Not sure which infection this is? Java Exploit maybe..?

[hiesenberg]

sorry, the pic would not upload to this site 

[hiesenberg]

kevin:

Here is a link to the 25 files I mentioned before, hopefully the link works: http://www.sendspace.com/file/su6uh4

let me know what is next. Thanks!

[kevinf80]

Lets try this from outside of windows....

 

Kaspersky Rescue CD

STEP A:

 

Download and create a bootable Kaspersky Rescue Disk CD

 

1. Download the Kaspersky Rescue Disk ISOimage from below.

 

 KASPERSKY RESCUE DISK DOWNLOAD LINK (This link will open a new page from where you can download Kaspersky Rescue Disk ISO)

 

2. Download ImgBurn, a software that will help us create this bootable disk. (If you already have necessary software, use that)

 

 IMGBURN DOWNLOAD LINK (This link will open a new page from where you can download ImgBurn)

3. You can now insert your blank DVD/CD in your burner.

 

4. Install ImgBurn by following the prompts and then start this program.

 

5. Click on the Write image file to disc button.

 

6. Under 'Source' click on the Browse for file button, then browse to the location where you previously saved the Kaspersky Rescue Disk ISO file.(kav_rescue_10.iso)

 

7. Click on the big Write button.

 

8. The disc creation process will now start and it will take around 5-10 minutes to complete.

 

 

STEP B:

 

Configure the computer to boot from CD-ROM

 

On some machines,if you restart the computer and repeatedly tap the F11 key it should bring up the Boot Menu, from there you can select to boot from the CD.

IF this doesn't happen then you'll need to configure your computer to boot for a CD like you'll see below.

 

 Use the Delete or F2 keys, to load the BIOS menu.Information how to enter the BIOS menu is displayed on the screen at the start of the OS boot:

 

1. Use the Delete or F2 keys, to load the BIOS menu.Information how to enter the BIOS menu is displayed on the screen at the start of the OS boot:

 

2. In your PC BIOS settings select the Boot menu and set CD/DVD-ROM as a primary boot device.

 

3. Insert your Kaspersky Rescue Disk and restart your computer.

 

STEP C:

 

Boot your computer from Kaspersky Rescue Disk

 

1. Your computer will now boot from the Kaspersky Rescue Disk,and you'll be asked to press any key to proceed with this process

 

 

 

 

2. In the start up wizard window that will open, select your language using the cursor moving keys. Press the ENTER key on the keyboard.

 

 

 

 

3. On the next screen, select Kaspersky Rescue Disk. Graphic Mode then press ENTER.

 

 

 

 

4. The End User License Agreement of Kaspersky Rescue Disk will be displayed on the screen. Read carefully the agreement then press the C button on your keyboard.

 

5. Once the actions described above have been performed, the Kasprsky operating system will start.

 

STEP D:

 

Launch Kaspersky WindowsUnlocker to remove the malicious registry changes

 

This ransomware trojan has modified your Windows system registry so that when you're trying to boot your computer it will instead launch his lock screen.To remove this malicious registry changes we need to use the Kasersky WindowsUnlocker from Kaspersky Rescue Disk.

 

1. Click on the Start button located in the left bottom corner of the screen and select the Kaspersky WindowsUnlocker.

 

 

 

 

IF you can't find the WindowsUnlocker button, you can select Terminal and in the command prompt type windowsunlocker and then press Enter on the keyboard.

 

2. A white colored console window will appear and will automatically start loading the registry files for scanning and disinfection. The whole process will take only a couple of seconds and after this process you should be able to boot your computer in normal mode.

 

 

 

 

STEP E:

 

Scan your system with Kaspersky Rescue Disk

 

1. Click on the Start button located in the left bottom corner of the screen and select the Kaspersky Rescue Disk then click on My Update Center and press Start update.

 

 

 

 

2. When the update process has completed, the light at the top of the window will turn green, and the databases release date will be updated.

 

 

 

 

3. Click on the Objects Scan tab, then click Start Objects Scanto begin the scan.

 

 

 

 

4. If any malicious items are found, the default settings are to prompt you for action with a red popup window on the bottom right. Delete is the recommended action in most cases but we strongly recommend that you try first to disinfect , and if it doesn't work chose to quarantine the infected files just to be on the safe side.

 

 

 

 

5. When all detected items have been processed and removed, the light in the window will turn green and the scan will show as completed.

 

 

 

 

6. When done you can close the Kaspersky Rescue Disk window and use the Start Menu to Restart the computer.

 

7. When booted back into Windows Navigate > Start > Computer > C:\Kaspersky Rescue Disck 10.0 Open the folder, inside is log from KRD run named "ScanObject" copy/paste that file to your reply.

 

If you`d rather use the USB stick version, instructions here: http://support.kaspersky.com/8092

[hiesenberg]

Sounds good but I won't be able to run those steps until after work in the evening. Thanks!

[kevinf80]

That`s ok, post back with results later when you have the time....

 

Kevin....

[hiesenberg]

Okay, this is really wierd but thats the utility you had me run so is this a false positive?? does this happen usually? also, I was not able to update it due to my wireless not connecting while running off the rescue disk.

 

Objects Scan: completed <1 minute ago   (events: 32, objects: 149196, time: 01:19:45)    
10/30/13 8:39 PM    Task completed            
10/30/13 8:39 PM    Deleted: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek/zoek.scr        
10/30/13 8:39 PM    Detected: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek/zoek.scr        
10/30/13 8:39 PM    Deleted: Trojan-Dropper.Win32.Injector.jqjj    C:/Documents and Settings/Administrator/desktop/zoek/zoek.exe        
10/30/13 8:39 PM    Detected: Trojan-Dropper.Win32.Injector.jqjj    C:/Documents and Settings/Administrator/desktop/zoek/zoek.exe        
10/30/13 8:39 PM    Deleted: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek/zoek.com        
10/30/13 8:38 PM    Detected: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek/zoek.com        
10/30/13 8:38 PM    Untreated: Trojan-Dropper.Win32.Injector.jqjj    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.exe    Write not supported    
10/30/13 8:38 PM    Detected: Trojan-Dropper.Win32.Injector.jqjj    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.exe        
10/30/13 8:38 PM    Untreated: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.scr    Write not supported    
10/30/13 8:38 PM    Detected: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.scr        
10/30/13 8:38 PM    Untreated: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.com    Write not supported    
10/30/13 8:13 PM    Detected: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.com        
10/30/13 8:13 PM    Untreated: Trojan-Dropper.Win32.Injector.jqjj    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.exe    Postponed    
10/30/13 8:13 PM    Detected: Trojan-Dropper.Win32.Injector.jqjj    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.exe        
10/30/13 8:13 PM    Untreated: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.scr    Postponed    
10/30/13 8:13 PM    Detected: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.scr        
10/30/13 8:13 PM    Untreated: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.com    Postponed    
10/30/13 8:13 PM    Detected: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.com        
10/30/13 7:23 PM    Untreated: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek/zoek.scr    Postponed    
10/30/13 7:23 PM    Detected: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek/zoek.scr        
10/30/13 7:23 PM    Untreated: Trojan-Dropper.Win32.Injector.jqjj    C:/Documents and Settings/Administrator/desktop/zoek/zoek.exe    Postponed    
10/30/13 7:23 PM    Detected: Trojan-Dropper.Win32.Injector.jqjj    C:/Documents and Settings/Administrator/desktop/zoek/zoek.exe        
10/30/13 7:23 PM    Untreated: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek/zoek.com    Postponed    
10/30/13 7:23 PM    Detected: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek/zoek.com        
10/30/13 7:22 PM    Untreated: Trojan-Dropper.Win32.Injector.jqjj    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.exe    Postponed    
10/30/13 7:22 PM    Detected: Trojan-Dropper.Win32.Injector.jqjj    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.exe        
10/30/13 7:22 PM    Untreated: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.scr    Postponed    
10/30/13 7:22 PM    Detected: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.scr        
10/30/13 7:22 PM    Untreated: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.com    Postponed    
10/30/13 7:22 PM    Detected: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.com        
10/30/13 7:19 PM    Task started            
 

[kevinf80]

Yes is FP, Zoek can be seen as a threat because of what it does/how it works. If the program had updated probably would not have flagged Zoek. Unfortunately we do not see any other progress.

 

What is the status of your system now, what issues/concerns do we have...

[hiesenberg]

Kevin: machine continues with same symptons, no changes. I re-ran kaspersky twice after I got it to update definitions,
logs are attached below.
I then decided to run Rogue Killer and it found a couple of reg items. The "disable reg tools" has been removed
before but keeps reinstalling. Is this part of an infection? Can you please review and advise? I think this nasty bug
is outsmarting all these scanners and going undetected.

Kaspersky-Log> Objects Scan: completed 10 hours ago   (events: 18, objects: 149646, time: 00:57:36)    
10/31/13 2:31 AM    Task completed            
10/31/13 2:31 AM    Deleted: Trojan-Dropper.Win32.Injector.jqjj    C:/Documents and Settings/Administrator/desktop/zoek.zip        
10/31/13 2:31 AM    Detected: Trojan-Dropper.Win32.Injector.jqjj    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.exe        
10/31/13 2:31 AM    Detected: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.scr        
10/31/13 2:28 AM    Detected: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.com        
10/31/13 2:28 AM    Untreated: Trojan-Dropper.Win32.Injector.jqjj    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.exe    Postponed    
10/31/13 2:28 AM    Detected: Trojan-Dropper.Win32.Injector.jqjj    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.exe        
10/31/13 2:28 AM    Untreated: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.scr    Postponed    
10/31/13 2:28 AM    Detected: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.scr        
10/31/13 2:28 AM    Untreated: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.com    Postponed    
10/31/13 2:28 AM    Detected: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.com        
10/31/13 1:36 AM    Untreated: Trojan-Dropper.Win32.Injector.jqjj    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.exe    Postponed    
10/31/13 1:36 AM    Detected: Trojan-Dropper.Win32.Injector.jqjj    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.exe        
10/31/13 1:36 AM    Untreated: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.scr    Postponed    
10/31/13 1:36 AM    Detected: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.scr        
10/31/13 1:36 AM    Untreated: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.com    Postponed    
10/31/13 1:36 AM    Detected: Trojan-Dropper.Win32.Injector.jqku    C:/Documents and Settings/Administrator/desktop/zoek.zip/zoek.com        
10/31/13 1:33 AM    Task started            
Objects Scan: completed <1 minute ago   (events: 2, objects: 149568, time: 00:53:43)    
10/31/13 12:55 PM    Task completed            
10/31/13 12:01 PM    Task started    

RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User : Administrator [Admin rights]
Mode : Scan -- Date : 10/31/2013 14:44:04
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH][DLL] explorer.exe -- C:\Documents and Settings\Administrator\Desktop\zebranMalwarebytes' Anti-Malware\mbamext.dll [x] -> UNLOADED

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\RunOnce :  (A0) (cmd /c "C:\Documents and Settings\RICH\desktop\mbar\mbar.exe" /rdv /s [7]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x2] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ( @ )  +++++
--- User ---
[MBR] 9c24779718baa28a177f1792c868d0f9
[bSP] 85f5c2091b2e329b4ea8d90f28511751 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 50225 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 102861360 | Size: 102399 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_10312013_144404.txt >>
RKreport[0]_D_10312013_025508.txt;RKreport[0]_H_10312013_025530.txt;RKreport[0]_S_10292013_224029.txt
RKreport[0]_S_10312013_025219.txt


 

[kevinf80]

This is very frustrating, we make no progress...

 

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

 

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur

 

Altenative mirror

 

Disable the active protection component of your antivirus and antispyware programs by following the directions that apply here:

Temporarily disable Security

 

Do not use your computer for anything else during the scan.

• Double click GMER.exe.
  
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on  NO
   Then use the following settings for a more complete scan..
  
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  
  • IAT/EAT
    
  • Drives/Partition other than Systemdrive (typically C:\)
    
  • Show All (don't miss this one)
     
    
    Click the image to enlarge it
     
    

  [*] Then click the Scan button & wait for it to finish.

  [*] Once done click on the [save..] button, and in the File name area, type in "ark.txt" 

  [*]Save the log where you can easily find it, such as your desktop.

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

Please copy and paste the report into your Post.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

 

Kevin..

[hiesenberg]

Kevin- see attached logs for gmer & frst & add. Does anything stand out?
It might be helpful to know- a few weeks ago, a diff forum/tech helped me with my laptop to remove alureon/tdss.
it pretty much had these same symptoms. I suspect its what we're fighting here. That machine is working fine now.

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-10-31 19:17:38
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SP1604N rev.TM100-24 149.05GB
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwtirpow.sys
---- User code sections - GMER 2.1 ----

.text  C:\Program Files\Mozilla Firefox\firefox.exe[272] ntdll.dll!LdrLoadDll                7C91632D 5 Bytes  JMP 015F1DC0 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[272] kernel32.dll!lstrlenW + 43          7C809AEC 7 Bytes  JMP 01D79671 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[272] kernel32.dll!MapViewOfFileEx + 6A   7C80B9A0 7 Bytes  JMP 01D7964E C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[272] kernel32.dll!ValidateLocale + B1C8  7C8449C8 7 Bytes  JMP 015F6ABA C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[272] GDI32.dll!SetDIBitsToDevice + 20A   77F19E14 7 Bytes  JMP 01D795CF C:\Program Files\Mozilla Firefox\xul.dll

---- Registry - GMER 2.1 ----

Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout    15
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota       10000
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler                     yes
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk                    
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout    90
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota      10000
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs   1

---- EOF - GMER 2.1 ----

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Administrator (administrator) on RICH-BIZ on 31-10-2013 19:45:11
Running from C:\Documents and Settings\Administrator\desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) ===================

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [siSPower] - Rundll32.exe SiSPower.dll,ModeAgent
HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE [59392 2008-04-14] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1313640 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [iMJPMIG8.1] - C:\WINDOWS\ime\imjp8_1\imjpmig.exe [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [HPDJ Taskbar Utility] - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [188416 2003-07-28] (HP)
HKLM\...\Run: [combofix] - C:\ComboFix\CF2841.3XE [389120 2013-10-23] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com/forums/t/505084/alureon-was-found-but-keeps-coming-back-is-there-any-hope/?hl=%2Balureon#entry3141538
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1366407782720
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9ww7oghu.default-1379006515921
FF Homepage: https://accounts.google.com/ServiceLogin?service=mail&passive=true&continue=hxxp://mail.google.com/mail/x/ogb/gp/?tab%3Dwm&scc=1&ltmpl=ecobh&nui=5&btmpl=mobile&emr=1
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Extension: Adblock Plus - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9ww7oghu.default-1379006515921\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

========================== Services (Whitelisted) =================

S4 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S2 NwSapAgent; C:\Windows\System32\ipxsap.dll [66560 2008-04-14] (Microsoft Corporation)
S3 SCardDrv; C:\Windows\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [2317696 2005-04-20] (Realtek Semiconductor Corp.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30976 2013-10-19] ()
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [21248 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [20096 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
S2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
S2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
S3 SiS315; C:\Windows\System32\DRIVERS\sisgrp.sys [247296 2005-04-12] (Silicon Integrated Systems Corporation)
S1 SiSkp; C:\Windows\System32\DRIVERS\srvkp.sys [11904 2005-04-12] (Silicon Integrated Systems Corporation)
R3 SISNIC; C:\Windows\System32\DRIVERS\sisnic.sys [32768 2008-04-13] (SiS Corporation)
S3 usb_rndis; C:\Windows\System32\DRIVERS\usb8023.sys [12928 2013-02-11] (Microsoft Corporation)
S3 USB_RNDIS_XP; C:\Windows\System32\DRIVERS\usb8023.sys [12928 2013-02-11] (Microsoft Corporation)
S4 IntelIde; No ImagePath
S3 MFE_RR; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mfe_rr.sys [x]
U3 TlntSvr;
U3 TrueSight; \??\C:\WINDOWS\system32\TrueSight.sys [x]
U3 kwtirpow; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwtirpow.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-31 19:44 - 2013-10-31 19:44 - 00000000 ____D C:\FRST
2013-10-31 19:44 - 2013-10-31 19:43 - 01089445 _____ (Farbar) C:\Documents and Settings\Administrator\desktop\FRST.exe
2013-10-31 19:17 - 2013-10-31 19:17 - 00001897 _____ C:\Documents and Settings\Administrator\desktop\ark.txt
2013-10-31 18:12 - 2013-10-31 18:12 - 00368554 _____ C:\Documents and Settings\Administrator\desktop\gmer.zip
2013-10-31 14:44 - 2013-10-31 14:44 - 00001873 _____ C:\Documents and Settings\Administrator\desktop\RKreport[0]_S_10312013_144404.txt
2013-10-31 02:55 - 2013-10-31 02:55 - 00001514 _____ C:\Documents and Settings\Administrator\desktop\RKreport[0]_D_10312013_025508.txt
2013-10-31 02:55 - 2013-10-31 02:55 - 00000944 _____ C:\Documents and Settings\Administrator\desktop\RKreport[0]_H_10312013_025530.txt
2013-10-31 02:52 - 2013-10-31 02:52 - 00001476 _____ C:\Documents and Settings\Administrator\desktop\RKreport[0]_S_10312013_025219.txt
2013-10-29 22:40 - 2013-10-30 11:08 - 00002048 _____ C:\Documents and Settings\Administrator\desktop\RKreport[0]_S_10292013_224029.txt
2013-10-29 22:36 - 2013-10-31 02:55 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\RK_Quarantine
2013-10-29 20:01 - 2013-10-29 20:01 - 02359350 _____ C:\Documents and Settings\Administrator\desktop\start10-19_607pm(2).bmp
2013-10-29 19:57 - 2013-10-29 19:57 - 02359350 _____ C:\Documents and Settings\Administrator\desktop\start10-19_607pm(1).bmp
2013-10-29 18:01 - 2013-10-29 18:01 - 00000000 ____D C:\WINDOWS\pss
2013-10-28 18:09 - 2013-10-28 18:09 - 00000756 _____ C:\Documents and Settings\Administrator\desktop\SystemLook.txt
2013-10-28 18:08 - 2013-10-28 18:08 - 00139264 _____ C:\Documents and Settings\Administrator\desktop\SystemLook.exe
2013-10-23 20:27 - 2013-10-23 20:27 - 00000104 _____ C:\Documents and Settings\RICH\desktop\My Computer.lnk
2013-10-23 17:53 - 2013-10-23 18:06 - 00000000 ___SD C:\ComboFix
2013-10-23 17:47 - 2013-10-23 17:47 - 00000812 _____ C:\Documents and Settings\RICH\desktop\Shortcut to ComboFix.lnk
2013-10-23 13:17 - 2013-10-23 18:06 - 00000000 ____D C:\Qoobox
2013-10-23 13:17 - 2011-06-26 02:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-10-23 13:17 - 2010-11-07 13:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-10-23 13:17 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-10-23 13:17 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-10-23 13:17 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-10-23 13:17 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-10-23 13:17 - 2000-08-30 20:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-10-23 13:17 - 2000-08-30 20:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-10-23 13:17 - 2000-08-30 20:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-10-23 13:03 - 2013-10-23 13:03 - 05137218 ____R (Swearware) C:\Documents and Settings\Administrator\desktop\ComboFix.exe
2013-10-23 12:56 - 2013-10-23 12:56 - 00244224 _____ C:\Documents and Settings\Administrator\desktop\CF_UNINST.EXE
2013-10-22 21:12 - 2013-10-22 21:12 - 00000000 ____D C:\Program Files\HiJackThis
2013-10-22 21:12 - 2013-10-18 01:11 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2013-10-22 21:08 - 2013-10-22 21:08 - 00000000 ____D C:\zoek_backup
2013-10-22 21:03 - 2013-10-22 21:33 - 00020570 _____ C:\zoek-results.log
2013-10-22 09:42 - 2013-10-22 09:42 - 00000668 _____ C:\Documents and Settings\Administrator\desktop\muttons.txt
2013-10-19 18:12 - 2013-10-19 17:09 - 00180000 _____ (Kaspersky Lab) C:\Documents and Settings\RICH\desktop\google.exe5.exe
2013-10-19 15:14 - 2013-10-19 15:14 - 03053416 ____N (Symantec Corporation) C:\Documents and Settings\Administrator\desktop\NPE.exe
2013-10-19 15:14 - 2013-10-19 15:14 - 00000458 _____ C:\Documents and Settings\Administrator\desktop\Shortcut to NPE-old.lnk
2013-10-19 03:33 - 2013-10-19 03:33 - 00030976 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2013-10-19 03:28 - 2013-10-19 03:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-10-19 02:54 - 2013-10-31 13:29 - 00105176 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2013-10-19 02:25 - 2013-10-19 02:25 - 00000539 _____ C:\Documents and Settings\RICH\desktop\Shortcut (2) to iexplore.lnk
2013-10-17 19:42 - 2013-10-17 19:45 - 00000000 ____D C:\Documents and Settings\RICH\desktop\QUOTED-ONLY
2013-10-17 13:59 - 2013-10-17 14:00 - 01050644 _____ C:\Documents and Settings\Administrator\desktop\adwcleaner.exe
2013-10-17 13:32 - 2013-10-31 18:13 - 00407084 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-17 13:21 - 2013-10-23 18:04 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-10-17 13:21 - 2013-10-17 13:21 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-10-17 13:12 - 2013-10-23 18:04 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-16 17:24 - 2013-10-16 17:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2013-10-16 16:41 - 2013-10-16 16:41 - 00001703 _____ C:\Documents and Settings\All Users\desktop\Foxit Reader.lnk
2013-10-16 16:41 - 2013-06-09 21:59 - 00216064 _____ C:\WINDOWS\system32\gcapi_dll.dll
2013-10-08 12:57 - 2013-10-21 17:52 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\10-5_LOG
2013-10-04 11:22 - 2013-10-04 11:21 - 01030305 _____ (Thisisu) C:\Documents and Settings\Administrator\desktop\JRT.exe
2013-10-04 11:19 - 2013-10-20 14:48 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\ZJRT2
2013-10-04 01:37 - 2013-10-31 03:59 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-10-04 00:13 - 2013-10-31 13:28 - 00047064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-10-04 00:12 - 2013-10-31 19:43 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\zzmbar2
2013-10-02 01:44 - 2013-10-21 17:57 - 00002482 _____ C:\Documents and Settings\Administrator\desktop\AdwCleaner[s1]10-1.txt
2013-10-01 19:32 - 2013-10-01 19:31 - 01207928 _____ C:\Program Files\rc-installer.exe
2013-10-01 02:49 - 2013-10-01 02:49 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2013-10-01 02:49 - 2013-10-01 02:49 - 00000000 ____D C:\Program Files\Microsoft Security Client

==================== One Month Modified Files and Folders =======

2013-10-31 19:44 - 2013-10-31 19:44 - 00000000 ____D C:\FRST
2013-10-31 19:43 - 2013-10-31 19:44 - 01089445 _____ (Farbar) C:\Documents and Settings\Administrator\desktop\FRST.exe
2013-10-31 19:43 - 2013-10-04 00:12 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\zzmbar2
2013-10-31 19:41 - 2013-08-28 20:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-31 19:17 - 2013-10-31 19:17 - 00001897 _____ C:\Documents and Settings\Administrator\desktop\ark.txt
2013-10-31 18:13 - 2013-10-17 13:32 - 00407084 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-31 18:13 - 2013-08-28 11:04 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\KasperskyTDSSKillerPortable
2013-10-31 18:12 - 2013-10-31 18:12 - 00368554 _____ C:\Documents and Settings\Administrator\desktop\gmer.zip
2013-10-31 16:54 - 2013-04-12 14:45 - 00000178 ___SH C:\Documents and Settings\RICH\ntuser.ini
2013-10-31 16:54 - 2013-04-12 09:16 - 00000339 _____ C:\WINDOWS\wiadebug.log
2013-10-31 16:50 - 2013-04-12 09:16 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-31 16:48 - 2013-08-11 16:33 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-10-31 14:44 - 2013-10-31 14:44 - 00001873 _____ C:\Documents and Settings\Administrator\desktop\RKreport[0]_S_10312013_144404.txt
2013-10-31 14:43 - 2013-08-28 02:43 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\mbar
2013-10-31 14:20 - 2013-09-17 15:31 - 00000000 ____D C:\AdwCleaner
2013-10-31 14:16 - 2013-10-28 12:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-10-31 14:16 - 2013-08-25 14:54 - 00000000 ____D C:\Documents and Settings\RICH\desktop\mbar
2013-10-31 13:29 - 2013-10-19 02:54 - 00105176 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2013-10-31 13:28 - 2013-10-04 00:13 - 00047064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-10-31 11:38 - 2013-04-19 16:53 - 01043244 _____ C:\WINDOWS\setupapi.log
2013-10-31 03:59 - 2013-10-04 01:37 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-10-31 02:55 - 2013-10-31 02:55 - 00001514 _____ C:\Documents and Settings\Administrator\desktop\RKreport[0]_D_10312013_025508.txt
2013-10-31 02:55 - 2013-10-31 02:55 - 00000944 _____ C:\Documents and Settings\Administrator\desktop\RKreport[0]_H_10312013_025530.txt
2013-10-31 02:55 - 2013-10-29 22:36 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\RK_Quarantine
2013-10-31 02:52 - 2013-10-31 02:52 - 00001476 _____ C:\Documents and Settings\Administrator\desktop\RKreport[0]_S_10312013_025219.txt
2013-10-31 01:12 - 2013-04-12 14:42 - 00032600 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-31 01:12 - 2013-04-12 14:40 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-31 01:02 - 2002-08-29 08:00 - 00000517 _____ C:\WINDOWS\win.ini
2013-10-31 01:02 - 2002-08-29 08:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-10-30 11:08 - 2013-10-29 22:40 - 00002048 _____ C:\Documents and Settings\Administrator\desktop\RKreport[0]_S_10292013_224029.txt
2013-10-29 20:01 - 2013-10-29 20:01 - 02359350 _____ C:\Documents and Settings\Administrator\desktop\start10-19_607pm(2).bmp
2013-10-29 19:57 - 2013-10-29 19:57 - 02359350 _____ C:\Documents and Settings\Administrator\desktop\start10-19_607pm(1).bmp
2013-10-29 18:01 - 2013-10-29 18:01 - 00000000 ____D C:\WINDOWS\pss
2013-10-28 18:09 - 2013-10-28 18:09 - 00000756 _____ C:\Documents and Settings\Administrator\desktop\SystemLook.txt
2013-10-28 18:08 - 2013-10-28 18:08 - 00139264 _____ C:\Documents and Settings\Administrator\desktop\SystemLook.exe
2013-10-28 11:32 - 2002-08-29 08:00 - 00002444 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-24 12:55 - 2013-09-17 15:07 - 01060070 _____ C:\Documents and Settings\RICH\desktop\AdwCleaner.exe
2013-10-24 11:29 - 2013-09-16 16:54 - 00000000 ____D C:\Documents and Settings\RICH\desktop\ProcessExplorer
2013-10-23 21:26 - 2013-04-12 14:42 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-10-23 20:27 - 2013-10-23 20:27 - 00000104 _____ C:\Documents and Settings\RICH\desktop\My Computer.lnk
2013-10-23 18:06 - 2013-10-23 17:53 - 00000000 ___SD C:\ComboFix
2013-10-23 18:06 - 2013-10-23 13:17 - 00000000 ____D C:\Qoobox
2013-10-23 18:05 - 2013-04-12 09:13 - 00045056 _____ C:\WINDOWS\system32\config\SECURITY.bak
2013-10-23 18:05 - 2013-04-12 09:13 - 00024576 _____ C:\WINDOWS\system32\config\SAM.bak
2013-10-23 18:05 - 2013-04-12 09:11 - 20508672 _____ C:\WINDOWS\system32\config\software.bak
2013-10-23 18:05 - 2013-04-12 09:11 - 04980736 _____ C:\WINDOWS\system32\config\system.bak
2013-10-23 18:05 - 2013-04-12 09:11 - 00258048 _____ C:\WINDOWS\system32\config\default.bak
2013-10-23 18:04 - 2013-10-17 13:21 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-10-23 18:04 - 2013-10-17 13:12 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-23 17:47 - 2013-10-23 17:47 - 00000812 _____ C:\Documents and Settings\RICH\desktop\Shortcut to ComboFix.lnk
2013-10-23 13:03 - 2013-10-23 13:03 - 05137218 ____R (Swearware) C:\Documents and Settings\Administrator\desktop\ComboFix.exe
2013-10-23 12:56 - 2013-10-23 12:56 - 00244224 _____ C:\Documents and Settings\Administrator\desktop\CF_UNINST.EXE
2013-10-22 21:33 - 2013-10-22 21:03 - 00020570 _____ C:\zoek-results.log
2013-10-22 21:12 - 2013-10-22 21:12 - 00000000 ____D C:\Program Files\HiJackThis
2013-10-22 21:08 - 2013-10-22 21:08 - 00000000 ____D C:\zoek_backup
2013-10-22 09:42 - 2013-10-22 09:42 - 00000668 _____ C:\Documents and Settings\Administrator\desktop\muttons.txt
2013-10-21 17:57 - 2013-10-02 01:44 - 00002482 _____ C:\Documents and Settings\Administrator\desktop\AdwCleaner[s1]10-1.txt
2013-10-21 17:52 - 2013-10-08 12:57 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\10-5_LOG
2013-10-20 15:17 - 2013-08-11 18:51 - 00043264 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-20 15:12 - 2013-04-12 09:15 - 01078102 _____ C:\WINDOWS\FaxSetup.log
2013-10-20 15:12 - 2013-04-12 09:15 - 00626880 _____ C:\WINDOWS\ocgen.log
2013-10-20 15:12 - 2013-04-12 09:15 - 00426144 _____ C:\WINDOWS\tsoc.log
2013-10-20 15:12 - 2013-04-12 09:15 - 00374178 _____ C:\WINDOWS\comsetup.log
2013-10-20 15:12 - 2013-04-12 09:15 - 00234896 _____ C:\WINDOWS\ntdtcsetup.log
2013-10-20 15:12 - 2013-04-12 09:15 - 00152302 _____ C:\WINDOWS\iis6.log
2013-10-20 15:12 - 2013-04-12 09:15 - 00060020 _____ C:\WINDOWS\ocmsn.log
2013-10-20 15:12 - 2013-04-12 09:15 - 00055167 _____ C:\WINDOWS\msgsocm.log
2013-10-20 15:12 - 2013-04-12 09:15 - 00001943 _____ C:\WINDOWS\imsins.log
2013-10-20 14:48 - 2013-10-04 11:19 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\ZJRT2
2013-10-19 19:22 - 2013-04-19 17:10 - 00010635 _____ C:\WINDOWS\wmsetup.log
2013-10-19 18:08 - 2013-04-19 17:16 - 00043264 _____ C:\Documents and Settings\RICH\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-19 17:54 - 2013-08-25 20:09 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-10-19 17:09 - 2013-10-19 18:12 - 00180000 _____ (Kaspersky Lab) C:\Documents and Settings\RICH\desktop\google.exe5.exe
2013-10-19 16:28 - 2013-04-12 09:13 - 00196160 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-19 15:58 - 2013-08-11 19:04 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\NPE
2013-10-19 15:14 - 2013-10-19 15:14 - 03053416 ____N (Symantec Corporation) C:\Documents and Settings\Administrator\desktop\NPE.exe
2013-10-19 15:14 - 2013-10-19 15:14 - 00000458 _____ C:\Documents and Settings\Administrator\desktop\Shortcut to NPE-old.lnk
2013-10-19 03:46 - 2013-08-25 14:24 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\ZZTOP
2013-10-19 03:33 - 2013-10-19 03:33 - 00030976 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2013-10-19 03:28 - 2013-10-19 03:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-10-19 02:25 - 2013-10-19 02:25 - 00000539 _____ C:\Documents and Settings\RICH\desktop\Shortcut (2) to iexplore.lnk
2013-10-19 01:53 - 2013-04-12 14:42 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-10-18 01:11 - 2013-10-22 21:12 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2013-10-17 19:47 - 2013-04-30 15:15 - 00000000 ____D C:\Documents and Settings\RICH\desktop\MASSIMI DAYCARE
2013-10-17 19:45 - 2013-10-17 19:42 - 00000000 ____D C:\Documents and Settings\RICH\desktop\QUOTED-ONLY
2013-10-17 19:37 - 2013-04-12 09:15 - 00001943 _____ C:\WINDOWS\imsins.BAK
2013-10-17 19:17 - 2013-04-12 09:15 - 00479924 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-17 17:54 - 2013-09-04 21:42 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\DOCS-IPG
2013-10-17 14:05 - 2013-09-05 11:50 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\compaq fix
2013-10-17 14:00 - 2013-10-17 13:59 - 01050644 _____ C:\Documents and Settings\Administrator\desktop\adwcleaner.exe
2013-10-17 13:32 - 2013-05-13 13:54 - 00000000 ____D C:\Documents and Settings\RICH\Application Data\Sun
2013-10-17 13:21 - 2013-10-17 13:21 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-10-17 13:20 - 2013-04-12 14:45 - 00000000 ____D C:\Documents and Settings\RICH
2013-10-16 17:44 - 2013-09-17 13:21 - 00025370 _____ C:\WINDOWS\bitssetup.log
2013-10-16 17:42 - 2013-04-12 14:40 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2013-10-16 17:42 - 2013-04-12 14:40 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2013-10-16 17:38 - 2013-04-12 14:39 - 00002226 _____ C:\WINDOWS\Windows Update.log
2013-10-16 17:24 - 2013-10-16 17:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2013-10-16 17:24 - 2013-09-17 11:23 - 04976148 _____ C:\Documents and Settings\Administrator\desktop\tweaking.com_windows_repair_aio_setup.exe
2013-10-16 17:19 - 2013-07-18 20:22 - 00001384 _____ C:\Program Files\settings.ini
2013-10-16 16:41 - 2013-10-16 16:41 - 00001703 _____ C:\Documents and Settings\All Users\desktop\Foxit Reader.lnk
2013-10-16 11:16 - 2013-09-04 19:52 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Foxit Software
2013-10-16 10:31 - 2013-08-11 18:55 - 00000000 ____D C:\Program Files\Google
2013-10-16 10:30 - 2013-08-11 18:55 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2013-10-08 11:23 - 2013-08-28 17:27 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-10-04 11:21 - 2013-10-04 11:22 - 01030305 _____ (Thisisu) C:\Documents and Settings\Administrator\desktop\JRT.exe
2013-10-03 18:13 - 2013-04-16 15:20 - 00000310 _____ C:\WINDOWS\Tasks\GlaryInitialize.job
2013-10-03 00:05 - 2013-04-19 18:19 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2808735$
2013-10-02 01:47 - 2013-04-19 18:15 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2478960$
2013-10-01 19:31 - 2013-10-01 19:32 - 01207928 _____ C:\Program Files\rc-installer.exe
2013-10-01 02:49 - 2013-10-01 02:49 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2013-10-01 02:49 - 2013-10-01 02:49 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-01 02:49 - 2013-04-19 18:42 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2013-10-01 02:42 - 2013-04-16 13:16 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\process monitor

Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\temp\ntdll_dump.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-10-2013
Ran by Administrator at 2013-10-31 19:46:20
Running from C:\Documents and Settings\Administrator\desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
Could not list Security Center items. Check WMI.


==================== Installed Programs ======================

Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Foxit Reader (Version: 6.0.6.722)
Glary Utilities 2.54.0.1759 (Version: 2.54.0.1759)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 1 (Version: 2.1.21022)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage (Version: 10.0.2627.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
Tweaking.com - Windows Repair (All in One) (Version: 2.0.1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.6513)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Support Tools (Version: 5.1.2600.5512)

==================== Restore Points  =========================

27-07-2013 06:47:48 System Checkpoint
28-07-2013 07:47:48 System Checkpoint
29-07-2013 08:47:48 System Checkpoint
30-07-2013 09:47:48 System Checkpoint
31-07-2013 16:53:07 Software Distribution Service 3.0
01-08-2013 17:00:41 Software Distribution Service 3.0
02-08-2013 17:02:56 Software Distribution Service 3.0
03-08-2013 21:51:33 System Checkpoint
04-08-2013 22:23:24 System Checkpoint
05-08-2013 23:23:24 System Checkpoint
07-08-2013 00:23:24 System Checkpoint
07-08-2013 18:29:04 Installed Windows Media Player 11
07-08-2013 18:30:43 Software Distribution Service 3.0
07-08-2013 19:14:10 Software Distribution Service 3.0
08-08-2013 19:59:39 System Checkpoint
09-08-2013 17:06:32 Software Distribution Service 3.0
10-08-2013 17:51:44 System Checkpoint
26-08-2013 00:20:51 OTL Restore Point - 8/25/2013 8:20:48 PM
17-09-2013 18:31:34 Removed Java 7 Update 21
19-09-2013 07:37:14 Tweaking.com - Windows Repair
23-09-2013 18:13:34 System Checkpoint
18-10-2013 00:26:06 System Checkpoint
18-10-2013 01:34:50 Software Distribution Service 3.0
23-10-2013 21:37:14 Software Distribution Service 3.0

==================== Hosts content: ==========================

2013-09-17 13:28 - 2013-10-31 02:55 - 00000741 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1    localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\GlaryInitialize.job => C:\Program Files\Glary Utilities\initialize.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Loaded Modules (whitelisted) =============

2013-08-28 20:06 - 2013-08-28 20:06 - 03271576 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR311 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR322 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR410 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Faulty Device Manager Devices =============

Could not list Devices. Check WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/31/2013 04:50:52 PM) (Source: Microsoft IntelliType Pro) (User: )
Description: itype.exe8.20.469.04e41c8b5kernel32.dll5.1.2600.6293506bc5e5000012fd3

Error: (10/31/2013 04:38:27 PM) (Source: Microsoft IntelliType Pro) (User: )
Description: itype.exe8.20.469.04e41c8b5kernel32.dll5.1.2600.6293506bc5e5000012fd3

Error: (10/31/2013 04:38:23 PM) (Source: Microsoft IntelliType Pro) (User: )
Description: itype.exe8.20.469.04e41c8b5kernel32.dll5.1.2600.6293506bc5e5000012fd3

Error: (10/31/2013 04:38:22 PM) (Source: Microsoft IntelliType Pro) (User: )
Description: itype.exe8.20.469.04e41c8b5kernel32.dll5.1.2600.6293506bc5e5000012fd3

Error: (10/31/2013 04:38:22 PM) (Source: Microsoft IntelliType Pro) (User: )
Description: itype.exe8.20.469.04e41c8b5kernel32.dll5.1.2600.6293506bc5e5000012fd3

Error: (10/31/2013 04:38:10 PM) (Source: Microsoft IntelliType Pro) (User: )
Description: itype.exe8.20.469.04e41c8b5kernel32.dll5.1.2600.6293506bc5e5000012fd3

Error: (10/31/2013 04:37:59 PM) (Source: Microsoft IntelliType Pro) (User: )
Description: itype.exe8.20.469.04e41c8b5kernel32.dll5.1.2600.6293506bc5e5000012fd3

Error: (10/31/2013 04:37:47 PM) (Source: Microsoft IntelliType Pro) (User: )
Description: itype.exe8.20.469.04e41c8b5kernel32.dll5.1.2600.6293506bc5e5000012fd3

Error: (10/31/2013 04:37:45 PM) (Source: Microsoft IntelliType Pro) (User: )
Description: itype.exe8.20.469.04e41c8b5kernel32.dll5.1.2600.6293506bc5e5000012fd3

Error: (10/31/2013 04:37:43 PM) (Source: Microsoft IntelliType Pro) (User: )
Description: itype.exe8.20.469.04e41c8b5kernel32.dll5.1.2600.6293506bc5e5000012fd3


System errors:
=============
Error: (10/31/2013 07:45:34 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1068

Error: (10/31/2013 07:45:34 PM) (Source: Service Control Manager) (User: )
Description: The Telephony service depends on the Plug and Play service which failed to start because of the following error:
%%1058

Error: (10/31/2013 07:45:34 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1068

Error: (10/31/2013 07:45:34 PM) (Source: Service Control Manager) (User: )
Description: The Telephony service depends on the Plug and Play service which failed to start because of the following error:
%%1058



Microsoft Office Sessions:
=========================
Error: (10/31/2013 04:50:52 PM) (Source: Microsoft IntelliType Pro)(User: )
Description: itype.exe8.20.469.04e41c8b5kernel32.dll5.1.2600.6293506bc5e5000012fd3

Error: (10/31/2013 04:38:27 PM) (Source: Microsoft IntelliType Pro)(User: )
Description: itype.exe8.20.469.04e41c8b5kernel32.dll5.1.2600.6293506bc5e5000012fd3

Error: (10/31/2013 04:38:23 PM) (Source: Microsoft IntelliType Pro)(User: )
Description: itype.exe8.20.469.04e41c8b5kernel32.dll5.1.2600.6293506bc5e5000012fd3

Error: (10/31/2013 04:38:22 PM) (Source: Microsoft IntelliType Pro)(User: )
Description: itype.exe8.20.469.04e41c8b5kernel32.dll5.1.2600.6293506bc5e5000012fd3



==================== Memory info ===========================

Percentage of memory in use: 62%
Total physical RAM: 639.48 MB
Available physical RAM: 239.95 MB
Total Pagefile: 1566.06 MB
Available Pagefile: 1211.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1952.58 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:88.92 GB) NTFS
Drive j: () (Fixed) (Total:49.05 GB) (Free:48.74 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 88F288F2)
Partition 1: (Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=OF Extended)

==================== End Of Log ============================
 

[kevinf80]

This is very frustrating for sure, again we see clean logs, FRST does have an anomaly we can look at that shortly. Regarding Alureon, couple of the tools we`ve already run would normally show that infection.

 

Run this please:

 

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:

 

• 
  

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender

 

• 
  

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

 

Regarding Alureon, as I said tools we`ve already run normally identify that infection. However, run this:

 

Please download the latest version of TDSSKiller from here:

http://support.kaspersky.com/downloads/utils/tdsskiller.exe and save it to your Desktop.

 

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
   
  
   
   
  
• Put a checkmark beside loaded modules.
   
   
  
   
   
  
• A reboot will be needed to apply the changes. Do it.
  
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  
• Then click on Change parameters in TDSSKiller.
  
• Check all boxes then click OK.
   
   
  
   
   
  
• Click the Start Scan button.
   
   
  
   
   
  
• The scan will be quick.
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
   
   
  
   
   
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
   
   
  
   
   
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  
• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

 

Kevin.....

[hiesenberg]

Kevin, plz see fss & tdss logs:

Farbar Service Scanner Version: 28-08-2013
Ran by Administrator (administrator) on 01-11-2013 at 11:13:21
Running from "C:\Documents and Settings\Administrator\desktop\zzmbar2"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is set to Auto. The default start type is 3.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


Windows Autoupdate Disabled Policy:
============================

PlugPlay Service is not running. Checking service configuration:
The start type of PlugPlay service is set to Disabled. The default start type is Auto.
The ImagePath of PlugPlay service is OK.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(9) NwlnkNb(10) PSched(7) Tcpip(4)
0x0A0000000500000001000000020000000300000004000000060000000700000008000000090000000A000000
IpSec Tag value is correct.

**** End of log **********************************************

11:58:20.0421 0x0528  TDSS rootkit removing tool 3.0.0.16 Nov  1 2013 15:53:38
11:58:25.0250 0x0528  ============================================================
11:58:25.0250 0x0528  Current date / time: 2013/11/01 11:58:25.0250
11:58:25.0250 0x0528  SystemInfo:
11:58:25.0250 0x0528  
11:58:25.0250 0x0528  OS Version: 5.1.2600 ServicePack: 3.0
11:58:25.0250 0x0528  Product type: Workstation
11:58:25.0250 0x0528  ComputerName: RICH-BIZ
11:58:25.0250 0x0528  UserName: Administrator
11:58:25.0250 0x0528  Windows directory: C:\WINDOWS
11:58:25.0250 0x0528  System windows directory: C:\WINDOWS
11:58:25.0250 0x0528  Processor architecture: Intel x86
11:58:25.0250 0x0528  Number of processors: 1
11:58:25.0250 0x0528  Page size: 0x1000
11:58:25.0250 0x0528  Boot type: Safe boot
11:58:25.0250 0x0528  ============================================================
11:58:25.0250 0x0528  BG loaded
11:58:26.0140 0x0528  System UUID: {CE56B001-652C-3DF5-3E32-CF7929F16BD5}
11:58:28.0187 0x0528  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
11:58:28.0250 0x0528  ============================================================
11:58:28.0250 0x0528  \Device\Harddisk0\DR0:
11:58:28.0250 0x0528  MBR partitions:
11:58:28.0250 0x0528  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x62189F1
11:58:28.0265 0x0528  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6218A6F, BlocksNum 0xC7FFCA1
11:58:28.0265 0x0528  ============================================================
11:58:28.0328 0x0528  C: <-> \Device\Harddisk0\DR0\Partition2
11:58:28.0375 0x0528  J: <-> \Device\Harddisk0\DR0\Partition1
11:58:28.0375 0x0528  ============================================================
11:58:28.0375 0x0528  Initialize success
11:58:28.0375 0x0528  ============================================================
11:58:39.0875 0x0590  ============================================================
11:58:39.0875 0x0590  Scan started
11:58:39.0875 0x0590  Mode: Manual; SigCheck; TDLFS;
11:58:39.0875 0x0590  ============================================================
11:58:39.0875 0x0590  KSN ping started
11:58:39.0906 0x0590  KSN ping finished: false
11:58:40.0453 0x0590  ================ Scan system memory ========================
11:58:40.0453 0x0590  System memory - ok
11:58:40.0453 0x0590  ================ Scan services =============================
11:58:40.0750 0x0590  Abiosdsk - ok
11:58:40.0781 0x0590  abp480n5 - ok
11:58:40.0890 0x0590  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:58:41.0281 0x0590  ACPI - ok
11:58:41.0515 0x0590  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
11:58:41.0687 0x0590  ACPIEC - ok
11:58:41.0703 0x0590  adpu160m - ok
11:58:41.0812 0x0590  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
11:58:42.0000 0x0590  aec - ok
11:58:42.0093 0x0590  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
11:58:42.0109 0x0590  AFD - ok
11:58:42.0125 0x0590  Aha154x - ok
11:58:42.0140 0x0590  aic78u2 - ok
11:58:42.0156 0x0590  aic78xx - ok
11:58:43.0062 0x0590  [ 781C5EC517C53F5214B61253B20C13C4, 1B87F20A518E8A62691A61794D11C1D1264F8669C5B796BC102B45B2E8A05E1D ] ALCXWDM         C:\WINDOWS\system32\drivers\ALCXWDM.SYS
11:58:43.0734 0x0590  ALCXWDM - ok
11:58:43.0812 0x0590  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
11:58:43.0968 0x0590  Alerter - ok
11:58:44.0015 0x0590  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
11:58:44.0078 0x0590  ALG - ok
11:58:44.0093 0x0590  AliIde - ok
11:58:44.0109 0x0590  amsint - ok
11:58:44.0125 0x0590  AppMgmt - ok
11:58:44.0187 0x0590  [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:58:44.0343 0x0590  Arp1394 - ok
11:58:44.0375 0x0590  asc - ok
11:58:44.0390 0x0590  asc3350p - ok
11:58:44.0406 0x0590  asc3550 - ok
11:58:44.0578 0x0590  [ 4EABF511B1AF176A971C3271E48FA3A8, D9F5A700BDC670CD59BFCBFC45F7F90D63F46B9B86AA129B8A18C0066F2A07A0 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:58:44.0609 0x0590  aspnet_state - ok
11:58:44.0625 0x0590  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:58:44.0781 0x0590  AsyncMac - ok
11:58:44.0890 0x0590  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
11:58:45.0062 0x0590  atapi - ok
11:58:45.0093 0x0590  Atdisk - ok
11:58:45.0140 0x0590  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:58:45.0281 0x0590  Atmarpc - ok
11:58:45.0328 0x0590  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
11:58:45.0500 0x0590  AudioSrv - ok
11:58:45.0546 0x0590  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
11:58:45.0703 0x0590  audstub - ok
11:58:45.0750 0x0590  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
11:58:45.0921 0x0590  Beep - ok
11:58:46.0109 0x0590  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
11:58:46.0359 0x0590  BITS - ok
11:58:46.0437 0x0590  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
11:58:46.0453 0x0590  Browser - ok
11:58:46.0500 0x0590  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
11:58:46.0656 0x0590  cbidf2k - ok
11:58:46.0671 0x0590  cd20xrnt - ok
11:58:46.0718 0x0590  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
11:58:46.0875 0x0590  Cdaudio - ok
11:58:46.0921 0x0590  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
11:58:47.0109 0x0590  Cdfs - ok
11:58:47.0171 0x0590  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:58:47.0343 0x0590  Cdrom - ok
11:58:47.0359 0x0590  Changer - ok
11:58:47.0406 0x0590  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
11:58:47.0562 0x0590  CiSvc - ok
11:58:47.0609 0x0590  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
11:58:47.0781 0x0590  ClipSrv - ok
11:58:47.0859 0x0590  [ 234B1BC2796483E1F5C3F26649FB3388, F412B31340B11418698F263A60C78CB086F3D973EDA0C15DF12331971EB3C9DC ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:58:47.0875 0x0590  clr_optimization_v2.0.50727_32 - ok
11:58:47.0890 0x0590  CmdIde - ok
11:58:47.0906 0x0590  COMSysApp - ok
11:58:47.0968 0x0590  Cpqarray - ok
11:58:48.0031 0x0590  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
11:58:48.0187 0x0590  CryptSvc - ok
11:58:48.0218 0x0590  dac2w2k - ok
11:58:48.0234 0x0590  dac960nt - ok
11:58:48.0296 0x0590  [ B7EF38C2C22A7805DE919CFF5E16A372, E4B33303765277011B03C4A502E8EB2C764122213974E2B3B76F12636A5D4C76 ] dc3d            C:\WINDOWS\system32\DRIVERS\dc3d.sys
11:58:48.0328 0x0590  dc3d - ok
11:58:48.0500 0x0590  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
11:58:48.0625 0x0590  DcomLaunch - ok
11:58:48.0718 0x0590  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
11:58:48.0875 0x0590  Dhcp - ok
11:58:48.0937 0x0590  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
11:58:49.0078 0x0590  Disk - ok
11:58:49.0093 0x0590  dmadmin - ok
11:58:49.0453 0x0590  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
11:58:49.0750 0x0590  dmboot - ok
11:58:49.0859 0x0590  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
11:58:50.0046 0x0590  dmio - ok
11:58:50.0078 0x0590  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
11:58:50.0218 0x0590  dmload - ok
11:58:50.0265 0x0590  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
11:58:50.0406 0x0590  dmserver - ok
11:58:50.0468 0x0590  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
11:58:50.0625 0x0590  DMusic - ok
11:58:50.0687 0x0590  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
11:58:50.0718 0x0590  Dnscache - ok
11:58:50.0796 0x0590  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
11:58:50.0968 0x0590  Dot3svc - ok
11:58:50.0984 0x0590  dpti2o - ok
11:58:51.0046 0x0590  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
11:58:51.0203 0x0590  drmkaud - ok
11:58:51.0250 0x0590  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
11:58:51.0406 0x0590  EapHost - ok
11:58:51.0453 0x0590  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
11:58:51.0609 0x0590  ERSvc - ok
11:58:51.0687 0x0590  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
11:58:51.0718 0x0590  Eventlog - ok
11:58:51.0859 0x0590  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
11:58:51.0906 0x0590  EventSystem - ok
11:58:52.0000 0x0590  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
11:58:52.0156 0x0590  Fastfat - ok
11:58:52.0250 0x0590  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:58:52.0281 0x0590  FastUserSwitchingCompatibility - ok
11:58:52.0312 0x0590  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
11:58:52.0468 0x0590  Fdc - ok
11:58:52.0531 0x0590  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
11:58:52.0703 0x0590  Fips - ok
11:58:52.0734 0x0590  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
11:58:52.0890 0x0590  Flpydisk - ok
11:58:53.0000 0x0590  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:58:53.0156 0x0590  FltMgr - ok
11:58:53.0187 0x0590  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:58:53.0312 0x0590  Fs_Rec - ok
11:58:53.0390 0x0590  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:58:53.0531 0x0590  Ftdisk - ok
11:58:53.0578 0x0590  [ 3A74C423CF6BCCA6982715878F450A3B, A98D6D377B48D05BE3927F6E93D0DE7741E115C43125C0E0DE6EEFE023DE73BC ] gagp30kx        C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
11:58:53.0750 0x0590  gagp30kx - ok
11:58:53.0812 0x0590  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:58:54.0000 0x0590  Gpc - ok
11:58:54.0078 0x0590  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:58:54.0234 0x0590  helpsvc - ok
11:58:54.0296 0x0590  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
11:58:54.0453 0x0590  HidServ - ok
11:58:54.0484 0x0590  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:58:54.0640 0x0590  HidUsb - ok
11:58:54.0703 0x0590  [ CE77439BAF613019D6B7658292D1E4A6, EF0BCD841FB884F409102DED41EEB4B9E093B3B2FF9C2D932CE581767D892007 ] hitmanpro37     C:\WINDOWS\system32\drivers\hitmanpro37.sys
11:58:54.0718 0x0590  hitmanpro37 - ok
11:58:54.0781 0x0590  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
11:58:54.0968 0x0590  hkmsvc - ok
11:58:54.0984 0x0590  hpn - ok
11:58:55.0140 0x0590  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
11:58:55.0171 0x0590  HTTP - ok
11:58:55.0218 0x0590  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
11:58:55.0359 0x0590  HTTPFilter - ok
11:58:55.0375 0x0590  i2omgmt - ok
11:58:55.0390 0x0590  i2omp - ok
11:58:55.0468 0x0590  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:58:55.0609 0x0590  i8042prt - ok
11:58:55.0671 0x0590  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
11:58:55.0828 0x0590  Imapi - ok
11:58:55.0937 0x0590  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
11:58:56.0109 0x0590  ImapiService - ok
11:58:56.0125 0x0590  ini910u - ok
11:58:56.0156 0x0590  IntelIde - ok
11:58:56.0203 0x0590  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:58:56.0343 0x0590  Ip6Fw - ok
11:58:56.0406 0x0590  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:58:56.0562 0x0590  IpFilterDriver - ok
11:58:56.0578 0x0590  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:58:56.0718 0x0590  IpInIp - ok
11:58:56.0812 0x0590  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:58:57.0000 0x0590  IpNat - ok
11:58:57.0062 0x0590  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:58:57.0218 0x0590  IPSec - ok
11:58:57.0265 0x0590  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
11:58:57.0328 0x0590  IRENUM - ok
11:58:57.0406 0x0590  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:58:57.0562 0x0590  isapnp - ok
11:58:57.0593 0x0590  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:58:57.0734 0x0590  Kbdclass - ok
11:58:57.0796 0x0590  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:58:57.0953 0x0590  kbdhid - ok
11:58:58.0062 0x0590  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
11:58:58.0234 0x0590  kmixer - ok
11:58:58.0296 0x0590  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
11:58:58.0328 0x0590  KSecDD - ok
11:58:58.0406 0x0590  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
11:58:58.0453 0x0590  lanmanserver - ok
11:58:58.0546 0x0590  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:58:58.0578 0x0590  lanmanworkstation - ok
11:58:58.0593 0x0590  lbrtfdc - ok
11:58:58.0656 0x0590  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
11:58:58.0796 0x0590  LmHosts - ok
11:58:58.0859 0x0590  [ 04F76BC3AFF4DD42A0FF860C8E70ACC8, 4F064574C61D3D6F6D2D41C0B6DEDF978891B23C1CE2ECC892ECD9309118C771 ] lswd2yhn        C:\WINDOWS\system32\Drivers\lswd2yhn.sys
11:58:58.0875 0x0590  lswd2yhn - ok
11:58:58.0906 0x0590  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
11:58:59.0093 0x0590  Messenger - ok
11:58:59.0203 0x0590  MFE_RR - ok
11:58:59.0250 0x0590  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
11:58:59.0406 0x0590  mnmdd - ok
11:58:59.0453 0x0590  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
11:58:59.0609 0x0590  mnmsrvc - ok
11:58:59.0656 0x0590  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
11:58:59.0796 0x0590  Modem - ok
11:58:59.0843 0x0590  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:59:00.0031 0x0590  Mouclass - ok
11:59:00.0046 0x0590  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:59:00.0203 0x0590  mouhid - ok
11:59:00.0281 0x0590  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
11:59:00.0406 0x0590  MountMgr - ok
11:59:00.0562 0x0590  [ 8EC2EAA7AD4110D76888D99A76F297A7, 325232D39A95C4FFA95DECFF8F1FF04ABF78667A28B55946826B8829A35B9555 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:59:00.0578 0x0590  MozillaMaintenance - ok
11:59:00.0703 0x0590  [ CF105EE42E3F71E648CEBB3F666E1CF0, 1839F989ED4D954A586CB8C327F8728C020537E617FB743F457ECEFCCFA4B6C4 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
11:59:00.0734 0x0590  MpFilter - ok
11:59:00.0750 0x0590  mraid35x - ok
11:59:00.0828 0x0590  [ 9BD4DCB5412921864A7AACDEDFBD1923, 46DEE9B9414D26203B62F0D6CAEBF37A3CEFD118556129547B2C5FC7B6FDBA05 ] MREMP50         C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
11:59:00.0843 0x0590  MREMP50 - detected UnsignedFile.Multi.Generic ( 1 )
11:59:01.0015 0x0590  MREMP50 ( UnsignedFile.Multi.Generic ) - warning
11:59:01.0062 0x0590  [ 07C02C892E8E1A72D6BF35004F0E9C5E, 09ECD59AADF08E2AA0C1BAF5D3D7CBB0948153E531E1F82ECACD43F14F88106B ] MRESP50         C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
11:59:01.0078 0x0590  MRESP50 - detected UnsignedFile.Multi.Generic ( 1 )
11:59:01.0078 0x0590  MRESP50 ( UnsignedFile.Multi.Generic ) - warning
11:59:01.0171 0x0590  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:59:01.0312 0x0590  MRxDAV - ok
11:59:01.0546 0x0590  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:59:01.0671 0x0590  MRxSmb - ok
11:59:01.0718 0x0590  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
11:59:01.0859 0x0590  MSDTC - ok
11:59:01.0921 0x0590  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
11:59:02.0093 0x0590  Msfs - ok
11:59:02.0109 0x0590  MSIServer - ok
11:59:02.0156 0x0590  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:59:02.0296 0x0590  MSKSSRV - ok
11:59:02.0359 0x0590  [ C1F19D2BACBEE9AB64D9AE69E9859AC0, 11F55350EF5219B132A1E04C8BF8A521089F62D7207D40F7F3C6E8B6E04090A1 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:59:02.0375 0x0590  MsMpSvc - ok
11:59:02.0390 0x0590  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:59:02.0531 0x0590  MSPCLOCK - ok
11:59:02.0562 0x0590  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
11:59:02.0703 0x0590  MSPQM - ok
11:59:02.0750 0x0590  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:59:02.0890 0x0590  mssmbios - ok
11:59:03.0000 0x0590  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
11:59:03.0015 0x0590  Mup - ok
11:59:03.0171 0x0590  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
11:59:03.0312 0x0590  napagent - ok
11:59:03.0406 0x0590  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
11:59:03.0593 0x0590  NDIS - ok
11:59:03.0640 0x0590  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:59:03.0671 0x0590  NdisTapi - ok
11:59:03.0750 0x0590  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:59:03.0890 0x0590  Ndisuio - ok
11:59:03.0937 0x0590  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:59:04.0078 0x0590  NdisWan - ok
11:59:04.0156 0x0590  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
11:59:04.0187 0x0590  NDProxy - ok
11:59:04.0218 0x0590  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
11:59:04.0343 0x0590  NetBIOS - ok
11:59:04.0437 0x0590  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
11:59:04.0578 0x0590  NetBT - ok
11:59:04.0671 0x0590  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
11:59:04.0812 0x0590  NetDDE - ok
11:59:04.0859 0x0590  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
11:59:05.0046 0x0590  NetDDEdsdm - ok
11:59:05.0078 0x0590  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
11:59:05.0218 0x0590  Netlogon - ok
11:59:05.0343 0x0590  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
11:59:05.0484 0x0590  Netman - ok
11:59:05.0546 0x0590  [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:59:05.0687 0x0590  NIC1394 - ok
11:59:05.0812 0x0590  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
11:59:05.0843 0x0590  Nla - ok
11:59:05.0875 0x0590  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
11:59:06.0015 0x0590  Npfs - ok
11:59:06.0265 0x0590  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
11:59:06.0484 0x0590  Ntfs - ok
11:59:06.0515 0x0590  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
11:59:06.0656 0x0590  NtLmSsp - ok
11:59:06.0859 0x0590  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
11:59:07.0078 0x0590  NtmsSvc - ok
11:59:07.0109 0x0590  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
11:59:07.0250 0x0590  Null - ok
11:59:07.0296 0x0590  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:59:07.0437 0x0590  NwlnkFlt - ok
11:59:07.0484 0x0590  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:59:07.0625 0x0590  NwlnkFwd - ok
11:59:07.0671 0x0590  [ 8B8B1BE2DBA4025DA6786C645F77F123, E47D5EED2F3AF85E2332C325DA80AEF2C4EC989E38A175194EBBFA967BA8BF81 ] NwlnkIpx        C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
11:59:07.0828 0x0590  NwlnkIpx - ok
11:59:07.0859 0x0590  [ 56D34A67C05E94E16377C60609741FF8, ABE48D3E7D38DB20E9D4884FC6FE42FAE0C5FAFD3AC86F1E585A4BB17C6F09C5 ] NwlnkNb         C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
11:59:08.0031 0x0590  NwlnkNb - ok
11:59:08.0109 0x0590  [ C0BB7D1615E1ACBDC99757F6CEAF8CF0, 899905C0EB182ABCDAE0D0D749C0BC39CD231B9FAEE733D5DFDAE86EB8BC755B ] NwlnkSpx        C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
11:59:08.0234 0x0590  NwlnkSpx - ok
11:59:08.0312 0x0590  [ 4B83FCBBE72AF5F99D109798653E8B78, E646F6D365392890A3618D54D25EC4E1182400C4FF258158DBA24F814BC8C990 ] NwSapAgent      C:\WINDOWS\System32\ipxsap.dll
11:59:08.0437 0x0590  NwSapAgent - ok
11:59:08.0500 0x0590  [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:59:08.0640 0x0590  ohci1394 - ok
11:59:08.0703 0x0590  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
11:59:08.0843 0x0590  Parport - ok
11:59:08.0906 0x0590  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
11:59:09.0062 0x0590  PartMgr - ok
11:59:09.0093 0x0590  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
11:59:09.0234 0x0590  ParVdm - ok
11:59:09.0265 0x0590  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
11:59:09.0421 0x0590  PCI - ok
11:59:09.0421 0x0590  PCIDump - ok
11:59:09.0468 0x0590  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
11:59:09.0593 0x0590  PCIIde - ok
11:59:09.0671 0x0590  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
11:59:09.0812 0x0590  Pcmcia - ok
11:59:09.0828 0x0590  PDCOMP - ok
11:59:09.0859 0x0590  PDFRAME - ok
11:59:09.0875 0x0590  PDRELI - ok
11:59:09.0890 0x0590  PDRFRAME - ok
11:59:09.0937 0x0590  perc2 - ok
11:59:09.0953 0x0590  perc2hib - ok
11:59:10.0062 0x0590  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
11:59:10.0078 0x0590  PlugPlay - ok
11:59:10.0093 0x0590  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
11:59:10.0218 0x0590  PolicyAgent - ok
11:59:10.0281 0x0590  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:59:10.0437 0x0590  PptpMiniport - ok
11:59:10.0484 0x0590  [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
11:59:10.0625 0x0590  Processor - ok
11:59:10.0671 0x0590  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:59:10.0781 0x0590  ProtectedStorage - ok
11:59:10.0843 0x0590  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
11:59:11.0015 0x0590  PSched - ok
11:59:11.0031 0x0590  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:59:11.0171 0x0590  Ptilink - ok
11:59:11.0187 0x0590  ql1080 - ok
11:59:11.0218 0x0590  Ql10wnt - ok
11:59:11.0234 0x0590  ql12160 - ok
11:59:11.0250 0x0590  ql1240 - ok
11:59:11.0281 0x0590  ql1280 - ok
11:59:11.0312 0x0590  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:59:11.0437 0x0590  RasAcd - ok
11:59:11.0515 0x0590  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
11:59:11.0656 0x0590  RasAuto - ok
11:59:11.0718 0x0590  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:59:11.0843 0x0590  Rasl2tp - ok
11:59:11.0968 0x0590  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
11:59:12.0093 0x0590  RasMan - ok
11:59:12.0140 0x0590  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:59:12.0265 0x0590  RasPppoe - ok
11:59:12.0312 0x0590  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
11:59:12.0437 0x0590  Raspti - ok
11:59:12.0515 0x0590  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:59:12.0671 0x0590  Rdbss - ok
11:59:12.0703 0x0590  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:59:12.0843 0x0590  RDPCDD - ok
11:59:12.0953 0x0590  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
11:59:12.0984 0x0590  RDPWD - ok
11:59:13.0093 0x0590  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
11:59:13.0234 0x0590  RDSessMgr - ok
11:59:13.0312 0x0590  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
11:59:13.0453 0x0590  redbook - ok
11:59:13.0515 0x0590  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
11:59:13.0656 0x0590  RemoteAccess - ok
11:59:13.0718 0x0590  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
11:59:13.0843 0x0590  RpcLocator - ok
11:59:14.0062 0x0590  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
11:59:14.0171 0x0590  RpcSs - ok
11:59:14.0265 0x0590  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
11:59:14.0390 0x0590  RSVP - ok
11:59:14.0671 0x0590  [ B29EEB1EA7971BD83069EB2E2258D224, A3DF2E4BA03BAB85EE7CBD6C3224999167DC8618328443855A4C280FBB889E1A ] RTL8192su       C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
11:59:14.0859 0x0590  RTL8192su - ok
11:59:14.0890 0x0590  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
11:59:15.0046 0x0590  SamSs - ok
11:59:15.0140 0x0590  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardDrv        C:\WINDOWS\System32\SCardSvr.exe
11:59:15.0281 0x0590  SCardDrv - ok
11:59:15.0328 0x0590  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
11:59:15.0468 0x0590  SCardSvr - ok
11:59:15.0593 0x0590  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
11:59:15.0734 0x0590  Schedule - ok
11:59:15.0781 0x0590  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:59:15.0828 0x0590  Secdrv - ok
11:59:15.0906 0x0590  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
11:59:16.0046 0x0590  seclogon - ok
11:59:16.0093 0x0590  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
11:59:16.0250 0x0590  SENS - ok
11:59:16.0265 0x0590  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
11:59:16.0406 0x0590  serenum - ok
11:59:16.0468 0x0590  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
11:59:16.0593 0x0590  Serial - ok
11:59:16.0625 0x0590  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
11:59:16.0750 0x0590  Sfloppy - ok
11:59:16.0906 0x0590  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
11:59:17.0140 0x0590  SharedAccess - ok
11:59:17.0218 0x0590  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:59:17.0250 0x0590  ShellHWDetection - ok
11:59:17.0265 0x0590  Simbad - ok
11:59:17.0406 0x0590  [ 509D96916C7D9218E4083940B8711B9B, 9432CBAAF056359EBBD4DA652025069052E257281B208811D0458B10DACB4C1B ] SiS315          C:\WINDOWS\system32\DRIVERS\sisgrp.sys
11:59:17.0421 0x0590  SiS315 - ok
11:59:17.0468 0x0590  [ 2C921A4CCE0B3EB372EBF448939FA3BF, 08C0CA7EB1A4ADA8CA0DC7CFC4A67F5B91405C70E39758C6A4BD848B30678A57 ] SiSkp           C:\WINDOWS\system32\DRIVERS\srvkp.sys
11:59:17.0500 0x0590  SiSkp - ok
11:59:17.0546 0x0590  [ 3FBB6EF8B5A71A2FA11F5F461BB73219, E71F7BB8F690351ACB0C02B2BC01F8837F55645B9BF7682C0F9329BA00637F0A ] SISNIC          C:\WINDOWS\system32\DRIVERS\sisnic.sys
11:59:17.0671 0x0590  SISNIC - ok
11:59:17.0703 0x0590  Sparrow - ok
11:59:17.0750 0x0590  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
11:59:17.0859 0x0590  splitter - ok
11:59:17.0921 0x0590  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
11:59:17.0937 0x0590  Spooler - ok
11:59:18.0015 0x0590  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
11:59:18.0078 0x0590  sr - ok
11:59:18.0171 0x0590  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
11:59:18.0250 0x0590  srservice - ok
11:59:18.0421 0x0590  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
11:59:18.0515 0x0590  Srv - ok
11:59:18.0593 0x0590  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
11:59:18.0640 0x0590  SSDPSRV - ok
11:59:18.0796 0x0590  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
11:59:19.0062 0x0590  stisvc - ok
11:59:19.0093 0x0590  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
11:59:19.0234 0x0590  swenum - ok
11:59:19.0265 0x0590  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
11:59:19.0406 0x0590  swmidi - ok
11:59:19.0421 0x0590  SwPrv - ok
11:59:19.0453 0x0590  symc810 - ok
11:59:19.0468 0x0590  symc8xx - ok
11:59:19.0484 0x0590  sym_hi - ok
11:59:19.0500 0x0590  sym_u3 - ok
11:59:19.0578 0x0590  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
11:59:19.0734 0x0590  sysaudio - ok
11:59:19.0796 0x0590  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
11:59:19.0984 0x0590  SysmonLog - ok
11:59:20.0125 0x0590  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
11:59:20.0265 0x0590  TapiSrv - ok
11:59:20.0453 0x0590  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:59:20.0562 0x0590  Tcpip - ok
11:59:20.0609 0x0590  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
11:59:20.0750 0x0590  TDPIPE - ok
11:59:20.0812 0x0590  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
11:59:20.0953 0x0590  TDTCP - ok
11:59:21.0031 0x0590  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
11:59:21.0156 0x0590  TermDD - ok
11:59:21.0312 0x0590  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
11:59:21.0468 0x0590  TermService - ok
11:59:21.0546 0x0590  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
11:59:21.0562 0x0590  Themes - ok
11:59:21.0578 0x0590  TosIde - ok
11:59:21.0640 0x0590  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
11:59:21.0781 0x0590  TrkWks - ok
11:59:21.0781 0x0590  TrueSight - ok
11:59:21.0843 0x0590  [ 8F861EDA21C05857EB8197300A92501C, 374FF9464F273610A051B9220C8D20F01FD4DD029095A7BE37244E20C5C8B5BB ] tunmp           C:\WINDOWS\system32\DRIVERS\tunmp.sys
11:59:21.0984 0x0590  tunmp - ok
11:59:22.0062 0x0590  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
11:59:22.0203 0x0590  Udfs - ok
11:59:22.0218 0x0590  ultra - ok
11:59:22.0406 0x0590  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
11:59:22.0625 0x0590  Update - ok
11:59:22.0734 0x0590  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
11:59:22.0796 0x0590  upnphost - ok
11:59:22.0843 0x0590  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
11:59:23.0000 0x0590  UPS - ok
11:59:23.0078 0x0590  [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:59:23.0218 0x0590  usbccgp - ok
11:59:23.0250 0x0590  [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:59:23.0375 0x0590  usbehci - ok
11:59:23.0406 0x0590  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:59:23.0531 0x0590  usbhub - ok
11:59:23.0593 0x0590  [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:59:23.0734 0x0590  usbohci - ok
11:59:23.0781 0x0590  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:59:23.0906 0x0590  usbprint - ok
11:59:23.0968 0x0590  [ A0B8CF9DEB1184FBDD20784A58FA75D4, D8AFD45BD9CF7B02F2554AA6085194DE82893AF794EDF479BC9B9E9C1758DC75 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:59:24.0093 0x0590  usbscan - ok
11:59:24.0109 0x0590  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:59:24.0265 0x0590  usbstor - ok
11:59:24.0328 0x0590  [ 2A7A8AD9D39A2FAF9D9293B5DAFF3A4B, 38C6F6A440B718C75F7A1361297ACE671FC258B75BDCE9E0C27D497E3DF03C61 ] usb_rndis       C:\WINDOWS\system32\DRIVERS\usb8023.sys
11:59:24.0343 0x0590  usb_rndis - ok
11:59:24.0359 0x0590  [ 2A7A8AD9D39A2FAF9D9293B5DAFF3A4B, 38C6F6A440B718C75F7A1361297ACE671FC258B75BDCE9E0C27D497E3DF03C61 ] USB_RNDIS_XP    C:\WINDOWS\system32\DRIVERS\usb8023.sys
11:59:24.0375 0x0590  USB_RNDIS_XP - ok
11:59:24.0406 0x0590  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
11:59:24.0546 0x0590  VgaSave - ok

[hiesenberg]

tdss log was unusually long-part 2.

11:59:24.0562 0x0590  ViaIde - ok
11:59:24.0609 0x0590  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
11:59:24.0765 0x0590  VolSnap - ok
11:59:24.0906 0x0590  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
11:59:25.0015 0x0590  VSS - ok
11:59:25.0125 0x0590  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
11:59:25.0265 0x0590  W32Time - ok
11:59:25.0296 0x0590  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:59:25.0421 0x0590  Wanarp - ok
11:59:25.0640 0x0590  [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
11:59:25.0750 0x0590  Wdf01000 - ok
11:59:25.0765 0x0590  WDICA - ok
11:59:25.0828 0x0590  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
11:59:25.0984 0x0590  wdmaud - ok
11:59:26.0062 0x0590  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
11:59:26.0218 0x0590  WebClient - ok
11:59:26.0359 0x0590  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
11:59:26.0484 0x0590  winmgmt - ok
11:59:26.0562 0x0590  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
11:59:26.0578 0x0590  WmdmPmSN - ok
11:59:26.0671 0x0590  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:59:26.0828 0x0590  WmiApSrv - ok
11:59:27.0234 0x0590  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
11:59:27.0515 0x0590  WMPNetworkSvc - ok
11:59:27.0562 0x0590  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:59:27.0703 0x0590  WS2IFSL - ok
11:59:27.0765 0x0590  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
11:59:27.0890 0x0590  wscsvc - ok
11:59:27.0953 0x0590  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
11:59:28.0093 0x0590  wuauserv - ok
11:59:28.0156 0x0590  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:59:28.0171 0x0590  WudfPf - ok
11:59:28.0234 0x0590  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:59:28.0250 0x0590  WudfRd - ok
11:59:28.0296 0x0590  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
11:59:28.0328 0x0590  WudfSvc - ok
11:59:28.0562 0x0590  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
11:59:28.0781 0x0590  WZCSVC - ok
11:59:28.0875 0x0590  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
11:59:29.0031 0x0590  xmlprov - ok
11:59:29.0109 0x0590  ================ Scan global ===============================
11:59:29.0156 0x0590  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
11:59:29.0296 0x0590  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
11:59:29.0437 0x0590  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
11:59:29.0500 0x0590  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
11:59:29.0500 0x0590  [ Global ] - ok
11:59:29.0500 0x0590  ================ Scan MBR ==================================
11:59:29.0546 0x0590  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:59:29.0968 0x0590  \Device\Harddisk0\DR0 - ok
11:59:29.0968 0x0590  ================ Scan VBR ==================================
11:59:30.0031 0x0590  [ C1CE2C6DD1F09FD1A59EBE5FB39F004E ] \Device\Harddisk0\DR0\Partition1
11:59:30.0031 0x0590  \Device\Harddisk0\DR0\Partition1 - ok
11:59:30.0046 0x0590  [ 8A849E41DA83B97D28AC9D0D0509E4AC ] \Device\Harddisk0\DR0\Partition2
11:59:30.0046 0x0590  \Device\Harddisk0\DR0\Partition2 - ok
11:59:30.0062 0x0590  ================ Scan active images ========================
11:59:30.0062 0x0590  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] C:\WINDOWS\system32\drivers\imapi.sys
11:59:30.0062 0x0590  C:\WINDOWS\system32\drivers\imapi.sys - ok
11:59:30.0093 0x0590  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] C:\WINDOWS\system32\drivers\cdrom.sys
11:59:30.0093 0x0590  C:\WINDOWS\system32\drivers\cdrom.sys - ok
11:59:30.0109 0x0590  [ 0753515F78DF7F271A5E61C20BCD36A1, A8D600CD0C592DFB875DE2D4F1AEDB207B80A43CF724051B6552BB6E539E9AFC ] C:\WINDOWS\system32\drivers\ks.sys
11:59:30.0109 0x0590  C:\WINDOWS\system32\drivers\ks.sys - ok
11:59:30.0125 0x0590  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] C:\WINDOWS\system32\drivers\redbook.sys
11:59:30.0125 0x0590  C:\WINDOWS\system32\drivers\redbook.sys - ok
11:59:30.0140 0x0590  [ 791912E524CC2CC6F50B5F2B52D1EB71, 2B269372E5B39B03089F781CC69AE519D1C840A80ADBE15EA3787FBCDE97F1A8 ] C:\WINDOWS\system32\drivers\usbport.sys
11:59:30.0140 0x0590  C:\WINDOWS\system32\drivers\usbport.sys - ok
11:59:30.0156 0x0590  [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] C:\WINDOWS\system32\drivers\usbohci.sys
11:59:30.0156 0x0590  C:\WINDOWS\system32\drivers\usbohci.sys - ok
11:59:30.0171 0x0590  [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] C:\WINDOWS\system32\drivers\usbehci.sys
11:59:30.0171 0x0590  C:\WINDOWS\system32\drivers\usbehci.sys - ok
11:59:30.0187 0x0590  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] C:\WINDOWS\system32\drivers\i8042prt.sys
11:59:30.0187 0x0590  C:\WINDOWS\system32\drivers\i8042prt.sys - ok
11:59:30.0218 0x0590  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] C:\WINDOWS\system32\drivers\mouclass.sys
11:59:30.0218 0x0590  C:\WINDOWS\system32\drivers\mouclass.sys - ok
11:59:30.0234 0x0590  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] C:\WINDOWS\system32\drivers\kbdclass.sys
11:59:30.0234 0x0590  C:\WINDOWS\system32\drivers\kbdclass.sys - ok
11:59:30.0250 0x0590  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] C:\WINDOWS\system32\drivers\termdd.sys
11:59:30.0250 0x0590  C:\WINDOWS\system32\drivers\termdd.sys - ok
11:59:30.0265 0x0590  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] C:\WINDOWS\system32\drivers\swenum.sys
11:59:30.0265 0x0590  C:\WINDOWS\system32\drivers\swenum.sys - ok
11:59:30.0281 0x0590  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] C:\WINDOWS\system32\drivers\update.sys
11:59:30.0281 0x0590  C:\WINDOWS\system32\drivers\update.sys - ok
11:59:30.0296 0x0590  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] C:\WINDOWS\system32\drivers\mssmbios.sys
11:59:30.0296 0x0590  C:\WINDOWS\system32\drivers\mssmbios.sys - ok
11:59:30.0312 0x0590  [ 596EB39B50D6EBD9B734DC4AE0544693, EFCA2CFFFB8467BAC63F5174F125FEEFFA1F29491285C5BF99B3A2B2A6A25934 ] C:\WINDOWS\system32\drivers\usbd.sys
11:59:30.0312 0x0590  C:\WINDOWS\system32\drivers\usbd.sys - ok
11:59:30.0328 0x0590  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] C:\WINDOWS\system32\drivers\usbhub.sys
11:59:30.0328 0x0590  C:\WINDOWS\system32\drivers\usbhub.sys - ok
11:59:30.0343 0x0590  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] C:\WINDOWS\system32\drivers\fdc.sys
11:59:30.0343 0x0590  C:\WINDOWS\system32\drivers\fdc.sys - ok
11:59:30.0359 0x0590  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] C:\WINDOWS\system32\drivers\flpydisk.sys
11:59:30.0359 0x0590  C:\WINDOWS\system32\drivers\flpydisk.sys - ok
11:59:30.0375 0x0590  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] C:\WINDOWS\system32\drivers\sfloppy.sys
11:59:30.0375 0x0590  C:\WINDOWS\system32\drivers\sfloppy.sys - ok
11:59:30.0406 0x0590  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] C:\WINDOWS\system32\drivers\cdaudio.sys
11:59:30.0406 0x0590  C:\WINDOWS\system32\drivers\cdaudio.sys - ok
11:59:30.0421 0x0590  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] C:\WINDOWS\system32\drivers\fs_rec.sys
11:59:30.0421 0x0590  C:\WINDOWS\system32\drivers\fs_rec.sys - ok
11:59:30.0437 0x0590  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] C:\WINDOWS\system32\drivers\beep.sys
11:59:30.0437 0x0590  C:\WINDOWS\system32\drivers\beep.sys - ok
11:59:30.0453 0x0590  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] C:\WINDOWS\system32\drivers\null.sys
11:59:30.0453 0x0590  C:\WINDOWS\system32\drivers\null.sys - ok
11:59:30.0468 0x0590  [ E28726B72C46821A28830E077D39A55B, 66BE8A1055544C8CEBB7125726C1C306A026F3A1764589FCDDF3792076AF891F ] C:\WINDOWS\system32\drivers\videoprt.sys
11:59:30.0468 0x0590  C:\WINDOWS\system32\drivers\videoprt.sys - ok
11:59:30.0500 0x0590  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] C:\WINDOWS\system32\drivers\vga.sys
11:59:30.0500 0x0590  C:\WINDOWS\system32\drivers\vga.sys - ok
11:59:30.0515 0x0590  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] C:\WINDOWS\system32\drivers\msfs.sys
11:59:30.0515 0x0590  C:\WINDOWS\system32\drivers\msfs.sys - ok
11:59:30.0531 0x0590  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] C:\WINDOWS\system32\drivers\npfs.sys
11:59:30.0531 0x0590  C:\WINDOWS\system32\drivers\npfs.sys - ok
11:59:30.0546 0x0590  [ 5F816C1F539266D2D4C78694239DA0B5, 10BFCCF4EFFC3813A563D528DC5464827BEF10AE21D6B9C1138930228E7047D1 ] C:\WINDOWS\system32\smss.exe
11:59:30.0546 0x0590  C:\WINDOWS\system32\smss.exe - ok
11:59:30.0562 0x0590  [ F8F0D25CA553E39DDE485D8FC7FCCE89, 54DF909101AAEC63234A5C33B51D6689FEF58B943942BFFA9606864F43EC1085 ] C:\WINDOWS\system32\ntdll.dll
11:59:30.0562 0x0590  C:\WINDOWS\system32\ntdll.dll - ok
11:59:30.0578 0x0590  [ 23043C91A0F9DFB4B9E9F87B680863B4, 318A6F6DB4A1EDE7D3758E324350EA852449ABD2A7BB77004FBC403CF9FFB08B ] C:\WINDOWS\system32\autochk.exe
11:59:30.0578 0x0590  C:\WINDOWS\system32\autochk.exe - ok
11:59:30.0593 0x0590  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] C:\WINDOWS\system32\drivers\usbstor.sys
11:59:30.0593 0x0590  C:\WINDOWS\system32\drivers\usbstor.sys - ok
11:59:30.0609 0x0590  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] C:\WINDOWS\system32\drivers\usbprint.sys
11:59:30.0609 0x0590  C:\WINDOWS\system32\drivers\usbprint.sys - ok
11:59:30.0625 0x0590  [ 9DD07AF82244867CA36681EA2D29CE79, 84926A50CB38C322D1CDFD4C0D5F8FFE3B2EF3080B3401F5D5AE8CBD0A719685 ] C:\WINDOWS\system32\sfcfiles.dll
11:59:30.0625 0x0590  C:\WINDOWS\system32\sfcfiles.dll - ok
11:59:30.0640 0x0590  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] C:\WINDOWS\system32\drivers\cdfs.sys
11:59:30.0640 0x0590  C:\WINDOWS\system32\drivers\cdfs.sys - ok
11:59:30.0656 0x0590  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] C:\WINDOWS\system32\drivers\atapi.sys
11:59:30.0656 0x0590  C:\WINDOWS\system32\drivers\atapi.sys - ok
11:59:30.0687 0x0590  [ 2F31B7F954BED437F2C75026C65CAF7B, 1F8D6CBB01AD403BC89D1E987012E2F63CDFD9C49F402F358B64B31C13E4DD14 ] C:\WINDOWS\system32\drivers\wmilib.sys
11:59:30.0687 0x0590  C:\WINDOWS\system32\drivers\wmilib.sys - ok
11:59:30.0703 0x0590  [ FE97D0343ACFDEBDD578FC67CC91FA87, FE26FBA13079189EF96A1C994036EA472A4BF34FA14C163C693AD481BF31E676 ] C:\WINDOWS\system32\drivers\dxapi.sys
11:59:30.0703 0x0590  C:\WINDOWS\system32\drivers\dxapi.sys - ok
11:59:30.0718 0x0590  [ 9A10AACBFDC4922715375FB4065EC930, E407953587C04F75DDB163420A5121FF520D31F74753D452E316042C42D360CF ] C:\WINDOWS\system32\watchdog.sys
11:59:30.0718 0x0590  C:\WINDOWS\system32\watchdog.sys - ok
11:59:30.0734 0x0590  [ FC8A1F72A8097910A11D5184BC3F887B, 7641BB8816469678F822C5CB62337EC190F86363F05643BADDC802965FF6BB86 ] C:\WINDOWS\system32\win32k.sys
11:59:30.0734 0x0590  C:\WINDOWS\system32\win32k.sys - ok
11:59:30.0750 0x0590  [ 44F275C64738EA2056E3D9580C23B60F, 5D4B7306E71A44440E7F0B32A373AEC120C01B69F87756589E39EB85C40CD742 ] C:\WINDOWS\system32\csrss.exe
11:59:30.0750 0x0590  C:\WINDOWS\system32\csrss.exe - ok
11:59:30.0765 0x0590  [ DD40363ABAD230A84C5E2178B11EFA88, E4B406C0B10686CF245EC0053A03424CE1FB8AC7FB3545525F13BB3BC5086FF1 ] C:\WINDOWS\system32\csrsrv.dll
11:59:30.0765 0x0590  C:\WINDOWS\system32\csrsrv.dll - ok
11:59:30.0796 0x0590  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
11:59:30.0796 0x0590  C:\WINDOWS\system32\basesrv.dll - ok
11:59:30.0812 0x0590  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
11:59:30.0812 0x0590  C:\WINDOWS\system32\winsrv.dll - ok
11:59:30.0828 0x0590  [ 8B1F3320AEBB536E021A5014409862DE, AF87414100C16882B5CB6852C94205EC646A42B2616C5EC8AD5010611427FAF1 ] C:\WINDOWS\system32\gdi32.dll
11:59:30.0828 0x0590  C:\WINDOWS\system32\gdi32.dll - ok
11:59:30.0843 0x0590  [ 6FE42512AB1B89F32A7407F261B1D2D0, 30DCC1044BCC7108087462E173707DC8D947C4F37281686A79D3D40273901878 ] C:\WINDOWS\system32\kernel32.dll
11:59:30.0843 0x0590  C:\WINDOWS\system32\kernel32.dll - ok
11:59:30.0859 0x0590  [ B26B135FF1B9F60C9388B4A7D16F600B, ACD0AE7B4D5F871E148276C6CC4AE3A216E33F67FC78D827C16986E1F945438C ] C:\WINDOWS\system32\user32.dll
11:59:30.0859 0x0590  C:\WINDOWS\system32\user32.dll - ok
11:59:30.0875 0x0590  [ 012DF358CEBAA23ACB26D82077820817, FEDD177BD4F0EB589E23AEE20FA9492FA4824478B34B46377C43E3A12F8A96D8 ] C:\WINDOWS\system32\lpk.dll
11:59:30.0875 0x0590  C:\WINDOWS\system32\lpk.dll - ok
11:59:30.0890 0x0590  [ 9E03DC5AB51CFD0190541CE2038D819D, 55DA924168C44F33FEA38E84DF66ED285C7F2C226E6D70CAAA3A305D6014173C ] C:\WINDOWS\system32\usp10.dll
11:59:30.0890 0x0590  C:\WINDOWS\system32\usp10.dll - ok
11:59:30.0906 0x0590  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] C:\WINDOWS\system32\advapi32.dll
11:59:30.0906 0x0590  C:\WINDOWS\system32\advapi32.dll - ok
11:59:30.0921 0x0590  [ D4502F124289A31976130CCCB014C9AA, 54A54C5CAA73F4B872AE04B984EFD65F812AED1461C8B3D543413502C92C42AD ] C:\WINDOWS\system32\rpcrt4.dll
11:59:30.0921 0x0590  C:\WINDOWS\system32\rpcrt4.dll - ok
11:59:30.0937 0x0590  [ 5357826C8A8DD6A07F17C48BB45BE46E, E081B04F8C8A31951A0ADEC889E6CA4DEED5FF738446D5A5614B11B113000BCA ] C:\WINDOWS\system32\secur32.dll
11:59:30.0937 0x0590  C:\WINDOWS\system32\secur32.dll - ok
11:59:30.0953 0x0590  [ AC7280566A7BB85CB3291F04DDC1198E, 7640BC4C28B5D5167A10C4B0DA0FC8C7A255334D4BA11FD3E28A697A5B58583C ] C:\WINDOWS\system32\drivers\dxg.sys
11:59:30.0953 0x0590  C:\WINDOWS\system32\drivers\dxg.sys - ok
11:59:30.0984 0x0590  [ A73F5D6705B1D820C19B18782E176EFD, C36486504C3A596FDCA487143F6D3B43C0BEE01321F6F1F3071976556533C419 ] C:\WINDOWS\system32\drivers\dxgthk.sys
11:59:30.0984 0x0590  C:\WINDOWS\system32\drivers\dxgthk.sys - ok
11:59:31.0000 0x0590  [ ECB7591870F8BFB1A4C17B718AD5A4AA, 67E8D218F107F78F9C62999F560E47AEC799E4B4DC4AB3EBC0DC61670BFE3E3D ] C:\WINDOWS\system32\vga.dll
11:59:31.0000 0x0590  C:\WINDOWS\system32\vga.dll - ok
11:59:31.0015 0x0590  [ C669A8B0A436641AAD3C2EADA780CBB9, A2D8154A31D8AD00E4BC70C9C1E138D7D8820D7A5C0A1CF33A4745E933797525 ] C:\WINDOWS\system32\framebuf.dll
11:59:31.0015 0x0590  C:\WINDOWS\system32\framebuf.dll - ok
11:59:31.0046 0x0590  [ 1FB5E4AD68B9091148D2A28CF6831D77, 8ABF5F65F8509C633C24856C808854AE1AC8870A98B3DDBF9ED98B7D3CA48383 ] C:\WINDOWS\system32\vga256.dll
11:59:31.0046 0x0590  C:\WINDOWS\system32\vga256.dll - ok
11:59:31.0062 0x0590  [ D5A9D4E5DFD788A5F427DEC60A278FBD, 2E4F11FC9AC6761EA6D044E40A382B226C0E2B119416DD2B78D3B4B067983484 ] C:\WINDOWS\system32\vga64k.dll
11:59:31.0062 0x0590  C:\WINDOWS\system32\vga64k.dll - ok
11:59:31.0078 0x0590  [ ED0EF0A136DEC83DF69F04118870003E, 45377CB8E9F0120F836FC8261C711F7DBF7199117AFB3652EBF100D5F0429B1E ] C:\WINDOWS\system32\winlogon.exe
11:59:31.0078 0x0590  C:\WINDOWS\system32\winlogon.exe - ok
11:59:31.0093 0x0590  [ 714705F29A917993536A6AB2DEDB0B7F, 5C3EA97044A7AF8027000DFA40901C0097EC935A7149C0A46AA2C6A2F9FD6CC1 ] C:\WINDOWS\system32\authz.dll
11:59:31.0093 0x0590  C:\WINDOWS\system32\authz.dll - ok
11:59:31.0109 0x0590  [ 355EDBB4D412B01F1740C17E3F50FA00, 8619D345C864CD8EA704EFAA0A391F5F31AA56BB6D30F62FC60F465873CC1BF9 ] C:\WINDOWS\system32\msvcrt.dll
11:59:31.0109 0x0590  C:\WINDOWS\system32\msvcrt.dll - ok
11:59:31.0125 0x0590  [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1, EA90CA8DC82F2273B4CD8F8C3B7C5AB9856AE0E8B5AC0CA2604776CDC9FE40B2 ] C:\WINDOWS\system32\crypt32.dll
11:59:31.0125 0x0590  C:\WINDOWS\system32\crypt32.dll - ok
11:59:31.0140 0x0590  [ 04D898830DF96A17A20FD35D7590F87E, 09C75D1D434FF6BBE9B3F5E0A8E63944ACB34E364C4A89676DED2204DBD1AEF5 ] C:\WINDOWS\system32\msasn1.dll
11:59:31.0140 0x0590  C:\WINDOWS\system32\msasn1.dll - ok
11:59:31.0156 0x0590  [ 013C1148C1EC025596896E093F60F608, E19D20E0852372ED7DA66939E995F8F7ECC52ED5B650E8B833944788C0A34F61 ] C:\WINDOWS\system32\nddeapi.dll
11:59:31.0156 0x0590  C:\WINDOWS\system32\nddeapi.dll - ok
11:59:31.0171 0x0590  [ FCFA1C55971CC229D353B3A15ACCD995, 6C21D6EAD676AF8C100666261CE7AA5AA86671883B78092AD61008234C96BBBA ] C:\WINDOWS\system32\profmap.dll
11:59:31.0171 0x0590  C:\WINDOWS\system32\profmap.dll - ok
11:59:31.0187 0x0590  [ CAC752BF84DB4666ED3CE0948E6EA937, C84F9D57C076DE6ACC1720B66147D0CA963C65714593FAFD7FB1FE1F01CC464B ] C:\WINDOWS\system32\netapi32.dll
11:59:31.0187 0x0590  C:\WINDOWS\system32\netapi32.dll - ok
11:59:31.0203 0x0590  [ 43D13C80EBEC0135A3611E0F616F179B, 9C5409ECBD2C3B89C80F0A59B96220178E790A7D78967C6281D56EB1965E9ECD ] C:\WINDOWS\system32\userenv.dll
11:59:31.0203 0x0590  C:\WINDOWS\system32\userenv.dll - ok
11:59:31.0234 0x0590  [ 9CFCB3CA3D83B4EAA133F0644A2C6F31, CC0A76B55B38183B8C6141C290D1858A9D118333C804784AB305FE76A0FCE775 ] C:\WINDOWS\system32\psapi.dll
11:59:31.0234 0x0590  C:\WINDOWS\system32\psapi.dll - ok
11:59:31.0250 0x0590  [ AF11C591F2F4AFF4A6CF699D376F618B, B61C0D1944D5D8F536AB5422017C99773BD89EA59784969E4F8F269BF9EF57C3 ] C:\WINDOWS\system32\regapi.dll
11:59:31.0250 0x0590  C:\WINDOWS\system32\regapi.dll - ok
11:59:31.0265 0x0590  [ 24192246760E0E64435522E246B1D6C2, B1C5A16A73250DEA900FF6ECE71F604E2411B4FDFD497564BEB7D867A75640BF ] C:\WINDOWS\system32\setupapi.dll
11:59:31.0265 0x0590  C:\WINDOWS\system32\setupapi.dll - ok
11:59:31.0281 0x0590  [ C7CE131408739B0B3A318BE2D0032719, CAEEED45F6BAB22F611B2200DC91E68426F169F5646247893CF3AC7EFDDD07B8 ] C:\WINDOWS\system32\version.dll
11:59:31.0281 0x0590  C:\WINDOWS\system32\version.dll - ok
11:59:31.0296 0x0590  [ 430CEB794F6E6EF8AC86958C242366D6, 48066566EDC18654095EAD7F4449CD42B44AD758465A6B36A42B489F32C7E64B ] C:\WINDOWS\system32\winsta.dll
11:59:31.0296 0x0590  C:\WINDOWS\system32\winsta.dll - ok
11:59:31.0312 0x0590  [ D458B738B4C2CE33174CFB2CE12412DB, C8FCA4B1BE8358B1F14BB25F39899A18804133544701DFCF40E8782C2487C912 ] C:\WINDOWS\system32\wintrust.dll
11:59:31.0312 0x0590  C:\WINDOWS\system32\wintrust.dll - ok
11:59:31.0328 0x0590  [ FFC01A72D1C25CCB39F61B202CE60819, 31A5C01E30B064BDBD378AF691DB99F6AA33A639C086ADC6C8408C3CB171C990 ] C:\WINDOWS\system32\imagehlp.dll
11:59:31.0328 0x0590  C:\WINDOWS\system32\imagehlp.dll - ok
11:59:31.0343 0x0590  [ 2CCC474EB85CEAA3E1FA1726580A3E5A, 6E99D2FB4997E54E8B1B7D769CF2C0FAE296A6441DC39984850EA26BFEB7E500 ] C:\WINDOWS\system32\ws2_32.dll
11:59:31.0343 0x0590  C:\WINDOWS\system32\ws2_32.dll - ok
11:59:31.0359 0x0590  [ 9789E95E1D88EEB4B922BF3EA7779C28, 2D17FD78E71BDB5D51B69DE6B36D7481A7AA3C61EA7636CD71638AF501883A91 ] C:\WINDOWS\system32\ws2help.dll
11:59:31.0359 0x0590  C:\WINDOWS\system32\ws2help.dll - ok
11:59:31.0390 0x0590  [ 0DA85218E92526972A821587E6A8BF8F, 9377F61D4B10974D5962E03F54BB89C8F804883245D61C670E51228AFE4559EB ] C:\WINDOWS\system32\imm32.dll
11:59:31.0390 0x0590  C:\WINDOWS\system32\imm32.dll - ok
11:59:31.0406 0x0590  [ 56C5B179FE3308B655EB6208C3256FEC, C70BCE54E5DF47D37C835804EAAEC7C06C1A226EFA2003226BE290D1D552126F ] C:\WINDOWS\system32\kbdus.dll
11:59:31.0406 0x0590  C:\WINDOWS\system32\kbdus.dll - ok
11:59:31.0421 0x0590  [ D7B7A57C0E57C836F18CF12A4C62A1CA, 651B16027B4F4B0ED2F827E32B7E66188CDB023DB8C7B1A9A1A44063FB35B9DE ] C:\WINDOWS\system32\msgina.dll
11:59:31.0421 0x0590  C:\WINDOWS\system32\msgina.dll - ok
11:59:31.0437 0x0590  [ 93AFB83FBC1F9443CAC722FCA63D73BF, 853C4A03A153F232E5CAF219F7FD732CB82CB62171F077DE737B32169F7832AB ] C:\WINDOWS\system32\comctl32.dll
11:59:31.0437 0x0590  C:\WINDOWS\system32\comctl32.dll - ok
11:59:31.0453 0x0590  [ 40B0F98BAD16AD5DEF894E88C3EF8014, 916B7BFC23BB5A3F757160BCF2013A8260D9382EFDE6AADAFC4D297828C71003 ] C:\WINDOWS\system32\odbc32.dll
11:59:31.0453 0x0590  C:\WINDOWS\system32\odbc32.dll - ok
11:59:31.0468 0x0590  [ 86987A5000DFA3EBE2275C0456BCF2FE, 31B699E8FD11DD59ADBAE56650C1B7AE80484091B3B6D9015A95F590E2C3EB05 ] C:\WINDOWS\system32\comdlg32.dll
11:59:31.0468 0x0590  C:\WINDOWS\system32\comdlg32.dll - ok
11:59:31.0500 0x0590  [ 6843D54BC4A40CC8C5741AF750233D10, D998B54B7D23A986DD14D8BC56169A10EE43267F4F1914FBDD55B6B028993FAC ] C:\WINDOWS\system32\shell32.dll
11:59:31.0500 0x0590  C:\WINDOWS\system32\shell32.dll - ok
11:59:31.0515 0x0590  [ C448A248B743F5FB935C787A5D97268B, 26E88FF449F938B218FAED6D8F3F095577216A29D656D17ACEA7F6C16E638BED ] C:\WINDOWS\system32\shlwapi.dll
11:59:31.0515 0x0590  C:\WINDOWS\system32\shlwapi.dll - ok
11:59:31.0531 0x0590  [ 694503348B586E99D56C0E30AB5B3EF8, 53A0C2604574058F1520D8F0805F1247B15BB0E00A5B5BAFE027C702D55E5076 ] C:\WINDOWS\system32\sxs.dll
11:59:31.0531 0x0590  C:\WINDOWS\system32\sxs.dll - ok
11:59:31.0546 0x0590  [ 736B12B725AEB2B07F0241A9F680CB10, 9EF1406CAEE256117DA8C8904BCB20FB8F9421F02F812B4DC2CE1F16D2B315F2 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
11:59:31.0546 0x0590  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
11:59:31.0562 0x0590  [ 6B7C6B32F8E84D56C6260D684019FEA2, A10B4D413452D95B6B4087838F2FCE0B9F42D8C0CBE7A91DC080AE1163FB6D1A ] C:\WINDOWS\system32\odbcint.dll
11:59:31.0562 0x0590  C:\WINDOWS\system32\odbcint.dll - ok
11:59:31.0578 0x0590  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] C:\WINDOWS\system32\shsvcs.dll
11:59:31.0578 0x0590  C:\WINDOWS\system32\shsvcs.dll - ok
11:59:31.0593 0x0590  [ 96E1C926F22EE1BFBAE82901A35F6BF3, 95568F138216FFADCFC4BAE8A12825FFE53F2EA04C5CAC2AD10F65FC0C4E3CDB ] C:\WINDOWS\system32\sfc.dll
11:59:31.0593 0x0590  C:\WINDOWS\system32\sfc.dll - ok
11:59:31.0609 0x0590  [ 6B5DB6789177A4FD0DEBC248041D0739, 3E3239C3613CCBB9EE2539D78BC745ED19134E1D3BED88C3D5273796FA2507DA ] C:\WINDOWS\system32\sfc_os.dll
11:59:31.0609 0x0590  C:\WINDOWS\system32\sfc_os.dll - ok
11:59:31.0625 0x0590  [ 6BAD1BED9872E62049E487FB91AE2F3A, 0DBB7EA88CAEDA3471AC0437B62F61B769A8C4345874072CE10CCD2C52649F98 ] C:\WINDOWS\system32\ole32.dll
11:59:31.0625 0x0590  C:\WINDOWS\system32\ole32.dll - ok
11:59:31.0640 0x0590  [ CF492D7E9AF1C628B3536D20EF6F5CC7, 3D7A5A5D6B804C0A3F3E7256B3AC19397567700271CABCD7C4C8B51565958BC8 ] C:\WINDOWS\system32\apphelp.dll
11:59:31.0640 0x0590  C:\WINDOWS\system32\apphelp.dll - ok
11:59:31.0656 0x0590  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
11:59:31.0656 0x0590  C:\WINDOWS\system32\services.exe - ok
11:59:31.0671 0x0590  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] C:\WINDOWS\system32\lsass.exe
11:59:31.0671 0x0590  C:\WINDOWS\system32\lsass.exe - ok
11:59:31.0703 0x0590  [ EC29A79F1E76DC509E24D401F29D0678, 2CECCD7CE806152F6DD1A6812C7DAEC46FB197E63D14414808D713C829EE4260 ] C:\WINDOWS\system32\ncobjapi.dll
11:59:31.0703 0x0590  C:\WINDOWS\system32\ncobjapi.dll - ok
11:59:31.0718 0x0590  [ BD31DC6DBE9333C4FBD4BDF0899F2160, 545D83178CCD74C68B72C607201EF9E1C8A5FC26A08288F8D3A77106964D1034 ] C:\WINDOWS\system32\lsasrv.dll
11:59:31.0718 0x0590  C:\WINDOWS\system32\lsasrv.dll - ok
11:59:31.0734 0x0590  [ F404830F3CD9BF8F2515E489C0CDA297, 4FFFBBDD04B82623983B8B51E52E113EBF0E32E8328BFD3754B7A299E5673569 ] C:\WINDOWS\system32\msvcp60.dll
11:59:31.0734 0x0590  C:\WINDOWS\system32\msvcp60.dll - ok
11:59:31.0750 0x0590  [ B24A42A413E694AD73FDFB7FBD492C31, 52411B5C714ED7FCFF3A120980EB75BF5A64E022303D3E717048E0E44F604AC0 ] C:\WINDOWS\system32\scesrv.dll
11:59:31.0750 0x0590  C:\WINDOWS\system32\scesrv.dll - ok
11:59:31.0765 0x0590  [ DD7BD97FB8BD800963789158A5E4B41D, 4C265CB9AC1B8C398E625C1775A5AADD8A030D158B557E24F90CA57C0253FF0D ] C:\WINDOWS\system32\mpr.dll
11:59:31.0765 0x0590  C:\WINDOWS\system32\mpr.dll - ok
11:59:31.0781 0x0590  [ EC4C0D9BFD9F7E33F8B395AD54E13063, 18E60FF334376604F213F3323FAB81F392493496C6CA809FAD66BB8B0EEB3396 ] C:\WINDOWS\system32\ntdsapi.dll
11:59:31.0781 0x0590  C:\WINDOWS\system32\ntdsapi.dll - ok
11:59:31.0812 0x0590  [ 2EDFC2A8893435723AD80481803C6D5C, CD547E4749EE6466FD4F50CF2EAD37AD993C6BC89068BD51726869D5ADB2AF8E ] C:\WINDOWS\system32\umpnpmgr.dll
11:59:31.0812 0x0590  C:\WINDOWS\system32\umpnpmgr.dll - ok
11:59:31.0828 0x0590  [ 389496118B3B03C2328024AF320132AC, 11F85CA49596CE12B1F80B5BC059B6F5549FC09A43E2C47841A688F2ACEBB8B8 ] C:\WINDOWS\system32\dnsapi.dll
11:59:31.0828 0x0590  C:\WINDOWS\system32\dnsapi.dll - ok
11:59:31.0843 0x0590  [ 1F03103598BD817B1078DAB1326DDE11, 0F0D19E67E25E9D2113920166B7326B46BACD22BA08476EC91D9C564AFC1FAF3 ] C:\WINDOWS\system32\shimeng.dll
11:59:31.0843 0x0590  C:\WINDOWS\system32\shimeng.dll - ok
11:59:31.0859 0x0590  [ 0492CF5870F0E616B0C71695A433D162, 47C9FB64A4CF3DF54F664B2B31A834ACF75B504650007E6201546C2D0E44D9C2 ] C:\WINDOWS\system32\wldap32.dll
11:59:31.0859 0x0590  C:\WINDOWS\system32\wldap32.dll - ok
11:59:31.0875 0x0590  [ EA9EE60B408878E5F2012F9C783836DB, 354A6660705759C0E767BCD7FB6F1B4371B74784A986431A626DF3793D0421EC ] C:\WINDOWS\AppPatch\AcAdProc.dll
11:59:31.0875 0x0590  C:\WINDOWS\AppPatch\AcAdProc.dll - ok
11:59:31.0890 0x0590  [ 8329A39D5A402A75A74301D6A62ECDA1, 1947B2B19F2D0C690EC880B5A92F88903D78C6BB6EE47261B3D744B5A863D562 ] C:\WINDOWS\system32\samlib.dll
11:59:31.0890 0x0590  C:\WINDOWS\system32\samlib.dll - ok
11:59:31.0906 0x0590  [ F05B8CDB7FE0E55DCCFB1D946CE80064, E59BC2F25EBFF5F0CF459C9B8DEE882ADE227323F4768EBACFCC6784861BF260 ] C:\WINDOWS\system32\samsrv.dll
11:59:31.0906 0x0590  C:\WINDOWS\system32\samsrv.dll - ok
11:59:31.0921 0x0590  [ 17A1D675C12BBF80CAAC54A4855C41D0, F6185E42180218E932ADFFD63EF78EE8324B816BD57EA217322A46D1D2F47928 ] C:\WINDOWS\system32\cryptdll.dll
11:59:31.0921 0x0590  C:\WINDOWS\system32\cryptdll.dll - ok
11:59:31.0937 0x0590  [ 310C15FD8358B2C4CD7A5B98A112883F, CA656F066373B164A138032F5BF7EF68603EBDB0D49BD4663C99061F47F29085 ] C:\WINDOWS\AppPatch\AcGenral.dll
11:59:31.0937 0x0590  C:\WINDOWS\AppPatch\AcGenral.dll - ok
11:59:31.0953 0x0590  [ 4A953F13942867BA8FB41F141EC1B80C, BAE05A8CEDA4411324E38DB8A2153A988C6A3FAC8AD7CB27EE14E18FE7C47569 ] C:\WINDOWS\system32\winmm.dll
11:59:31.0953 0x0590  C:\WINDOWS\system32\winmm.dll - ok
11:59:31.0984 0x0590  [ EFF03460E542EEA6B0ABDEC6BF19C897, C2A0DDE6E8B49B152C295E97CFC35557391DEEE5A3A0B1BB4E445C405C716C55 ] C:\WINDOWS\system32\oleaut32.dll
11:59:31.0984 0x0590  C:\WINDOWS\system32\oleaut32.dll - ok
11:59:32.0000 0x0590  [ 2098AB52BD5316E59AA36F3437B13BE6, C4C9F2CFCAFF91B4A6F68E28EFE12EED216B41F081F8D577597C0634ECE57018 ] C:\WINDOWS\system32\msacm32.dll
11:59:32.0000 0x0590  C:\WINDOWS\system32\msacm32.dll - ok
11:59:32.0015 0x0590  [ 7A2CC3719B255E6B5D74396183B7715B, 2C4A2D5B42CFFE42BE72A652D1B0EED43D7EECF7CA3416660A3E0C539AA2AC34 ] C:\WINDOWS\system32\uxtheme.dll
11:59:32.0015 0x0590  C:\WINDOWS\system32\uxtheme.dll - ok
11:59:32.0046 0x0590  [ F24B12786D60A17008319E3F2AEE7799, BF916F65D770C61612678171CC184A0BF259992CEC0BF607D26834CE2A234FB3 ] C:\WINDOWS\system32\msapsspc.dll
11:59:32.0046 0x0590  C:\WINDOWS\system32\msapsspc.dll - ok
11:59:32.0062 0x0590  [ 7A660EDC0757849DF5F8706FB6E9F740, CA3820507A92EE9AB4EE8E804736FE1795224AE02D396AADB5BFD53223D9B7E2 ] C:\WINDOWS\system32\msvcrt40.dll
11:59:32.0062 0x0590  C:\WINDOWS\system32\msvcrt40.dll - ok
11:59:32.0078 0x0590  [ 0F64207B49390C8063C36AE7CBF9C2DB, 52C4A7A38EE11CA247001EB0A3C67BFEB1A09E9AC406486132D5AC38BE3A6A6F ] C:\WINDOWS\system32\schannel.dll
11:59:32.0078 0x0590  C:\WINDOWS\system32\schannel.dll - ok
11:59:32.0093 0x0590  [ 3D76DD0CBC536E0F8C45D23ED230BEB2, F74F94525AB7CE1E269452C9E1DD08411A668CFDD94F069C90FC2EE33CB35A12 ] C:\WINDOWS\system32\digest.dll
11:59:32.0093 0x0590  C:\WINDOWS\system32\digest.dll - ok
11:59:32.0109 0x0590  [ A4388DF80E52695AE92EE5F3F61F1619, A4B7C6E10B92B5022CA6E8FD9094098614FD63178EA86A7B035EB89B373BF033 ] C:\WINDOWS\system32\msnsspc.dll
11:59:32.0109 0x0590  C:\WINDOWS\system32\msnsspc.dll - ok
11:59:32.0125 0x0590  [ 5733177BCF16EE78B99543C9B0AB81EA, 6504D3D665AC8AB27A44F863F9C1A23FF3B68EAC0512F418712CC0D56F739E24 ] C:\WINDOWS\system32\MSCTFIME.IME
11:59:32.0125 0x0590  C:\WINDOWS\system32\MSCTFIME.IME - ok
11:59:32.0140 0x0590  [ C6BB1D1500DB4A0E224CB65E6C7E8A80, 32099A486457D1DC3B1269DE9570EE922F118C3BD443FE78ED051DD764EF4DE3 ] C:\WINDOWS\system32\msprivs.dll
11:59:32.0140 0x0590  C:\WINDOWS\system32\msprivs.dll - ok
11:59:32.0156 0x0590  [ A525C96C51D55111FDF3BEA9FFFFC7AE, AA5B080E01573B96A37E67F871F97AE975E1E9519EDB16476472AA3FA2144643 ] C:\WINDOWS\system32\kerberos.dll
11:59:32.0156 0x0590  C:\WINDOWS\system32\kerberos.dll - ok
11:59:32.0171 0x0590  [ 517561A1113B04E51D936CD018DE1C1F, A5F572C3557705F28F7A465970F0432F55B616EFD208BA0CBDFFBF7A41F07C04 ] C:\WINDOWS\system32\msv1_0.dll
11:59:32.0171 0x0590  C:\WINDOWS\system32\msv1_0.dll - ok
11:59:32.0187 0x0590  [ AF07DC9B7CC455629E732340C7B15F3A, 4403503F24FB76AB55D347273319B98BC0955AB3E537FA5ADA498B9AED76484A ] C:\WINDOWS\system32\iphlpapi.dll
11:59:32.0187 0x0590  C:\WINDOWS\system32\iphlpapi.dll - ok
11:59:32.0203 0x0590  [ C11D10A3C164AC222BC9AAB3650A88B3, C394F3840C0A8586358B23DDCB402C43567FCAC6C5F2691D5BC04D26767B1252 ] C:\WINDOWS\system32\atmfd.dll
11:59:32.0203 0x0590  C:\WINDOWS\system32\atmfd.dll - ok
11:59:32.0218 0x0590  [ 1B7F071C51B77C272875C3A23E1E4550, 9D6EA6DF4F4A531E35B843CE11AB6BDBEF0C2716773C14660E98038C1F68B7C4 ] C:\WINDOWS\system32\netlogon.dll
11:59:32.0218 0x0590  C:\WINDOWS\system32\netlogon.dll - ok
11:59:32.0234 0x0590  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] C:\WINDOWS\system32\w32time.dll
11:59:32.0234 0x0590  C:\WINDOWS\system32\w32time.dll - ok
11:59:32.0250 0x0590  [ 3AAF9B35939FF9E58CCD18D41655C2FC, AF7358AB0A507D77569A8D38D2392C224BFBEFD1264C069BBC6C677BC20C6B8B ] C:\WINDOWS\system32\wdigest.dll
11:59:32.0250 0x0590  C:\WINDOWS\system32\wdigest.dll - ok
11:59:32.0281 0x0590  [ 54DAE3EA34802B4ED9AE1C6B1209FA56, EEB1FA90DB44C821B371D5F7C323B4F88E843107BBA16DA2ACB124D6A848B257 ] C:\WINDOWS\system32\rsaenh.dll
11:59:32.0281 0x0590  C:\WINDOWS\system32\rsaenh.dll - ok
11:59:32.0296 0x0590  [ A86BB5E61BF3E39B62AB4C7E7085A084, B88446E007153BB58C5AE867AC3FB4C46618BBAA5A152687201E0E81F881465A ] C:\WINDOWS\system32\scecli.dll
11:59:32.0296 0x0590  C:\WINDOWS\system32\scecli.dll - ok
11:59:32.0312 0x0590  [ 27C6D03BCDB8CFEB96B716F3D8BE3E18, 2910EBC692D833D949BFD56059E8106D324A276D5F165F874F3FB1B6C613CDD5 ] C:\WINDOWS\system32\svchost.exe
11:59:32.0312 0x0590  C:\WINDOWS\system32\svchost.exe - ok
11:59:32.0328 0x0590  [ 549290DBC280C887681D7652978DBBE0, CA2CA8561F11CDD5FD5D23D9D88A96A7FFE4AF6DFE8CE783B0969B6ED3C4CBF8 ] C:\WINDOWS\system32\ntmarta.dll
11:59:32.0328 0x0590  C:\WINDOWS\system32\ntmarta.dll - ok
11:59:32.0343 0x0590  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] C:\WINDOWS\system32\rpcss.dll
11:59:32.0343 0x0590  C:\WINDOWS\system32\rpcss.dll - ok
11:59:32.0359 0x0590  [ 6D4FEB43EE538FC5428CC7F0565AA656, 4091D82537198562F0CA1D032B2D4BEC75101342B7BCA7778FDA2D515300BC36 ] C:\WINDOWS\system32\eventlog.dll
11:59:32.0359 0x0590  C:\WINDOWS\system32\eventlog.dll - ok
11:59:32.0375 0x0590  [ 16403217AB6FC5C30C14C6B12098AD4B, DEA7C556BA9C91E056E6035E77A793A77E428D493518D1C6F796B003D4F07305 ] C:\WINDOWS\system32\xpsp2res.dll
11:59:32.0375 0x0590  C:\WINDOWS\system32\xpsp2res.dll - ok
11:59:32.0390 0x0590  [ 2081A5B5E4ABA206A0A8A1A97DF0FB23, 032B6D1F541F180A2FE619664EF180D3FD748AEF7E311BA925FCED74E7ED4713 ] C:\WINDOWS\system32\logonui.exe
11:59:32.0390 0x0590  C:\WINDOWS\system32\logonui.exe - ok
11:59:32.0406 0x0590  [ 3D41A9326F0376FC73AF961DD23B1FB1, 1242F3B57599675D1E0E26615E206CE3DB15FA6A23BC5D21EB630EE9858EBC7B ] C:\WINDOWS\system32\duser.dll
11:59:32.0406 0x0590  C:\WINDOWS\system32\duser.dll - ok
11:59:32.0421 0x0590  [ AFFC87E2501FCE8F09D4C10BA6421CCF, E63837B281C4AE90A7CBA8E072E07A9A5A2FDD5B15E7FB5C2D7562FE72BE5408 ] C:\WINDOWS\system32\msimg32.dll
11:59:32.0421 0x0590  C:\WINDOWS\system32\msimg32.dll - ok
11:59:32.0437 0x0590  [ 20200EE3CFE10E9F0C028D8653BE11C6, 3ACF2110D72509CBA3BF780C5D6D662BAFEEA6CA423BE8B0F97288B953127035 ] C:\WINDOWS\system32\oleacc.dll
11:59:32.0437 0x0590  C:\WINDOWS\system32\oleacc.dll - ok
11:59:32.0453 0x0590  [ F137A0CA70003DB20448D540651FA003, 4D3095FD8431D0839B6EE785A979D005A1035368A152CDC705804E85B7673198 ] C:\WINDOWS\system32\clbcatq.dll
11:59:32.0453 0x0590  C:\WINDOWS\system32\clbcatq.dll - ok
11:59:32.0468 0x0590  [ 1280A158C722FA95A80FB7AEBE78FA7D, 9B6E8158E581500C5C417F6453A6414901020123D34FDBC04289750E8B072538 ] C:\WINDOWS\system32\comres.dll
11:59:32.0468 0x0590  C:\WINDOWS\system32\comres.dll - ok
11:59:32.0500 0x0590  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] C:\WINDOWS\system32\mswsock.dll
11:59:32.0500 0x0590  C:\WINDOWS\system32\mswsock.dll - ok
11:59:32.0515 0x0590  [ 3CB32D3B8CBE79899D63280BB7A83CD9, F34DB3B3DD65F0135F1F7005703B824D2C9B17F7A43062F1FFBEC53B3B26EFC3 ] C:\WINDOWS\system32\hnetcfg.dll
11:59:32.0515 0x0590  C:\WINDOWS\system32\hnetcfg.dll - ok
11:59:32.0531 0x0590  [ E5EDBD51476DB5001ABF5C82AE5C3DD1, 5C97ABF5802A7F886781788FE6107F9F06962F9D704A2A43A03062C9405F56C3 ] C:\WINDOWS\system32\shgina.dll
11:59:32.0531 0x0590  C:\WINDOWS\system32\shgina.dll - ok
11:59:32.0546 0x0590  [ 4E3D06D6E68EEDB52565080F55B460D3, A503BFC29D3936045488EDC1771914EC84BE80E422F772F53D7961F526D707E6 ] C:\WINDOWS\system32\wshtcpip.dll
11:59:32.0546 0x0590  C:\WINDOWS\system32\wshtcpip.dll - ok
11:59:32.0562 0x0590  [ 811BB60991FC03A63F2F844A3F9C6488, 4E26BEBA2B24516B447BFAFC405692C53121F28815B7312F1E4F38D5CBCEA678 ] C:\WINDOWS\system32\wshisn.dll
11:59:32.0562 0x0590  C:\WINDOWS\system32\wshisn.dll - ok
11:59:32.0578 0x0590  [ 67156D5A9AC356DC99D7BCCB388E3316, 449A140065197779C0F8588E5C53014BBF54A9C74818D5CFDCB88CC7B36F44CF ] C:\WINDOWS\system32\wsock32.dll
11:59:32.0578 0x0590  C:\WINDOWS\system32\wsock32.dll - ok
11:59:32.0609 0x0590  [ D72B9EC3337B247A666F098F3D6B43DE, 4BC52AD1116078B0B313AB6555024302225D6CC03CA428151F78B7C48821489F ] C:\WINDOWS\system32\winrnr.dll
11:59:32.0609 0x0590  C:\WINDOWS\system32\winrnr.dll - ok
11:59:32.0625 0x0590  [ 6F9BEF24C578D5D6740E080BEDD6A448, 72426D49BC31488261D226C7D0C98AD11192019E71654F53D1D17183C328CC7C ] C:\WINDOWS\system32\rasadhlp.dll
11:59:32.0625 0x0590  C:\WINDOWS\system32\rasadhlp.dll - ok
11:59:32.0640 0x0590  [ 515A7FAE2070C2B0242B2353443E2F11, 6121C5613784831F584B50E8DC91BBD7AC58BDB602FE4CDB4B237670B6BB4537 ] C:\WINDOWS\system32\cscdll.dll
11:59:32.0640 0x0590  C:\WINDOWS\system32\cscdll.dll - ok
11:59:32.0656 0x0590  [ E2092F0A1D7ABC243F9C2362483D150D, 50028400D6BA1C5B27BFC9AAC9D41539383F3EC723977CA937715E14094D846A ] C:\WINDOWS\system32\dimsntfy.dll
11:59:32.0656 0x0590  C:\WINDOWS\system32\dimsntfy.dll - ok
11:59:32.0671 0x0590  [ 2CC34E8BB667EEF78899546E12649196, 5BA2604041BF7C1D580D4D2AEDC7708F9E9B0AF6E0928663E3D9C7297296D721 ] C:\WINDOWS\system32\wlnotify.dll
11:59:32.0671 0x0590  C:\WINDOWS\system32\wlnotify.dll - ok
11:59:32.0687 0x0590  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] C:\WINDOWS\system32\cryptsvc.dll
11:59:32.0687 0x0590  C:\WINDOWS\system32\cryptsvc.dll - ok
11:59:32.0703 0x0590  [ 02988B904C386B500CD08639C4C20EEA, 66E96045957AABD7F5C364D64DE23A09D4C292C844FA00C45626A8D1EC21F206 ] C:\WINDOWS\system32\winscard.dll
11:59:32.0703 0x0590  C:\WINDOWS\system32\winscard.dll - ok
11:59:32.0718 0x0590  [ BD83ABA61E8ACCC8D9FFB869F29418CE, 45ED22E825047A1BE07B017F95FBF965A90602C59E6B110D0C604FBE07DE1562 ] C:\WINDOWS\system32\winspool.drv
11:59:32.0718 0x0590  C:\WINDOWS\system32\winspool.drv - ok
11:59:32.0734 0x0590  [ 0E2735281FBB9A764D5584C2A5DCBA59, B1EFF5D7BFDDFEC3A3E5B2F17A6A0F3F47C344A64AB57E6918B4DEC094FC9444 ] C:\WINDOWS\system32\wtsapi32.dll
11:59:32.0734 0x0590  C:\WINDOWS\system32\wtsapi32.dll - ok
11:59:32.0750 0x0590  [ 00709952D444EAE14DBBD30D36FBAE0F, A65B57C68F9119940133F6680AF3644866EEBDA5378F9B6AED441FB999B50526 ] C:\WINDOWS\system32\certcli.dll
11:59:32.0750 0x0590  C:\WINDOWS\system32\certcli.dll - ok
11:59:32.0781 0x0590  [ 224FB925C641DA16CEB6D60F40CA4C75, 2DDB3B019D2A22B359C5974DC366EC9B95F4382DB1BF7F1958CFF0EC277895C7 ] C:\WINDOWS\system32\atl.dll
11:59:32.0781 0x0590  C:\WINDOWS\system32\atl.dll - ok
11:59:32.0796 0x0590  [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3, 9085384DD71F983E7FD8B6C8F54A3097412DA3C802C813C8AAB1F30558C416D6 ] C:\WINDOWS\system32\cryptui.dll
11:59:32.0796 0x0590  C:\WINDOWS\system32\cryptui.dll - ok
11:59:32.0812 0x0590  [ 552263502EA8C24D301A0C43FF90B3ED, 65ECCFF6889D867F452D48A1816E4D16B9ACC2426D793943F5889706219AFA0E ] C:\WINDOWS\system32\wininet.dll
11:59:32.0812 0x0590  C:\WINDOWS\system32\wininet.dll - ok
11:59:32.0828 0x0590  [ 10753A3ADC3E39A3B10CC3F08E98E6B4, 99C7B1B04CD593139917ED3D68BEC36C63BCE76663505CB5D026B62AF39BB383 ] C:\WINDOWS\system32\normaliz.dll
11:59:32.0828 0x0590  C:\WINDOWS\system32\normaliz.dll - ok
11:59:32.0843 0x0590  [ 496CE99BBBB7680323921DF30B405C36, A8DB64762CE3D52384B0DFA98E7C28FC67086B1FB0E76597DAA19AFF001F4998 ] C:\WINDOWS\system32\urlmon.dll
11:59:32.0843 0x0590  C:\WINDOWS\system32\urlmon.dll - ok
11:59:32.0859 0x0590  [ 1AB894FA897E26B23CA53BEED72F61F4, D4F177D0D21915E428672B5AC85FFFB0121E59F9A0566B7CF98CF776A3874A74 ] C:\WINDOWS\system32\iertutil.dll
11:59:32.0859 0x0590  C:\WINDOWS\system32\iertutil.dll - ok
11:59:32.0875 0x0590  [ F5B754CDEA20BBB3A31E16A776EDE6D6, C5D682FA9B86810C6E3D741E507EDA024C4554BEB5B6A1686F70E109EE9CD746 ] C:\WINDOWS\system32\esent.dll
11:59:32.0875 0x0590  C:\WINDOWS\system32\esent.dll - ok
11:59:32.0890 0x0590  [ C1FAEA15E41F62D7BFA7FBC395C24BA6, 5DAA7F6E1EEA128AEDEDCAF04EB83AED4BCF856BC123BC134E9FA634DC569C0B ] C:\WINDOWS\system32\riched20.dll
11:59:32.0890 0x0590  C:\WINDOWS\system32\riched20.dll - ok
11:59:32.0906 0x0590  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] C:\WINDOWS\system32\wbem\wmisvc.dll
11:59:32.0906 0x0590  C:\WINDOWS\system32\wbem\wmisvc.dll - ok
11:59:32.0921 0x0590  [ ACACB8B14E66109B8ACD6644B5574B9A, 2373E67EB51F8045E7CD346F75B4BAD093E29CC609955BBC4C9FEF7A97A5FD86 ] C:\WINDOWS\system32\vssapi.dll
11:59:32.0921 0x0590  C:\WINDOWS\system32\vssapi.dll - ok
11:59:32.0953 0x0590  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] C:\WINDOWS\system32\srsvc.dll
11:59:32.0953 0x0590  C:\WINDOWS\system32\srsvc.dll - ok
11:59:32.0968 0x0590  [ 50A166237A0FA771261275A405646CC0, CFA9B2C8CDCDB56C27B89593A106AAE211E24D8EA433129A6E9BD2FBF39AB5BB ] C:\WINDOWS\system32\powrprof.dll
11:59:32.0968 0x0590  C:\WINDOWS\system32\powrprof.dll - ok
11:59:32.0984 0x0590  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:59:32.0984 0x0590  C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll - ok
11:59:33.0000 0x0590  [ 085ED2E391A871C7BAE87E0228B546BA, 15C050965A7377CDE1178A0C28C3E05B16838A1D7DEB1DD190E3C5D58511F5AC ] C:\WINDOWS\system32\cscui.dll
11:59:33.0000 0x0590  C:\WINDOWS\system32\cscui.dll - ok
11:59:33.0031 0x0590  [ 3E2F3E2F4A82B7FAE23BAB864FB0F837, 78FEB881B5F1C90AD13DD69BB8C95CDF60C84E127871916D1EE8A938849E6282 ] C:\WINDOWS\system32\dpcdll.dll
11:59:33.0031 0x0590  C:\WINDOWS\system32\dpcdll.dll - ok
11:59:33.0046 0x0590  [ A93AEE1928A9D7CE3E16D24EC7380F89, 944CD2135E171AF338352568AA7FE1B8004733A4281395AD6723E0CF43D5F53F ] C:\WINDOWS\system32\userinit.exe
11:59:33.0046 0x0590  C:\WINDOWS\system32\userinit.exe - ok
11:59:33.0062 0x0590  [ 12896823FB95BFB3DC9B46BCAEDC9923, 1E675CB7DF214172F7EB0497F7275556038A0D09C6E5A3E6862C5E26885EF455 ] C:\WINDOWS\explorer.exe
11:59:33.0062 0x0590  C:\WINDOWS\explorer.exe - ok
11:59:33.0078 0x0590  [ B14E6ED4CBAAF91A50C11807C55B6258, 91C423E2C163F46BA0EE436E152C8D5E89011BD6B239D739B4D97A4E4FBB96E7 ] C:\WINDOWS\system32\browseui.dll
11:59:33.0078 0x0590  C:\WINDOWS\system32\browseui.dll - ok
11:59:33.0093 0x0590  [ 616B0126D3C499F5B7EAE5B198F6F6F5, 65458E74E8C07BDCFF6B137795E457A2B200170A4DDDF86B7569D289EA367185 ] C:\WINDOWS\system32\shdocvw.dll
11:59:33.0093 0x0590  C:\WINDOWS\system32\shdocvw.dll - ok
11:59:33.0109 0x0590  [ B4ED498E3BFEE64E952BC44FC6057DB8, 1FB5ABAE69103BF477F704189D75B0395F587234BFE94F9F79961D8FE2CE55AC ] C:\WINDOWS\system32\desk.cpl
11:59:33.0109 0x0590  C:\WINDOWS\system32\desk.cpl - ok
11:59:33.0125 0x0590  [ A314EEA2A503A8E04085201E436384A5, F377590227E3BFC356996524AE2FF99B3ECEFFBC163F6AD9503B8AAD24AECDB3 ] C:\WINDOWS\system32\themeui.dll
11:59:33.0125 0x0590  C:\WINDOWS\system32\themeui.dll - ok
11:59:33.0140 0x0590  [ 2DC5A8019E2387987905F77C664E4BE2, 32FD8D0D3146A599CFB536955F9E93AA50467B2176A70E481133B61D4BD29AD9 ] C:\WINDOWS\system32\linkinfo.dll
11:59:33.0140 0x0590  C:\WINDOWS\system32\linkinfo.dll - ok
11:59:33.0156 0x0590  [ A70A2D85AD143D6BB823C246CEB699A5, D8ED98DC2964A2DAF448893718E6381FBABAB53DD7497266851E0F4221F1B01F ] C:\WINDOWS\system32\ntshrui.dll
11:59:33.0156 0x0590  C:\WINDOWS\system32\ntshrui.dll - ok
11:59:33.0171 0x0590  [ 2DE1190196EE9555DB548A57622022EB, 89DBC777BE06D008AABEDAC61AFC11B4FF7ABCA86C205109ED9D34D21C0B5146 ] C:\WINDOWS\system32\drprov.dll
11:59:33.0171 0x0590  C:\WINDOWS\system32\drprov.dll - ok
11:59:33.0187 0x0590  [ 36468087E22C57A83DF758B3F90DF73F, F6898D07CEE4F528A9F17A231CCB5E38F826A0C1926EFBF35ECCA06E0E8EE565 ] C:\WINDOWS\system32\ntlanman.dll
11:59:33.0187 0x0590  C:\WINDOWS\system32\ntlanman.dll - ok
11:59:33.0218 0x0590  [ AC5DF42FE314C1446B1DAD237BFCFFE0, FD53D9BCC619ED7AE4B7C29B7D457A2F61D6D340841A4E030329D7032C306AB6 ] C:\WINDOWS\system32\netui0.dll
11:59:33.0218 0x0590  C:\WINDOWS\system32\netui0.dll - ok
11:59:33.0234 0x0590  [ ED5A816D8E11E03F1937AC3C56826EE4, D01525B5BD9F9DDF149B78706C6C2F5AE26F5337F897C1B8763DBC67AB64F875 ] C:\WINDOWS\system32\netui1.dll
11:59:33.0234 0x0590  C:\WINDOWS\system32\netui1.dll - ok
11:59:33.0250 0x0590  [ B41D53899E37CC43DA85DA19998BEE81, CA92B8313338F0F8B1B630A0057B9C114E8D8BC10F09825C9008A5A824B91FDC ] C:\WINDOWS\system32\netrap.dll
11:59:33.0250 0x0590  C:\WINDOWS\system32\netrap.dll - ok
11:59:33.0265 0x0590  [ FB8F8EEC8D9C2157789472DD61CDC78B, D5306081621FFEFF585FAD292E60207E1BCB4EA67367E12872AF73C464110C68 ] C:\WINDOWS\system32\davclnt.dll
11:59:33.0265 0x0590  C:\WINDOWS\system32\davclnt.dll - ok
11:59:33.0281 0x0590  [ 91790D6749EBED90E2C40479C0A91879, 3C267950F13CCE412474C5228FC0E3D8D7F912E82464BD2CE6312A0326F84A80 ] C:\WINDOWS\system32\verclsid.exe
11:59:33.0281 0x0590  C:\WINDOWS\system32\verclsid.exe - ok
11:59:33.0296 0x0590  [ 0B8FB29CDA02015448C9F5260A013F19, 804C38F6B4CBCAFA679BE99E5359427BDC838E0F467FD7A952F8BE1FD4E85C3E ] C:\WINDOWS\system32\ieframe.dll
11:59:33.0296 0x0590  C:\WINDOWS\system32\ieframe.dll - ok
11:59:33.0312 0x0590  [ D3F72D50DE53F9F1F55240115AF4D42E, F8831B6B33EE2EE49615AE45A81C8434E154331BEB1E64C491E64C1348314F3C ] C:\WINDOWS\system32\msi.dll
11:59:33.0312 0x0590  C:\WINDOWS\system32\msi.dll - ok
11:59:33.0343 0x0590  [ 062F837C1FBDB6A0A75F82EFC2EE8E74, 3C0BFA381CBC2C55B58A8942A7148A6C27E244D26313EFB4708DD5858C689E02 ] C:\WINDOWS\system32\netshell.dll
11:59:33.0343 0x0590  C:\WINDOWS\system32\netshell.dll - ok
11:59:33.0359 0x0590  [ 235892E493845D64D890163CFEF90E97, 48FC98DD1E5F8F05DE6954FE26C0A448AA9838D7DC716518C715F35E3CFA227D ] C:\WINDOWS\system32\credui.dll
11:59:33.0359 0x0590  C:\WINDOWS\system32\credui.dll - ok
11:59:33.0375 0x0590  [ 8E2CC37BA87D8F681066E0E9C8A19F73, 90536FD502D92AE4FECE0C250373742D2E8AC9E9BE314070BB28C4A2BEA15508 ] C:\WINDOWS\system32\dot3api.dll
11:59:33.0375 0x0590  C:\WINDOWS\system32\dot3api.dll - ok
11:59:33.0390 0x0590  [ 876CCF164E08D6B903CD14398E056DD2, 9AC7887F992F20E10EB3ED9B3AEF47B5C840172FA7895531F4EF86D6EA642D0F ] C:\WINDOWS\system32\rtutils.dll
11:59:33.0390 0x0590  C:\WINDOWS\system32\rtutils.dll - ok
11:59:33.0406 0x0590  [ 4E8F3230BAC8C1CAADF01A8C728E1C5C, 62E73A7D4C58F2E30670F6A72E734B618AF45F60A8CB2177A4D504283F829BE5 ] C:\WINDOWS\system32\dot3dlg.dll
11:59:33.0406 0x0590  C:\WINDOWS\system32\dot3dlg.dll - ok
11:59:33.0421 0x0590  [ CA04959077AFE36369D37B3504740C87, CBB90BC35A74EC03DC04CD60DAC966A9FA98DC9EEFB926089DBE7A47D3B710B1 ] C:\WINDOWS\system32\onex.dll
11:59:33.0421 0x0590  C:\WINDOWS\system32\onex.dll - ok
11:59:33.0437 0x0590  [ 5DB625E7D095604010CF84DE2D8ACFA6, DEED8055CD1F2E2D898C5C77283B56078414CC7D9FCA6FCF58BA0B66B565E826 ] C:\WINDOWS\system32\eappcfg.dll
11:59:33.0437 0x0590  C:\WINDOWS\system32\eappcfg.dll - ok
11:59:33.0453 0x0590  [ ABC4206543450C0666D152F4B65833B8, D78D5E719E7744805DF6DD1D9567E67E11223F4E3B13170E35F27D46FCB6C244 ] C:\WINDOWS\system32\eappprxy.dll
11:59:33.0453 0x0590  C:\WINDOWS\system32\eappprxy.dll - ok
11:59:33.0468 0x0590  [ 1C22A3866112ED41E1F3684DAE9AD5D2, 621989160B8DCE383242FA844CA63557F7BCD4520335E7EA1AF85E7720A760CA ] C:\WINDOWS\system32\mmcshext.dll
11:59:33.0468 0x0590  C:\WINDOWS\system32\mmcshext.dll - ok
11:59:33.0484 0x0590  [ D3E868700D9B5E3C54B7EED060215CC1, C066B0E63815018D6D345CE5DABD443C5CDA73200601FB51F67C602A4133A2C5 ] C:\WINDOWS\system32\hhsetup.dll
11:59:33.0484 0x0590  C:\WINDOWS\system32\hhsetup.dll - ok
11:59:33.0500 0x0590  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] C:\WINDOWS\system32\es.dll
11:59:33.0500 0x0590  C:\WINDOWS\system32\es.dll - ok
11:59:33.0531 0x0590  [ 72A0DF237F9118F18AD136E99266E816, 76CEB7AC5BE1F645423424641FE4F6087D20B5E066FBA6FF0D688467A48883BC ] C:\Program Files\Microsoft Office\Office10\MSOHEV.DLL
11:59:33.0531 0x0590  C:\Program Files\Microsoft Office\Office10\MSOHEV.DLL - ok
11:59:33.0546 0x0590  [ C444B433A340C24B51A2DACE9D13FC70, 32DF665A6267231245235CC90CC17BC8F9869642D2D848E6FC8F9A417BA570FD ] C:\WINDOWS\system32\zipfldr.dll
11:59:33.0546 0x0590  C:\WINDOWS\system32\zipfldr.dll - ok
11:59:33.0562 0x0590  [ 912B67BB8249925A5C972FC5839EAE09, 11F9F26C2D5EADD683F9FA4FDC8C25A1FB7EE9D6E3F4419C9DAB8C4E434F1857 ] C:\WINDOWS\system32\actxprxy.dll
11:59:33.0562 0x0590  C:\WINDOWS\system32\actxprxy.dll - ok
11:59:33.0578 0x0590  [ 526E1B1FB3ED5090E2A4489CA541CCE8, 638E2B652E143E6BD7512F0E7F39C5D701B0F204EBCFD9C77AB5C6250D27F2C5 ] C:\Documents and Settings\Administrator\desktop\wahooLSP.exe
11:59:33.0578 0x0590  C:\Documents and Settings\Administrator\desktop\wahooLSP.exe - ok
11:59:33.0593 0x0590  [ F0BF811622F2DD6C8E26EE4600D83731, 81CFC1118551E84F5BBD2A863419529AA32DA92E5834C71DA77D13854F6CF048 ] C:\WINDOWS\system32\wbem\wbemcore.dll
11:59:33.0593 0x0590  C:\WINDOWS\system32\wbem\wbemcore.dll - ok
11:59:33.0609 0x0590  [ E4616430709F440CF1809D88DC2366EA, C2CBC0A21A892FD8341E5A29E7164172340E07A75A5D54493036156D907AEAE7 ] C:\WINDOWS\system32\wbem\esscli.dll
11:59:33.0609 0x0590  C:\WINDOWS\system32\wbem\esscli.dll - ok
11:59:33.0625 0x0590  [ D95C71052E5EF63B55997FB31483D02F, 829A559050680C039CA7AFCFE3246745D465ED11722A603AA32253FD413894C3 ] C:\WINDOWS\system32\wbem\wbemcomn.dll
11:59:33.0625 0x0590  C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
11:59:33.0656 0x0590  [ 378A0AEFB11D8B0DC8C27B9F7604B88D, D0D6863FCE412B75B9B5FC38EA923759201E7193ED40CFBAA674630E2DE56FD3 ] C:\WINDOWS\system32\wbem\fastprox.dll
11:59:33.0656 0x0590  C:\WINDOWS\system32\wbem\fastprox.dll - ok
11:59:33.0671 0x0590  [ 3273D1565BF30225C115B480A3BB2C9D, DF802F845EFEE506A0D3CA1EA9AEE1EDE73BCC02F2B64EDFACE0BBEFCF965455 ] C:\WINDOWS\system32\wbem\wmiutils.dll
11:59:33.0671 0x0590  C:\WINDOWS\system32\wbem\wmiutils.dll - ok
11:59:33.0687 0x0590  [ 942A17D2901A31EA68627CBFFCD268CC, C75E1C03929E16EDDBACFC37BD6C40E941F9D99E3E40ED3A07238343342685BD ] C:\WINDOWS\system32\wbem\repdrvfs.dll
11:59:33.0687 0x0590  C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
11:59:33.0703 0x0590  [ 071143F687B4F887E21461CA6CC7EB29, 92C849517F985F19926E6425CD99E21029E1CA14FC92C9E40091DC79D4A723F2 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
11:59:33.0703 0x0590  C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
11:59:33.0718 0x0590  [ 26D881D27CBE51D3614E68D7313EA026, BC84CFD5F382F6D844815065118793950E922B8FB52944E337DAA62874C103A3 ] C:\WINDOWS\system32\wbem\wbemess.dll
11:59:33.0718 0x0590  C:\WINDOWS\system32\wbem\wbemess.dll - ok
11:59:33.0734 0x0590  [ D26451B540720A7313A9BCBE794DAF62, 255B3594876F9D9222760A53D1119E73D3BA4E4766C9DFAD63DCB180C5F33846 ] C:\WINDOWS\system32\wbem\ncprov.dll
11:59:33.0734 0x0590  C:\WINDOWS\system32\wbem\ncprov.dll - ok
11:59:33.0750 0x0590  [ 6404807ABC7AF52FA3792697AE638B50, 75FB44348CCC53A4EA2C3677F42098A12CE882F3E015E3D847A07972C1E4AEF5 ] C:\WINDOWS\system32\wbem\wbemcons.dll
11:59:33.0750 0x0590  C:\WINDOWS\system32\wbem\wbemcons.dll - ok
11:59:33.0781 0x0590  [ 5E28284F9B5F9097640D58A73D38AD4C, 865F34FE7BA81E9622DDBDFC511547D190367BBF3DAD21CEB6DA3EEC621044F5 ] C:\WINDOWS\system32\notepad.exe
11:59:33.0781 0x0590  C:\WINDOWS\system32\notepad.exe - ok
11:59:33.0796 0x0590  [ 0FA909FA83979CEEACE4B83F771AFE42, EFEA1BE4E077570AAEF4873D81827962C3D4C82AF3002436BB36D297F5ED29C6 ] C:\Documents and Settings\Administrator\desktop\zebranMalwarebytes' Anti-Malware\mbamext.dll
11:59:33.0796 0x0590  C:\Documents and Settings\Administrator\desktop\zebranMalwarebytes' Anti-Malware\mbamext.dll - ok
11:59:33.0812 0x0590  [ 33CD89ABAE17CEE01B056B56D0D0E056, 8611E58C2584CD0D2C83A2F2690E5F5C559A570C9014870E0B14D1670F5D976F ] C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL
11:59:33.0812 0x0590  C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL - ok
11:59:33.0828 0x0590  [ 0DCD17C9A3B135C61834C716A412A5BF, 0AA9423B17431BBFBE0A194AA0BF89F41A6A068ACB740C03ABB0330E7BF4EDE0 ] C:\PROGRA~1\GLARYU~1\rtl70.bpl
11:59:33.0828 0x0590  C:\PROGRA~1\GLARYU~1\rtl70.bpl - ok
11:59:33.0843 0x0590  [ 599DABD485B83B3DDBFCACFD60AC8774, 76857992D7384747F28C14931E9E22F5454B3357F9EAD94D4D67F07607864619 ] C:\PROGRA~1\GLARYU~1\vcl70.bpl
11:59:33.0843 0x0590  C:\PROGRA~1\GLARYU~1\vcl70.bpl - ok
11:59:33.0859 0x0590  [ 0B467F470CC9918FDCEEDCFD7DC4D697, 87C8BCC4DFF318FC393A8C0FB0B82CCC9DA83EC0F5811CF303F3AC265A575578 ] C:\WINDOWS\system32\oledlg.dll
11:59:33.0859 0x0590  C:\WINDOWS\system32\oledlg.dll - ok
11:59:33.0875 0x0590  [ EDBD9C27A8645FA78656926D4AC546AD, AABC10E863E3BFDD370854C65C4069F9D69AE1CAED0B0679C3F02A7FF20C9906 ] C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll
11:59:33.0875 0x0590  C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll - ok
11:59:33.0890 0x0590  [ 875E1A57B0D5469375F7060C226578DB, BFF5A74B106DD4F7B6BF62CA319EB26167B4F2612D18AD3C534980540B2CF73A ] C:\PROGRA~1\MICROS~2\shellext.dll
11:59:33.0890 0x0590  C:\PROGRA~1\MICROS~2\shellext.dll - ok
11:59:33.0906 0x0590  [ 118D81523EA80B9E252CB840E94754C6, 6DA6139B3312D56A2FDE7F24E1742DE08B1627AABE04697BEF942358C4CE9725 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
11:59:33.0906 0x0590  C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
11:59:33.0921 0x0590  [ ACFEE2392503DD5E457363A0510B8BCB, 60CFB4C077409ABA90F7C0B0D5B1A0F0D10DFA2DA3338AAA174C051724039517 ] C:\WINDOWS\system32\msxml3.dll
11:59:33.0921 0x0590  C:\WINDOWS\system32\msxml3.dll - ok
11:59:33.0937 0x0590  [ 1BB66A40744622E60E802B39F013DC64, 67A23F1E9E6123A3D7248213384D51D6166D146CACD679E244CE0F891A344B97 ] C:\Documents and Settings\Administrator\desktop\Iexplore.exe
11:59:33.0953 0x0590  C:\Documents and Settings\Administrator\desktop\Iexplore.exe - ok
11:59:33.0968 0x0590  [ 684559A03CBC1D05BA120A18B0D8BA5D, 7425F27C8EF8CEF26B071D7FD5FED538C74EF524AEF73E427B1781F3A3C16C42 ] C:\WINDOWS\system32\winhttp.dll
11:59:33.0968 0x0590  C:\WINDOWS\system32\winhttp.dll - ok
11:59:33.0984 0x0590  [ AF8841FEF8DE40D36E77C6662843EDAE, E7FAE0E448B7123CE4BBD20D5EBFCD8690F6902D7007C39733658EAD65A0A1DE ] C:\WINDOWS\AppPatch\aclayers.dll
11:59:33.0984 0x0590  C:\WINDOWS\AppPatch\aclayers.dll - ok
11:59:34.0000 0x0590  [ 9DD06F00898AA5CA7E24186EFC8E5E25, 51141D0D07DBC955B63281351D3F17163ACE9A5B08628EA1C82F33FD2913970E ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{74C700F1-273C-42C2-8418-052121B2C201}.tmp
11:59:34.0000 0x0590  C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{74C700F1-273C-42C2-8418-052121B2C201}.tmp - ok
11:59:34.0015 0x0590  [ 91A7771934C0D9D2DA7699D25BB5B348, 154A6EB866AF22B38AEE8DB5A864653FEB15DED69DE26E5B602B7C5056CDDF72 ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{DA218C46-96D2-4421-8C5F-96CEC43838D3}.tmp
11:59:34.0015 0x0590  C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{DA218C46-96D2-4421-8C5F-96CEC43838D3}.tmp - ok
11:59:34.0046 0x0590  [ 55C11301579A42639736EA3B17A3A588, CBEBDD7C883EF47DB86060AF0F09FD2218161D5FEB0CECEB4A068B9CC63499F8 ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{8B913043-78A5-4737-B390-63C40E01E06E}.tmp
11:59:34.0046 0x0590  C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{8B913043-78A5-4737-B390-63C40E01E06E}.tmp - ok
11:59:34.0062 0x0590  [ 205ADD80FF8099B1A8101EB490B933D1, 6B4D94F1683B1D30A1BB0019E2E3E0AE1AA85561D416708198EC2BDAB649E178 ] C:\WINDOWS\system32\wbem\wbemprox.dll
11:59:34.0062 0x0590  C:\WINDOWS\system32\wbem\wbemprox.dll - ok
11:59:34.0078 0x0590  [ 010472D0AE758227C6F6E6933549C219, 4082365231756E2889BD9A19EEFA27665B9902F8C8BC376C70DC3AA80AEA541B ] C:\WINDOWS\system32\wbem\wbemsvc.dll
11:59:34.0078 0x0590  C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
11:59:34.0093 0x0590  [ 798A9E6828997EEF4517ADA8A2259831, 64389FAD94D54E2D43A7292AD3C57CB16F90F2C80EA44099E02D11E19E390A5B ] C:\WINDOWS\system32\wbem\wmiprvse.exe
11:59:34.0093 0x0590  C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
11:59:34.0109 0x0590  [ E837FDBB92E9873E538395B623F45462, E00D9F1471D9BDE7E53A5F8359B6F3B1606A432D4E94AB6B2A6898AB48E6751B ] C:\WINDOWS\system32\wbem\cimwin32.dll
11:59:34.0109 0x0590  C:\WINDOWS\system32\wbem\cimwin32.dll - ok
11:59:34.0125 0x0590  [ 4306FA2F1099D7C606139255FDB62B19, 75A0A99B9D8B0E2B39A8093F72DC283D5F2D56FB731C2BA193579DCE916030A0 ] C:\WINDOWS\system32\wbem\framedyn.dll
11:59:34.0125 0x0590  C:\WINDOWS\system32\wbem\framedyn.dll - ok
11:59:34.0140 0x0590  [ 7B0770526801F05D58C51A3DFB87B4BD, 7A2858DD3AE8C26DE88F8CC71E8DC9A8A50C363BA4FB34EE6EE2D81C18845A96 ] C:\WINDOWS\system32\wmi.dll
11:59:34.0140 0x0590  C:\WINDOWS\system32\wmi.dll - ok
11:59:34.0156 0x0590  [ DF471F11CC78BE02FE6BA15F2D94F65B, 9AC230DE58CE40E78AE6872BCF4778B69EEBF17E0E41B1301FF364ABD4737A78 ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{18F639B5-4319-46D6-BA7E-452C20C806CD}.tmp
11:59:34.0156 0x0590  C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{18F639B5-4319-46D6-BA7E-452C20C806CD}.tmp - ok
11:59:34.0171 0x0590  [ 0FD19BDDD2513874FF6903F717367795, DFAF9C33F993BA26FC84EF66ABC7C483E62762F7E1FC763605A75ACC2E8AA4EE ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{B17DF1D2-474E-4130-BDFC-4FA35990A900}.tmp
11:59:34.0171 0x0590  C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{B17DF1D2-474E-4130-BDFC-4FA35990A900}.tmp - ok
11:59:34.0187 0x0590  [ DD88BBF87A43331A4E99E37F7BF59FDB, 872190F559FA0DD1F711E9FA101BA1AB6E6DE5ED0CCCE1AB7AFE45BC3B78A0F1 ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{58F312A3-5180-4489-9037-C700CA438D60}.tmp
11:59:34.0187 0x0590  C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{58F312A3-5180-4489-9037-C700CA438D60}.tmp - ok
11:59:34.0218 0x0590  [ 4261449C1CADA6B007E5C27522946D2B, 11E79D1C529E816CCCAC9266089C77A4DB44676CAEEE25C66D6DB420B18D3ACB ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{88FC1203-7C8E-4DB6-9FBD-0D4E208D1AB2}.tmp
11:59:34.0218 0x0590  C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{88FC1203-7C8E-4DB6-9FBD-0D4E208D1AB2}.tmp - ok
11:59:34.0234 0x0590  [ 6627AA675A5C1B0330487A02E23F0560, 256AE9BA4273D4247FFAD6099D5A4FC8E98EDB27293AC8CAF7A571EB3890FAA7 ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{A7DE12AA-C783-4E94-875C-EBF599922031}.tmp
11:59:34.0234 0x0590  C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{A7DE12AA-C783-4E94-875C-EBF599922031}.tmp - ok
11:59:34.0250 0x0590  [ 723B834A07F7DF7DE4CEB637D57ACEA3, B42867045DD3FB7682CDBD133970421010F0F14125E4992C73657CABA4659250 ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{F54D2A83-48CB-4842-A27A-DA8DE6F3FBE2}.tmp
11:59:34.0250 0x0590  C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{F54D2A83-48CB-4842-A27A-DA8DE6F3FBE2}.tmp - ok
11:59:34.0265 0x0590  [ C1DE893FAF6D7F6CFB479A1F61835482, AD5FA3CE73777704C67C933691F1F068E1A7FF545F728B97574F9C33AC4BBC01 ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{A7C9CF5C-0D3F-4618-B975-6685EAF62553}.tmp
11:59:34.0265 0x0590  C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{8F741509-8BC7-41E9-AA25-C383AE100B74}\{A7C9CF5C-0D3F-4618-B975-6685EAF62553}.tmp - ok
11:59:34.0281 0x0590  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] C:\WINDOWS\system32\dhcpcsvc.dll
11:59:34.0281 0x0590  C:\WINDOWS\system32\dhcpcsvc.dll - ok
11:59:34.0296 0x0590  [ 92C4F48B62B0B876194584C3FF09CCB6, B24FF5E8D4F09B8200395B68A20A083E7ED9A29B9E9FB85F42E1A6BBB911D1C4 ] C:\WINDOWS\system32\rasapi32.dll
11:59:34.0296 0x0590  C:\WINDOWS\system32\rasapi32.dll - ok
11:59:34.0312 0x0590  [ 4DEF926F6A0545AE486A03C84F2EE482, 2D209061632634D7338C0BBEEE8056E8085BE22FA6974A2CC6BAEDC14CF6F6B1 ] C:\WINDOWS\system32\rasman.dll
11:59:34.0312 0x0590  C:\WINDOWS\system32\rasman.dll - ok
11:59:34.0328 0x0590  [ 00AABF131B4823785818DB99A075A313, FF0F24D35325EC246C758C7CF51FDDEF13757DFD7BE5F6F5D51E0DD7C6673686 ] C:\WINDOWS\system32\tapi32.dll
11:59:34.0328 0x0590  C:\WINDOWS\system32\tapi32.dll - ok
11:59:34.0343 0x0590  [ C14350FC0D47D806699C4F907FC6785B, A8862B47A74F5FB03C9916A42B986D9B352549ED486AD2B9DAD405A98B5564B3 ] C:\WINDOWS\system32\cryptnet.dll
11:59:34.0343 0x0590  C:\WINDOWS\system32\cryptnet.dll - ok
11:59:34.0359 0x0590  [ 3CBA2210FA39C6ED7895634842E930DD, 9AFC6A7E1F936ED3636F89FD49B5C944594F88A5BFB597348AF2FB83DA2E4E40 ] C:\WINDOWS\system32\sensapi.dll
11:59:34.0359 0x0590  C:\WINDOWS\system32\sensapi.dll - ok
11:59:34.0375 0x0590  [ B714735C12A70171DE28657948FD91F1, DF7BF2D1BEBB016A8CB739EEE2670CF9F44A5CC2319A532E5C3DE0F5AA3AA144 ] C:\WINDOWS\system32\mlang.dll
11:59:34.0375 0x0590  C:\WINDOWS\system32\mlang.dll - ok
11:59:34.0406 0x0590  [ 9DD06F00898AA5CA7E24186EFC8E5E25, 51141D0D07DBC955B63281351D3F17163ACE9A5B08628EA1C82F33FD2913970E ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{AD4E72EA-85C1-4E54-BC61-28454E50D453}.tmp
11:59:34.0406 0x0590  C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{AD4E72EA-85C1-4E54-BC61-28454E50D453}.tmp - ok
11:59:34.0421 0x0590  [ 91A7771934C0D9D2DA7699D25BB5B348, 154A6EB866AF22B38AEE8DB5A864653FEB15DED69DE26E5B602B7C5056CDDF72 ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{38468190-A1D0-4D05-B30B-F9145E50FE38}.tmp
11:59:34.0421 0x0590  C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{38468190-A1D0-4D05-B30B-F9145E50FE38}.tmp - ok
11:59:34.0453 0x0590  [ 55C11301579A42639736EA3B17A3A588, CBEBDD7C883EF47DB86060AF0F09FD2218161D5FEB0CECEB4A068B9CC63499F8 ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{97C1E765-A5F0-4CC8-8BE1-92EA4EA97FC1}.tmp
11:59:34.0453 0x0590  C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{97C1E765-A5F0-4CC8-8BE1-92EA4EA97FC1}.tmp - ok
11:59:34.0468 0x0590  [ DF471F11CC78BE02FE6BA15F2D94F65B, 9AC230DE58CE40E78AE6872BCF4778B69EEBF17E0E41B1301FF364ABD4737A78 ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{2F1AA6AA-DC69-4906-8538-76B5C05172C7}.tmp
11:59:34.0468 0x0590  C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{2F1AA6AA-DC69-4906-8538-76B5C05172C7}.tmp - ok
11:59:34.0484 0x0590  [ 0FD19BDDD2513874FF6903F717367795, DFAF9C33F993BA26FC84EF66ABC7C483E62762F7E1FC763605A75ACC2E8AA4EE ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{81691B32-032C-47D3-B691-CAFADDE11D5A}.tmp
11:59:34.0484 0x0590  C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{81691B32-032C-47D3-B691-CAFADDE11D5A}.tmp - ok
11:59:34.0500 0x0590  [ DD88BBF87A43331A4E99E37F7BF59FDB, 872190F559FA0DD1F711E9FA101BA1AB6E6DE5ED0CCCE1AB7AFE45BC3B78A0F1 ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{1C183FE3-F8D4-4EC1-8FD3-DED2F0FD12AB}.tmp
11:59:34.0500 0x0590  C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{1C183FE3-F8D4-4EC1-8FD3-DED2F0FD12AB}.tmp - ok
11:59:34.0515 0x0590  [ 4261449C1CADA6B007E5C27522946D2B, 11E79D1C529E816CCCAC9266089C77A4DB44676CAEEE25C66D6DB420B18D3ACB ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{040934AC-4158-4973-8DC9-58400D21A76F}.tmp
11:59:34.0515 0x0590  C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{040934AC-4158-4973-8DC9-58400D21A76F}.tmp - ok
11:59:34.0531 0x0590  [ 6627AA675A5C1B0330487A02E23F0560, 256AE9BA4273D4247FFAD6099D5A4FC8E98EDB27293AC8CAF7A571EB3890FAA7 ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{9627928E-DBEA-4313-B255-D4FD92BCF0C5}.tmp
11:59:34.0531 0x0590  C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{9627928E-DBEA-4313-B255-D4FD92BCF0C5}.tmp - ok
11:59:34.0546 0x0590  [ 723B834A07F7DF7DE4CEB637D57ACEA3, B42867045DD3FB7682CDBD133970421010F0F14125E4992C73657CABA4659250 ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{6D72E8FF-C996-4995-A2CC-15B747B5547A}.tmp
11:59:34.0546 0x0590  C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{6D72E8FF-C996-4995-A2CC-15B747B5547A}.tmp - ok
11:59:34.0562 0x0590  [ C1DE893FAF6D7F6CFB479A1F61835482, AD5FA3CE73777704C67C933691F1F068E1A7FF545F728B97574F9C33AC4BBC01 ] C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{B2223C4F-C93E-4439-8324-553F4327A6FB}.tmp
11:59:34.0562 0x0590  C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\{7848E0CB-B132-4AA1-A04B-4E9006F5D49A}\{B2223C4F-C93E-4439-8324-553F4327A6FB}.tmp - ok
11:59:34.0609 0x0590  AV detected via SS1: Microsoft Security Essentials, 4.2.0223.0, disabled, outofdate
11:59:34.0609 0x0590  ============================================================
11:59:34.0609 0x0590  Scan finished
11:59:34.0609 0x0590  ============================================================
11:59:34.0640 0x0588  Detected object count: 2
11:59:34.0640 0x0588  Actual detected object count: 2
11:59:57.0562 0x0588  MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
11:59:57.0562 0x0588  MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:59:57.0578 0x0588  MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
11:59:57.0578 0x0588  MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:00:08.0765 0x0524  Deinitialize success
 

[kevinf80]

TDSSKiller log is good, Couple of services are set incorrectly as shown in the FSS log:

The start type of BITS service is set to Demand. The default start type is Auto.

Select the Windows key and R key together, in the run box type services.msc and hit enter.

In the services window scroll down to the following entry:

Background Intelligent Transfer Service(BITS)

Right click on that entry and select "Properties" in the new window change the start up type from "Demand" to "Automatic" select Apply then ok.

Next,

Same again for this entry:

The start type of wuauserv service is set to Disabled. The default start type is Auto.

Scroll to Windows Update (wuauserv)

Right click on that entry and select "Properties" in the new window change the start up type from "Demand" to "Automatic" select Apply then ok.

Next,

Same again for this entry:

The start type of PlugPlay service is set to Disabled. The default start type is Auto.

Scroll to Plug and Play

Right click on that entry and select "Properties" in the new window change the start up type from "Demand" to "Automatic" select Apply then ok.

Close out the services window, re-boot your PC. Run a full scan with Malwarebytes, post that log. Let me know how your PC responds, what issues/concerns remain...
 

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

[AdvancedSetup]

Topic re-opened per user request.

[hiesenberg]

Kevin:

Sorry for the delay but there was an issue with the reply button on here. So I thought we had finally won the battle but earlier today the svchost.exe returned, ran at 100% and instantly the taskbar did its usual color change routine. After that I ran Rougue killer and sure enough the same entries I deleted previously had returned, (text in red). How serious are these registry changes?

Are these returning entries a sure sign that there is some type of infection? Thanks for your patience.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.12.14

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: RICH-BIZ [administrator]

11/12/2013 5:12:49 PM
mbam-log-2013-11-12 (17-12-49).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 245830
Time elapsed: 53 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User : Administrator [Admin rights]
Mode : Scan -- Date : 11/14/2013 17:59:12
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH][DLL] explorer.exe -- C:\Documents and Settings\Administrator\Desktop\zebranMalwarebytes' Anti-Malware\mbamext.dll [x] -> UNLOADED

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\RunOnce :  (A0) (cmd /c "C:\Documents and Settings\RICH\desktop\mbar\mbar.exe" /rdv /s [7]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x2] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG SP1604N +++++
--- User ---
[MBR] 9c24779718baa28a177f1792c868d0f9
[bSP] 85f5c2091b2e329b4ea8d90f28511751 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 50225 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 102861360 | Size: 102399 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_11142013_175912.txt >>

 

[kevinf80]

Did you follow the instructions from Reply #39? Also the entries you quote from RK are inert, not active....

 

Run the following:

 

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

• Ensure that Combofix is saved directly to the Desktop <--- Very important
   
  
• Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
   
  
• Close any open browsers and any other programs you might have running
   
  
• Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
   
  
• Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
   
  
• If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
   
  
• When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review
  

 

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

 

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

 

*EXTRA NOTES*

• 
  

    If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

 

Post the log in next reply please...

 

Kevin

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

[AdvancedSetup]

Topic re-opened per user request.

[hiesenberg]

kevin:

I followed the steps from #39, made all those changes you requested prior to my last reply. Here is the comb log. Thanks!!

 

ComboFix 13-11-16.01 - RICH 11/18/2013   2:10.5.1 - x86 NETWORK
Running from: c:\documents and settings\Administrator\desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_qcihrtv
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-18 to 2013-11-18  )))))))))))))))))))))))))))))))
.
.
2013-11-14 22:37 . 2013-11-14 22:37    --------    d-sh--w-    c:\documents and settings\RICH\PrivacIE
2013-11-14 22:01 . 2013-11-14 22:01    105176    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-14 21:42 . 2013-11-14 21:42    40392    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FEE87E2C-C873-4D68-BDF5-94E530539335}\MpKsla794a8f9.sys
2013-11-13 14:10 . 2013-10-14 06:39    7796464    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FEE87E2C-C873-4D68-BDF5-94E530539335}\mpengine.dll
2013-11-13 00:06 . 2013-10-13 07:25    522240    -c----w-    c:\windows\system32\dllcache\jsdbgui.dll
2013-11-12 18:29 . 2013-06-12 18:10    31848    ----a-w-    c:\windows\system32\drivers\DasPtct.SYS
2013-11-12 18:25 . 2013-11-13 04:49    --------    d-----w-    c:\program files\Panda Security
2013-10-31 23:44 . 2013-10-31 23:44    --------    d-----w-    C:\FRST
2013-10-31 20:43 . 2013-10-31 20:43    35904    ----a-w-    c:\windows\system32\drivers\lswd2yhn.sys
2013-10-31 20:01 . 2013-10-31 20:01    782640    ----a-w-    C:\Iexplore.exe.exe
2013-10-28 16:18 . 2013-11-14 22:49    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-10-24 15:19 . 2013-10-14 06:39    7796464    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-23 01:12 . 2013-10-18 05:11    24064    ----a-w-    c:\windows\zoek-delete.exe
2013-10-23 01:08 . 2013-10-23 01:08    --------    d-----w-    C:\zoek_backup
2013-10-19 07:33 . 2013-10-19 07:33    30976    ----a-w-    c:\windows\system32\drivers\hitmanpro37.sys
2013-10-19 07:28 . 2013-10-19 07:28    --------    d-----w-    c:\documents and settings\All Users\Application Data\HitmanPro
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-14 22:01 . 2013-10-04 04:13    47064    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-10-31 19:59 . 2013-10-31 19:59    1472131    ----a-w-    C:\vba32arkit.zip
2013-10-13 07:25 . 2008-04-14 12:00    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-10-13 07:25 . 2008-04-14 12:00    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-10-13 07:25 . 2008-04-14 12:00    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-10-13 07:24 . 2008-04-14 12:00    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-10-13 06:57 . 2008-04-14 12:00    385024    ----a-w-    c:\windows\system32\html.iec
2013-10-12 15:56 . 2008-04-14 12:00    278528    ----a-w-    c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2008-04-14 12:00    287744    ----a-w-    c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2008-04-14 12:00    603136    ----a-w-    c:\windows\system32\crypt32.dll
2013-10-05 01:14 . 2013-04-19 21:58    7168    ----a-w-    c:\windows\system32\xpsp4res.dll
2013-10-01 23:31 . 2013-10-01 23:32    1207928    ----a-w-    c:\program files\rc-installer.exe
2013-09-19 07:54 . 2013-09-19 07:40    181064    ----a-w-    c:\windows\PSEXESVC.EXE
2013-09-17 15:26 . 2013-09-17 15:26    325960    ----a-w-    c:\program files\lua5.1.dll
2013-09-04 03:02 . 2013-07-19 00:22    1966080    ----a-w-    c:\program files\Repair_Windows.exe
2013-08-29 01:31 . 2008-04-14 12:00    1878656    ----a-w-    c:\windows\system32\win32k.sys
2013-04-19 22:40 . 2013-04-19 22:40    11091432    ----a-w-    c:\program files\MSEInstall.exe
2013-03-25 03:24 . 2013-03-25 03:24    2483904    ----a-w-    c:\program files\Procmon.exe
2011-03-08 17:54 . 2013-07-19 00:22    229376    ----a-w-    c:\program files\pcwintech_tabs.ocx
2009-03-24 19:52 . 2013-07-19 00:22    1069376    ----a-w-    c:\program files\MSCOMCTL.OCX
2009-03-24 19:52 . 2013-07-19 00:22    136008    ----a-w-    c:\program files\msinet.ocx
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-04-12 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\40286280.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\65300409.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"AlcxMonitor"=ALCXMNTR.EXE
"combofix"=c:\combofix\CF2841.3XE /c c:\combofix\Combobatch.bat
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" -hide -runkey
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 DasBoot;Panda AntiMalware Support;c:\windows\\SystemRoot\system32\drivers\DasBoot.SYS [x]
R0 DasBootF;Panda AntiMalware Support MF;c:\windows\\SystemRoot\system32\drivers\DasBootF.SYS [x]
R0 PRSBDRVR;Nemesis Link;c:\windows\\SystemRoot\system32\drivers\PRSBDRVR.SYS [x]
R1 MpKsla794a8f9;MpKsla794a8f9;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FEE87E2C-C873-4D68-BDF5-94E530539335}\MpKsla794a8f9.sys [2013-11-14 40392]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-10 45288]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-10-19 30976]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-11-14 47064]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-11-27 594048]
S0 lswd2yhn;Vba32 Armour Driver;c:\windows\System32\Drivers\lswd2yhn.sys [2013-10-31 35904]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2013-04-16 01:09]
.
2013-11-18 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 15:11]
.
.
------- Supplementary Scan -------
.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000


FF - ProfilePath - c:\documents and settings\RICH\Application Data\Mozilla\Firefox\Profiles\ud60wonb.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-18 02:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(540)
c:\windows\system32\WININET.dll
.
Completion time: 2013-11-18  02:19:17
ComboFix-quarantined-files.txt  2013-11-18 07:19
ComboFix2.txt  2013-10-23 17:28
.
Pre-Run: 93,735,489,536 bytes free
Post-Run: 93,736,230,912 bytes free
.
- - End Of File - - A231F0EA2F9322BBFCA011F0F7F37137
8F558EB6672622401DA993E1E865C861
 

[kevinf80]

can you run Combofix one more time in Normal mode, go here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe for a fresh version, delete the old one..

[hiesenberg]

fresh download, combo fix log/normal mode-

 

ComboFix 13-11-18.01 - RICH 11/18/2013  21:10:22.5.1 - x86
Running from: c:\documents and settings\RICH\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-19 to 2013-11-19  )))))))))))))))))))))))))))))))
.
.
2013-11-14 22:37 . 2013-11-14 22:37    --------    d-sh--w-    c:\documents and settings\RICH\PrivacIE
2013-11-14 22:01 . 2013-11-18 07:29    105176    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-14 21:42 . 2013-11-14 21:42    40392    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FEE87E2C-C873-4D68-BDF5-94E530539335}\MpKsla794a8f9.sys
2013-11-13 14:10 . 2013-10-14 06:39    7796464    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FEE87E2C-C873-4D68-BDF5-94E530539335}\mpengine.dll
2013-11-13 00:06 . 2013-10-13 07:25    522240    -c----w-    c:\windows\system32\dllcache\jsdbgui.dll
2013-11-12 18:29 . 2013-06-12 18:10    31848    ----a-w-    c:\windows\system32\drivers\DasPtct.SYS
2013-11-12 18:25 . 2013-11-13 04:49    --------    d-----w-    c:\program files\Panda Security
2013-10-31 23:44 . 2013-10-31 23:44    --------    d-----w-    C:\FRST
2013-10-31 20:43 . 2013-10-31 20:43    35904    ----a-w-    c:\windows\system32\drivers\lswd2yhn.sys
2013-10-31 20:01 . 2013-10-31 20:01    782640    ----a-w-    C:\Iexplore.exe.exe
2013-10-28 16:18 . 2013-11-18 15:21    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-10-24 15:19 . 2013-10-14 06:39    7796464    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-23 01:12 . 2013-10-18 05:11    24064    ----a-w-    c:\windows\zoek-delete.exe
2013-10-23 01:08 . 2013-10-23 01:08    --------    d-----w-    C:\zoek_backup
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-18 07:25 . 2013-10-04 04:13    47064    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-10-31 19:59 . 2013-10-31 19:59    1472131    ----a-w-    C:\vba32arkit.zip
2013-10-19 07:33 . 2013-10-19 07:33    30976    ----a-w-    c:\windows\system32\drivers\hitmanpro37.sys
2013-10-13 07:25 . 2008-04-14 12:00    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-10-13 07:25 . 2008-04-14 12:00    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-10-13 07:25 . 2008-04-14 12:00    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-10-13 07:24 . 2008-04-14 12:00    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-10-13 06:57 . 2008-04-14 12:00    385024    ----a-w-    c:\windows\system32\html.iec
2013-10-12 15:56 . 2008-04-14 12:00    278528    ----a-w-    c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2008-04-14 12:00    287744    ----a-w-    c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2008-04-14 12:00    603136    ----a-w-    c:\windows\system32\crypt32.dll
2013-10-05 01:14 . 2013-04-19 21:58    7168    ----a-w-    c:\windows\system32\xpsp4res.dll
2013-10-01 23:31 . 2013-10-01 23:32    1207928    ----a-w-    c:\program files\rc-installer.exe
2013-09-19 07:54 . 2013-09-19 07:40    181064    ----a-w-    c:\windows\PSEXESVC.EXE
2013-09-17 15:26 . 2013-09-17 15:26    325960    ----a-w-    c:\program files\lua5.1.dll
2013-09-04 03:02 . 2013-07-19 00:22    1966080    ----a-w-    c:\program files\Repair_Windows.exe
2013-08-29 01:31 . 2008-04-14 12:00    1878656    ----a-w-    c:\windows\system32\win32k.sys
2013-04-19 22:40 . 2013-04-19 22:40    11091432    ----a-w-    c:\program files\MSEInstall.exe
2013-03-25 03:24 . 2013-03-25 03:24    2483904    ----a-w-    c:\program files\Procmon.exe
2011-03-08 17:54 . 2013-07-19 00:22    229376    ----a-w-    c:\program files\pcwintech_tabs.ocx
2009-03-24 19:52 . 2013-07-19 00:22    1069376    ----a-w-    c:\program files\MSCOMCTL.OCX
2009-03-24 19:52 . 2013-07-19 00:22    136008    ----a-w-    c:\program files\msinet.ocx
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-04-12 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\40286280.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\65300409.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"AlcxMonitor"=ALCXMNTR.EXE
"combofix"=c:\combofix\CF2841.3XE /c c:\combofix\Combobatch.bat
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" -hide -runkey
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 DasBoot;Panda AntiMalware Support;c:\windows\\SystemRoot\system32\drivers\DasBoot.SYS [x]
R0 DasBootF;Panda AntiMalware Support MF;c:\windows\\SystemRoot\system32\drivers\DasBootF.SYS [x]
R0 PRSBDRVR;Nemesis Link;c:\windows\\SystemRoot\system32\drivers\PRSBDRVR.SYS [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-10 45288]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-10-19 30976]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-11-18 47064]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2013-11-18 105176]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-11-27 594048]
S0 lswd2yhn;Vba32 Armour Driver;c:\windows\System32\Drivers\lswd2yhn.sys [2013-10-31 35904]
S1 MpKsla794a8f9;MpKsla794a8f9;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FEE87E2C-C873-4D68-BDF5-94E530539335}\MpKsla794a8f9.sys [2013-11-14 40392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2013-04-16 01:09]
.
2013-11-19 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 15:11]
.
.
------- Supplementary Scan -------
.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000


FF - ProfilePath - c:\documents and settings\RICH\Application Data\Mozilla\Firefox\Profiles\ud60wonb.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-18 21:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1024)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-11-18  21:20:41
ComboFix-quarantined-files.txt  2013-11-19 02:20
ComboFix2.txt  2013-11-18 07:19
.
Pre-Run: 93,742,182,400 bytes free
Post-Run: 93,730,934,784 bytes free
.
- - End Of File - - DA98046EA348473320B250C20A2F49A6
8F558EB6672622401DA993E1E865C861
 

[kevinf80]

What is the status of your system now, what specific issues or concerns remain...

 

Thanks,

 

Kevin...

[hiesenberg]

Hi Kevin:

Pc seems to be working good, all quiet with the taskbar issue for now. But I would like to give it a couple of days to make sure if that's okay? How do I get rid of a "found new hardware" recurring alert at boot-up? It keeps trying to install some pci modem of some kind? Thanks!