10-17 19:45 - 2013-10-17 19:42 - 00000000 ____D C:\Documents and Settings\RICH\desktop\QUOTED-ONLY
2013-10-17 19:37 - 2013-04-12 09:15 - 00001943 _____ C:\WINDOWS\imsins.BAK
2013-10-17 19:17 - 2013-04-12 09:15 - 00479924 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-17 17:54 - 2013-09-04 21:42 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\DOCS-IPG
2013-10-17 14:05 - 2013-09-05 11:50 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\compaq fix
2013-10-17 14:00 - 2013-10-17 13:59 - 01050644 _____ C:\Documents and Settings\Administrator\desktop\adwcleaner.exe
2013-10-17 13:32 - 2013-05-13 13:54 - 00000000 ____D C:\Documents and Settings\RICH\Application Data\Sun
2013-10-17 13:21 - 2013-10-17 13:21 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-10-17 13:20 - 2013-04-12 14:45 - 00000000 ____D C:\Documents and Settings\RICH
2013-10-16 17:44 - 2013-09-17 13:21 - 00025370 _____ C:\WINDOWS\bitssetup.log
2013-10-16 17:42 - 2013-04-12 14:40 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2013-10-16 17:42 - 2013-04-12 14:40 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2013-10-16 17:38 - 2013-04-12 14:39 - 00002226 _____ C:\WINDOWS\Windows Update.log
2013-10-16 17:24 - 2013-10-16 17:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2013-10-16 17:24 - 2013-09-17 11:23 - 04976148 _____ C:\Documents and Settings\Administrator\desktop\tweaking.com_windows_repair_aio_setup.exe
2013-10-16 17:19 - 2013-07-18 20:22 - 00001384 _____ C:\Program Files\settings.ini
2013-10-16 16:41 - 2013-10-16 16:41 - 00001703 _____ C:\Documents and Settings\All Users\desktop\Foxit Reader.lnk
2013-10-16 11:16 - 2013-09-04 19:52 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Foxit Software
2013-10-16 10:31 - 2013-08-11 18:55 - 00000000 ____D C:\Program Files\Google
2013-10-16 10:30 - 2013-08-11 18:55 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2013-10-08 11:23 - 2013-08-28 17:27 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-10-04 11:21 - 2013-10-04 11:22 - 01030305 _____ (Thisisu) C:\Documents and Settings\Administrator\desktop\JRT.exe
2013-10-03 18:13 - 2013-04-16 15:20 - 00000310 _____ C:\WINDOWS\Tasks\GlaryInitialize.job
2013-10-03 00:05 - 2013-04-19 18:19 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2808735$
2013-10-02 01:47 - 2013-04-19 18:15 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2478960$
2013-10-01 19:31 - 2013-10-01 19:32 - 01207928 _____ C:\Program Files\rc-installer.exe
2013-10-01 02:49 - 2013-10-01 02:49 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2013-10-01 02:49 - 2013-10-01 02:49 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-01 02:49 - 2013-04-19 18:42 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2013-10-01 02:42 - 2013-04-16 13:16 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\process monitor
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\temp\ntdll_dump.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-10-2013
Ran by Administrator at 2013-10-31 19:46:20
Running from C:\Documents and Settings\Administrator\desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
Could not list Security Center items. Check WMI.
==================== Installed Programs ======================
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Foxit Reader (Version: 6.0.6.722)
Glary Utilities 2.54.0.1759 (Version: 2.54.0.1759)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 1 (Version: 2.1.21022)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage (Version: 10.0.2627.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
Tweaking.com - Windows Repair (All in One) (Version: 2.0.1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.6513)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Support Tools (Version: 5.1.2600.5512)
==================== Restore Points =========================
27-07-2013 06:47:48 System Checkpoint
28-07-2013 07:47:48 System Checkpoint
29-07-2013 08:47:48 System Checkpoint
30-07-2013 09:47:48 System Checkpoint
31-07-2013 16:53:07 Software Distribution Service 3.0
01-08-2013 17:00:41 Software Distribution Service 3.0
02-08-2013 17:02:56 Software Distribution Service 3.0
03-08-2013 21:51:33 System Checkpoint
04-08-2013 22:23:24 System Checkpoint
05-08-2013 23:23:24 System Checkpoint
07-08-2013 00:23:24 System Checkpoint
07-08-2013 18:29:04 Installed Windows Media Player 11
07-08-2013 18:30:43 Software Distribution Service 3.0
07-08-2013 19:14:10 Software Distribution Service 3.0
08-08-2013 19:59:39 System Checkpoint
09-08-2013 17:06:32 Software Distribution Service 3.0
10-08-2013 17:51:44 System Checkpoint
26-08-2013 00:20:51 OTL Restore Point - 8/25/2013 8:20:48 PM
17-09-2013 18:31:34 Removed Java 7 Update 21
19-09-2013 07:37:14 Tweaking.com - Windows Repair
23-09-2013 18:13:34 System Checkpoint
18-10-2013 00:26:06 System Checkpoint
18-10-2013 01:34:50 Software Distribution Service 3.0
23-10-2013 21:37:14 Software Distribution Service 3.0
==================== Hosts content: ==========================
2013-09-17 13:28 - 2013-10-31 02:55 - 00000741 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: C:\WINDOWS\Tasks\GlaryInitialize.job => C:\Program Files\Glary Utilities\initialize.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
==================== Loaded Modules (whitelisted) =============
2013-08-28 20:06 - 2013-08-28 20:06 - 03271576 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR311 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR322 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR410 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== Faulty Device Manager Devices =============
Could not list Devices. Check WMI.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/31/2013 04:50:52 PM) (Source: Microsoft IntelliType Pro) (User: )
Description: itype.exe8.20.469.04e41c8b5kernel32.dll5.1.2600.6293506bc5e5000012fd3
Error: (10/31/2013 04:38:27 PM) (Source: Microsoft IntelliType Pro) (User: )
Description: itype.exe8.20.469.04e41c8b5kernel32.dll5.1.2600.6293506bc5e5000012fd3
Error: (10/31/2013 04:38:23 PM) (Source: Microsoft IntelliType Pro) (User: )
Description: itype.exe8.20.469.04e41c8b5kernel32.dll5.1.2600.6293506bc5e5000012fd3
Error: (10/31/2013 04:38:22 PM) (Source: Microsoft IntelliType Pro) (User: )
Description: itype.exe8.20.469.04e41c8b5kernel32.dll5.1.2600.6293506bc5e5000012fd3
Error: (10/31/2013 04:38:22 PM) (Source: Microsoft IntelliType Pro) (User: )
Description: itype.exe8.20.469.04e41c8b5kernel32.dll5.1.2600.6293506bc5e5000012fd3
Error: (10/31/2013 04:38:10 PM) (Source: Microsoft IntelliType Pro) (User: )
Description: itype.exe8.20.469.04e41c8b5kernel32.dll5.1.2600.6293506bc5e5000012fd3
Error: (10/31/2013 04:37:59 PM) (Source: Microsoft IntelliType Pro) (User: )
Description: itype.exe8.20.469.04e41c8b5kernel32.dll5.1.2600.6293506bc5e5000012fd3
Error: (10/31/2013 04:37:47 PM) (Source: Microsoft IntelliType Pro) (User: )
Description: itype.exe8.20.469.04e41c8b5kernel32.dll5.1.2600.6293506bc5e5000012fd3
Error: (10/31/2013 04:37:45 PM) (Source: Microsoft IntelliType Pro) (User: )
Description: itype.exe8.20.469.04e41c8b5kernel32.dll5.1.2600.6293506bc5e5000012fd3
Error: (10/31/2013 04:37:43 PM) (Source: Microsoft IntelliType Pro) (User: )
Description: itype.exe8.20.469.04e41c8b5kernel32.dll5.1.2600.6293506bc5e5000012fd3
System errors:
=============
Error: (10/31/2013 07:45:34 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1068
Error: (10/31/2013 07:45:34 PM) (Source: Service Control Manager) (User: )
Description: The Telephony service depends on the Plug and Play service which failed to start because of the following error:
%%1058
Error: (10/31/2013 07:45:34 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1068
Error: (10/31/2013 07:45:34 PM) (Source: Service Control Manager) (User: )
Description: The Telephony service depends on the Plug and Play service which failed to start because of the following error:
%%1058
Microsoft Office Sessions:
=========================
Error: (10/31/2013 04:50:52 PM) (Source: Microsoft IntelliType Pro)(User: )
Description: itype.exe8.20.469.04e41c8b5kernel32.dll5.1.2600.6293506bc5e5000012fd3
Error: (10/31/2013 04:38:27 PM) (Source: Microsoft IntelliType Pro)(User: )
Description: itype.exe8.20.469.04e41c8b5kernel32.dll5.1.2600.6293506bc5e5000012fd3
Error: (10/31/2013 04:38:23 PM) (Source: Microsoft IntelliType Pro)(User: )
Description: itype.exe8.20.469.04e41c8b5kernel32.dll5.1.2600.6293506bc5e5000012fd3
Error: (10/31/2013 04:38:22 PM) (Source: Microsoft IntelliType Pro)(User: )
Description: itype.exe8.20.469.04e41c8b5kernel32.dll5.1.2600.6293506bc5e5000012fd3
==================== Memory info ===========================
Percentage of memory in use: 62%
Total physical RAM: 639.48 MB
Available physical RAM: 239.95 MB
Total Pagefile: 1566.06 MB
Available Pagefile: 1211.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1952.58 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:100 GB) (Free:88.92 GB) NTFS
Drive j: () (Fixed) (Total:49.05 GB) (Free:48.74 GB) NTFS ==>[Drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 88F288F2)
Partition 1: (Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=OF Extended)
==================== End Of Log ============================
Not sure which infection this is? Java Exploit maybe..?
in Resolved Malware Removal Logs
Posted
Kevin-
the 2nd network connections folder is still there. After running combofix /uninstall, I watched it as combofix was removed but that folder remains. thx!