Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

ZeroAccess Infection [Solved]

Started by Spyderturbo007 , Nov 27 2013 08:44 AM

This topic is locked

#1
Spyderturbo007

Posted 27 November 2013 - 08:44 AM

Member

Member
760 posts

I started noticing that there were some really weird files and shortcuts on my computer that I didn't put there. I ran a few scans and sure enough found the Google Desktop install folder and was told that I was infected. My router kept blocking incoming connections from port 16464, so I blocked that outbound as well. As soon as I did that, the IP address of my computer flooded the router log. Apparently it was doing something it shouldn't have been doing over that port.

I ran some programs trying to remove the infection but again this morning, there were some of those files back that had been deleted yesterday. I am also unable to access some websites even after flushing my DNS and trying different DNS servers.

I'm pretty sure there is still something going on with this thing.

Thanks for your time and have a wonderful holiday!

lly weOTL logfile created on: 11/27/2013 8:36:43 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin.MAS_SERVER\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 77.39% Memory free
5.09 Gb Paging File | 4.49 Gb Available in Paging File | 88.31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 220.68 Gb Free Space | 94.81% Space Free | Partition Type: NTFS
Drive D: | 149.01 Gb Total Space | 54.35 Gb Free Space | 36.47% Space Free | Partition Type: NTFS
Drive Z: | 110.43 Gb Total Space | 16.58 Gb Free Space | 15.01% Space Free | Partition Type: NTFS

Computer Name: MAS-SERVER | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/27 08:36:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin.MAS_SERVER\Desktop\OTL.exe
PRC - [2013/11/05 06:16:00 | 000,202,576 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2013/11/05 06:15:38 | 000,375,120 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/12/08 08:58:39 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/09/11 04:27:56 | 000,189,056 | ---- | M] (Genie-soft) -- C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/06 07:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/06/12 10:01:14 | 000,180,224 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
PRC - [2006/05/16 12:35:08 | 000,102,400 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
PRC - [2006/05/15 19:19:00 | 000,315,392 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\common\DataServer.exe
PRC - [2006/03/17 17:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/01/30 17:11:48 | 000,192,512 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE

========== Modules (No Company Name) ==========

MOD - [2010/08/10 12:29:24 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_478ea060\mscorlib.dll
MOD - [2008/04/06 08:52:48 | 000,196,608 | ---- | M] () -- C:\Program Files\Genie-Soft\GBMPro8\gs_encryption.dll
MOD - [2008/04/06 08:45:48 | 000,196,608 | ---- | M] () -- C:\Program Files\Genie-Soft\GBMPro8\GSLogging.dll
MOD - [2006/06/12 10:01:18 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\TspPopup_ENU.dll
MOD - [2006/06/12 10:01:16 | 000,348,160 | ---- | M] () -- C:\WINDOWS\system32\Tsp.dll
MOD - [2006/06/12 10:01:14 | 000,180,224 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
MOD - [2006/05/16 12:34:22 | 000,286,720 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll
MOD - [2006/05/16 12:33:06 | 000,004,096 | ---- | M] () -- C:\WINDOWS\system32\detoured.dll
MOD - [2006/05/04 11:08:30 | 000,038,400 | ---- | M] () -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WxEtsEula.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/11/25 09:58:32 | 000,244,732 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Documents and Settings\Admin.MAS_SERVER\Application Data\Microsoft\Aiyxqxqa\aiyxqxqa.exe -- (wiarbsxhw)
SRV - [2013/11/05 06:16:00 | 000,202,576 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2013/11/05 06:15:38 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/12/08 08:58:39 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006/06/12 10:01:14 | 000,180,224 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2006/05/15 19:19:00 | 000,315,392 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\common\DataServer.exe -- (DataSvr2)
SRV - [2006/03/17 17:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMIN~1.MAS\LOCALS~1\Temp\mfe_rr.sys -- (MFE_RR)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMIN~1.MAS\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/11/05 06:15:39 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/05/24 07:21:30 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2006/11/01 23:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/05/01 07:09:32 | 000,152,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/03/20 15:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/12/09 15:35:00 | 000,018,816 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2003/04/24 15:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

O1 HOSTS File: ([2013/11/26 20:03:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [GBMPro8Agent] C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe (Genie-soft)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [] Reg Error: Value error. File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe (Wave Systems Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D2D9338-253D-4F8F-9C19-B8ADA72A25A2}: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.0.1
O20 - AppInit_DLLs: (C:\WINDOWS\system32\wxvault.dll) - C:\WINDOWS\system32\wxvault.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/27 08:36:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin.MAS_SERVER\Desktop\OTL.exe
[2013/11/27 08:20:28 | 001,091,793 | ---- | C] (Farbar) -- C:\Documents and Settings\Admin.MAS_SERVER\Desktop\FRST.exe
[2013/11/27 07:09:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/11/26 20:05:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/11/26 19:58:03 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/11/26 19:50:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin.MAS_SERVER\My Documents\My Videos
[2013/11/26 19:50:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/11/26 19:44:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/11/26 14:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.MAS_SERVER\Application Data\Malwarebytes
[2013/11/26 14:35:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/26 14:35:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/11/26 14:35:45 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/11/26 14:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/11/26 13:39:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.MAS_SERVER\Desktop\Removal Tools
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/27 08:36:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin.MAS_SERVER\Desktop\OTL.exe
[2013/11/27 08:34:55 | 001,091,793 | ---- | M] (Farbar) -- C:\Documents and Settings\Admin.MAS_SERVER\Desktop\FRST.exe
[2013/11/27 07:46:20 | 000,001,186 | -H-- | M] () -- C:\Documents and Settings\Admin.MAS_SERVER\My Documents\Default.rdp
[2013/11/27 07:09:56 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\GBM - MAS Backup-Incremental.job
[2013/11/27 01:05:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\mxsaiyxqxqaupd.job
[2013/11/26 22:25:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2013/11/26 22:25:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/11/26 22:24:49 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/11/26 22:24:49 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/11/26 22:20:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/26 20:03:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/11/26 19:58:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/11/26 14:35:46 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/24 23:11:17 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\GBM - MAS Backup-Full.job
[2013/11/05 06:15:39 | 000,086,888 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2013/11/05 06:15:39 | 000,085,832 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2013/11/05 06:15:39 | 000,031,560 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2013/10/28 10:13:46 | 000,000,258 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ajiudfrifr.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/26 19:58:06 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/11/26 19:58:03 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/11/26 14:35:46 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/28 10:13:46 | 000,000,258 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ajiudfrifr.lnk
[2012/09/06 09:48:34 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Admin.MAS_SERVER\Local Settings\Application Data\dt.dat
[2012/02/01 11:55:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/10 12:45:13 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Admin.MAS_SERVER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/15 11:28:01 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Admin.MAS_SERVER\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2004/08/11 17:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2007/10/11 00:13:45 | 001,494,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 04:01:53 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004/08/04 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2007/09/14 09:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.MAS_SERVER\Application Data\Genie-soft
[2007/03/16 14:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.MAS_SERVER\Application Data\Kana Solution
[2007/03/16 16:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.MAS_SERVER\Application Data\Leadertech
[2007/04/02 11:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.MAS_SERVER\Application Data\Softland
[2013/08/23 13:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.MAS_SERVER\Application Data\Wave Systems Corp
[2007/03/15 11:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7(2)
[2010/10/29 07:51:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2007/05/14 10:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FAM
[2007/09/14 09:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Genie-Soft
[2007/03/15 11:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft(2)
[2013/11/27 00:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2013/03/14 12:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2007/02/07 00:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp

========== Purity Check ==========

< End of report >

#2
Machiavelli

Posted 27 November 2013 - 08:47 AM

GeekU Moderator

GeekU Moderator
4,722 posts

Welcome to GeeksToGo, Spyderturbo007

My name is Machiavelli and I'll try to fix your PC problems. If you are in SafeMode then print my instructions! Removing Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do, just ask me! Please stay in contact with me until the problem is fixed.

Posted Image

!NOTE! Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.

#3
Machiavelli

Posted 27 November 2013 - 10:07 AM

GeekU Moderator

GeekU Moderator
4,722 posts

Backdoor Warning

In your logs I see a Backdoor. That means that your machine is infected with some nasty files which can steal some information. It is difficult to tell whether or not any data has been stolen and finding out which is true instead of doing countermeasures is unproductive. In this light, for your safety, assume that your log-in details and other information have been accessed by another source.
Below are the steps that you should administer:

Please disconnect from the Internet! Also don't use it while we are cleaning the infected machine. This is especially true when you are using the computer in question for online banking and other sites that require sensitive and personal information.
It is strongly advised that you change your passwords on a clean PC and notify the bank immediately to watch out for suspicious transactions.

I can try to clean the infection but I have to say your computer is very likely compromised and that there is no way to be sure your computer can ever again be trusted.Experts in the security community believe that a reformat and re-installation of the operating system is the best solution. Please peruse the following if you would like to know more:

Now - you decide if you want to reformat the PC or to cleaning the PC. Think of it and choose the best solution for you! Let me know of your decision. If you decide to go through the proceed, please proceed with the following steps.

OTL Fix

Run OTL.

Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:

:Commands
[CreateRestorePoint]

:OTL
O4 - HKCU..\Run: [] Reg Error: Value error. File not found
[2013/11/27 01:05:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\mxsaiyxqxqaupd.job
[2013/10/28 10:13:46 | 000,000,258 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ajiudfrifr.lnk
[2012/09/06 09:48:34 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Admin.MAS_SERVER\Local Settings\Application Data\dt.dat

:Commands
[EMPTYTEMP]

Click the Run Fix button.
After your computer has rebooted, a logfile will open - please post the content of that Log into your next reply.

Farbar Recovery Scan Tool (FRST)

Run FRST.
Click Scan to start FRST.
When FRST finishes scanning, a log, FRST.txt, will open.
Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

#4
Spyderturbo007

Posted 27 November 2013 - 10:50 AM

Member

Topic Starter
Member
760 posts

Thank you so much for your help, Machiavelli!

One thing I noticed when trying to run Farbar, was that it kept giving me an error that it encountered a problem and needed to close. I was able to get it to run, but I had to right click, run as Administrator and then enter my Admin credentials, even though I'm logged in as the Admin. I'm not sure if that's normal with that program, but thought it might be of interest.

OTL Log following Reboot:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
C:\WINDOWS\tasks\mxsaiyxqxqaupd.job moved successfully.
C:\Documents and Settings\All Users\Documents\ajiudfrifr.lnk moved successfully.
C:\Documents and Settings\Admin.MAS_SERVER\Local Settings\Application Data\dt.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 136036 bytes

User: Admin.MAS_SERVER
->Temp folder emptied: 2226895 bytes
->Temporary Internet Files folder emptied: 19228639 bytes
->Java cache emptied: 9956899 bytes
->Flash cache emptied: 602 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 12118713 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 144594 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 11124870 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34700642 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 86.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11272013_101747

Files\Folders moved on Reboot...
C:\Documents and Settings\Admin.MAS_SERVER\Local Settings\Temp\~aiyxqxqa.tmp moved successfully.
C:\Documents and Settings\Admin.MAS_SERVER\Local Settings\Temporary Internet Files\Content.IE5\XC5QBBJ9\335291-zeroaccess-infection[1].htm moved successfully.
C:\Documents and Settings\Admin.MAS_SERVER\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Farbar Log File:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-11-2013
Ran by Admin (administrator) on MAS-SERVER on 27-11-2013 10:46:43
Running from C:\Documents and Settings\Admin.MAS_SERVER\Desktop
Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Broadcom Corporation) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\common\DataServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
(Sonic Solutions) C:\WINDOWS\system32\DLA\DLACTRLW.EXE
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Genie-soft) C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Microsoft Corporation) C:\Documents and Settings\Admin.MAS_SERVER\Application Data\Microsoft\Aiyxqxqa\aiyxqxqa.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SigmatelSysTrayApp] - C:\WINDOWS\stsystra.exe [282624 2006-03-20] (SigmaTel, Inc.)
HKLM\...\Run: [Document Manager] - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe [102400 2006-05-16] (Wave Systems Corp.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [151552 2006-07-06] (Intel Corporation)
HKLM\...\Run: [DVDLauncher] - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [49152 2005-12-09] (CyberLink Corp.)
HKLM\...\Run: [DLA] - C:\WINDOWS\system32\DLA\DLACTRLW.EXE [122940 2005-09-08] (Sonic Solutions)
HKLM\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [GBMPro8Agent] - C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe [189056 2008-09-11] (Genie-soft)
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2008-08-11] (LogMeIn, Inc.)
Winlogon\Notify\LMIinit: C:\Windows\system32\LMIinit.dll (LogMeIn, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\Administrator\...\Run: [ctfmon.exe] - C:\Documents and Settings\Administrator\Application Data\Microsoft\Qgmkep\qgmkep.exe [ 2013-11-27] (Microsoft Corporation)
HKU\Administrator\...\Run: [otswgwz] - C:\Documents and Settings\Administrator\Application Data\Microsoft\Qgmkep\qgmkep.exe [ 2013-11-27] (Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS\system32\wxvault.dll [ 2006-05-16] ()
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\qgmkep.lnk
ShortcutTarget: qgmkep.lnk -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Qgmkep\qgmkep.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk
ShortcutTarget: EMBASSY Trust Suite Secure Update.lnk -> C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe (Wave Systems Corp.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} - No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8460800 2008-07-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.94.156.1 68.94.157.1 192.168.0.1

========================== Services (Whitelisted) =================

R2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [65536 2006-03-17] (Broadcom Corporation)
R2 DataSvr2; C:\Program Files\Wave Systems Corp\Common\DataServer.exe [315392 2006-05-15] (Wave Systems Corp.)
S4 RemoteAccess; C:\Windows\system32\svchost.exe [14336 2004-08-04] (Microsoft Corporation)
R2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe [180224 2006-06-12] ()
S2 wiarbsxhw; C:\Documents and Settings\Admin.MAS_SERVER\Application Data\Microsoft\Aiyxqxqa\aiyxqxqa.exe [244732 2013-11-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 atmeltpm; C:\Windows\System32\DRIVERS\atmeltpm.sys [15872 2005-05-17] (Atmel, Inc.)
R2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [6025 2003-04-24] (Broadcom Corporation)
R2 DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [25628 2005-09-08] (Sonic Solutions)
R1 DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [5628 2005-08-25] (Sonic Solutions)
R2 DLADResN; C:\Windows\System32\DLA\DLADResN.SYS [2496 2005-09-08] (Sonic Solutions)
R2 DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [86524 2005-09-08] (Sonic Solutions)
R2 DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [14684 2005-09-08] (Sonic Solutions)
R2 DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [6364 2005-09-08] (Sonic Solutions)
R1 DLARTL_N; C:\Windows\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions)
R2 DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [94332 2005-09-08] (Sonic Solutions)
R2 DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [87036 2005-09-08] (Sonic Solutions)
R2 DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions)
R0 PBADRV; C:\Windows\System32\drivers\pbadrv.sys [18816 2005-12-09] (Dell Inc)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1156648 2006-03-20] (SigmaTel, Inc.)
S3 catchme; \??\C:\DOCUME~1\ADMIN~1.MAS\LOCALS~1\Temp\catchme.sys [x]
S4 LMIRfsClientNP; No ImagePath
S3 MFE_RR; \??\C:\DOCUME~1\ADMIN~1.MAS\LOCALS~1\Temp\mfe_rr.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-27 10:46 - 2013-11-27 10:46 - 00007977 _____ C:\Documents and Settings\Admin.MAS_SERVER\Desktop\FRST.txt
2013-11-27 10:46 - 2013-11-27 10:46 - 00000000 ____D C:\FRST
2013-11-27 10:45 - 2013-11-27 10:45 - 01091793 _____ (Farbar) C:\Documents and Settings\Admin.MAS_SERVER\Desktop\FRST.exe
2013-11-27 10:44 - 2013-11-27 10:44 - 00360881 _____ (Farbar) C:\Documents and Settings\Admin.MAS_SERVER\Desktop\FSS.exe
2013-11-27 10:44 - 2013-11-27 10:44 - 00002653 _____ C:\Documents and Settings\Admin.MAS_SERVER\Desktop\Response.txt
2013-11-27 10:34 - 2013-11-27 10:35 - 00000116 _____ C:\WINDOWS\setupact.log
2013-11-27 10:34 - 2013-11-27 10:34 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-27 10:34 - 2004-08-04 00:56 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2013-11-27 10:34 - 2004-08-04 00:56 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidserv.dll
2013-11-27 10:34 - 2004-08-03 23:08 - 00031616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2013-11-27 10:34 - 2004-08-03 23:08 - 00031616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2013-11-27 10:17 - 2013-11-27 10:17 - 00000000 ____D C:\_OTL
2013-11-27 09:24 - 2013-11-27 09:24 - 00000589 _____ C:\Documents and Settings\Admin.MAS_SERVER\Desktop\JRT.txt
2013-11-27 08:38 - 2013-11-27 08:38 - 00042992 _____ C:\Documents and Settings\Admin.MAS_SERVER\Desktop\OTL.Txt
2013-11-27 08:36 - 2013-11-27 08:36 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Admin.MAS_SERVER\Desktop\OTL.exe
2013-11-27 07:46 - 2013-11-27 07:46 - 00002844 _____ C:\Documents and Settings\Admin.MAS_SERVER\Desktop\Rkill.txt
2013-11-27 07:15 - 2013-11-27 10:37 - 00016292 _____ C:\WINDOWS\setupapi.log
2013-11-26 22:45 - 2013-11-26 22:45 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-11-26 19:58 - 2013-11-26 19:58 - 00000000 _RSHD C:\cmdcons
2013-11-26 19:58 - 2007-03-15 11:39 - 00000211 _____ C:\Boot.bak
2013-11-26 19:58 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-11-26 19:50 - 2013-11-26 22:30 - 00000000 ____D C:\WINDOWS\erdnt
2013-11-26 19:44 - 2013-11-26 19:44 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-26 14:35 - 2013-11-26 14:35 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-26 14:35 - 2013-11-26 14:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-26 14:35 - 2013-11-26 14:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-11-26 14:35 - 2013-11-26 14:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-11-26 14:35 - 2013-11-26 14:35 - 00000000 ____D C:\Documents and Settings\Admin.MAS_SERVER\Application Data\Malwarebytes
2013-11-26 14:35 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-11-26 13:39 - 2013-11-26 22:30 - 00000000 ____D C:\Documents and Settings\Admin.MAS_SERVER\Desktop\Removal Tools

==================== One Month Modified Files and Folders =======

2013-11-27 10:46 - 2013-11-27 10:46 - 00007977 _____ C:\Documents and Settings\Admin.MAS_SERVER\Desktop\FRST.txt
2013-11-27 10:46 - 2013-11-27 10:46 - 00000000 ____D C:\FRST
2013-11-27 10:46 - 2004-08-11 17:13 - 01815144 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-27 10:45 - 2013-11-27 10:45 - 01091793 _____ (Farbar) C:\Documents and Settings\Admin.MAS_SERVER\Desktop\FRST.exe
2013-11-27 10:44 - 2013-11-27 10:44 - 00360881 _____ (Farbar) C:\Documents and Settings\Admin.MAS_SERVER\Desktop\FSS.exe
2013-11-27 10:44 - 2013-11-27 10:44 - 00002653 _____ C:\Documents and Settings\Admin.MAS_SERVER\Desktop\Response.txt
2013-11-27 10:39 - 2007-02-07 00:30 - 00000000 _____ C:\WINDOWS\system32\NvwsApps.xml
2013-11-27 10:39 - 2004-08-11 17:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-27 10:37 - 2013-11-27 07:15 - 00016292 _____ C:\WINDOWS\setupapi.log
2013-11-27 10:37 - 2004-08-11 17:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-27 10:37 - 2004-08-11 17:11 - 00000000 ____D C:\WINDOWS\Registration
2013-11-27 10:35 - 2013-11-27 10:34 - 00000116 _____ C:\WINDOWS\setupact.log
2013-11-27 10:34 - 2013-11-27 10:34 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-27 10:17 - 2013-11-27 10:17 - 00000000 ____D C:\_OTL
2013-11-27 09:24 - 2013-11-27 09:24 - 00000589 _____ C:\Documents and Settings\Admin.MAS_SERVER\Desktop\JRT.txt
2013-11-27 08:59 - 2007-03-15 11:28 - 00000000 ____D C:\Documents and Settings\Admin.MAS_SERVER\Application Data\Wave Systems Corp
2013-11-27 08:38 - 2013-11-27 08:38 - 00042992 _____ C:\Documents and Settings\Admin.MAS_SERVER\Desktop\OTL.Txt
2013-11-27 08:36 - 2013-11-27 08:36 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Admin.MAS_SERVER\Desktop\OTL.exe
2013-11-27 07:52 - 2004-08-11 17:12 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-11-27 07:46 - 2013-11-27 07:46 - 00002844 _____ C:\Documents and Settings\Admin.MAS_SERVER\Desktop\Rkill.txt
2013-11-27 07:46 - 2007-03-15 14:47 - 00001186 ____H C:\Documents and Settings\Admin.MAS_SERVER\My Documents\Default.rdp
2013-11-27 07:09 - 2013-02-21 10:24 - 00000458 _____ C:\WINDOWS\Tasks\GBM - MAS Backup-Incremental.job
2013-11-27 00:16 - 2009-11-09 13:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LogMeIn
2013-11-26 23:00 - 2004-08-11 17:02 - 00000000 ____D C:\WINDOWS\repair
2013-11-26 22:47 - 2007-05-11 12:52 - 00000000 ____D C:\Documents and Settings\Admin.MAS_SERVER\Local Settings\Application Data\Adobe
2013-11-26 22:45 - 2013-11-26 22:45 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-11-26 22:45 - 2011-08-08 09:15 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-11-26 22:30 - 2013-11-26 19:50 - 00000000 ____D C:\WINDOWS\erdnt
2013-11-26 22:30 - 2013-11-26 13:39 - 00000000 ____D C:\Documents and Settings\Admin.MAS_SERVER\Desktop\Removal Tools
2013-11-26 22:24 - 2004-08-11 17:07 - 00441436 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-26 22:19 - 2004-08-11 17:20 - 00032420 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-26 20:03 - 2004-08-11 17:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-11-26 20:02 - 2007-03-15 11:28 - 00000000 ____D C:\Documents and Settings\Admin.MAS_SERVER
2013-11-26 19:58 - 2013-11-26 19:58 - 00000000 _RSHD C:\cmdcons
2013-11-26 19:58 - 2004-08-11 17:00 - 00000327 __RSH C:\boot.ini
2013-11-26 19:44 - 2013-11-26 19:44 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-26 14:35 - 2013-11-26 14:35 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-26 14:35 - 2013-11-26 14:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-26 14:35 - 2013-11-26 14:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-11-26 14:35 - 2013-11-26 14:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-11-26 14:35 - 2013-11-26 14:35 - 00000000 ____D C:\Documents and Settings\Admin.MAS_SERVER\Application Data\Malwarebytes
2013-11-26 14:22 - 2009-11-09 13:57 - 00000719 _____ C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk
2013-11-26 14:22 - 2009-11-09 13:57 - 00000000 ____D C:\Program Files\LogMeIn
2013-11-24 23:11 - 2013-02-21 10:24 - 00000458 _____ C:\WINDOWS\Tasks\GBM - MAS Backup-Full.job
2013-11-05 06:15 - 2009-11-09 13:57 - 00086888 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2013-11-05 06:15 - 2009-11-09 13:57 - 00085832 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2013-11-05 06:15 - 2009-11-09 13:57 - 00031560 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2004-08-11 17:00] - [2007-06-13 04:23] - 1033216 ____N (Microsoft Corporation) 97bd6515465659ff8f3b7be375b2ea87

C:\Windows\System32\winlogon.exe
[2004-08-11 17:00] - [2004-08-04 05:00] - 0502272 ____N (Microsoft Corporation) 01c3346c241652f43aed8e2149881bfe

C:\Windows\System32\svchost.exe
[2004-08-11 17:00] - [2004-08-04 05:00] - 0014336 ____N (Microsoft Corporation) 8f078ae4ed187aaabc0a305146de6716

C:\Windows\System32\services.exe
[2004-08-11 17:00] - [2009-02-06 04:22] - 0110592 ____N (Microsoft Corporation) 4712531ab7a01b7ee059853ca17d39bd

C:\Windows\System32\User32.dll
[2004-08-11 17:00] - [2007-03-08 09:36] - 0577536 ____N (Microsoft Corporation) b409909f6e2e8a7067076ed748abf1e7

C:\Windows\System32\userinit.exe
[2004-08-11 17:00] - [2004-08-04 05:00] - 0024576 ____N (Microsoft Corporation) 39b1ffb03c2296323832acbae50d2aff

C:\Windows\System32\Drivers\volsnap.sys
[2004-08-11 17:00] - [2004-08-04 05:00] - 0052352 ____N (Microsoft Corporation) ee4660083deba849ff6c485d944b379b

==================== End Of Log ============================

#5
Machiavelli

Posted 27 November 2013 - 12:21 PM

GeekU Moderator

GeekU Moderator
4,722 posts

FRST Fix

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 (as Administrator) and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Farbar Recovery Scan Tool (FRST)

Run FRST as Administrator if possible.
Click Scan to start FRST.
When FRST finishes scanning, a log, FRST.txt, will open.
Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

aswMBR

Please download aswMBR from one of the links below and save it to your Desktop.

Download Mirror #1

Right-click on aswMBR.exe and select Run as Administrator.
Click Yes when asked to download the Avast! definitions.
Click Scan to initiate the scan.
When the scan finishes, click Save Log and save this to your Desktop.
Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Question

How is your PC running? Any issues?

Attached Files

fixlist.txt 862bytes 134 downloads

#6
Spyderturbo007

Posted 27 November 2013 - 12:45 PM

Member

Topic Starter
Member
760 posts

Hi Machiavelli. The computer seems to be running okay, but it's still acting weird online. For example, I was unable to download the aswMBR file. Internet Explorer gives me the "Webpage not available" error message. I can navigate to the Geeks To Go Website, but if I try to go to www.eset.com it changes the address that I typed into the address bar into "http:///?%20www.eset.com" and then says "Address not Valid" and never goes to that page.

I was able to download the aswMBR on a different computer and copy it over though.

Thanks!!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-11-2013 01
Ran by Admin at 2013-11-27 12:31:53 Run:1
Running from C:\Documents and Settings\Admin.MAS_SERVER\Desktop\FRST
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\Administrator\...\Run: [ctfmon.exe] - C:\Documents and Settings\Administrator\Application Data\Microsoft\Qgmkep\qgmkep.exe [ 2013-11-27] (Microsoft Corporation)
HKU\Administrator\...\Run: [otswgwz] - C:\Documents and Settings\Administrator\Application Data\Microsoft\Qgmkep\qgmkep.exe [ 2013-11-27] (Microsoft Corporation)
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\qgmkep.lnk
ShortcutTarget: qgmkep.lnk -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Qgmkep\qgmkep.exe (Microsoft Corporation)
S2 wiarbsxhw; C:\Documents and Settings\Admin.MAS_SERVER\Application Data\Microsoft\Aiyxqxqa\aiyxqxqa.exe [244732 2013-11-25] (Microsoft Corporation)
C:\Documents and Settings\Administrator\Application Data\Microsoft\Qgmkep
C:\Documents and Settings\Admin.MAS_SERVER\Application Data\Microsoft\Aiyxqxqa
*****************

HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe => Value deleted successfully.
HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Run\\otswgwz => Value deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\qgmkep.lnk => Moved successfully.
C:\Documents and Settings\Administrator\Application Data\Microsoft\Qgmkep\qgmkep.exe => Moved successfully.
wiarbsxhw => Service deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Microsoft\Qgmkep => Moved successfully.
C:\Documents and Settings\Admin.MAS_SERVER\Application Data\Microsoft\Aiyxqxqa => Moved successfully.

==== End of Fixlog ====

FRST Log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-11-2013 01
Ran by Admin (administrator) on MAS-SERVER on 27-11-2013 12:32:44
Running from C:\Documents and Settings\Admin.MAS_SERVER\Desktop\FRST
Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Broadcom Corporation) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\common\DataServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
(Sonic Solutions) C:\WINDOWS\system32\DLA\DLACTRLW.EXE
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Genie-soft) C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
() C:\Documents and Settings\Admin.MAS_SERVER\Application Data\Microsoft\Aiyxqxqa\aiyxqxqa.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SigmatelSysTrayApp] - C:\WINDOWS\stsystra.exe [282624 2006-03-20] (SigmaTel, Inc.)
HKLM\...\Run: [Document Manager] - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe [102400 2006-05-16] (Wave Systems Corp.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [151552 2006-07-06] (Intel Corporation)
HKLM\...\Run: [DVDLauncher] - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [49152 2005-12-09] (CyberLink Corp.)
HKLM\...\Run: [DLA] - C:\WINDOWS\system32\DLA\DLACTRLW.EXE [122940 2005-09-08] (Sonic Solutions)
HKLM\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [GBMPro8Agent] - C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe [189056 2008-09-11] (Genie-soft)
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2008-08-11] (LogMeIn, Inc.)
Winlogon\Notify\LMIinit: C:\Windows\system32\LMIinit.dll (LogMeIn, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
AppInit_DLLs: C:\WINDOWS\system32\wxvault.dll [ 2006-05-16] ()
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk
ShortcutTarget: EMBASSY Trust Suite Secure Update.lnk -> C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe (Wave Systems Corp.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} - No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8460800 2008-07-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.94.156.1 68.94.157.1 192.168.0.1

========================== Services (Whitelisted) =================

R2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [65536 2006-03-17] (Broadcom Corporation)
R2 DataSvr2; C:\Program Files\Wave Systems Corp\Common\DataServer.exe [315392 2006-05-15] (Wave Systems Corp.)
S4 RemoteAccess; C:\Windows\system32\svchost.exe [14336 2004-08-04] (Microsoft Corporation)
R2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe [180224 2006-06-12] ()

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 atmeltpm; C:\Windows\System32\DRIVERS\atmeltpm.sys [15872 2005-05-17] (Atmel, Inc.)
R2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [6025 2003-04-24] (Broadcom Corporation)
R2 DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [25628 2005-09-08] (Sonic Solutions)
R1 DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [5628 2005-08-25] (Sonic Solutions)
R2 DLADResN; C:\Windows\System32\DLA\DLADResN.SYS [2496 2005-09-08] (Sonic Solutions)
R2 DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [86524 2005-09-08] (Sonic Solutions)
R2 DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [14684 2005-09-08] (Sonic Solutions)
R2 DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [6364 2005-09-08] (Sonic Solutions)
R1 DLARTL_N; C:\Windows\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions)
R2 DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [94332 2005-09-08] (Sonic Solutions)
R2 DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [87036 2005-09-08] (Sonic Solutions)
R2 DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions)
R0 PBADRV; C:\Windows\System32\drivers\pbadrv.sys [18816 2005-12-09] (Dell Inc)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1156648 2006-03-20] (SigmaTel, Inc.)
S3 catchme; \??\C:\DOCUME~1\ADMIN~1.MAS\LOCALS~1\Temp\catchme.sys [x]
S4 LMIRfsClientNP; No ImagePath
S3 MFE_RR; \??\C:\DOCUME~1\ADMIN~1.MAS\LOCALS~1\Temp\mfe_rr.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-27 12:29 - 2013-11-27 12:32 - 00000000 ____D C:\Documents and Settings\Admin.MAS_SERVER\Desktop\FRST
2013-11-27 10:47 - 2013-11-27 10:47 - 00013426 _____ C:\Documents and Settings\Admin.MAS_SERVER\Desktop\Addition.txt
2013-11-27 10:46 - 2013-11-27 10:47 - 00017060 _____ C:\Documents and Settings\Admin.MAS_SERVER\Desktop\FRST.txt
2013-11-27 10:46 - 2013-11-27 10:46 - 00000000 ____D C:\FRST
2013-11-27 10:44 - 2013-11-27 10:44 - 00360881 _____ (Farbar) C:\Documents and Settings\Admin.MAS_SERVER\Desktop\FSS.exe
2013-11-27 10:44 - 2013-11-27 10:44 - 00002653 _____ C:\Documents and Settings\Admin.MAS_SERVER\Desktop\Response.txt
2013-11-27 10:34 - 2013-11-27 10:35 - 00000116 _____ C:\WINDOWS\setupact.log
2013-11-27 10:34 - 2013-11-27 10:34 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-27 10:34 - 2004-08-04 00:56 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2013-11-27 10:34 - 2004-08-04 00:56 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidserv.dll
2013-11-27 10:34 - 2004-08-03 23:08 - 00031616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2013-11-27 10:34 - 2004-08-03 23:08 - 00031616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2013-11-27 10:17 - 2013-11-27 10:17 - 00000000 ____D C:\_OTL
2013-11-27 09:24 - 2013-11-27 09:24 - 00000589 _____ C:\Documents and Settings\Admin.MAS_SERVER\Desktop\JRT.txt
2013-11-27 08:38 - 2013-11-27 08:38 - 00042992 _____ C:\Documents and Settings\Admin.MAS_SERVER\Desktop\OTL.Txt
2013-11-27 08:36 - 2013-11-27 08:36 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Admin.MAS_SERVER\Desktop\OTL.exe
2013-11-27 07:46 - 2013-11-27 07:46 - 00002844 _____ C:\Documents and Settings\Admin.MAS_SERVER\Desktop\Rkill.txt
2013-11-27 07:15 - 2013-11-27 10:37 - 00016292 _____ C:\WINDOWS\setupapi.log
2013-11-26 22:45 - 2013-11-26 22:45 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-11-26 19:58 - 2013-11-26 19:58 - 00000000 _RSHD C:\cmdcons
2013-11-26 19:58 - 2007-03-15 11:39 - 00000211 _____ C:\Boot.bak
2013-11-26 19:58 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-11-26 19:50 - 2013-11-26 22:30 - 00000000 ____D C:\WINDOWS\erdnt
2013-11-26 19:44 - 2013-11-26 19:44 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-26 14:35 - 2013-11-26 14:35 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-26 14:35 - 2013-11-26 14:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-26 14:35 - 2013-11-26 14:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-11-26 14:35 - 2013-11-26 14:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-11-26 14:35 - 2013-11-26 14:35 - 00000000 ____D C:\Documents and Settings\Admin.MAS_SERVER\Application Data\Malwarebytes
2013-11-26 14:35 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-11-26 13:39 - 2013-11-26 22:30 - 00000000 ____D C:\Documents and Settings\Admin.MAS_SERVER\Desktop\Removal Tools

==================== One Month Modified Files and Folders =======

2013-11-27 12:32 - 2013-11-27 12:29 - 00000000 ____D C:\Documents and Settings\Admin.MAS_SERVER\Desktop\FRST
2013-11-27 12:26 - 2004-08-11 17:13 - 01842794 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-27 10:47 - 2013-11-27 10:47 - 00013426 _____ C:\Documents and Settings\Admin.MAS_SERVER\Desktop\Addition.txt
2013-11-27 10:47 - 2013-11-27 10:46 - 00017060 _____ C:\Documents and Settings\Admin.MAS_SERVER\Desktop\FRST.txt
2013-11-27 10:46 - 2013-11-27 10:46 - 00000000 ____D C:\FRST
2013-11-27 10:44 - 2013-11-27 10:44 - 00360881 _____ (Farbar) C:\Documents and Settings\Admin.MAS_SERVER\Desktop\FSS.exe
2013-11-27 10:44 - 2013-11-27 10:44 - 00002653 _____ C:\Documents and Settings\Admin.MAS_SERVER\Desktop\Response.txt
2013-11-27 10:39 - 2007-02-07 00:30 - 00000000 _____ C:\WINDOWS\system32\NvwsApps.xml
2013-11-27 10:39 - 2004-08-11 17:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-27 10:37 - 2013-11-27 07:15 - 00016292 _____ C:\WINDOWS\setupapi.log
2013-11-27 10:37 - 2004-08-11 17:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-27 10:37 - 2004-08-11 17:11 - 00000000 ____D C:\WINDOWS\Registration
2013-11-27 10:35 - 2013-11-27 10:34 - 00000116 _____ C:\WINDOWS\setupact.log
2013-11-27 10:34 - 2013-11-27 10:34 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-27 10:17 - 2013-11-27 10:17 - 00000000 ____D C:\_OTL
2013-11-27 09:24 - 2013-11-27 09:24 - 00000589 _____ C:\Documents and Settings\Admin.MAS_SERVER\Desktop\JRT.txt
2013-11-27 08:59 - 2007-03-15 11:28 - 00000000 ____D C:\Documents and Settings\Admin.MAS_SERVER\Application Data\Wave Systems Corp
2013-11-27 08:38 - 2013-11-27 08:38 - 00042992 _____ C:\Documents and Settings\Admin.MAS_SERVER\Desktop\OTL.Txt
2013-11-27 08:36 - 2013-11-27 08:36 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Admin.MAS_SERVER\Desktop\OTL.exe
2013-11-27 07:52 - 2004-08-11 17:12 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-11-27 07:46 - 2013-11-27 07:46 - 00002844 _____ C:\Documents and Settings\Admin.MAS_SERVER\Desktop\Rkill.txt
2013-11-27 07:46 - 2007-03-15 14:47 - 00001186 ____H C:\Documents and Settings\Admin.MAS_SERVER\My Documents\Default.rdp
2013-11-27 07:09 - 2013-02-21 10:24 - 00000458 _____ C:\WINDOWS\Tasks\GBM - MAS Backup-Incremental.job
2013-11-27 00:16 - 2009-11-09 13:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LogMeIn
2013-11-26 23:00 - 2004-08-11 17:02 - 00000000 ____D C:\WINDOWS\repair
2013-11-26 22:47 - 2007-05-11 12:52 - 00000000 ____D C:\Documents and Settings\Admin.MAS_SERVER\Local Settings\Application Data\Adobe
2013-11-26 22:45 - 2013-11-26 22:45 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-11-26 22:45 - 2011-08-08 09:15 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-11-26 22:30 - 2013-11-26 19:50 - 00000000 ____D C:\WINDOWS\erdnt
2013-11-26 22:30 - 2013-11-26 13:39 - 00000000 ____D C:\Documents and Settings\Admin.MAS_SERVER\Desktop\Removal Tools
2013-11-26 22:24 - 2004-08-11 17:07 - 00441436 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-26 22:19 - 2004-08-11 17:20 - 00032420 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-26 20:03 - 2004-08-11 17:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-11-26 20:02 - 2007-03-15 11:28 - 00000000 ____D C:\Documents and Settings\Admin.MAS_SERVER
2013-11-26 19:58 - 2013-11-26 19:58 - 00000000 _RSHD C:\cmdcons
2013-11-26 19:58 - 2004-08-11 17:00 - 00000327 __RSH C:\boot.ini
2013-11-26 19:44 - 2013-11-26 19:44 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-26 14:35 - 2013-11-26 14:35 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-26 14:35 - 2013-11-26 14:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-26 14:35 - 2013-11-26 14:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-11-26 14:35 - 2013-11-26 14:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-11-26 14:35 - 2013-11-26 14:35 - 00000000 ____D C:\Documents and Settings\Admin.MAS_SERVER\Application Data\Malwarebytes
2013-11-26 14:22 - 2009-11-09 13:57 - 00000719 _____ C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk
2013-11-26 14:22 - 2009-11-09 13:57 - 00000000 ____D C:\Program Files\LogMeIn
2013-11-24 23:11 - 2013-02-21 10:24 - 00000458 _____ C:\WINDOWS\Tasks\GBM - MAS Backup-Full.job
2013-11-05 06:15 - 2009-11-09 13:57 - 00086888 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2013-11-05 06:15 - 2009-11-09 13:57 - 00085832 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2013-11-05 06:15 - 2009-11-09 13:57 - 00031560 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2004-08-11 17:00] - [2007-06-13 04:23] - 1033216 ____N (Microsoft Corporation) 97bd6515465659ff8f3b7be375b2ea87

C:\Windows\System32\winlogon.exe
[2004-08-11 17:00] - [2004-08-04 05:00] - 0502272 ____N (Microsoft Corporation) 01c3346c241652f43aed8e2149881bfe

C:\Windows\System32\svchost.exe
[2004-08-11 17:00] - [2004-08-04 05:00] - 0014336 ____N (Microsoft Corporation) 8f078ae4ed187aaabc0a305146de6716

C:\Windows\System32\services.exe
[2004-08-11 17:00] - [2009-02-06 04:22] - 0110592 ____N (Microsoft Corporation) 4712531ab7a01b7ee059853ca17d39bd

C:\Windows\System32\User32.dll
[2004-08-11 17:00] - [2007-03-08 09:36] - 0577536 ____N (Microsoft Corporation) b409909f6e2e8a7067076ed748abf1e7

C:\Windows\System32\userinit.exe
[2004-08-11 17:00] - [2004-08-04 05:00] - 0024576 ____N (Microsoft Corporation) 39b1ffb03c2296323832acbae50d2aff

C:\Windows\System32\Drivers\volsnap.sys
[2004-08-11 17:00] - [2004-08-04 05:00] - 0052352 ____N (Microsoft Corporation) ee4660083deba849ff6c485d944b379b

==================== End Of Log ============================

aswMBR Log:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-27 12:41:43
-----------------------------
12:41:43.000 OS Version: Windows 5.1.2600 Service Pack 2
12:41:43.000 Number of processors: 2 586 0xF06
12:41:43.000 ComputerName: MAS-SERVER UserName: Admin
12:41:43.484 Initialize success
12:42:42.000 AVAST engine download error: 0
12:43:33.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:43:33.953 Disk 0 Vendor: WDC_WD25 10.0 Size: 238418MB BusType: 3
12:43:33.953 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
12:43:33.953 Disk 1 Vendor: WDC_WD16 20.0 Size: 152587MB BusType: 3
12:43:34.140 Disk 0 MBR read successfully
12:43:34.140 Disk 0 MBR scan
12:43:34.140 Disk 0 Windows XP default MBR code
12:43:34.140 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
12:43:34.156 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 238355 MB offset 96390
12:43:34.156 Disk 0 scanning sectors +488247480
12:43:34.218 Disk 0 scanning C:\WINDOWS\system32\drivers
12:43:39.718 Service scanning
12:43:51.328 Modules scanning
12:43:54.296 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
12:43:55.218 Disk 0 trace - called modules:
12:43:55.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:43:55.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a68b708]
12:43:55.250 3 CLASSPNP.SYS[ba0e905b] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a6a1030]
12:43:55.250 Scan finished successfully
12:44:05.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin.MAS_SERVER\Desktop\MBR.dat"
12:44:05.375 The log file has been saved successfully to "C:\Documents and Settings\Admin.MAS_SERVER\Desktop\aswMBR.txt"

Edited by Spyderturbo007, 27 November 2013 - 12:46 PM.

#7
Machiavelli

Posted 27 November 2013 - 01:34 PM

GeekU Moderator

GeekU Moderator
4,722 posts

Malwarebytes' Anti-Malware

Start MBAM as Administrator - please go to the tab Updates and search for Updates - then go to the tab scanner
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy & Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

ESET Scan

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Click the green ESET Online Scanner box
Tick the box next to YES, I accept the Terms of Use
then click on: Start
You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
Make sure that the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Click on Start
The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close, make sure you copy the logfile first!
Paste that log as a reply to this topic.
Then click on Finish

Security Check

Download Security Check from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Question

How is your PC running? Any issues?

#8
Machiavelli

Posted 30 November 2013 - 01:25 PM

GeekU Moderator

GeekU Moderator
4,722 posts

Any problems with the instructions above? Are you still with me? If you need help with that just ask!

#9
Spyderturbo007

Posted 02 December 2013 - 08:26 AM

Member

Topic Starter
Member
760 posts

Hi Machiavelli. Sorry for the delay, but I was away for the holiday. Hopefully you had a good holiday too!

I am unable to access either the ESET Online Scanner website, nor can I download the Security Check file.

I tried resetting Internet Explorer and even tried downloading Firefox. When I try to do that, I get a Certificate Error message. I can click continue, but when I do a command prompt box appears and then disappears.

I also tried ipconfig /flushdns which didn't help either.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.02.05

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 7.0.5730.13
Admin :: MAS-SERVER [administrator]

12/2/2013 6:54:14 AM
mbam-log-2013-12-02 (06-54-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235168
Time elapsed: 3 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10
Machiavelli

Posted 02 December 2013 - 09:00 AM

GeekU Moderator

GeekU Moderator
4,722 posts

I want to check something first.

TDSS Killer

Please download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

#11
Spyderturbo007

Posted 02 December 2013 - 10:21 AM

Member

Topic Starter
Member
760 posts

I was unable to download that file as well and had to use another computer.

Thanks!!!

10:14:12.0171 0x0130 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
10:14:12.0953 0x0130 ============================================================
10:14:12.0953 0x0130 Current date / time: 2013/12/02 10:14:12.0953
10:14:12.0953 0x0130 SystemInfo:
10:14:12.0968 0x0130
10:14:12.0968 0x0130 OS Version: 5.1.2600 ServicePack: 2.0
10:14:12.0968 0x0130 Product type: Workstation
10:14:12.0968 0x0130 ComputerName: MAS-SERVER
10:14:12.0968 0x0130 UserName: Admin
10:14:12.0968 0x0130 Windows directory: C:\WINDOWS
10:14:12.0968 0x0130 System windows directory: C:\WINDOWS
10:14:12.0968 0x0130 Processor architecture: Intel x86
10:14:12.0968 0x0130 Number of processors: 2
10:14:12.0968 0x0130 Page size: 0x1000
10:14:12.0968 0x0130 Boot type: Normal boot
10:14:12.0968 0x0130 ============================================================
10:14:12.0968 0x0130 BG loaded
10:14:13.0968 0x0130 System UUID: {16ED8D45-ED85-E240-E431-F9C4C4F75810}
10:14:22.0859 0x0130 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:14:22.0890 0x0130 Drive \Device\Harddisk1\DR1 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:14:22.0890 0x0130 ============================================================
10:14:22.0890 0x0130 \Device\Harddisk0\DR0:
10:14:22.0906 0x0130 MBR partitions:
10:14:22.0906 0x0130 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x1D189832
10:14:22.0906 0x0130 \Device\Harddisk1\DR1:
10:14:22.0906 0x0130 MBR partitions:
10:14:22.0906 0x0130 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A050BD
10:14:22.0906 0x0130 ============================================================
10:14:22.0984 0x0130 C: <-> \Device\Harddisk0\DR0\Partition1
10:14:23.0031 0x0130 D: <-> \Device\Harddisk1\DR1\Partition1
10:14:23.0031 0x0130 ============================================================
10:14:23.0031 0x0130 Initialize success
10:14:23.0031 0x0130 ============================================================
10:14:32.0250 0x0170 ============================================================
10:14:32.0250 0x0170 Scan started
10:14:32.0250 0x0170 Mode: Manual; SigCheck; TDLFS;
10:14:32.0250 0x0170 ============================================================
10:14:32.0250 0x0170 KSN ping started
10:14:46.0171 0x0170 KSN ping finished: true
10:14:46.0296 0x0170 ================ Scan system memory ========================
10:14:46.0296 0x0170 System memory - ok
10:14:46.0296 0x0170 ================ Scan services =============================
10:14:46.0437 0x0170 Abiosdsk - ok
10:14:46.0468 0x0170 [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:14:47.0046 0x0170 abp480n5 - ok
10:14:47.0140 0x0170 [ A10C7534F7223F4A73A948967D00E69B, EBF46FBB4C7C04433E91D95A079354E51A40CC05EAA00A86DEE261AFA81162FC ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:14:47.0296 0x0170 ACPI - ok
10:14:47.0343 0x0170 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:14:47.0406 0x0170 ACPIEC - ok
10:14:47.0437 0x0170 [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:14:47.0515 0x0170 adpu160m - ok
10:14:47.0578 0x0170 [ 1EE7B434BA961EF845DE136224C30FEC, 0216D2277B6B4AB9B0E47E093CEEAC2030EFB4B87BA048EA730E40119AA06444 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:14:48.0203 0x0170 aec - ok
10:14:48.0234 0x0170 [ 55E6E1C51B6D30E54335750955453702, 49BE694FB65F195A65EC631558BA599345C6641A6A5AA2F1053611B715F4677A ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:14:48.0281 0x0170 AFD - ok
10:14:48.0296 0x0170 [ 2C428FA0C3E3A01ED93C9B2A27D8D4BB, A11AA25C0FF052578AE342717C85AED26B79CCE39040C42C69105868F6059A34 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
10:14:48.0406 0x0170 agp440 - ok
10:14:48.0437 0x0170 [ 67288B07D6ABA6C1267B626E67BC56FD, 476EB4F9530AAFFB25B50931F91B0D93CB4BEBBE09BE1D2F202C9665C21BF443 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:14:48.0515 0x0170 agpCPQ - ok
10:14:48.0515 0x0170 [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:14:48.0578 0x0170 Aha154x - ok
10:14:48.0593 0x0170 [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:14:48.0656 0x0170 aic78u2 - ok
10:14:48.0687 0x0170 [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:14:48.0750 0x0170 aic78xx - ok
10:14:48.0796 0x0170 [ C7AE0FD3867DB0D42B03B73C18F3D671, 13AE5D3DD13BC4C0EAB234FC3F87DA918793CE317A07EE37F107C8C6104E0BA9 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:14:48.0859 0x0170 Alerter - ok
10:14:48.0859 0x0170 [ F1958FBF86D5C004CF19A5951A9514B7, E8DF2330D48E9BF97A7061A84E42CCB2AD197C90FECB56150FB573B4D0C62883 ] ALG C:\WINDOWS\System32\alg.exe
10:14:48.0906 0x0170 ALG - ok
10:14:48.0906 0x0170 [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
10:14:48.0968 0x0170 AliIde - ok
10:14:49.0000 0x0170 [ F312B7CEF21EFF52FA23056B9D815FAD, D2FC307ED900B74ECDD17BC9F1334C78C423C40BBB3D41917D8FE841AFEA316E ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:14:49.0078 0x0170 alim1541 - ok
10:14:49.0093 0x0170 [ 675C16A3C1F8482F85EE4A97FC0DDE3D, A5BC4E924FFE42F760F91481B83D737A4E47035B037EBE3F1FCF3A25C684DE9C ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:14:49.0156 0x0170 amdagp - ok
10:14:49.0171 0x0170 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
10:14:49.0203 0x0170 amsint - ok
10:14:49.0234 0x0170 [ 9C3C12975C97119412802B181FBEEFFE, A20B1557702B2178354710823659E1E89E5C641C018CF964D95D481716B920B3 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
10:14:49.0265 0x0170 AppMgmt - ok
10:14:49.0265 0x0170 [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
10:14:49.0328 0x0170 asc - ok
10:14:49.0328 0x0170 [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:14:49.0375 0x0170 asc3350p - ok
10:14:49.0375 0x0170 [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:14:49.0437 0x0170 asc3550 - ok
10:14:49.0531 0x0170 [ CC184933B1DD73F34DB5346515639A59, 8B9F4889C73C6EAE719210B9C911340DF4CD64B312EF4038835527B77B962CC3 ] ASFIPmon C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
10:14:49.0531 0x0170 ASFIPmon - detected UnsignedFile.Multi.Generic ( 1 )
10:14:52.0859 0x0170 Detect skipped due to KSN trusted
10:14:52.0859 0x0170 ASFIPmon - ok
10:14:52.0921 0x0170 [ E1A1206A4FB19B675E947B29CCD25FBA, A9855FAB141E327DBC05B845939304749175B78F883B7FEC24552D96DA15609F ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
10:14:52.0937 0x0170 aspnet_state - detected UnsignedFile.Multi.Generic ( 1 )
10:14:55.0687 0x0170 Detect skipped due to KSN trusted
10:14:55.0687 0x0170 aspnet_state - ok
10:14:55.0703 0x0170 [ 02000ABF34AF4C218C35D257024807D6, FDE21F7FCB198A44A6F2BCAF5EB11C9D90A094B4A2F8C307244A7655848954DA ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:14:55.0796 0x0170 AsyncMac - ok
10:14:55.0843 0x0170 [ CDFE4411A69C224BD1D11B2DA92DAC51, 0E6B23A80F171550575BEBC56F7500CD87A5CF03B2B9FDC49BC3DE96282CD69D ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:14:55.0921 0x0170 atapi - ok
10:14:55.0921 0x0170 Atdisk - ok
10:14:55.0937 0x0170 [ EC88DA854AB7D7752EC8BE11A741BB7F, 91FAF224CB4B44608C85CC25C3A82A3EC83F379D14A119A60A75505A30043255 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:14:56.0000 0x0170 Atmarpc - ok
10:14:56.0031 0x0170 [ DBF0D7E2DF33B469EB55406FEA759350, D7BCE2D8DC42F9104E734C466498E6B0ACB1F64060CF5767444C46C936C1DE3F ] atmeltpm C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
10:14:56.0062 0x0170 atmeltpm - ok
10:14:56.0109 0x0170 [ DB66DB626E4882EBEF55F136F12C1829, E4FA63031E8FCF456D45160C29ADD0989355D5C5C8E17C949C278421D41DAB62 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:14:56.0171 0x0170 AudioSrv - ok
10:14:56.0203 0x0170 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:14:56.0250 0x0170 audstub - ok
10:14:56.0265 0x0170 [ BB1A2A73F993B623F99E03ED2F9E014C, 9C60E599087CBD242BAA618AC5E7655B214BEB6DA1EA9D0AD76F16A40B09FC02 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
10:14:56.0312 0x0170 b57w2k - ok
10:14:56.0468 0x0170 [ 3D87B0484BE1093C6614062701F375C5, 88BE4A9AD309F8258A8509AF9B60421449CE039C1809A5BCE83B2174D5EAE082 ] BASFND C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
10:14:56.0468 0x0170 BASFND - detected UnsignedFile.Multi.Generic ( 1 )
10:14:59.0750 0x0170 Detect skipped due to KSN trusted
10:14:59.0750 0x0170 BASFND - ok
10:14:59.0812 0x0170 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:14:59.0875 0x0170 Beep - ok
10:14:59.0937 0x0170 [ 2C69EC7E5A311334D10DD95F338FCCEA, 3A4335B8D723311F66FA2A30972C65EEED63161D6A2B4ABD6FCF1C374083BC0F ] BITS C:\WINDOWS\system32\qmgr.dll
10:15:00.0171 0x0170 BITS - ok
10:15:00.0203 0x0170 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8, DDFCCB3BC9A840ED0D6FC4B46086AD15AAF9D0D9AB8ED3A7B8860A1DA4D33970 ] Browser C:\WINDOWS\System32\browser.dll
10:15:00.0281 0x0170 Browser - ok
10:15:00.0406 0x0170 catchme - ok
10:15:00.0406 0x0170 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:15:00.0468 0x0170 cbidf - ok
10:15:00.0484 0x0170 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:15:00.0531 0x0170 cbidf2k - ok
10:15:00.0562 0x0170 [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:15:00.0609 0x0170 cd20xrnt - ok
10:15:00.0656 0x0170 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:15:00.0718 0x0170 Cdaudio - ok
10:15:00.0781 0x0170 [ CD7D5152DF32B47F4E36F710B35AAE02, 7382890CC1B27FC66C3E94E064562BBD87B3C75577CB0FD10860B8E2CE07D12E ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:15:00.0843 0x0170 Cdfs - ok
10:15:00.0890 0x0170 [ AF9C19B3100FE010496B1A27181FBF72, 64E9E4461F631EED2B2A1FC80DCC9C31DCECB5738289D322E6A6428C840DC621 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:15:00.0953 0x0170 Cdrom - ok
10:15:00.0953 0x0170 Changer - ok
10:15:00.0984 0x0170 [ 3192BD04D032A9C4A85A3278C268A13A, 7844F229916A9BC8670D3CCF80AD674C626EC6DD9D741FF10986E67F6AFD8757 ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:15:01.0062 0x0170 CiSvc - ok
10:15:01.0078 0x0170 [ C8DEC22C4137D7A90F8BDF41CA4B82AE, 92CE7B388236DBC196C92AE9929433C0F1E045EA5DB86802EF8C6041B56FE81F ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:15:01.0140 0x0170 ClipSrv - ok
10:15:01.0140 0x0170 [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:15:01.0218 0x0170 CmdIde - ok
10:15:01.0250 0x0170 [ DF1B1A24BF52D0EBC01ED4ECE8979F50, 78C5E7BE2FFA6A0709F3095AB006C86E3991AFC9E9B5ABEC94C3E8DF2EA2169D ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:15:01.0312 0x0170 Compbatt - ok
10:15:01.0312 0x0170 COMSysApp - ok
10:15:01.0328 0x0170 [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:15:01.0390 0x0170 Cpqarray - ok
10:15:01.0406 0x0170 [ 10654F9DDCEA9C46CFB77554231BE73B, 4EEAF6523941228FC440E9EA758545E2F2A2DD98565F90B5351EF2C9B82139ED ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:15:01.0484 0x0170 CryptSvc - ok
10:15:01.0531 0x0170 [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:15:01.0609 0x0170 dac2w2k - ok
10:15:01.0718 0x0170 [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:15:01.0781 0x0170 dac960nt - ok
10:15:01.0937 0x0170 [ 1011978867274E7D30776123E7F1998D, 1EF8AC511267FB4B45B6F45457D8066F041020296975376A84B6248326A038DD ] DataSvr2 C:\Program Files\Wave Systems Corp\Common\DataServer.exe
10:15:01.0937 0x0170 DataSvr2 - detected UnsignedFile.Multi.Generic ( 1 )
10:15:04.0953 0x0170 Detect skipped due to KSN trusted
10:15:04.0953 0x0170 DataSvr2 - ok
10:15:05.0000 0x0170 [ 24B5D53B9ACCC1E2EDCF0A878D6659D4, BE82521204BACF24436DD9067772F059105D743408823B135B840FF9BE197389 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:15:05.0093 0x0170 DcomLaunch - ok
10:15:05.0171 0x0170 [ EF545E1A4B043DA4C84E230DD471C55F, AD96922E58E8146F03E719D3A5CAAD677CAF3B7B525599F1B32F01BF72CCAFA4 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:15:05.0187 0x0170 Dhcp - ok
10:15:05.0187 0x0170 [ 00CA44E4534865F8A3B64F7C0984BFF0, 3FD73CCD9892F6CFEE776CB384C2E35FA15F4101D308A67E1358F85299501E3D ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:15:05.0250 0x0170 Disk - ok
10:15:05.0312 0x0170 [ E2D0DE31442390C35E3163C87CB6A9EB, 399B4678C18DB92AC186128CE8AC2784FFCD76FDE9DBD4615D47586E3493914E ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
10:15:05.0312 0x0170 DLABOIOM - detected UnsignedFile.Multi.Generic ( 1 )
10:15:08.0609 0x0170 Detect skipped due to KSN trusted
10:15:08.0609 0x0170 DLABOIOM - ok
10:15:08.0609 0x0170 [ D979BEBCF7EDCC9C9EE1857D1A68C67B, 936450704E4F2ADA6FB87F827C042FEC67F67C83D361F858F5F41AA6E8B7256D ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
10:15:08.0625 0x0170 DLACDBHM - detected UnsignedFile.Multi.Generic ( 1 )
10:15:11.0828 0x0170 Detect skipped due to KSN trusted
10:15:11.0828 0x0170 DLACDBHM - ok
10:15:11.0843 0x0170 [ 83545593E297F50A8E2524B4C071A153, 25B18FEF62395ABB1EB4C17D81D9EB31759F6C5DBAA5CDB192949055D69E3071 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
10:15:11.0843 0x0170 DLADResN - detected UnsignedFile.Multi.Generic ( 1 )
10:15:14.0906 0x0170 Detect skipped due to KSN trusted
10:15:14.0906 0x0170 DLADResN - ok
10:15:14.0906 0x0170 [ 96E01D901CDC98C7817155CC057001BF, 77F78754230D9235255F6F4907ACB03D9750E12B9D92B8250DD1DFF605DD2E5B ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
10:15:14.0906 0x0170 DLAIFS_M - detected UnsignedFile.Multi.Generic ( 1 )
10:15:17.0546 0x0170 Detect skipped due to KSN trusted
10:15:17.0546 0x0170 DLAIFS_M - ok
10:15:17.0546 0x0170 [ 0A60A39CC5E767980A31CA5D7238DFA9, 09826251C384F2E62ABFAA2097007D75B51DB29EAEF13D46174FBE5A3FE3E433 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
10:15:17.0546 0x0170 DLAOPIOM - detected UnsignedFile.Multi.Generic ( 1 )
10:15:20.0328 0x0170 Detect skipped due to KSN trusted
10:15:20.0328 0x0170 DLAOPIOM - ok
10:15:20.0328 0x0170 [ 9FE2B72558FC808357F427FD83314375, 37CCBC46ADCFD3B165A383589786C715006767EEFC8D6559C621745B72F9E59F ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
10:15:20.0328 0x0170 DLAPoolM - detected UnsignedFile.Multi.Generic ( 1 )
10:15:22.0750 0x0170 Detect skipped due to KSN trusted
10:15:22.0750 0x0170 DLAPoolM - ok
10:15:22.0765 0x0170 [ 7EE0852AE8907689DF25049DCD2342E8, A5F08D78200F5CB02539C87EA574EB34F0C330C290D7BE5D21ED42B0E04E5CF4 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
10:15:22.0828 0x0170 DLARTL_N - detected UnsignedFile.Multi.Generic ( 1 )
10:15:25.0609 0x0170 Detect skipped due to KSN trusted
10:15:25.0609 0x0170 DLARTL_N - ok
10:15:25.0671 0x0170 [ F08E1DAFAC457893399E03430A6A1397, 0784ACE7CA81313A5A8E7B7CCCAFF21E607251FEF604574FDCC81A3AFC6FD127 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
10:15:25.0734 0x0170 DLAUDFAM - detected UnsignedFile.Multi.Generic ( 1 )
10:15:28.0515 0x0170 Detect skipped due to KSN trusted
10:15:28.0515 0x0170 DLAUDFAM - ok
10:15:28.0531 0x0170 [ E7D105ED1E694449D444A9933DF8E060, DA66408DF44AB7099BEEED82C21A93F65A04C6FCDBA1D2F5791852EF9FE74D0D ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
10:15:28.0531 0x0170 DLAUDF_M - detected UnsignedFile.Multi.Generic ( 1 )
10:15:30.0937 0x0170 Detect skipped due to KSN trusted
10:15:30.0937 0x0170 DLAUDF_M - ok
10:15:30.0937 0x0170 dmadmin - ok
10:15:31.0062 0x0170 [ C0FBB516E06E243F0CF31F597E7EBF7D, 1FC205AC5D8D6BDA176438CEBFAC92CD4DEF50A6C1EBDCBCE2B149FF08D40032 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:15:31.0281 0x0170 dmboot - ok
10:15:31.0375 0x0170 [ F5E7B358A732D09F4BCF2824B88B9E28, 97B8317354659EFBA076E20AF20741C9FBC0961723483514E43D7EC6D66186C3 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:15:31.0546 0x0170 dmio - ok
10:15:31.0593 0x0170 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:15:31.0671 0x0170 dmload - ok
10:15:31.0671 0x0170 [ 1639D9964C9E1B2ECCA95C8217D3E70D, A42E985697E673B89F5BD314BA9FE93A1CD8DDEBC6312AD52E196BFDFFA9E513 ] dmserver C:\WINDOWS\System32\dmserver.dll
10:15:31.0750 0x0170 dmserver - ok
10:15:31.0796 0x0170 [ A6F881284AC1150E37D9AE47FF601267, 6C07654CF21637E527FC727EB50F4138BF0EFF0680000AC94001063B436389DB ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:15:31.0859 0x0170 DMusic - ok
10:15:31.0984 0x0170 [ AAC8FFBFD61E784FA3BAC851D4A0BD5F, F811288AC18DB28D9577EA9B40810DE000FC28EF234D1A790DD0578E0D565EBC ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:15:32.0015 0x0170 Dnscache - ok
10:15:32.0062 0x0170 [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:15:32.0125 0x0170 dpti2o - ok
10:15:32.0250 0x0170 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E, B941AB5D9D504486083E0D1539B1A96E27721C9EFD7A67CA1DB7258B0D33AB78 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:15:32.0312 0x0170 drmkaud - ok
10:15:32.0421 0x0170 [ FD0F95981FEF9073659D8EC58E40AA3C, 9EF2D538A90276DFF72BCE0E9A3AF50E607F2FD17B9EE46506156FBF3FC9E970 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
10:15:32.0437 0x0170 DRVMCDB - detected UnsignedFile.Multi.Generic ( 1 )
10:15:35.0046 0x0170 Detect skipped due to KSN trusted
10:15:35.0046 0x0170 DRVMCDB - ok
10:15:35.0109 0x0170 [ B4869D320428CDC5EC4D7F5E808E99B5, A84D1D65E84C0B17CE48188AD95DF52E1FEF785E6C6415E028CB5F7F4F31C466 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
10:15:35.0171 0x0170 DRVNDDM - detected UnsignedFile.Multi.Generic ( 1 )
10:15:37.0828 0x0170 Detect skipped due to KSN trusted
10:15:37.0828 0x0170 DRVNDDM - ok
10:15:37.0875 0x0170 [ 3FCA03CBCA11269F973B70FA483C88EF, 0995989B9EBE5CE1C5489139849FB2AD69DE9749650BBC262AD754E5CE457C59 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:15:38.0015 0x0170 E100B - ok
10:15:38.0078 0x0170 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A, 305F39E4D18DC079E48578C31AE87BA1D0D781A2613BD5DA4689AC6F2794D326 ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:15:38.0156 0x0170 ERSvc - ok
10:15:38.0375 0x0170 [ 4712531AB7A01B7EE059853CA17D39BD, D029A599E95F1FDF8AAC122FDE70E8DA6A4CEF0F8DB6543C6BF4AF35169B2203 ] Eventlog C:\WINDOWS\system32\services.exe
10:15:38.0375 0x0170 Eventlog - ok
10:15:38.0515 0x0170 [ 60D1A6342238378BFB7545C81EE3606C, 40186F096F2AC3E5E12D0B8713A08E449D5F23DCD1C0EEFC3FA82002CA1B030F ] EventSystem C:\WINDOWS\system32\es.dll
10:15:38.0562 0x0170 EventSystem - ok
10:15:38.0765 0x0170 [ 3117F595E9615E04F05A54FC15A03B20, 4708E8F1CDE6E9663B5DBEBAB8C684B16E45D41AEF20E4071D0A2931B305BD76 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:15:38.0812 0x0170 Fastfat - ok
10:15:38.0921 0x0170 [ 6815DEF9B810AEFAC107EEAF72DA6F82, 0132004894326B54D1B8AD2C31FB8BDE45EA66DB9962C0CE1207941A13630896 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:15:38.0921 0x0170 FastUserSwitchingCompatibility - detected UnsignedFile.Multi.Generic ( 1 )
10:15:41.0750 0x0170 Detect skipped due to KSN trusted
10:15:41.0750 0x0170 FastUserSwitchingCompatibility - ok
10:15:41.0812 0x0170 [ FCBD571FA0EE8DC238944AE5FAB74461, D083D2FE0A526814DD5F82E673AE0847BFCBE77B54CB4BA3190B7937F288F2FD ] Fax C:\WINDOWS\system32\fxssvc.exe
10:15:41.0890 0x0170 Fax - ok
10:15:41.0937 0x0170 [ CED2E8396A8838E59D8FD529C680E02C, 8542AE6A2D65D3F843EA70F5FFBC150B773C5CFA3FE6388FA68A95416FAD0F6E ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
10:15:42.0000 0x0170 Fdc - ok
10:15:42.0031 0x0170 [ E153AB8A11DE5452BCF5AC7652DBF3ED, AEB48687C604B0CDE5F1A13C2EC854CFFBE1CE0837C3898D6D4C6B71265D0ED0 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:15:42.0109 0x0170 Fips - ok
10:15:42.0140 0x0170 [ 0DD1DE43115B93F4D85E889D7A86F548, D50F7AAE5416C6D41845960BDDA24E97226F609AA726E4F88601ADC9ED50E872 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:15:42.0203 0x0170 Flpydisk - ok
10:15:42.0265 0x0170 [ 3D234FB6D6EE875EB009864A299BEA29, 9FEB003BDE7900AECDE9F9FFE0ECD7079B460714B582B7EB8EDB89E7F4D1FE59 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:15:42.0500 0x0170 FltMgr - ok
10:15:42.0500 0x0170 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:15:42.0578 0x0170 Fs_Rec - ok
10:15:42.0625 0x0170 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:15:42.0718 0x0170 Ftdisk - ok
10:15:42.0734 0x0170 [ C0F1D4A21DE5A415DF8170616703DEBF, 3E21AAD06CF6EB95662B568671B1DBD129CED481761BCDB67088E965E5C0BC5B ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:15:42.0812 0x0170 Gpc - ok
10:15:42.0875 0x0170 [ E31363D186B3E1D7C4E9117884A6AEE5, AC42CA69D1D973F8DC11103BA42EB4F355E0E90EAB15B3A2F03A5FF6B87E6313 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:15:42.0890 0x0170 HDAudBus - ok
10:15:42.0937 0x0170 [ 8827911A8C37E40C027CBFC88E69D967, ED381F089E6143896B890BD5450FFFB271FC68983412376F54869A93F9D7DA9D ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:15:43.0015 0x0170 helpsvc - ok
10:15:43.0062 0x0170 [ 13C0D55DA4B7148EF980E130B85D9F2C, DBABAA2FA47D919C66D21C6E25F89EBEBA69F05F8B6A875C8BE8C9AAFCAA7451 ] HidBatt C:\WINDOWS\system32\DRIVERS\HidBatt.sys
10:15:43.0125 0x0170 HidBatt - ok
10:15:43.0187 0x0170 [ 9376E6893E52B368ABC6255BF54F0B28, D3E6B03145988BC80A1F62E5E312BB060E062118B12D30F27C8A432D30962E58 ] HidServ C:\WINDOWS\System32\hidserv.dll
10:15:43.0265 0x0170 HidServ - ok
10:15:43.0312 0x0170 [ 1DE6783B918F540149AA69943BDFEBA8, 6ED28109CA0A7738857D840E369EAB91C1605F2643950762D327CCE241C135A1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:15:43.0375 0x0170 HidUsb - ok
10:15:43.0390 0x0170 [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
10:15:43.0453 0x0170 hpn - ok
10:15:43.0531 0x0170 [ 9F8B0F4276F618964FD118BE4289B7CD, 5E72367D731A99D3E13004D7070494365E2DBD4D8134445F35E889D9E046BBA7 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:15:43.0531 0x0170 HTTP - ok
10:15:43.0593 0x0170 [ 064D8581ADF77C25133E7D751D917D83, E8623C32E48D3E7A0179C8333C14D8A051C9F7300D0F465E94184F1C75E13A0F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:15:43.0703 0x0170 HTTPFilter - ok
10:15:43.0750 0x0170 [ 8F09F91B5C91363B77BCD15599570F2C, D855AA7187616E056EA01A0CB1DC9AC16A13B54143FF3C61333BD9A2C0CF3D29 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
10:15:43.0828 0x0170 i2omgmt - ok
10:15:43.0828 0x0170 [ ED6BF9E441FDEA13292A6D30A64A24C3, 900BCB5A180F82A7030F442EC73D6F3E06E8D85B6B9813588189274F39725776 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:15:43.0921 0x0170 i2omp - ok
10:15:43.0937 0x0170 [ 5502B58EEF7486EE6F93F3F164DCB808, 7E56E49D6444F2F48037B859B491DF95E1C90EC7ED4EF9C477CD2C49783E62E0 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:15:44.0015 0x0170 i8042prt - ok
10:15:44.0093 0x0170 [ B122BE74E283A2BC7FEBC180BFD2EFD5, 3FB9AE63AB2ECAC62C03FF19BE60E39C8C2985868FBA393039795A660A05DED3 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
10:15:44.0093 0x0170 IAANTMON - detected UnsignedFile.Multi.Generic ( 1 )
10:15:54.0218 0x0170 IAANTMON ( UnsignedFile.Multi.Generic ) - warning
10:15:58.0625 0x0170 [ 019CF5F31C67030841233C545A0E217A, 594D97054E3A8034D8BC3AE3B9CD8A00D95BB68F8CDA84E96D8EE08D5F24E101 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
10:15:58.0625 0x0170 iaStor - ok
10:15:58.0640 0x0170 [ F8AA320C6A0409C0380E5D8A99D76EC6, A848B9C489DDFBD48BDA140CB9DD43097686115042745F6444F803739168D391 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:15:58.0718 0x0170 Imapi - ok
10:15:58.0765 0x0170 [ FA788520BCAC0F5D9D5CDE5615C0D931, 7C70D1875B302CABC809627212E33CDD56F12B169EA548F1C94ECF2D14236514 ] ImapiService C:\WINDOWS\system32\imapi.exe
10:15:58.0843 0x0170 ImapiService - ok
10:15:58.0890 0x0170 [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:15:58.0968 0x0170 ini910u - ok
10:15:58.0984 0x0170 [ 2D722B2B54AB55B2FA475EB58D7B2AAD, 1D4BB8F3ABA0EE51EE9F398E383621882189ABCA63D7F0D8A16581AFD1A85553 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
10:15:59.0062 0x0170 IntelIde - ok
10:15:59.0093 0x0170 [ 279FB78702454DFF2BB445F238C048D2, 51A559AD7C9CAA8BD60D4E167E850B978083FAE9C5632E47D13B1092B56FD0BA ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:15:59.0187 0x0170 intelppm - ok
10:15:59.0187 0x0170 [ 4448006B6BC60E6C027932CFC38D6855, C377235EBE475C281ACB6A3267F12D8FE623433F05134A6CE50562414F94D7B1 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:15:59.0265 0x0170 Ip6Fw - ok
10:15:59.0265 0x0170 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:15:59.0343 0x0170 IpFilterDriver - ok
10:15:59.0359 0x0170 [ E1EC7F5DA720B640CD8FB8424F1B14BB, E5CF9F43D8C8028E8F29CAF8AD1E2179E5B02DCAA430900672FCB4C4EE288EF0 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:15:59.0437 0x0170 IpInIp - ok
10:15:59.0484 0x0170 [ E2168CBC7098FFE963C6F23F472A3593, 93B60D02ACBDDCE78BD4020B9CE0C132A8DD28FC2266B2748A22717B93AFF7C9 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:15:59.0718 0x0170 IpNat - ok
10:15:59.0765 0x0170 [ 64537AA5C003A6AFEEE1DF819062D0D1, 5A6C11317DEF14B8C34A8C669EB75F7A8D46F05090C43D3DFF602CFA13CC504E ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:15:59.0843 0x0170 IPSec - ok
10:15:59.0843 0x0170 [ 50708DAA1B1CBB7D6AC1CF8F56A24410, A5657038A66B83472B456246E58884D5DF2E5B63BD176AE3DFFB6D5B6998E8B7 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:15:59.0890 0x0170 IRENUM - ok
10:15:59.0906 0x0170 [ E504F706CCB699C2596E9A3DA1596E87, 80675B90DEFA75A58CB83FB88ED9CB849FE5CE2522A90F4AF08D54DC5B412541 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:15:59.0984 0x0170 isapnp - ok
10:16:00.0000 0x0170 [ EBDEE8A2EE5393890A1ACEE971C4C246, ACC57A7BACAB100FB2903451D2A48BFE936E3B8F9B13882C1D2DFF9D19BD1D34 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:16:00.0062 0x0170 Kbdclass - ok
10:16:00.0078 0x0170 [ E182FA8E49E8EE41B4ADC53093F3C7E6, 2E713992C9B40F6010373A2FFF6DBCC8723BB328DE6875793C46072D8323E9BB ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:16:00.0156 0x0170 kbdhid - ok
10:16:00.0218 0x0170 [ BA5DEDA4D934E6288C2F66CAF58D2562, 2250B75EEAD92CA56A1F8BB3F6523F9A5625676E38845A4DE0BFECE5EA17DBFA ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:16:00.0484 0x0170 kmixer - ok
10:16:00.0515 0x0170 [ 1BE7CC2535D760AE4D481576EB789F24, F110888377411C3D1E1C2AEA7D627207BBE7C6D37A82D1617C4DC7A31B6AC061 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:16:00.0515 0x0170 KSecDD - ok
10:16:00.0562 0x0170 [ 0CB3AF149A0BAC0836022CA307C7A0F8, FCA50F229A9A2D120A260620AF454E1808246E45EC249582298D669BCED50B3E ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:16:00.0796 0x0170 lanmanserver - ok
10:16:00.0843 0x0170 [ E1F27CFCD114EC9F1E1F44674B2FF9F0, 7147A1B3694200EEBC32BD66DAED6E075476371E03ED5FDD23431AB79D990957 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:16:00.0859 0x0170 lanmanworkstation - ok
10:16:00.0859 0x0170 lbrtfdc - ok
10:16:00.0921 0x0170 [ B3EFF6D938C572E90A07B3D87A3C7657, 8C02DEFD2F1A15740CD5421D20B3808BD27583019AF1B79D087880A71807EEE1 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:16:01.0000 0x0170 LmHosts - ok
10:16:01.0265 0x0170 [ 6BB3BB07E06377C2AB2A8834807A64DA, 18A738FB9BCFA896F383BF2D3A903D7B8FEBB8F829DC1EFBCD922C0952EA9869 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
10:16:01.0328 0x0170 LMIGuardianSvc - ok
10:16:01.0406 0x0170 [ 26E3BEC8F2F0CFAF9FFE4C7AEF1BC049, CFB86B860FF4F856DA75EB132E06B77C71DC5D994799C08EDC01F2CA8B47AB44 ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
10:16:02.0265 0x0170 LMIInfo - ok
10:16:02.0312 0x0170 [ D344C240F7ACEA5E15F11F2F488624F0, 13339962703F6E5EC31B6E564D2EC11CE1D70190EB6B3A30D07F967D30D4DB56 ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
10:16:02.0343 0x0170 LMIMaint - ok
10:16:02.0390 0x0170 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1, 0BC8AF546901E6C20611C5250BD65ACD0C4A8613BD8F8835F0D4680B5777F051 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
10:16:02.0406 0x0170 lmimirr - ok
10:16:02.0406 0x0170 LMIRfsClientNP - ok
10:16:02.0437 0x0170 [ 3FAA563DDF853320F90259D455A01D79, D81B5FCC0CBCF9CE18E44A31071D357B12F5016159E24954E50E68D80C9F61B8 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
10:16:02.0453 0x0170 LMIRfsDriver - ok
10:16:02.0609 0x0170 [ 432618FA75B61059D2C57D6A7E55147A, 0E7D771AE9F98667A68C8C07A664D70B71B78EC08D7FEA92AD979E1E049EC0B1 ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
10:16:02.0656 0x0170 LogMeIn - ok
10:16:02.0734 0x0170 [ 95FD808E4AC22ABA025A7B3EAC0375D2, 4A067A8B7C539A0C2BFAC55A1869EF56FED835C28F5F7DD7D7BA65A5B273CF5F ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:16:02.0828 0x0170 Messenger - ok
10:16:02.0828 0x0170 MFE_RR - ok
10:16:02.0890 0x0170 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:16:02.0953 0x0170 mnmdd - ok
10:16:03.0015 0x0170 [ F6415361201915B9FE3896B0E4E724FF, C99C1EE0EABF8847BD4F737D72DB3EE5A57D773F008EC6596E83DAE48474F3F2 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:16:03.0109 0x0170 mnmsrvc - ok
10:16:03.0125 0x0170 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05, BF2C49E4D4C2D2E865B1C59FFE76BF29146ADD971D845FBD659A96AA26D72A11 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:16:03.0187 0x0170 Modem - ok
10:16:03.0250 0x0170 [ 34E1F0031153E491910E12551400192C, D608F77DB7035FD676773A3DF8DBC5DD52CC5198D0681A73D7EAA6C161047A90 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:16:03.0328 0x0170 Mouclass - ok
10:16:03.0343 0x0170 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:16:03.0437 0x0170 mouhid - ok
10:16:03.0468 0x0170 [ 65653F3B4477F3C63E68A9659F85EE2E, 32A34B22A4C1F50A966F321FD228C6B85F0F0315ABF3D40FC416618E786A4024 ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:16:03.0562 0x0170 MountMgr - ok
10:16:03.0593 0x0170 [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:16:03.0687 0x0170 mraid35x - ok
10:16:03.0718 0x0170 [ 29414447EB5BDE2F8397DC965DBB3156, 351D359CC6C1C35522BB55B7CAC6C881B25FD6A0E057A8D7F84EE5A193029A23 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:16:03.0953 0x0170 MRxDAV - ok
10:16:04.0125 0x0170 [ FB6C89BB3CE282B08BDB1E3C179E1C39, 0558617DB859228332F4B7E44875AB3CDBA370E78C23BB5E80B159AAA7087B3E ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:16:04.0156 0x0170 MRxSmb - ok
10:16:04.0218 0x0170 [ C7C3D89EB0A6F3DBA622EA737FA335B1, 4392887A5F312DBD0971E1D72B85B3CA5636D7FB3A409E5A99CA925BD05493E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:16:04.0296 0x0170 MSDTC - ok
10:16:04.0343 0x0170 [ 561B3A4333CA2DBDBA28B5B956822519, 5B53906A29B9AA55A399F880CA989F9878BD943D3E97FB10A25BFD723654AF49 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:16:04.0421 0x0170 Msfs - ok
10:16:04.0421 0x0170 MSIServer - ok
10:16:04.0453 0x0170 [ AE431A8DD3C1D0D0610CDBAC16057AD0, 8B3BCAC3DA71778DC8B863E6DEF10F02F65D1BDD3381802DDC0B2980F4F1FBB9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:16:04.0531 0x0170 MSKSSRV - ok
10:16:04.0609 0x0170 [ 13E75FEF9DFEB08EEDED9D0246E1F448, 69D4CF483753FF253431656E1CB680F6702375696F94E259729BD11C25004031 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:16:04.0703 0x0170 MSPCLOCK - ok
10:16:04.0734 0x0170 [ 1988A33FF19242576C3D0EF9CE785DA7, 9E1C07F364DA7EF0D859BB7A3A06F849A153722E27E872640120CC6855D9FC51 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:16:04.0828 0x0170 MSPQM - ok
10:16:04.0859 0x0170 [ 469541F8BFD2B32659D5D463A6714BCE, 46AA7D2442DCC4C51C08BA0C00136F058F9160E6D6EDE78B2FD82545AE4FD10B ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:16:04.0937 0x0170 mssmbios - ok
10:16:04.0968 0x0170 [ 82035E0F41C2DD05AE41D27FE6CF7DE1, 6111D330E7ACB77E23EA6A9E001FC651DE1DC49D772DC6FDD3C4B8EDA57E1C7A ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:16:05.0062 0x0170 Mup - ok
10:16:05.0171 0x0170 [ 558635D3AF1C7546D26067D5D9B6959E, 8C1802908DF35E442575969D29F4B22019A2B3E4C309B8E193F98F75AE81F013 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:16:05.0296 0x0170 NDIS - ok
10:16:05.0359 0x0170 [ 08D43BBDACDF23F34D79E44ED35C1B4C, F72CB8FA67C361C40B4C83F08302D7B2FD9178C1C60A7C236AF08B9CB5162591 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:16:05.0421 0x0170 NdisTapi - ok
10:16:05.0484 0x0170 [ 34D6CD56409DA9A7ED573E1C90A308BF, DE2060F57C913272524AFB0D472714ABF6F7E49A01534F23D95EE67F207CC6CF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:16:05.0562 0x0170 Ndisuio - ok
10:16:05.0593 0x0170 [ 0B90E255A9490166AB368CD55A529893, 90EB17422BF52FE6D0CC6ADA4262D605806C5B583DE04EDEC95FD47EE9697865 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:16:05.0671 0x0170 NdisWan - ok
10:16:05.0703 0x0170 [ 59FC3FB44D2669BC144FD87826BB571F, B3C8CEFB09D5C85CBF12AED8CDB1FE455679D3436337263EFDABDC5116D92453 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:16:05.0781 0x0170 NDProxy - ok
10:16:05.0812 0x0170 [ 3A2ACA8FC1D7786902CA434998D7CEB4, ECE218DCDCB4D0A5CA8CBD14E931BAA3B5F381B70BBACB65B0EBBB46D2D31683 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:16:05.0890 0x0170 NetBIOS - ok
10:16:05.0984 0x0170 [ 0C80E410CD2F47134407EE7DD19CC86B, 2A1D0CE9797F4AB7A24873947A26DD6413B8DBB5A82C24CF28D1FC243AEFC5C8 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:16:06.0046 0x0170 NetBT - ok
10:16:06.0078 0x0170 [ 05AFB5AD06462257BEA7495283C86D50, 2D6584D0BFB168E48433EA702E6CABC7CB9B98675D2E99F78D9B84A63D4BD977 ] NetDDE C:\WINDOWS\system32\netdde.exe
10:16:06.0171 0x0170 NetDDE - ok
10:16:06.0171 0x0170 [ 05AFB5AD06462257BEA7495283C86D50, 2D6584D0BFB168E48433EA702E6CABC7CB9B98675D2E99F78D9B84A63D4BD977 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:16:06.0250 0x0170 NetDDEdsdm - ok
10:16:06.0312 0x0170 [ 84885F9B82F4D55C6146EBF6065D75D2, 76FE1B6C432B6C74FC283DE52D14EF668F8C4AAD0D139F362635EFB30482B4ED ] Netlogon C:\WINDOWS\system32\lsass.exe
10:16:06.0375 0x0170 Netlogon - ok
10:16:06.0484 0x0170 [ 36739B39267914BA69AD0610A0299732, 04CC0D2F45D4F3A86B2E4F23E1226F182349C98C53508C1F49C8CAC2D223D5A7 ] Netman C:\WINDOWS\System32\netman.dll
10:16:06.0703 0x0170 Netman - ok
10:16:06.0812 0x0170 [ 097722F235A1FB698BF9234E01B52637, 994F81F506B081FFB760BA7B95469DE9311DDB00D14F77DA9752C19A9B932289 ] Nla C:\WINDOWS\System32\mswsock.dll
10:16:06.0859 0x0170 Nla - ok
10:16:06.0906 0x0170 [ 4F601BCB8F64EA3AC0994F98FED03F8E, D9D6783B970CB871DE0C6EDD8BE42F30CD1DCD55D4DF006922D9CFC0CF020D27 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:16:06.0984 0x0170 Npfs - ok
10:16:07.0250 0x0170 [ 19A811EF5F1ED5C926A028CE107FF1AF, 97606850041DE4E568188FB28AA3D5B10A4E96DB9551A77BC3A17ED67D5D4474 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:16:07.0593 0x0170 Ntfs - ok
10:16:07.0625 0x0170 [ 84885F9B82F4D55C6146EBF6065D75D2, 76FE1B6C432B6C74FC283DE52D14EF668F8C4AAD0D139F362635EFB30482B4ED ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:16:07.0687 0x0170 NtLmSsp - ok
10:16:07.0750 0x0170 [ B62F29C00AC55A761B2E45877D85EA0F, 8B4B96BDBE26D73F89CC51876929515C1AEA18A8E9CA4E76FAEF538D9E5BDA90 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:16:08.0000 0x0170 NtmsSvc - ok
10:16:08.0046 0x0170 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
10:16:08.0156 0x0170 Null - ok
10:16:09.0406 0x0170 [ A93A67F645EA424F0752F8887860FB5F, ACE9D2D66BE6E79407F6CAF7E1B34B237492B3293A55888A8C5DEB86B64988F5 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:16:10.0156 0x0170 nv - ok
10:16:10.0312 0x0170 [ 0D2516100703142CFA35CF8281611430, 087B54D96B102E60E99F465B2100041E6F332199787F93392A23DE25A6AE39E9 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
10:16:10.0328 0x0170 NVSvc - ok
10:16:10.0375 0x0170 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:16:10.0453 0x0170 NwlnkFlt - ok
10:16:10.0468 0x0170 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:16:10.0546 0x0170 NwlnkFwd - ok
10:16:10.0703 0x0170 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:16:10.0734 0x0170 ose - ok
10:16:10.0765 0x0170 [ 29744EB4CE659DFE3B4122DEB45BC478, 5F7B63152CDAA031ACB77E793BB7E8210472D6D1EED911F3A0BD70455FC282FC ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
10:16:10.0843 0x0170 Parport - ok
10:16:10.0875 0x0170 [ 3334430C29DC338092F79C38EF7B4CD0, B54989B46D77F124D66741A939FF2033F73854FC39AF13C8165D01203A94A94E ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:16:10.0968 0x0170 PartMgr - ok
10:16:11.0015 0x0170 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:16:11.0093 0x0170 ParVdm - ok
10:16:11.0140 0x0170 [ 6EF25FB20CD269E3E51D8CA54935FFF2, 1308EBE46A701B3CA1FF6F1A65D2F5E57AC3AA77BB74062EBC4ABD620B9D56FC ] PBADRV C:\WINDOWS\system32\drivers\pbadrv.sys
10:16:11.0203 0x0170 PBADRV - detected UnsignedFile.Multi.Generic ( 1 )
10:16:13.0859 0x0170 Detect skipped due to KSN trusted
10:16:13.0859 0x0170 PBADRV - ok
10:16:13.0890 0x0170 [ 8086D9979234B603AD5BC2F5D890B234, 4FCB98D3B6F95B6979B255287480943C1F87A12ECB30D446294C1E84B6DFE620 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:16:13.0968 0x0170 PCI - ok
10:16:13.0968 0x0170 PCIDump - ok
10:16:14.0031 0x0170 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:16:14.0171 0x0170 PCIIde - ok
10:16:14.0218 0x0170 [ 82A087207DECEC8456FBE8537947D579, 92305DC8BC1CA3BD93A8D996AAA7433E816931B17D5BDFAC06C7251F2759D023 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
10:16:14.0390 0x0170 Pcmcia - ok
10:16:14.0390 0x0170 PDCOMP - ok
10:16:14.0406 0x0170 PDFRAME - ok
10:16:14.0406 0x0170 PDRELI - ok
10:16:14.0421 0x0170 PDRFRAME - ok
10:16:14.0437 0x0170 [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
10:16:14.0531 0x0170 perc2 - ok
10:16:14.0562 0x0170 [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:16:14.0625 0x0170 perc2hib - ok
10:16:14.0671 0x0170 [ 4712531AB7A01B7EE059853CA17D39BD, D029A599E95F1FDF8AAC122FDE70E8DA6A4CEF0F8DB6543C6BF4AF35169B2203 ] PlugPlay C:\WINDOWS\system32\services.exe
10:16:14.0703 0x0170 PlugPlay - ok
10:16:14.0734 0x0170 [ 84885F9B82F4D55C6146EBF6065D75D2, 76FE1B6C432B6C74FC283DE52D14EF668F8C4AAD0D139F362635EFB30482B4ED ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:16:14.0812 0x0170 PolicyAgent - ok
10:16:14.0828 0x0170 [ 1C5CC65AAC0783C344F16353E60B72AC, 7786CFE970A79B327DB57AEBADA8B0B94B4DE07CE8AF285E9835B2AADD597296 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:16:14.0906 0x0170 PptpMiniport - ok
10:16:14.0937 0x0170 [ 84885F9B82F4D55C6146EBF6065D75D2, 76FE1B6C432B6C74FC283DE52D14EF668F8C4AAD0D139F362635EFB30482B4ED ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:16:15.0000 0x0170 ProtectedStorage - ok
10:16:15.0046 0x0170 [ 48671F327553DCF1D27F6197F622A668, CB34A17BC36E8F8BB5F87F9EE21311C50DE9AE156513D682581DE47C93EC155D ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:16:15.0140 0x0170 PSched - ok
10:16:15.0171 0x0170 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:16:15.0296 0x0170 Ptilink - ok
10:16:15.0343 0x0170 [ D970470F8F39470BDAE94D313A1CCDCE, C41B314F3A1CD6A747A4578C2A1F20373884C2AD96880A81255E66BA9D886EB4 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:16:15.0375 0x0170 PxHelp20 - ok
10:16:15.0453 0x0170 [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:16:15.0546 0x0170 ql1080 - ok
10:16:15.0578 0x0170 [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:16:15.0656 0x0170 Ql10wnt - ok
10:16:15.0687 0x0170 [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:16:15.0765 0x0170 ql12160 - ok
10:16:15.0796 0x0170 [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:16:15.0890 0x0170 ql1240 - ok
10:16:15.0906 0x0170 [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:16:16.0000 0x0170 ql1280 - ok
10:16:16.0015 0x0170 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:16:16.0078 0x0170 RasAcd - ok
10:16:16.0156 0x0170 [ 44DB7A9BDD2FB58747D123FBF1D35ADB, 1546B32AE19015213236031E82BF5C44ACF4C1B5F9E379908A1B413C6CA65755 ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:16:16.0250 0x0170 RasAuto - ok
10:16:16.0296 0x0170 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C, F59974A2A3C21071BC72CA4DAF5D2DDF93471EC16FD1A34DE9DC1A50027F6835 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:16:16.0390 0x0170 Rasl2tp - ok
10:16:16.0484 0x0170 [ 49B5EED5FB89D39456A2F616CCD8BA5D, F09D6EE04BC0AB3B5BA76CAE64CE6B5E845006F912E0CBF1359900700F5C1146 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:16:16.0703 0x0170 RasMan - ok
10:16:16.0734 0x0170 [ 7306EEED8895454CBED4669BE9F79FAA, DC6874ECAD9105BC9EAB007291958911D7D4D3649124472070B3496B36C45200 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:16:16.0812 0x0170 RasPppoe - ok
10:16:16.0843 0x0170 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:16:16.0906 0x0170 Raspti - ok
10:16:17.0031 0x0170 [ 03B965B1CA47F6EF60EB5E51CB50E0AF, 56B0F5FC470385F2FF4E4573099C96772EDB985398859B9F7ACE0AA704BB47B7 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:16:17.0250 0x0170 Rdbss - ok
10:16:17.0296 0x0170 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:16:17.0375 0x0170 RDPCDD - ok
10:16:17.0421 0x0170 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD, 586900D30F44E132AC75520EFF4FF615AA46283F1F050AC93FF9C235AC0F1D75 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:16:17.0500 0x0170 rdpdr - ok
10:16:17.0609 0x0170 [ B54CD38A9EBFBF2B3561426E3FE26F62, 2BE75A68C598A2E162F09BCBA140909B9480A7E06A733B5D58673A172CAD8084 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:16:17.0843 0x0170 RDPWD - ok
10:16:17.0937 0x0170 [ 729798E0933076B8FCFCD9934698F164, 87CCF85E6C7F9AB9A5EB97BD9D2BE97429CB178B35FCA17CB1C9B58A0475D726 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:16:18.0031 0x0170 RDSessMgr - ok
10:16:18.0062 0x0170 [ B31B4588E4086D8D84ADBF9845C2402B, 0B45979623B0AC774A9426C428954E7FB604FAE0DB187C402AF6052906F4099A ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:16:18.0140 0x0170 redbook - ok
10:16:18.0203 0x0170 [ 3151427DB7D87107D1C5BE58FAC53960, 11988626648B2E416A07A8FF7D96BD8F20B150CC24CE9AB139F45A1DDE1D2225 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
10:16:18.0281 0x0170 RemoteRegistry - ok
10:16:18.0328 0x0170 [ 793F04A09B15E7C6C11DBDFFAF06C0AB, D108DF4DC61300926F360E4D3B2F75DBEF3D3CB9D4C15260232047ED6FB1BFC7 ] RpcLocator C:\WINDOWS\system32\locator.exe
10:16:18.0453 0x0170 RpcLocator - ok
10:16:18.0609 0x0170 [ 24B5D53B9ACCC1E2EDCF0A878D6659D4, BE82521204BACF24436DD9067772F059105D743408823B135B840FF9BE197389 ] RpcSs C:\WINDOWS\System32\rpcss.dll
10:16:18.0671 0x0170 RpcSs - ok
10:16:18.0718 0x0170 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:16:18.0843 0x0170 RSVP - ok
10:16:18.0875 0x0170 [ 84885F9B82F4D55C6146EBF6065D75D2, 76FE1B6C432B6C74FC283DE52D14EF668F8C4AAD0D139F362635EFB30482B4ED ] SamSs C:\WINDOWS\system32\lsass.exe
10:16:18.0953 0x0170 SamSs - ok
10:16:19.0000 0x0170 [ 25D8DE134DF108E3DBC8D7D23B1AA58E, BF4C48E75D696546AB69E205F5492553001C9A92127D824F7F9BFCFE0F1C1093 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:16:19.0062 0x0170 SCardSvr - ok
10:16:19.0140 0x0170 [ 92360854316611F6CC471612213C3D92, A45DC437FA0DEC1DB540DC889A2469E8C3C4360F2F41FE60BFA3F78462507959 ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:16:19.0218 0x0170 Schedule - ok
10:16:19.0281 0x0170 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:16:19.0515 0x0170 Secdrv - ok
10:16:19.0578 0x0170 [ B1E0CE09895376871746F36DC5773B4F, 686458ED5D4C72AAF2F45B4FCBB44BFA0D84DFE93B5E01ECCBEAD33CBAC52BD5 ] seclogon C:\WINDOWS\System32\seclogon.dll
10:16:19.0640 0x0170 seclogon - ok
10:16:19.0671 0x0170 [ DFD9870CF39C791D86C4C209DA9FA919, 336A0525630149EF160AE8346AF6BEE2FAA0289629FA052ADAF887B5B84A918D ] SENS C:\WINDOWS\system32\sens.dll
10:16:19.0750 0x0170 SENS - ok
10:16:19.0781 0x0170 [ A2D868AEEFF612E70E213C451A70CAFB, 25CBB9E26CDCBD8E221ACF4364E82E8F811C3144E0EEF9DF9DAEC8534243BD3B ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
10:16:19.0875 0x0170 serenum - ok
10:16:19.0921 0x0170 [ CD9404D115A00D249F70A371B46D5A26, D9FC869FA9A6B9574A1FCE70E7B919D8F79E02B28967E49F6DEF83A84520ECDF ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
10:16:20.0000 0x0170 Serial - ok
10:16:20.0031 0x0170 [ 0D13B6DF6E9E101013A7AFB0CE629FE0, 2214EA0F16BB33970E299CE457EB50AEE0BEF7959BC1EBD3C06C78A46B42B808 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:16:20.0093 0x0170 Sfloppy - ok
10:16:20.0234 0x0170 [ 36CC8C01B5E50163037BEF56CB96DEFF, F8D3CC92E97E8C97A0F88850D6D96CFA02A69940208834F413A8FCB71241F552 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:16:20.0343 0x0170 SharedAccess - ok
10:16:20.0390 0x0170 [ 6815DEF9B810AEFAC107EEAF72DA6F82, 0132004894326B54D1B8AD2C31FB8BDE45EA66DB9962C0CE1207941A13630896 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:16:20.0640 0x0170 ShellHWDetection - ok
10:16:20.0640 0x0170 Simbad - ok
10:16:20.0671 0x0170 [ 732D859B286DA692119F286B21A2A114, 65E21E42411DA4B27D10D67DB46D93CE314CAC9EB3E0C1B7E57C32FCF15D56F2 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:16:20.0750 0x0170 sisagp - ok
10:16:20.0796 0x0170 [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:16:20.0843 0x0170 Sparrow - ok
10:16:20.0890 0x0170 [ 0CE218578FFF5F4F7E4201539C45C78F, 2C87C8993C3B9CE3589262E178B2B12FF9F2D83E5E8C2B97648D7FA24E3BD985 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:16:21.0125 0x0170 splitter - ok
10:16:21.0218 0x0170 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F, 521257429493F31516EDE549869EFA4B7A262F6A69EA1E82A9C875456C10E702 ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:16:21.0468 0x0170 Spooler - ok
10:16:21.0484 0x0170 [ E41B6D037D6CD08461470AF04500DC24, 9556C669E69B1B290865FCAABD5D793B310C071B64FD3DF9FCFADC3716BDC926 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:16:21.0562 0x0170 sr - ok
10:16:21.0734 0x0170 [ 92BDF74F12D6CBEC43C94D4B7F804838, C1BFE7F498F4A9992FEA459CE7EEF7525AE51A7E04C76D676819A61615A4A92E ] srservice C:\WINDOWS\system32\srsvc.dll
10:16:21.0781 0x0170 srservice - ok
10:16:21.0937 0x0170 [ 7A4F147CC6B133F905F6E65E2F8669FB, 82E3C4F1A92D8D8129CC1CA07F516B537EA6A3B2EEDF47A2C32BEC7828A83A32 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:16:21.0968 0x0170 Srv - ok
10:16:22.0046 0x0170 [ 4B8D61792F7175BED48859CC18CE4E38, 13C50FACC85828F56FF5B29D13B004933352CB581B62B218038B503561531981 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:16:22.0109 0x0170 SSDPSRV - ok
10:16:22.0343 0x0170 [ 797FCC1D859B203958E915BB82528DA9, CF2BB15ED03322323CEFAD2D9600959ADB41B22E22D78D81E79969C784F09A66 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
10:16:22.0468 0x0170 STHDA - ok
10:16:22.0687 0x0170 [ B6763F8534AC547CF1AF98AFDFF2EDC8, 5E199091F10373451623855DD2A4ED625E062545DBAC20DDE80C0E3E3CE271DA ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:16:22.0953 0x0170 stisvc - ok
10:16:22.0968 0x0170 [ 03C1BAE4766E2450219D20B993D6E046, 0D8E5B141EAA9E2C8D1F8BFD522F57EE8074216A336CBE37FE77B8ADDB791DBE ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:16:23.0046 0x0170 swenum - ok
10:16:23.0078 0x0170 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D, EEF6DB9EDD8C273A6595675A7A12B9D440FA4E178BA7C69FB1942D97E291F989 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:16:23.0156 0x0170 swmidi - ok
10:16:23.0156 0x0170 SwPrv - ok
10:16:23.0187 0x0170 [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
10:16:23.0265 0x0170 symc810 - ok
10:16:23.0296 0x0170 [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:16:23.0375 0x0170 symc8xx - ok
10:16:23.0406 0x0170 [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:16:23.0484 0x0170 sym_hi - ok
10:16:23.0531 0x0170 [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:16:23.0640 0x0170 sym_u3 - ok
10:16:23.0703 0x0170 [ 650AD082D46BAC0E64C9C0E0928492FD, 6A587A55418A3A7867602D92B99FE393152DED191F27992C4BA909BD268AC43C ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:16:23.0781 0x0170 sysaudio - ok
10:16:23.0828 0x0170 [ 8B54AA346D1B1B113FFAA75501B8B1B2, 0DBCAA0FEA212F2274973B1CAD8DB0AD7FC117D8483C9BB78166372907A5B398 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:16:23.0921 0x0170 SysmonLog - ok
10:16:24.0031 0x0170 [ FB78839B36025AA286A51289ED28B73E, DA7046522118BFFD596242CA4ADE6B88D6B6A87D30D7F1175C9E9D912162F1B5 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:16:24.0281 0x0170 TapiSrv - ok
10:16:24.0468 0x0170 [ 2A5554FC5B1E04E131230E3CE035C3F9, 97CD31598A95BAF227BD4763AE721DCBF2E7BBB951E95F33B56C94C3B1D7CF4A ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:16:24.0531 0x0170 Tcpip - ok
10:16:24.0656 0x0170 [ 1AA9DBC8B58C4A610BFDD6F3884936C9, 308ED56945239FADEA49E9BA74E542A69B0CA7E906F6FFED1F6C5BFE669CE597 ] tcsd_win32.exe C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
10:16:24.0656 0x0170 tcsd_win32.exe - detected UnsignedFile.Multi.Generic ( 1 )
10:16:27.0062 0x0170 Detect skipped due to KSN trusted
10:16:27.0062 0x0170 tcsd_win32.exe - ok
10:16:27.0078 0x0170 [ 38D437CF2D98965F239B0ABCD66DCB0F, CC497A25C7AC1FF1E07CEE25FB0C5A5E6C4005C1CB244601FE620884A5C26506 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:16:27.0140 0x0170 TDPIPE - ok
10:16:27.0171 0x0170 [ ED0580AF02502D00AD8C4C066B156BE9, 41AA6C88CF48CAF0DA8E374F37E74206E4F558332075304A28983D04E08B3154 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:16:27.0250 0x0170 TDTCP - ok
10:16:27.0281 0x0170 [ A540A99C281D933F3D69D55E48727F47, CC430FA0E0F1745E167877003FDCC35FE940AF8CAD05387ECBA880CC3A3F6709 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:16:27.0343 0x0170 TermDD - ok
10:16:27.0421 0x0170 [ B60C877D16D9C880B952FDA04ADF16E6, 244D59A555349259D81D4643500E714A053D4A06DF892A8EDCAA0DC5EADFF050 ] TermService C:\WINDOWS\System32\termsrv.dll
10:16:27.0500 0x0170 TermService - ok
10:16:27.0546 0x0170 [ 6815DEF9B810AEFAC107EEAF72DA6F82, 0132004894326B54D1B8AD2C31FB8BDE45EA66DB9962C0CE1207941A13630896 ] Themes C:\WINDOWS\System32\shsvcs.dll
10:16:27.0796 0x0170 Themes - ok
10:16:27.0828 0x0170 [ 37DB0A7D097310E8B4DE803FC3119C78, 2335C1D47ED3EFBC41AA4DC6BF35588605CAAA67BD047B431E07BAD7201BABC3 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
10:16:27.0890 0x0170 TlntSvr - ok
10:16:27.0921 0x0170 [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
10:16:28.0000 0x0170 TosIde - ok
10:16:28.0046 0x0170 [ 6D9AC544B30F96C57F8206566C1FB6A1, C39D35D169A3BCA5E458815A1B60CE92D19BC04579D62DAB9396B42760C5E47B ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:16:28.0140 0x0170 TrkWks - ok
10:16:28.0171 0x0170 [ 12F70256F140CD7D52C58C7048FDE657, F2E3E645AA713A520452F5E17513D258D3900E93F65013551FC2B542BFA15BB3 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:16:28.0250 0x0170 Udfs - ok
10:16:28.0265 0x0170 [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
10:16:28.0312 0x0170 ultra - ok
10:16:28.0453 0x0170 [ CED744117E91BDC0BEB810F7D8608183, 8D429F6B4A206D82C3BB18C7675B6C3910D5A1CB892F5D07EA8E8080D729AD07 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:16:28.0718 0x0170 Update - ok
10:16:28.0828 0x0170 [ ACA5D98663D879C6BAAFCEA7E2F1B710, C8DA38619880E3B34A0C880BF1E9217A39B287493C7DD6E94C9565F4042913D7 ] upnphost C:\WINDOWS\System32\upnphost.dll
10:16:29.0078 0x0170 upnphost - ok
10:16:29.0125 0x0170 [ 3F5DF65B0758675F95A2D43918A740A3, BC639259E0365C66F4C6CF2F341395942706810E4B393598429FA3B929D16D8C ] UPS C:\WINDOWS\System32\ups.exe
10:16:29.0203 0x0170 UPS - ok
10:16:29.0250 0x0170 [ BFFD9F120CC63BCBAA3D840F3EEF9F79, 0183D82E341473200FB1A05F6ABBBA3F2BD635654F49599E4CEB3E6394A33D36 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:16:29.0328 0x0170 usbccgp - ok
10:16:29.0343 0x0170 [ 708579B01FED227AADB393CB0C3B4A2C, 35D25CEF854D8B1A3CDAF552D2ABFA0F25F84ABA9CB4BAFBE3E85DB3BFCFA4A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:16:29.0578 0x0170 usbehci - ok
10:16:29.0609 0x0170 [ C72F40947F92CEA56A8FB532EDF025F1, EBB9E235C973574B835B1FD22D813E9215029B3FC5030591D6F7971C9A23AEF7 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:16:29.0687 0x0170 usbhub - ok
10:16:29.0718 0x0170 [ 6CD7B22193718F1D17A47A1CD6D37E75, CFD74FE06819DA488654F88BFCCBF29994FE7F04EC6CD5CD41552B0C95A8130F ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:16:29.0796 0x0170 USBSTOR - ok
10:16:29.0828 0x0170 [ F8FD1400092E23C8F2F31406EF06167B, AE93C83BA1966535AFA3E72D6F69156B7E56F021A6808EC8DA44C7E7D506D7E5 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:16:29.0906 0x0170 usbuhci - ok
10:16:29.0937 0x0170 [ 8A60EDD72B4EA5AEA8202DAF0E427925, ED0624B285E4F64E07E30C12490873A2090F9DFD6A91A2EDA7A1082B88A8199E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:16:30.0015 0x0170 VgaSave - ok
10:16:30.0046 0x0170 [ D92E7C8A30CFD14D8E15B5F7F032151B, EE85C489EC95DAAFED814189CEF86BB4444AFC14C209CD36930B8B7E7B1D7725 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:16:30.0125 0x0170 viaagp - ok
10:16:30.0156 0x0170 [ 59CB1338AD3654417BEA49636457F65D, 1B03B894BEA354C190782C6570498B5126F3B884E9DBFE6E9B176D7C47AD79D4 ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
10:16:30.0234 0x0170 ViaIde - ok
10:16:30.0265 0x0170 [ EE4660083DEBA849FF6C485D944B379B, 4DA3CA0DEA0698D387EA370D9BBFF06FEF1C0A5B3D7F772164441B63B8A3927A ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:16:30.0343 0x0170 VolSnap - ok
10:16:30.0468 0x0170 [ 3EE00364AE0FD8D604F46CBAF512838A, 962168941F4E291F2B5236DA7DB84E50DC335F42595B4BC31FCB7960BD8743FC ] VSS C:\WINDOWS\System32\vssvc.exe
10:16:30.0750 0x0170 VSS - ok
10:16:30.0859 0x0170 [ 2B281958F5D0CF99ED626E3EF39D5C8D, FB46398AE01CDD9CB6E1E647E4DDA86B670F93F787D69B885C7E930D4FF8F3FC ] w32time C:\WINDOWS\system32\w32time.dll
10:16:30.0937 0x0170 w32time - ok
10:16:30.0968 0x0170 [ 984EF0B9788ABF89974CFED4BFBAACBC, 8178888E3A1AA3BD3BE34456118BB76AF2DD04EC575E4880F97A8EFB182C9E92 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:16:31.0031 0x0170 Wanarp - ok
10:16:31.0031 0x0170 WDICA - ok
10:16:31.0078 0x0170 [ EFD235CA22B57C81118C1AEB4798F1C1, 16EE95A1D51F318224152492FB1663D96E61EC1706E85AE820CD023CBA1CF1F3 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:16:31.0312 0x0170 wdmaud - ok
10:16:31.0390 0x0170 [ 265F534EF76832435AFBF771EC97176D, 67C1C932A20A92D2D180D6763AC9297FA0B6D4C225501C7739B0B45F52FEC6E1 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:16:31.0625 0x0170 WebClient - ok
10:16:31.0687 0x0170 [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4, A6020D41FEA0CC76D0C3CA3A88F3E9493022CD5A549E18B02D69A482B579F339 ] WimFltr C:\WINDOWS\system32\DRIVERS\wimfltr.sys
10:16:31.0828 0x0170 WimFltr - ok
10:16:32.0078 0x0170 [ F399242A80C4066FD155EFA4CF96658E, DC40735D288193170DAF5571A829702EDC07DDAEA87ECF59490DFB516A690F9B ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:16:32.0156 0x0170 winmgmt - ok
10:16:32.0218 0x0170 [ C086483E3DBA8C1C0A687EC8D5B3D4C1, DBEB01C8B1E7CF45C53EAC00526B3DF878A9B90CCEBD524261581CA816C23BE2 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
10:16:32.0296 0x0170 WmdmPmSN - ok
10:16:32.0515 0x0170 [ E8E57B0F9EB03D1AABEC28D550C75116, 430E0613C3BE6259580A997D951C611C2F70D992B8811A170E9C5D6E44C726EB ] Wmi C:\WINDOWS\System32\advapi32.dll
10:16:32.0593 0x0170 Wmi - ok
10:16:32.0656 0x0170 [ BA8CECC3E813E1F7C441B20393D4F86C, E60AC60B67926F61AD872412DC2E096825F97D725B66834328EC3B97F62DBFEA ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:16:32.0750 0x0170 WmiApSrv - ok
10:16:32.0781 0x0170 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:16:32.0843 0x0170 WS2IFSL - ok
10:16:32.0921 0x0170 [ 4D59DAA66C60858CDF4F67A900F42D4A, 312DC7D712F0807EBE5B3984E1BC19E7327D6357818D51AEB33058B052AEAA83 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:16:33.0000 0x0170 wscsvc - ok
10:16:33.0046 0x0170 [ 13D72740963CBA12D9FF76A7F218BCD8, 3E4D0369F85E64FB6E4088753D7654D58900B480BEBF42F3CB6969355CEAC5A8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:16:33.0125 0x0170 wuauserv - ok
10:16:33.0312 0x0170 [ 5A91E6FEAB9F901302FA7FF768C0120F, 83A1A719508CB4E504D9A75BBB6FCEA1E15C1EC574B8BD18BA40B2A18EF9918E ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:16:33.0437 0x0170 WZCSVC - ok
10:16:33.0500 0x0170 [ EEF46DAB68229A14DA3D8E73C99E2959, C9D7083BC69E1A4672D06CBD9E4E6FD93C3CA67E28EC040D1CC6AAFBFC825813 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:16:33.0578 0x0170 xmlprov - ok
10:16:33.0593 0x0170 ================ Scan global ===============================
10:16:33.0687 0x0170 [ 00EF9C3AF83EDBAF18CA7A2837750117, 87DB68DC66EADA719411C2B3DB02768C52D61BAA94216FCE9C4EE5C710EE7171 ] C:\WINDOWS\system32\basesrv.dll
10:16:33.0765 0x0170 [ 3D21B3BE0C5768E76FD9780E9CF9E07C, A7EECA58ADAF0EDE772C2B404BDB9F4EE9D19CAA5384E41EBF0CCE885A1F8594 ] C:\WINDOWS\system32\winsrv.dll
10:16:33.0796 0x0170 [ 3D21B3BE0C5768E76FD9780E9CF9E07C, A7EECA58ADAF0EDE772C2B404BDB9F4EE9D19CAA5384E41EBF0CCE885A1F8594 ] C:\WINDOWS\system32\winsrv.dll
10:16:33.0828 0x0170 [ 4712531AB7A01B7EE059853CA17D39BD, D029A599E95F1FDF8AAC122FDE70E8DA6A4CEF0F8DB6543C6BF4AF35169B2203 ] C:\WINDOWS\system32\services.exe
10:16:33.0828 0x0170 [ Global ] - ok
10:16:33.0828 0x0170 ================ Scan MBR ==================================
10:16:33.0875 0x0170 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:16:37.0921 0x0170 \Device\Harddisk0\DR0 - ok
10:16:37.0921 0x0170 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
10:16:38.0437 0x0170 \Device\Harddisk1\DR1 - ok
10:16:38.0437 0x0170 ================ Scan VBR ==================================
10:16:38.0484 0x0170 [ C5A54D51D659032E6552BA736AF61280 ] \Device\Harddisk0\DR0\Partition1
10:16:38.0515 0x0170 \Device\Harddisk0\DR0\Partition1 - ok
10:16:38.0515 0x0170 [ 0394E80AD1166C34A47EA2AF07C3AB3D ] \Device\Harddisk1\DR1\Partition1
10:16:38.0531 0x0170 \Device\Harddisk1\DR1\Partition1 - ok
10:16:38.0531 0x0170 ================ Scan active images ========================
10:16:38.0531 0x0170 [ 279FB78702454DFF2BB445F238C048D2, 51A559AD7C9CAA8BD60D4E167E850B978083FAE9C5632E47D13B1092B56FD0BA ] C:\WINDOWS\system32\drivers\intelppm.sys
10:16:38.0531 0x0170 C:\WINDOWS\system32\drivers\intelppm.sys - ok
10:16:38.0531 0x0170 [ D5A9D123F5ED7C9965A481BD20CF66D8, E89C49FF047F85728D69C83E3F544F035FA1672BA08E6D78CB454877D0F4C281 ] C:\WINDOWS\system32\drivers\videoprt.sys
10:16:38.0531 0x0170 C:\WINDOWS\system32\drivers\videoprt.sys - ok
10:16:38.0531 0x0170 [ A93A67F645EA424F0752F8887860FB5F, ACE9D2D66BE6E79407F6CAF7E1B34B237492B3293A55888A8C5DEB86B64988F5 ] C:\WINDOWS\system32\drivers\nv4_mini.sys
10:16:38.0531 0x0170 C:\WINDOWS\system32\drivers\nv4_mini.sys - ok
10:16:38.0546 0x0170 [ BB1A2A73F993B623F99E03ED2F9E014C, 9C60E599087CBD242BAA618AC5E7655B214BEB6DA1EA9D0AD76F16A40B09FC02 ] C:\WINDOWS\system32\drivers\b57xp32.sys
10:16:38.0546 0x0170 C:\WINDOWS\system32\drivers\b57xp32.sys - ok
10:16:38.0546 0x0170 [ E31363D186B3E1D7C4E9117884A6AEE5, AC42CA69D1D973F8DC11103BA42EB4F355E0E90EAB15B3A2F03A5FF6B87E6313 ] C:\WINDOWS\system32\drivers\Hdaudbus.sys
10:16:38.0546 0x0170 C:\WINDOWS\system32\drivers\Hdaudbus.sys - ok
10:16:38.0640 0x0170 [ A6DF50BA7534B13C5A34D0D22CFEBE0C, C45C0D932F91A4A12D4D81DA49205811A344B4C256BC5CDD9361EED97B3C8DED ] C:\WINDOWS\system32\drivers\usbport.sys
10:16:38.0640 0x0170 C:\WINDOWS\system32\drivers\usbport.sys - ok
10:16:38.0640 0x0170 [ 708579B01FED227AADB393CB0C3B4A2C, 35D25CEF854D8B1A3CDAF552D2ABFA0F25F84ABA9CB4BAFBE3E85DB3BFCFA4A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
10:16:38.0640 0x0170 C:\WINDOWS\system32\drivers\usbehci.sys - ok
10:16:38.0640 0x0170 [ F8FD1400092E23C8F2F31406EF06167B, AE93C83BA1966535AFA3E72D6F69156B7E56F021A6808EC8DA44C7E7D506D7E5 ] C:\WINDOWS\system32\drivers\usbuhci.sys
10:16:38.0640 0x0170 C:\WINDOWS\system32\drivers\usbuhci.sys - ok
10:16:38.0656 0x0170 [ CED2E8396A8838E59D8FD529C680E02C, 8542AE6A2D65D3F843EA70F5FFBC150B773C5CFA3FE6388FA68A95416FAD0F6E ] C:\WINDOWS\system32\drivers\fdc.sys
10:16:38.0656 0x0170 C:\WINDOWS\system32\drivers\fdc.sys - ok
10:16:38.0656 0x0170 [ 29744EB4CE659DFE3B4122DEB45BC478, 5F7B63152CDAA031ACB77E793BB7E8210472D6D1EED911F3A0BD70455FC282FC ] C:\WINDOWS\system32\drivers\parport.sys
10:16:38.0656 0x0170 C:\WINDOWS\system32\drivers\parport.sys - ok
10:16:38.0656 0x0170 [ CD9404D115A00D249F70A371B46D5A26, D9FC869FA9A6B9574A1FCE70E7B919D8F79E02B28967E49F6DEF83A84520ECDF ] C:\WINDOWS\system32\drivers\serial.sys
10:16:38.0656 0x0170 C:\WINDOWS\system32\drivers\serial.sys - ok
10:16:38.0750 0x0170 [ D979BEBCF7EDCC9C9EE1857D1A68C67B, 936450704E4F2ADA6FB87F827C042FEC67F67C83D361F858F5F41AA6E8B7256D ] C:\WINDOWS\system32\drivers\DLACDBHM.SYS
10:16:38.0750 0x0170 C:\WINDOWS\system32\drivers\DLACDBHM.SYS - ok
10:16:38.0750 0x0170 [ F8AA320C6A0409C0380E5D8A99D76EC6, A848B9C489DDFBD48BDA140CB9DD43097686115042745F6444F803739168D391 ] C:\WINDOWS\system32\drivers\imapi.sys
10:16:38.0750 0x0170 C:\WINDOWS\system32\drivers\imapi.sys - ok
10:16:38.0765 0x0170 [ A2D868AEEFF612E70E213C451A70CAFB, 25CBB9E26CDCBD8E221ACF4364E82E8F811C3144E0EEF9DF9DAEC8534243BD3B ] C:\WINDOWS\system32\drivers\serenum.sys
10:16:38.0765 0x0170 C:\WINDOWS\system32\drivers\serenum.sys - ok
10:16:38.0765 0x0170 [ AF9C19B3100FE010496B1A27181FBF72, 64E9E4461F631EED2B2A1FC80DCC9C31DCECB5738289D322E6A6428C840DC621 ] C:\WINDOWS\system32\drivers\cdrom.sys
10:16:38.0765 0x0170 C:\WINDOWS\system32\drivers\cdrom.sys - ok
10:16:38.0765 0x0170 [ B9540E258F952650DE8DEC68719A5C97, C4706B09AAC1D3585F1E4207B0A5287BF9752ED7B427DF378AC8CAC826F8837F ] C:\WINDOWS\system32\drivers\ks.sys
10:16:38.0765 0x0170 C:\WINDOWS\system32\drivers\ks.sys - ok
10:16:38.0781 0x0170 [ B31B4588E4086D8D84ADBF9845C2402B, 0B45979623B0AC774A9426C428954E7FB604FAE0DB187C402AF6052906F4099A ] C:\WINDOWS\system32\drivers\redbook.sys
10:16:38.0781 0x0170 C:\WINDOWS\system32\drivers\redbook.sys - ok
10:16:38.0859 0x0170 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] C:\WINDOWS\system32\drivers\audstub.sys
10:16:38.0859 0x0170 C:\WINDOWS\system32\drivers\audstub.sys - ok
10:16:38.0859 0x0170 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1, 0BC8AF546901E6C20611C5250BD65ACD0C4A8613BD8F8835F0D4680B5777F051 ] C:\WINDOWS\system32\drivers\lmimirr.sys
10:16:38.0859 0x0170 C:\WINDOWS\system32\drivers\lmimirr.sys - ok
10:16:38.0875 0x0170 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C, F59974A2A3C21071BC72CA4DAF5D2DDF93471EC16FD1A34DE9DC1A50027F6835 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
10:16:38.0875 0x0170 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
10:16:38.0875 0x0170 [ 08D43BBDACDF23F34D79E44ED35C1B4C, F72CB8FA67C361C40B4C83F08302D7B2FD9178C1C60A7C236AF08B9CB5162591 ] C:\WINDOWS\system32\drivers\ndistapi.sys
10:16:38.0875 0x0170 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
10:16:38.0875 0x0170 [ 0B90E255A9490166AB368CD55A529893, 90EB17422BF52FE6D0CC6ADA4262D605806C5B583DE04EDEC95FD47EE9697865 ] C:\WINDOWS\system32\drivers\ndiswan.sys
10:16:38.0875 0x0170 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
10:16:38.0890 0x0170 [ 7306EEED8895454CBED4669BE9F79FAA, DC6874ECAD9105BC9EAB007291958911D7D4D3649124472070B3496B36C45200 ] C:\WINDOWS\system32\drivers\raspppoe.sys
10:16:38.0890 0x0170 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
10:16:38.0968 0x0170 [ 1C5CC65AAC0783C344F16353E60B72AC, 7786CFE970A79B327DB57AEBADA8B0B94B4DE07CE8AF285E9835B2AADD597296 ] C:\WINDOWS\system32\drivers\raspptp.sys
10:16:38.0968 0x0170 C:\WINDOWS\system32\drivers\raspptp.sys - ok
10:16:38.0968 0x0170 [ 6891B74AB9A016064E82A419388D0601, EB4C813D551D73ADA539946AB1BDF2D1DABF8EE27BD8E94A0DACA75CC117E6C1 ] C:\WINDOWS\system32\drivers\tdi.sys
10:16:38.0968 0x0170 C:\WINDOWS\system32\drivers\tdi.sys - ok
10:16:38.0984 0x0170 [ C0F1D4A21DE5A415DF8170616703DEBF, 3E21AAD06CF6EB95662B568671B1DBD129CED481761BCDB67088E965E5C0BC5B ] C:\WINDOWS\system32\drivers\msgpc.sys
10:16:38.0984 0x0170 C:\WINDOWS\system32\drivers\msgpc.sys - ok
10:16:38.0984 0x0170 [ 48671F327553DCF1D27F6197F622A668, CB34A17BC36E8F8BB5F87F9EE21311C50DE9AE156513D682581DE47C93EC155D ] C:\WINDOWS\system32\drivers\psched.sys
10:16:38.0984 0x0170 C:\WINDOWS\system32\drivers\psched.sys - ok
10:16:38.0984 0x0170 [ EBDEE8A2EE5393890A1ACEE971C4C246, ACC57A7BACAB100FB2903451D2A48BFE936E3B8F9B13882C1D2DFF9D19BD1D34 ] C:\WINDOWS\system32\drivers\kbdclass.sys
10:16:38.0984 0x0170 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
10:16:39.0000 0x0170 [ 34E1F0031153E491910E12551400192C, D608F77DB7035FD676773A3DF8DBC5DD52CC5198D0681A73D7EAA6C161047A90 ] C:\WINDOWS\system32\drivers\mouclass.sys
10:16:39.0000 0x0170 C:\WINDOWS\system32\drivers\mouclass.sys - ok
10:16:39.0093 0x0170 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] C:\WINDOWS\system32\drivers\ptilink.sys
10:16:39.0093 0x0170 C:\WINDOWS\system32\drivers\ptilink.sys - ok
10:16:39.0109 0x0170 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] C:\WINDOWS\system32\drivers\raspti.sys
10:16:39.0125 0x0170 C:\WINDOWS\system32\drivers\raspti.sys - ok
10:16:39.0125 0x0170 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD, 586900D30F44E132AC75520EFF4FF615AA46283F1F050AC93FF9C235AC0F1D75 ] C:\WINDOWS\system32\drivers\rdpdr.sys
10:16:39.0125 0x0170 C:\WINDOWS\system32\drivers\rdpdr.sys - ok
10:16:39.0125 0x0170 [ A540A99C281D933F3D69D55E48727F47, CC430FA0E0F1745E167877003FDCC35FE940AF8CAD05387ECBA880CC3A3F6709 ] C:\WINDOWS\system32\drivers\termdd.sys
10:16:39.0125 0x0170 C:\WINDOWS\system32\drivers\termdd.sys - ok
10:16:39.0140 0x0170 [ 03C1BAE4766E2450219D20B993D6E046, 0D8E5B141EAA9E2C8D1F8BFD522F57EE8074216A336CBE37FE77B8ADDB791DBE ] C:\WINDOWS\system32\drivers\swenum.sys
10:16:39.0140 0x0170 C:\WINDOWS\system32\drivers\swenum.sys - ok
10:16:39.0140 0x0170 [ CED744117E91BDC0BEB810F7D8608183, 8D429F6B4A206D82C3BB18C7675B6C3910D5A1CB892F5D07EA8E8080D729AD07 ] C:\WINDOWS\system32\drivers\update.sys
10:16:39.0140 0x0170 C:\WINDOWS\system32\drivers\update.sys - ok
10:16:39.0234 0x0170 [ DBF0D7E2DF33B469EB55406FEA759350, D7BCE2D8DC42F9104E734C466498E6B0ACB1F64060CF5767444C46C936C1DE3F ] C:\WINDOWS\system32\drivers\atmeltpm.sys
10:16:39.0234 0x0170 C:\WINDOWS\system32\drivers\atmeltpm.sys - ok
10:16:39.0234 0x0170 [ 469541F8BFD2B32659D5D463A6714BCE, 46AA7D2442DCC4C51C08BA0C00136F058F9160E6D6EDE78B2FD82545AE4FD10B ] C:\WINDOWS\system32\drivers\mssmbios.sys
10:16:39.0234 0x0170 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
10:16:39.0234 0x0170 [ 59FC3FB44D2669BC144FD87826BB571F, B3C8CEFB09D5C85CBF12AED8CDB1FE455679D3436337263EFDABDC5116D92453 ] C:\WINDOWS\system32\drivers\ndproxy.sys
10:16:39.0234 0x0170 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
10:16:39.0250 0x0170 [ FF86422268DE771D571E123EB7092C6A, 4F1D9BBA2C1B36EA114F8D88EA8BEBA0A18236913B9233CB794BFB048B9E831B ] C:\WINDOWS\system32\drivers\drmk.sys
10:16:39.0250 0x0170 C:\WINDOWS\system32\drivers\drmk.sys - ok
10:16:39.0250 0x0170 [ BC6B2BC69C1E009443E8B1FE2DB96101, B01AF9938ABDFF9EF56B10F8D5532A6FBA807BEE06E8BD8C8A9B4356A27CC704 ] C:\WINDOWS\system32\drivers\portcls.sys
10:16:39.0250 0x0170 C:\WINDOWS\system32\drivers\portcls.sys - ok
10:16:39.0250 0x0170 [ 797FCC1D859B203958E915BB82528DA9, CF2BB15ED03322323CEFAD2D9600959ADB41B22E22D78D81E79969C784F09A66 ] C:\WINDOWS\system32\drivers\sthda.sys
10:16:39.0250 0x0170 C:\WINDOWS\system32\drivers\sthda.sys - ok
10:16:39.0359 0x0170 [ 596EB39B50D6EBD9B734DC4AE0544693, EFCA2CFFFB8467BAC63F5174F125FEEFFA1F29491285C5BF99B3A2B2A6A25934 ] C:\WINDOWS\system32\drivers\usbd.sys
10:16:39.0359 0x0170 C:\WINDOWS\system32\drivers\usbd.sys - ok
10:16:39.0359 0x0170 [ C72F40947F92CEA56A8FB532EDF025F1, EBB9E235C973574B835B1FD22D813E9215029B3FC5030591D6F7971C9A23AEF7 ] C:\WINDOWS\system32\drivers\usbhub.sys
10:16:39.0359 0x0170 C:\WINDOWS\system32\drivers\usbhub.sys - ok
10:16:39.0359 0x0170 [ 0DD1DE43115B93F4D85E889D7A86F548, D50F7AAE5416C6D41845960BDDA24E97226F609AA726E4F88601ADC9ED50E872 ] C:\WINDOWS\system32\drivers\flpydisk.sys
10:16:39.0359 0x0170 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
10:16:39.0375 0x0170 [ 8F09F91B5C91363B77BCD15599570F2C, D855AA7187616E056EA01A0CB1DC9AC16A13B54143FF3C61333BD9A2C0CF3D29 ] C:\WINDOWS\system32\drivers\i2omgmt.sys
10:16:39.0375 0x0170 C:\WINDOWS\system32\drivers\i2omgmt.sys - ok
10:16:39.0375 0x0170 [ 0D13B6DF6E9E101013A7AFB0CE629FE0, 2214EA0F16BB33970E299CE457EB50AEE0BEF7959BC1EBD3C06C78A46B42B808 ] C:\WINDOWS\system32\drivers\sfloppy.sys
10:16:39.0375 0x0170 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
10:16:39.0375 0x0170 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] C:\WINDOWS\system32\drivers\cdaudio.sys
10:16:39.0375 0x0170 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
10:16:39.0421 0x0170 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] C:\WINDOWS\system32\drivers\beep.sys
10:16:39.0421 0x0170 C:\WINDOWS\system32\drivers\beep.sys - ok
10:16:39.0421 0x0170 [ 7EE0852AE8907689DF25049DCD2342E8, A5F08D78200F5CB02539C87EA574EB34F0C330C290D7BE5D21ED42B0E04E5CF4 ] C:\WINDOWS\system32\drivers\DLARTL_N.SYS
10:16:39.0421 0x0170 C:\WINDOWS\system32\drivers\DLARTL_N.SYS - ok
10:16:39.0421 0x0170 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] C:\WINDOWS\system32\drivers\fs_rec.sys
10:16:39.0421 0x0170 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
10:16:39.0421 0x0170 [ 5FFF41CD5108E9051D255C37825AF697, 8EEEF1A89DAE3EE27A344D98D2E930DFFB39010482C2BAC5E8D6A84DFA522E82 ] C:\WINDOWS\system32\drivers\hidparse.sys
10:16:39.0421 0x0170 C:\WINDOWS\system32\drivers\hidparse.sys - ok
10:16:39.0437 0x0170 [ 5502B58EEF7486EE6F93F3F164DCB808, 7E56E49D6444F2F48037B859B491DF95E1C90EC7ED4EF9C477CD2C49783E62E0 ] C:\WINDOWS\system32\drivers\i8042prt.sys
10:16:39.0437 0x0170 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
10:16:39.0437 0x0170 [ E182FA8E49E8EE41B4ADC53093F3C7E6, 2E713992C9B40F6010373A2FFF6DBCC8723BB328DE6875793C46072D8323E9BB ] C:\WINDOWS\system32\drivers\kbdhid.sys
10:16:39.0437 0x0170 C:\WINDOWS\system32\drivers\kbdhid.sys - ok
10:16:39.0437 0x0170 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] C:\WINDOWS\system32\drivers\mnmdd.sys
10:16:39.0437 0x0170 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
10:16:39.0562 0x0170 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] C:\WINDOWS\system32\drivers\null.sys
10:16:39.0562 0x0170 C:\WINDOWS\system32\drivers\null.sys - ok
10:16:39.0562 0x0170 [ 8A60EDD72B4EA5AEA8202DAF0E427925, ED0624B285E4F64E07E30C12490873A2090F9DFD6A91A2EDA7A1082B88A8199E ] C:\WINDOWS\system32\drivers\vga.sys
10:16:39.0562 0x0170 C:\WINDOWS\system32\drivers\vga.sys - ok
10:16:39.0562 0x0170 [ 64537AA5C003A6AFEEE1DF819062D0D1, 5A6C11317DEF14B8C34A8C669EB75F7A8D46F05090C43D3DFF602CFA13CC504E ] C:\WINDOWS\system32\drivers\ipsec.sys
10:16:39.0562 0x0170 C:\WINDOWS\system32\drivers\ipsec.sys - ok
10:16:39.0578 0x0170 [ 561B3A4333CA2DBDBA28B5B956822519, 5B53906A29B9AA55A399F880CA989F9878BD943D3E97FB10A25BFD723654AF49 ] C:\WINDOWS\system32\drivers\msfs.sys
10:16:39.0578 0x0170 C:\WINDOWS\system32\drivers\msfs.sys - ok
10:16:39.0578 0x0170 [ 4F601BCB8F64EA3AC0994F98FED03F8E, D9D6783B970CB871DE0C6EDD8BE42F30CD1DCD55D4DF006922D9CFC0CF020D27 ] C:\WINDOWS\system32\drivers\npfs.sys
10:16:39.0578 0x0170 C:\WINDOWS\system32\drivers\npfs.sys - ok
10:16:39.0656 0x0170 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] C:\WINDOWS\system32\drivers\rasacd.sys
10:16:39.0656 0x0170 C:\WINDOWS\system32\drivers\rasacd.sys - ok
10:16:39.0671 0x0170 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] C:\WINDOWS\system32\drivers\rdpcdd.sys
10:16:39.0671 0x0170 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
10:16:39.0671 0x0170 [ 2A5554FC5B1E04E131230E3CE035C3F9, 97CD31598A95BAF227BD4763AE721DCBF2E7BBB951E95F33B56C94C3B1D7CF4A ] C:\WINDOWS\system32\drivers\tcpip.sys
10:16:39.0671 0x0170 C:\WINDOWS\system32\drivers\tcpip.sys - ok
10:16:39.0671 0x0170 [ E2168CBC7098FFE963C6F23F472A3593, 93B60D02ACBDDCE78BD4020B9CE0C132A8DD28FC2266B2748A22717B93AFF7C9 ] C:\WINDOWS\system32\drivers\ipnat.sys
10:16:39.0671 0x0170 C:\WINDOWS\system32\drivers\ipnat.sys - ok
10:16:39.0671 0x0170 [ 0C80E410CD2F47134407EE7DD19CC86B, 2A1D0CE9797F4AB7A24873947A26DD6413B8DBB5A82C24CF28D1FC243AEFC5C8 ] C:\WINDOWS\system32\drivers\netbt.sys
10:16:39.0671 0x0170 C:\WINDOWS\system32\drivers\netbt.sys - ok
10:16:39.0687 0x0170 [ 55E6E1C51B6D30E54335750955453702, 49BE694FB65F195A65EC631558BA599345C6641A6A5AA2F1053611B715F4677A ] C:\WINDOWS\system32\drivers\afd.sys
10:16:39.0687 0x0170 C:\WINDOWS\system32\drivers\afd.sys - ok
10:16:39.0765 0x0170 [ 3A2ACA8FC1D7786902CA434998D7CEB4, ECE218DCDCB4D0A5CA8CBD14E931BAA3B5F381B70BBACB65B0EBBB46D2D31683 ] C:\WINDOWS\system32\drivers\netbios.sys
10:16:39.0765 0x0170 C:\WINDOWS\system32\drivers\netbios.sys - ok
10:16:39.0781 0x0170 [ 984EF0B9788ABF89974CFED4BFBAACBC, 8178888E3A1AA3BD3BE34456118BB76AF2DD04EC575E4880F97A8EFB182C9E92 ] C:\WINDOWS\system32\drivers\wanarp.sys
10:16:39.0781 0x0170 C:\WINDOWS\system32\drivers\wanarp.sys - ok
10:16:39.0781 0x0170 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
10:16:39.0781 0x0170 C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
10:16:39.0781 0x0170 [ FB6C89BB3CE282B08BDB1E3C179E1C39, 0558617DB859228332F4B7E44875AB3CDBA370E78C23BB5E80B159AAA7087B3E ] C:\WINDOWS\system32\drivers\mrxsmb.sys
10:16:39.0781 0x0170 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
10:16:39.0796 0x0170 [ 03B965B1CA47F6EF60EB5E51CB50E0AF, 56B0F5FC470385F2FF4E4573099C96772EDB985398859B9F7ACE0AA704BB47B7 ] C:\WINDOWS\system32\drivers\rdbss.sys
10:16:39.0796 0x0170 C:\WINDOWS\system32\drivers\rdbss.sys - ok
10:16:39.0796 0x0170 [ E153AB8A11DE5452BCF5AC7652DBF3ED, AEB48687C604B0CDE5F1A13C2EC854CFFBE1CE0837C3898D6D4C6B71265D0ED0 ] C:\WINDOWS\system32\drivers\fips.sys
10:16:39.0796 0x0170 C:\WINDOWS\system32\drivers\fips.sys - ok
10:16:39.0890 0x0170 [ BD7FB0957C716F1A60333AEE04DE2178, 4460083351B13FB64919A24425296D7D938558A1B3C86112A30F37289810C2CC ] C:\WINDOWS\system32\smss.exe
10:16:39.0890 0x0170 C:\WINDOWS\system32\smss.exe - ok
10:16:39.0890 0x0170 [ 2F868BFFBF50524653D7FE0D99AFB064, 53F589256DF0586AA771ABAD23201A1897C78348832B24CAADE36F92294C4EE6 ] C:\WINDOWS\system32\ntdll.dll
10:16:39.0890 0x0170 C:\WINDOWS\system32\ntdll.dll - ok
10:16:39.0890 0x0170 [ B3415B9D6026F65E43089ABED096C38C, A3FFC3D564FADAEAA65668194E37CB9852C56B4AC0AB4F683435CE9E6C8F13D0 ] C:\WINDOWS\system32\autochk.exe
10:16:39.0890 0x0170 C:\WINDOWS\system32\autochk.exe - ok
10:16:39.0906 0x0170 [ 30A609E00BD1D4FFC49D6B5A432BE7F2, 2C7214E17E21D62F735C98EEE968C8118A171F01FA77588D298DADBF9D4D82F5 ] C:\WINDOWS\system32\sfcfiles.dll
10:16:39.0906 0x0170 C:\WINDOWS\system32\sfcfiles.dll - ok
10:16:39.0906 0x0170 [ CD7D5152DF32B47F4E36F710B35AAE02, 7382890CC1B27FC66C3E94E064562BBD87B3C75577CB0FD10860B8E2CE07D12E ] C:\WINDOWS\system32\drivers\cdfs.sys
10:16:39.0906 0x0170 C:\WINDOWS\system32\drivers\cdfs.sys - ok
10:16:39.0906 0x0170 [ 019CF5F31C67030841233C545A0E217A, 594D97054E3A8034D8BC3AE3B9CD8A00D95BB68F8CDA84E96D8EE08D5F24E101 ] C:\WINDOWS\system32\drivers\iaStor.sys
10:16:39.0906 0x0170 C:\WINDOWS\system32\drivers\iaStor.sys - ok
10:16:40.0015 0x0170 [ FE97D0343ACFDEBDD578FC67CC91FA87, FE26FBA13079189EF96A1C994036EA472A4BF34FA14C163C693AD481BF31E676 ] C:\WINDOWS\system32\drivers\dxapi.sys
10:16:40.0015 0x0170 C:\WINDOWS\system32\drivers\dxapi.sys - ok
10:16:40.0015 0x0170 [ C9BF2F12C4E6C12F8A85FBA4B6BC6208, 711E5874F15E4125ED521382F0BBE71C4A21FB96E3ECAAF7A95F8F2C6E551B96 ] C:\WINDOWS\system32\watchdog.sys
10:16:40.0015 0x0170 C:\WINDOWS\system32\watchdog.sys - ok
10:16:40.0031 0x0170 [ 7190A8EBD16D56C78864E49C9BB5FE7D, D10CBC4CCC2D59472C0747DBAE85368B10C447FE37C1192BBB59BD41E684FDA7 ] C:\WINDOWS\system32\win32k.sys
10:16:40.0031 0x0170 C:\WINDOWS\system32\win32k.sys - ok
10:16:40.0031 0x0170 [ 00EF9C3AF83EDBAF18CA7A2837750117, 87DB68DC66EADA719411C2B3DB02768C52D61BAA94216FCE9C4EE5C710EE7171 ] C:\WINDOWS\system32\basesrv.dll
10:16:40.0031 0x0170 C:\WINDOWS\system32\basesrv.dll - ok
10:16:40.0031 0x0170 [ EFD2862F003538B9A5B4C015F8FDB1B3, 016CCBA850E99A8874622ADCA0741C47166453D68B6C55244115860760BFC2CA ] C:\WINDOWS\system32\csrsrv.dll
10:16:40.0031 0x0170 C:\WINDOWS\system32\csrsrv.dll - ok
10:16:40.0046 0x0170 [ F12B178B1678D778CFD3FF1FC38C71FB, 42A7AEB7D7056D583B620993F733D259B78600AAB2C9B95E58D437A6401C79B1 ] C:\WINDOWS\system32\csrss.exe
10:16:40.0046 0x0170 C:\WINDOWS\system32\csrss.exe - ok
10:16:40.0140 0x0170 [ 3D21B3BE0C5768E76FD9780E9CF9E07C, A7EECA58ADAF0EDE772C2B404BDB9F4EE9D19CAA5384E41EBF0CCE885A1F8594 ] C:\WINDOWS\system32\winsrv.dll
10:16:40.0140 0x0170 C:\WINDOWS\system32\winsrv.dll - ok
10:16:40.0140 0x0170 [ 0C07B16769E579F78C541773D0A2E7E0, 30E148F59211175398A5B10229117974E31A93622BA5ADA8599920DAB8F6FA06 ] C:\WINDOWS\system32\gdi32.dll
10:16:40.0140 0x0170 C:\WINDOWS\system32\gdi32.dll - ok
10:16:40.0156 0x0170 [ B6ACAED7588295129791E0E6A2B0FADE, 7CD8D903974985F74E7843204168C8EA720322BE84EDB2BA4ED508EE353CC174 ] C:\WINDOWS\system32\kernel32.dll
10:16:40.0156 0x0170 C:\WINDOWS\system32\kernel32.dll - ok
10:16:40.0156 0x0170 [ B409909F6E2E8A7067076ED748ABF1E7, 3D1EF8915829C2C48ABCA74F6B590541AC38E24F02B4D5A0AFB6C9099CCD672F ] C:\WINDOWS\system32\user32.dll
10:16:40.0156 0x0170 C:\WINDOWS\system32\user32.dll - ok
10:16:40.0156 0x0170 [ D3DAC8432110AAD0B02A58B4459AB835, CA44B2A02554E76CCBE95623AD129EDAB3AADFA5E675CB528E62F6440DFC295D ] C:\WINDOWS\system32\drivers\dxg.sys
10:16:40.0156 0x0170 C:\WINDOWS\system32\drivers\dxg.sys - ok
10:16:40.0250 0x0170 [ A73F5D6705B1D820C19B18782E176EFD, C36486504C3A596FDCA487143F6D3B43C0BEE01321F6F1F3071976556533C419 ] C:\WINDOWS\system32\drivers\dxgthk.sys
10:16:40.0250 0x0170 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
10:16:40.0250 0x0170 [ 37D52F28B2B498CD94BECF934A73B773, A5CA0830F6827DDD9BAA52D986CD6BCC98FA4E13C92C570C3835211F87BB7313 ] C:\WINDOWS\system32\nv4_disp.dll
10:16:40.0250 0x0170 C:\WINDOWS\system32\nv4_disp.dll - ok
10:16:40.0250 0x0170 [ ECB7591870F8BFB1A4C17B718AD5A4AA, 67E8D218F107F78F9C62999F560E47AEC799E4B4DC4AB3EBC0DC61670BFE3E3D ] C:\WINDOWS\system32\vga.dll
10:16:40.0250 0x0170 C:\WINDOWS\system32\vga.dll - ok
10:16:40.0265 0x0170 [ 01C3346C241652F43AED8E2149881BFE, AFFD0973CD3128083417D407F62BC4A635FC25B65DBF52E91D3AB4AE2F9C1B4A ] C:\WINDOWS\system32\winlogon.exe
10:16:40.0265 0x0170 C:\WINDOWS\system32\winlogon.exe - ok
10:16:40.0265 0x0170 [ E8E57B0F9EB03D1AABEC28D550C75116, 430E0613C3BE6259580A997D951C611C2F70D992B8811A170E9C5D6E44C726EB ] C:\WINDOWS\system32\advapi32.dll
10:16:40.0265 0x0170 C:\WINDOWS\system32\advapi32.dll - ok
10:16:40.0265 0x0170 [ 461B6E2F04112E659280314B7A414F30, 2A4B7AB7B2A3C147EF7B5C2DA6225D7A0545AED38DE21E5C735300EE7E16EB96 ] C:\WINDOWS\system32\rpcrt4.dll
10:16:40.0265 0x0170 C:\WINDOWS\system32\rpcrt4.dll - ok
10:16:40.0390 0x0170 [ 1D141672CE98383B22A1846E4D43C159, EE334621108901020F2CA7E7E2C5CF8745E24F4ED3E4CA72BF2C21A80F1FCE6C ] C:\WINDOWS\system32\secur32.dll
10:16:40.0390 0x0170 C:\WINDOWS\system32\secur32.dll - ok
10:16:40.0390 0x0170 [ 5C3DF25926729EBEEF5CC7FF1933B360, 605EA357EC4F350116F438746CD6E7D06A956D7047D80E95166BEB43A08A4517 ] C:\WINDOWS\system32\authz.dll
10:16:40.0390 0x0170 C:\WINDOWS\system32\authz.dll - ok
10:16:40.0406 0x0170 [ B0FEFA816D61EC66AA765DDF534EAB5E, 283BDB2D940BACAC7DEB4E50E7E6C48AE17B2E2746E8AA07679466050F8FFB8B ] C:\WINDOWS\system32\msvcrt.dll
10:16:40.0406 0x0170 C:\WINDOWS\system32\msvcrt.dll - ok
10:16:40.0406 0x0170 [ EFC958396A7A7EF7E6D4A52B97512E18, BAB36BEA10FC505EF750B3ECA4A728803FCACB8BAE6E2B0BE60B60FE80D31F67 ] C:\WINDOWS\system32\crypt32.dll
10:16:40.0406 0x0170 C:\WINDOWS\system32\crypt32.dll - ok
10:16:40.0406 0x0170 [ DDE959EFC7CD79D1AC4BDA320A959DC0, 84F6C1432C546E921F389E5D359CAD25F8B7AC906E1C0DEA86618C205CEDC01E ] C:\WINDOWS\system32\msasn1.dll
10:16:40.0406 0x0170 C:\WINDOWS\system32\msasn1.dll - ok
10:16:40.0421 0x0170 [ 458AB591E8CF240CC105A23671F2C3D6, C123D2FF42B826A5BD745FCA2BF06C7EE0D8FFCCEB985CC2441C07EA659D9E44 ] C:\WINDOWS\system32\nddeapi.dll
10:16:40.0421 0x0170 C:\WINDOWS\system32\nddeapi.dll - ok
10:16:40.0515 0x0170 [ 0A457307006530FD03A797F572A067FA, E08E1611EF8707B14291BEFE3DB3D87D6595EF11D0352500A19C5A386A1888A1 ] C:\WINDOWS\system32\netapi32.dll
10:16:40.0515 0x0170 C:\WINDOWS\system32\netapi32.dll - ok
10:16:40.0515 0x0170 [ FE4F71711CF5C17ADE5E506348132D24, D57F6531021E639C5D57912F2A3F186F8E6E1D9E766E35D510592C94E372D749 ] C:\WINDOWS\system32\profmap.dll
10:16:40.0515 0x0170 C:\WINDOWS\system32\profmap.dll - ok
10:16:40.0515 0x0170 [ 2B9B56A89A8A42E917511972A6DB36E3, BE7012675F9B19DE8F7870F46695720F7EDC54120BE285339E0E7D84229CE9CE ] C:\WINDOWS\system32\userenv.dll
10:16:40.0515 0x0170 C:\WINDOWS\system32\userenv.dll - ok
10:16:40.0531 0x0170 [ 96E48C7EB9089D1DBF6F85CA11B264DF, 54A043B40A54C6E44081CB8A7EA13D61FE72A8E57CD417DBD312DD3868A8846E ] C:\WINDOWS\system32\psapi.dll
10:16:40.0531 0x0170 C:\WINDOWS\system32\psapi.dll - ok
10:16:40.0531 0x0170 [ 899ED710FDC37EB7D0115C2932C2B1EB, FCB6437E4A153108AD0FBE273F2DBBED9D3DD344291A5042215B0C23D819335F ] C:\WINDOWS\system32\regapi.dll
10:16:40.0531 0x0170 C:\WINDOWS\system32\regapi.dll - ok
10:16:40.0531 0x0170 [ 7808313CBC634EE08346D5DDFEF1CC5F, 0B158CF48C865AB1E2BF2032D87EC4C624B1BCD58698CF120439245E931B2778 ] C:\WINDOWS\system32\setupapi.dll
10:16:40.0531 0x0170 C:\WINDOWS\system32\setupapi.dll - ok
10:16:40.0640 0x0170 [ D38408967BE738D0C1B47005BCE8CEEB, 0C3A7B0A29EE90425CD220705E43301ABC7C8725FAF954000747D161A676F72C ] C:\WINDOWS\system32\version.dll
10:16:40.0640 0x0170 C:\WINDOWS\system32\version.dll - ok
10:16:40.0640 0x0170 [ 7BC4BA4C33ADF3EF5CD370D99BC60B04, E835E855CD425FD9CBF4592CB376CFC606101DA55F158019C37FF39E1A67661E ] C:\WINDOWS\system32\winsta.dll
10:16:40.0640 0x0170 C:\WINDOWS\system32\winsta.dll - ok
10:16:40.0656 0x0170 [ 1955BD9737BE6F4B72AD7A4859B4E300, C6332C1A8478896F17464829E5C783196FD39216288126AEA0F1EFEA5415D7B9 ] C:\WINDOWS\system32\wintrust.dll
10:16:40.0656 0x0170 C:\WINDOWS\system32\wintrust.dll - ok
10:16:40.0656 0x0170 [ 5AFCE94E8286B2F57A04DA37F01BF21A, 581A0CDBDF7BCC05B6E08B8651EEB3B03D494C2188C9B6AABE90A683048B0755 ] C:\WINDOWS\system32\imagehlp.dll
10:16:40.0656 0x0170 C:\WINDOWS\system32\imagehlp.dll - ok
10:16:40.0656 0x0170 [ 87CA7CE6469577F059297B9D6556D66D, 99E42E6B481AA50FDD6330A103F04F3CA23FAB86852BF434F2251FFBF32817D0 ] C:\WINDOWS\system32\imm32.dll
10:16:40.0656 0x0170 C:\WINDOWS\system32\imm32.dll - ok
10:16:40.0750 0x0170 [ 9BEACB911CA61E5881102188AB7FB431, D6AABA2097FF6E1589B096B8F677EDD79AE151E16EA50DF466ACA7D824264217 ] C:\WINDOWS\system32\ws2help.dll
10:16:40.0750 0x0170 C:\WINDOWS\system32\ws2help.dll - ok
10:16:40.0765 0x0170 [ 2ED0B7F12A60F90092081C50FA0EC2B2, D29F59DA8565B3C05B69E413CAFA4BAD1FF7D41739EF1519874E02CB088B5DE9 ] C:\WINDOWS\system32\ws2_32.dll
10:16:40.0765 0x0170 C:\WINDOWS\system32\ws2_32.dll - ok
10:16:40.0765 0x0170 [ 2DA473C14EA8B8A423FC962899CC739C, 1EE24C25C812887142D66AF0070451E874FB598675AA0FA6BFE8E76B48BAF532 ] C:\WINDOWS\system32\wxvault.dll
10:16:40.0765 0x0170 C:\WINDOWS\system32\wxvault.dll - ok
10:16:40.0765 0x0170 [ 2CFE80AA3428C09E6DE67FAC50DA65CF, E9205E45CBCBE9E355D497A16A1769CF651CB8CB96A7E4DDB5D0AC0A9BEE4689 ] C:\WINDOWS\system32\mpr.dll
10:16:40.0765 0x0170 C:\WINDOWS\system32\mpr.dll - ok
10:16:40.0765 0x0170 [ F5CF0B604FA3BC90118432FD1064F692, C669988D9B97164AC2B8BC7B758D93C2400D8FB2678342CF18B5A1CDB388938E ] C:\WINDOWS\system32\shlwapi.dll
10:16:40.0765 0x0170 C:\WINDOWS\system32\shlwapi.dll - ok
10:16:40.0781 0x0170 [ DBB0D1D23BD72FCD70E8826655B22DC1, DEE449EAE6E356790997F562A9455307ADE97B31E30BE8C47A42BE8DB090C68C ] C:\WINDOWS\system32\detoured.dll
10:16:40.0781 0x0170 C:\WINDOWS\system32\detoured.dll - ok
10:16:40.0890 0x0170 [ 06DA8C5383AAF17127FC4B1658BA3F4F, 2AA57BC20F83C5AFE1C41634CCCD82F2DC36F234C7132DFF281C92AA55D21ECF ] C:\WINDOWS\system32\shell32.dll
10:16:40.0890 0x0170 C:\WINDOWS\system32\shell32.dll - ok
10:16:40.0890 0x0170 [ 0FF9FA27706FBE9048990C108C0D62F0, B1C28A3280E38BB508620DB665C359F16D8EDE6F8092B071BB80767BD6714B0A ] C:\WINDOWS\system32\sxs.dll
10:16:40.0890 0x0170 C:\WINDOWS\system32\sxs.dll - ok
10:16:40.0906 0x0170 [ C4E80875C1CF1222FC5EFD0314AE5C01, 9AE5F140514E33C664FDCAC5DACDF504F2D770296A195799B79DA097CFFC00E0 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
10:16:40.0906 0x0170 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll - ok
10:16:40.0906 0x0170 [ B0124CB21D28B1C9F678B566B6B57D92, 00E3FF6D22D989264FBFCD7132BFEFE7FB79E80ABB6A52AFD9A6B50685A0FA58 ] C:\WINDOWS\system32\comctl32.dll
10:16:40.0906 0x0170 C:\WINDOWS\system32\comctl32.dll - ok
10:16:40.0906 0x0170 [ 56C5B179FE3308B655EB6208C3256FEC, C70BCE54E5DF47D37C835804EAAEC7C06C1A226EFA2003226BE290D1D552126F ] C:\WINDOWS\system32\kbdus.dll
10:16:40.0906 0x0170 C:\WINDOWS\system32\kbdus.dll - ok
10:16:41.0031 0x0170 [ A29AF639AA180CC68C59242A10E1D3B1, FE291A3599558A5A981A9414386F18D19C28FBF0A0C03500630C0DD7B922FCA6 ] C:\WINDOWS\system32\msgina.dll
10:16:41.0031 0x0170 C:\WINDOWS\system32\msgina.dll - ok
10:16:41.0031 0x0170 [ F79D7D98CD764499ECCBAAF3F800D349, F5E04560A5DE4F6742D4B041977211A2C1E89C4948AECFE05D3F27B8D15D3827 ] C:\WINDOWS\system32\odbc32.dll
10:16:41.0031 0x0170 C:\WINDOWS\system32\odbc32.dll - ok
10:16:41.0031 0x0170 [ 1EDB1BB89D021955E6F7265911175B8D, 7774B8FF88A00C41E9CB565D41D56BF9E176D5129A95DF98D314772D62C71C0F ] C:\WINDOWS\system32\comdlg32.dll
10:16:41.0031 0x0170 C:\WINDOWS\system32\comdlg32.dll - ok
10:16:41.0046 0x0170 [ C237FB08F52F27823C4E4E6705ECD196, 79CBDE1744E03F042A0AF6B86CA7EAE91062A92745D78B125B8BEE34CA9C4903 ] C:\WINDOWS\system32\odbcint.dll
10:16:41.0046 0x0170 C:\WINDOWS\system32\odbcint.dll - ok
10:16:41.0046 0x0170 [ 6815DEF9B810AEFAC107EEAF72DA6F82, 0132004894326B54D1B8AD2C31FB8BDE45EA66DB9962C0CE1207941A13630896 ] C:\WINDOWS\system32\shsvcs.dll
10:16:41.0046 0x0170 C:\WINDOWS\system32\shsvcs.dll - ok
10:16:41.0046 0x0170 [ AB8231D13692AC5088EB9C226B0C0576, 031510317C9C056763F0C7DD361925DFCCE57EFFB8140903CAC1B19D8041AEB0 ] C:\WINDOWS\system32\ole32.dll
10:16:41.0046 0x0170 C:\WINDOWS\system32\ole32.dll - ok
10:16:41.0140 0x0170 [ E8A12A12EA9088B4327D49EDCA3ADD3E, 46AEF2767C3AA4F3D5A264FDD0090691CD4CC613D2E97339314300C3C47437E3 ] C:\WINDOWS\system32\sfc.dll
10:16:41.0140 0x0170 C:\WINDOWS\system32\sfc.dll - ok
10:16:41.0140 0x0170 [ 9858CC4D73A4CCF2F852FAE07C11A0B5, B9DD1BCBB4322373EF2C20FDA07A4D688E41CC3AC547B44C6B92D363E9061851 ] C:\WINDOWS\system32\sfc_os.dll
10:16:41.0140 0x0170 C:\WINDOWS\system32\sfc_os.dll - ok
10:16:41.0156 0x0170 [ ECA24AB73FCFFA754D4070CDB03529E3, 65E0B35262EE818919DB5A33E13ED91C20C990895EEB728DE0DDE41FFC18101E ] C:\WINDOWS\system32\apphelp.dll
10:16:41.0156 0x0170 C:\WINDOWS\system32\apphelp.dll - ok
10:16:41.0156 0x0170 [ 84885F9B82F4D55C6146EBF6065D75D2, 76FE1B6C432B6C74FC283DE52D14EF668F8C4AAD0D139F362635EFB30482B4ED ] C:\WINDOWS\system32\lsass.exe
10:16:41.0156 0x0170 C:\WINDOWS\system32\lsass.exe - ok
10:16:41.0156 0x0170 [ 4712531AB7A01B7EE059853CA17D39BD, D029A599E95F1FDF8AAC122FDE70E8DA6A4CEF0F8DB6543C6BF4AF35169B2203 ] C:\WINDOWS\system32\services.exe
10:16:41.0156 0x0170 C:\WINDOWS\system32\services.exe - ok
10:16:41.0171 0x0170 [ 8185EEE4E645F74C9FF30271365E0ABA, FF65DBE094A493392FD834A0476537A3B89ED28F69105FFADD6431CD4369BD66 ] C:\WINDOWS\system32\lsasrv.dll
10:16:41.0171 0x0170 C:\WINDOWS\system32\lsasrv.dll - ok
10:16:41.0265 0x0170 [ DA201A0A309B96381FD674D0FAB5DA86, 8313520DD4C1A098F7266FAEDDD9B3970A7021BB7A9ECCC20B60D817E7BF5DC1 ] C:\WINDOWS\system32\ncobjapi.dll
10:16:41.0265 0x0170 C:\WINDOWS\system32\ncobjapi.dll - ok
10:16:41.0281 0x0170 [ 1F57EB5B92B2AC7F9D71A77D184D8C13, BF645EEBEA6F0591DCC5AB1AFC17B62CD476D83E4B2FBA44C060A9E3604E40AC ] C:\WINDOWS\system32\msvcp60.dll
10:16:41.0281 0x0170 C:\WINDOWS\system32\msvcp60.dll - ok
10:16:41.0281 0x0170 [ 9A42C1F3154545A4D32E5043038B01FA, F160555DF74C31E3CFDE0B83AB3808907A7382D8CE56846DE320EFA59E73410F ] C:\WINDOWS\system32\scesrv.dll
10:16:41.0281 0x0170 C:\WINDOWS\system32\scesrv.dll - ok
10:16:41.0281 0x0170 [ FB537F29A827D78F756154CF397A113F, 54AB904CB1D7B89DDF1D8F671147DCF8B071DA783832D2192294F2F597EF8115 ] C:\WINDOWS\AppPatch\AcGenral.dll
10:16:41.0281 0x0170 C:\WINDOWS\AppPatch\AcGenral.dll - ok
10:16:41.0296 0x0170 [ 176497D0E7AE618860552A4B5635B206, 468C0721F05E842F034E0B5AFF37DE5413E8D6026A20430C4AC1E733837DD491 ] C:\WINDOWS\system32\dnsapi.dll
10:16:41.0296 0x0170 C:\WINDOWS\system32\dnsapi.dll - ok
10:16:41.0296 0x0170 [ 6201BACF384292A5FE94CE73364AE53A, 0514CECC82712ACC1E40D029A77ED7427F19783B063A408DE7FD008066E6DA8F ] C:\WINDOWS\system32\ntdsapi.dll
10:16:41.0296 0x0170 C:\WINDOWS\system32\ntdsapi.dll - ok
10:16:41.0390 0x0170 [ 43DA983415EA533F9E667FDB415F4655, C0DB88625557213443601201C0B9EDC76D98CBA010DA05C3012A5DBA1BE3833D ] C:\WINDOWS\system32\shimeng.dll
10:16:41.0390 0x0170 C:\WINDOWS\system32\shimeng.dll - ok
10:16:41.0390 0x0170 [ 586211F4FF4BC49CC215C956919CD33B, DD51BD79A959B24DC904EDB25563FB9126A3C7AC1A1FEEB2FDB226FEBBB1ABCA ] C:\WINDOWS\system32\umpnpmgr.dll
10:16:41.0390 0x0170 C:\WINDOWS\system32\umpnpmgr.dll - ok
10:16:41.0406 0x0170 [ EBE12F403FDE45E7312E7BF764BFB6C6, EE5E1500DD29349478B07661543D2723AC5A392119218A057AB8261E6895E2DD ] C:\WINDOWS\system32\samlib.dll
10:16:41.0406 0x0170 C:\WINDOWS\system32\samlib.dll - ok
10:16:41.0406 0x0170 [ 10F36FA092D7A309A0647FCDC764AE6C, C82EA38E971DD8DF6ED52B937D236E21B70BD472D0FD0C9269C76AA9EAA491E0 ] C:\WINDOWS\system32\wldap32.dll
10:16:41.0406 0x0170 C:\WINDOWS\system32\wldap32.dll - ok
10:16:41.0406 0x0170 [ E15154E7FDA8A580A8F74C7CC16B1FFE, B0821223EE6347206EA599F3553646ACF1E64D030F2AA507CD50F605120CE53E ] C:\WINDOWS\system32\samsrv.dll
10:16:41.0406 0x0170 C:\WINDOWS\system32\samsrv.dll - ok
10:16:41.0515 0x0170 [ EF5B64A9CD71ED27E837165C08DA4CC1, 663C53C655B91088DF7AC90B1EFB1AEAD7D83063E5799D37707A73F2C307BCE4 ] C:\WINDOWS\system32\cryptdll.dll
10:16:41.0515 0x0170 C:\WINDOWS\system32\cryptdll.dll - ok
10:16:41.0531 0x0170 [ 90FDAA22F38D9E911F91FA3B8A1F7E5D, 2A51A944DB1BB0104FDC6F260128E8553941616FACC5376129C137C063F2AA39 ] C:\WINDOWS\system32\winmm.dll
10:16:41.0531 0x0170 C:\WINDOWS\system32\winmm.dll - ok
10:16:41.0531 0x0170 [ 0144ABC4C4A624B583D432EE478A711C, 69C002261D8601A646C4B08B62C57A13B178BF5F0914B9785305B0F21B2919F4 ] C:\WINDOWS\system32\oleaut32.dll
10:16:41.0531 0x0170 C:\WINDOWS\system32\oleaut32.dll - ok
10:16:41.0531 0x0170 [ 975D12353B1D525C0F3444C447FB3B9A, FC0CC5FC4FF97D7C27B59B64FD6355048B5F546AE2B06CEA2706C147FE33C45C ] C:\WINDOWS\system32\msacm32.dll
10:16:41.0531 0x0170 C:\WINDOWS\system32\msacm32.dll - ok
10:16:41.0546 0x0170 [ 2CDE496666A975A2CE8F969F3042C8DB, 1F93CC5E812F024CDB9F512AE75BEDAE7E67FE991E064721F1BF1E1D1EA99E13 ] C:\WINDOWS\system32\uxtheme.dll
10:16:41.0546 0x0170 C:\WINDOWS\system32\uxtheme.dll - ok
10:16:41.0546 0x0170 [ 7F2310210256C0AC04A82285DEBC0F51, 47A3F287D943F27ED12455684D391BC5D68105DAD223BB88B7BF0F04332F934A ] C:\WINDOWS\system32\digest.dll
10:16:41.0546 0x0170 C:\WINDOWS\system32\digest.dll - ok
10:16:41.0640 0x0170 [ E484F006380A89A52CCC7828ECE5DCA0, 58EC7D87AB39883864116BDA0B13E3DAD775E2CE867360446BBF34AE3FE05764 ] C:\WINDOWS\system32\msapsspc.dll
10:16:41.0640 0x0170 C:\WINDOWS\system32\msapsspc.dll - ok
10:16:41.0656 0x0170 [ 146D198E3AD9D4B69C9EB0AEA6EF333B, 26A013A8C2AACA9D9DDCC286047A682E6A272A99B06DD4195FF95852DF86B528 ] C:\WINDOWS\system32\msvcrt40.dll
10:16:41.0656 0x0170 C:\WINDOWS\system32\msvcrt40.dll - ok
10:16:41.0656 0x0170 [ 3732492EDD6C46454752F9AC78F2539E, 5E5D95D1F2E9D28438BDC10C3EFA16177EC39A4E47BF11A23976BD8A2DF6909B ] C:\WINDOWS\system32\schannel.dll
10:16:41.0656 0x0170 C:\WINDOWS\system32\schannel.dll - ok
10:16:41.0656 0x0170 [ BB1367FECA810F06B1AEA06D610B1E4F, 9215F7EBF9BEF1C48D6DE59D3F93E80DD9F77638BF6EF51DA44923D9E650D991 ] C:\WINDOWS\system32\msnsspc.dll
10:16:41.0656 0x0170 C:\WINDOWS\system32\msnsspc.dll - ok
10:16:41.0671 0x0170 [ 1EFBD57FA79B96F638F3F72DCC393F34, E24812B01870C1EC3E0822C9BF1492BF1B529E178E0C2F0FD1F19448D25E45CC ] C:\WINDOWS\system32\kerberos.dll
10:16:41.0671 0x0170 C:\WINDOWS\system32\kerberos.dll - ok
10:16:41.0750 0x0170 [ D87041EAA67ECA4394F6D5D09C0C2885, B670E9D8786B2BD6717F6190F5A8B974158FDFC7E6A3D2C866226DA042D4E9C0 ] C:\WINDOWS\system32\MSCTFIME.IME
10:16:41.0750 0x0170 C:\WINDOWS\system32\MSCTFIME.IME - ok
10:16:41.0750 0x0170 [ 6BEC17053284E847CF1FBB8C9A181E1E, 3CB78D3D25C416AC879222A4F4C1495A7C0A75411C9E91F33862418D052C26FB ] C:\WINDOWS\system32\msprivs.dll
10:16:41.0750 0x0170 C:\WINDOWS\system32\msprivs.dll - ok
10:16:41.0765 0x0170 [ 8BCC4CB5AE075BFA6DDE97CC3DAC1DC6, 85B01601D1408D7E12045E7264754156F526C27B0DF707EE8B07D5A0FB374DB8 ] C:\WINDOWS\system32\msv1_0.dll
10:16:41.0765 0x0170 C:\WINDOWS\system32\msv1_0.dll - ok
10:16:41.0765 0x0170 [ 011EACF9153EF90E6CBCE2987ACAE411, A15E8A31152FFA5F76EF2902360FBE85E21E03B2111212FAA926B1E3DD323620 ] C:\WINDOWS\system32\iphlpapi.dll
10:16:41.0765 0x0170 C:\WINDOWS\system32\iphlpapi.dll - ok
10:16:41.0765 0x0170 [ 6C476D33D82F1054849790181E8F7772, 4BFD9389C2C9FA0C382FFE18A9C88B718F49075B08DDA2C03BA378AFB1E82949 ] C:\WINDOWS\system32\netlogon.dll
10:16:41.0765 0x0170 C:\WINDOWS\system32\netlogon.dll - ok
10:16:41.0781 0x0170 [ 2B281958F5D0CF99ED626E3EF39D5C8D, FB46398AE01CDD9CB6E1E647E4DDA86B670F93F787D69B885C7E930D4FF8F3FC ] C:\WINDOWS\system32\w32time.dll
10:16:41.0781 0x0170 C:\WINDOWS\system32\w32time.dll - ok
10:16:41.0859 0x0170 [ 26ACBD865F8CFF730F1791C4D0854352, 66FA5845ED397538F92B30CB06202470071B6F45698647E1F86E784942F6C4C4 ] C:\WINDOWS\system32\rsaenh.dll
10:16:41.0859 0x0170 C:\WINDOWS\system32\rsaenh.dll - ok
10:16:41.0859 0x0170 [ 6E2ABA80E627A6B2CACCC6D0C60874B1, 251B465FBA0611019C2CC90B2F4DB95359FA1F0D745399C565655A94032B112C ] C:\WINDOWS\system32\wdigest.dll
10:16:41.0859 0x0170 C:\WINDOWS\system32\wdigest.dll - ok
10:16:41.0859 0x0170 [ 875D770F477E0AE0088BE1810D537B23, 42AC832A8C5CE3BC02DCC13C34B0B46D79085E587C84A60AEC76FF380237DE55 ] C:\WINDOWS\system32\activeds.dll
10:16:41.0859 0x0170 C:\WINDOWS\system32\activeds.dll - ok
10:16:41.0875 0x0170 [ 12A581CA44E53B09D24C5B94F252C78D, ED933CCC73DE5AC6733CECAAADB2DF1B714B6365A15C492D4EF427613B1BB47F ] C:\WINDOWS\system32\adsldpc.dll
10:16:41.0875 0x0170 C:\WINDOWS\system32\adsldpc.dll - ok
10:16:41.0875 0x0170 [ 2301C48E9CA97808A342011711F2D131, 7487F43BBDC05F6B3F7126131482002C95AA263C7C3B6A63005AA1FCD811D37E ] C:\WINDOWS\system32\wvauth.dll
10:16:41.0875 0x0170 C:\WINDOWS\system32\wvauth.dll - ok
10:16:41.0875 0x0170 [ 72F2CFC7653FB5ABB85789D28E26A643, 4B6937DD76956CD449AA9E777080F18BF539EF499DD52433D31828039ADBAEB8 ] C:\WINDOWS\system32\atl.dll
10:16:41.0875 0x0170 C:\WINDOWS\system32\atl.dll - ok
10:16:41.0968 0x0170 [ D32A53A2780F93518D3AE365E353E47A, 6CCF36D35DDB1241D408AE45B3073E84F427CD40DC332224B268F10574B4717D ] C:\WINDOWS\system32\biolsp.dll
10:16:41.0968 0x0170 C:\WINDOWS\system32\biolsp.dll - ok
10:16:41.0968 0x0170 [ 7BCB23FA39CE266AF4347A6BEAB60F8C, 7778ED0F7C51E70B5CB0485F1F80D0BA5445646DED040EC59EB8060DE81EABBA ] C:\WINDOWS\system32\winscard.dll
10:16:41.0968 0x0170 C:\WINDOWS\system32\winscard.dll - ok
10:16:41.0984 0x0170 [ 0F78E27F563F2AAF74B91A49E2ABF19A, 5D02A72DC6F292FE2BD5A46687DB147A895F784D7AE59E4C08F28BDC6C18282A ] C:\WINDOWS\system32\scecli.dll
10:16:41.0984 0x0170 C:\WINDOWS\system32\scecli.dll - ok
10:16:41.0984 0x0170 [ 67F2D109AB373FECEB819F420DB11F03, 7788B54555D5C294CA47A1046D8CD3A13380E5090FAFCFEBC9388D369DB075DE ] C:\WINDOWS\system32\wtsapi32.dll
10:16:41.0984 0x0170 C:\WINDOWS\system32\wtsapi32.dll - ok
10:16:41.0984 0x0170 [ B4869D320428CDC5EC4D7F5E808E99B5, A84D1D65E84C0B17CE48188AD95DF52E1FEF785E6C6415E028CB5F7F4F31C466 ] C:\WINDOWS\system32\drivers\DRVNDDM.SYS
10:16:41.0984 0x0170 C:\WINDOWS\system32\drivers\DRVNDDM.SYS - ok
10:16:42.0093 0x0170 [ 83545593E297F50A8E2524B4C071A153, 25B18FEF62395ABB1EB4C17D81D9EB31759F6C5DBAA5CDB192949055D69E3071 ] C:\WINDOWS\system32\DLA\DLADResN.SYS
10:16:42.0093 0x0170 C:\WINDOWS\system32\DLA\DLADResN.SYS - ok
10:16:42.0109 0x0170 [ 96E01D901CDC98C7817155CC057001BF, 77F78754230D9235255F6F4907ACB03D9750E12B9D92B8250DD1DFF605DD2E5B ] C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
10:16:42.0109 0x0170 C:\WINDOWS\system32\DLA\DLAIFS_M.SYS - ok
10:16:42.0109 0x0170 [ 0A60A39CC5E767980A31CA5D7238DFA9, 09826251C384F2E62ABFAA2097007D75B51DB29EAEF13D46174FBE5A3FE3E433 ] C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
10:16:42.0109 0x0170 C:\WINDOWS\system32\DLA\DLAOPIOM.SYS - ok
10:16:42.0109 0x0170 [ E2D0DE31442390C35E3163C87CB6A9EB, 399B4678C18DB92AC186128CE8AC2784FFCD76FDE9DBD4615D47586E3493914E ] C:\WINDOWS\system32\DLA\DLABOIOM.SYS
10:16:42.0109 0x0170 C:\WINDOWS\system32\DLA\DLABOIOM.SYS - ok
10:16:42.0125 0x0170 [ 9FE2B72558FC808357F427FD83314375, 37CCBC46ADCFD3B165A383589786C715006767EEFC8D6559C621745B72F9E59F ] C:\WINDOWS\system32\DLA\DLAPoolM.SYS
10:16:42.0125 0x0170 C:\WINDOWS\system32\DLA\DLAPoolM.SYS - ok
10:16:42.0125 0x0170 [ F08E1DAFAC457893399E03430A6A1397, 0784ACE7CA81313A5A8E7B7CCCAFF21E607251FEF604574FDCC81A3AFC6FD127 ] C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
10:16:42.0125 0x0170 C:\WINDOWS\system32\DLA\DLAUDFAM.SYS - ok
10:16:42.0218 0x0170 [ E7D105ED1E694449D444A9933DF8E060, DA66408DF44AB7099BEEED82C21A93F65A04C6FCDBA1D2F5791852EF9FE74D0D ] C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
10:16:42.0234 0x0170 C:\WINDOWS\system32\DLA\DLAUDF_M.SYS - ok
10:16:42.0234 0x0170 [ 8F078AE4ED187AAABC0A305146DE6716, 16593943861D03D508F37F60E41240DEE14221E76F625835487F73D5010AC18A ] C:\WINDOWS\system32\svchost.exe
10:16:42.0234 0x0170 C:\WINDOWS\system32\svchost.exe - ok
10:16:42.0234 0x0170 [ DAA91B358E685FC6CCA9ACA72BE6FE85, D2DA716A4BE1FE29C9850220C404D5C90CF8C812850F3162A9DE1BD877ED5531 ] C:\WINDOWS\system32\ntmarta.dll
10:16:42.0234 0x0170 C:\WINDOWS\system32\ntmarta.dll - ok
10:16:42.0250 0x0170 [ 24B5D53B9ACCC1E2EDCF0A878D6659D4, BE82521204BACF24436DD9067772F059105D743408823B135B840FF9BE197389 ] C:\WINDOWS\system32\rpcss.dll
10:16:42.0250 0x0170 C:\WINDOWS\system32\rpcss.dll - ok
10:16:42.0250 0x0170 [ 1320AEA7057A26A671D9548CC7BEBDA5, 19DEC58B1A4CA15C066F35A84A9D5531EF34AB076B9924D3F24C7FA15ABBAE6F ] C:\WINDOWS\system32\xpsp2res.dll
10:16:42.0250 0x0170 C:\WINDOWS\system32\xpsp2res.dll - ok
10:16:42.0250 0x0170 [ 82B24CB70E5944E6E34662205A2A5B78, 05C184294AB0DD9E2FEB87E03509838907B77B04892B488A188F678E068A60B6 ] C:\WINDOWS\system32\eventlog.dll
10:16:42.0250 0x0170 C:\WINDOWS\system32\eventlog.dll - ok
10:16:42.0343 0x0170 [ 097722F235A1FB698BF9234E01B52637, 994F81F506B081FFB760BA7B95469DE9311DDB00D14F77DA9752C19A9B932289 ] C:\WINDOWS\system32\mswsock.dll
10:16:42.0343 0x0170 C:\WINDOWS\system32\mswsock.dll - ok
10:16:42.0343 0x0170 [ 765B30C776A1780B46B479FE614F707C, 83BFED5FD603288EED344F7B5178522242D5A5B62FC648570FCC5C9F31FAA160 ] C:\WINDOWS\system32\hnetcfg.dll
10:16:42.0343 0x0170 C:\WINDOWS\system32\hnetcfg.dll - ok
10:16:42.0359 0x0170 [ 2C8FDB176F22629EA5342DB474FAC391, 35DCFDE2CB7423A88FFFAE4CC2CE7BF9F19B882AF9468D5A7AF7ED85A02F10A5 ] C:\WINDOWS\system32\winrnr.dll
10:16:42.0359 0x0170 C:\WINDOWS\system32\winrnr.dll - ok
10:16:42.0359 0x0170 [ A7F95A53EE055115DF03588997A47D4D, ADB69154056C32118112E2BE4AF4C8672EA477B88794C9E561E2189C9FB15020 ] C:\WINDOWS\system32\wshtcpip.dll
10:16:42.0359 0x0170 C:\WINDOWS\system32\wshtcpip.dll - ok
10:16:42.0359 0x0170 [ 5F098BD2AE6B03044B085DECFFDF91EC, 363062FEFA99D39936853034B56CF665F6FBDE3F4C48EF8A5AB74A5957DACFF7 ] C:\WINDOWS\system32\rasadhlp.dll
10:16:42.0359 0x0170 C:\WINDOWS\system32\rasadhlp.dll - ok
10:16:42.0375 0x0170 [ EF545E1A4B043DA4C84E230DD471C55F, AD96922E58E8146F03E719D3A5CAAD677CAF3B7B525599F1B32F01BF72CCAFA4 ] C:\WINDOWS\system32\dhcpcsvc.dll
10:16:42.0375 0x0170 C:\WINDOWS\system32\dhcpcsvc.dll - ok
10:16:42.0468 0x0170 [ 34D6CD56409DA9A7ED573E1C90A308BF, DE2060F57C913272524AFB0D472714ABF6F7E49A01534F23D95EE67F207CC6CF ] C:\WINDOWS\system32\drivers\ndisuio.sys
10:16:42.0468 0x0170 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
10:16:42.0468 0x0170 [ AAC8FFBFD61E784FA3BAC851D4A0BD5F, F811288AC18DB28D9577EA9B40810DE000FC28EF234D1A790DD0578E0D565EBC ] C:\WINDOWS\system32\dnsrslvr.dll
10:16:42.0468 0x0170 C:\WINDOWS\system32\dnsrslvr.dll - ok
10:16:42.0468 0x0170 [ B3EFF6D938C572E90A07B3D87A3C7657, 8C02DEFD2F1A15740CD5421D20B3808BD27583019AF1B79D087880A71807EEE1 ] C:\WINDOWS\system32\lmhsvc.dll
10:16:42.0468 0x0170 C:\WINDOWS\system32\lmhsvc.dll - ok
10:16:42.0484 0x0170 [ 5A91E6FEAB9F901302FA7FF768C0120F, 83A1A719508CB4E504D9A75BBB6FCEA1E15C1EC574B8BD18BA40B2A18EF9918E ] C:\WINDOWS\system32\wzcsvc.dll
10:16:42.0484 0x0170 C:\WINDOWS\system32\wzcsvc.dll - ok
10:16:42.0484 0x0170 [ 50DE118DA580208B914B40DD47C90D52, 075018DE35341F805A2ED6A0E73FDCD6311ECEFBEA51E5337D133847969F5FAC ] C:\WINDOWS\system32\esent.dll
10:16:42.0484 0x0170 C:\WINDOWS\system32\esent.dll - ok
10:16:42.0562 0x0170 [ 2030FA027E7C3E0A145649C03171457B, 7AA6A3F2927F481A165EEAB29157D611215DD29EA07A289091DBF8E01ED96A5B ] C:\WINDOWS\system32\rtutils.dll
10:16:42.0562 0x0170 C:\WINDOWS\system32\rtutils.dll - ok
10:16:42.0578 0x0170 [ E682696D7F982494A8CFC80C5B59D422, 75DE5D2749C9972448FA16193CE31016A432BF28367A1E2B60F5B475BCBC1741 ] C:\WINDOWS\system32\wmi.dll
10:16:42.0578 0x0170 C:\WINDOWS\system32\wmi.dll - ok
10:16:42.0578 0x0170 [ EC8A848FC4F17F3B3D9DA4A0C43FB930, 788386F92198C54923DC2B9B897A83B834E10B31929FF4CC814A2FA83EE346D3 ] C:\WINDOWS\system32\clbcatq.dll
10:16:42.0578 0x0170 C:\WINDOWS\system32\clbcatq.dll - ok
10:16:42.0578 0x0170 [ 6728270CB7DBB776ED086F5AC4C82310, 84DC201D861AC9C550F9FE2C2D75E6465F254851BA5B43120130C3235BD2E717 ] C:\WINDOWS\system32\comres.dll
10:16:42.0578 0x0170 C:\WINDOWS\system32\comres.dll - ok
10:16:42.0593 0x0170 [ 5414CCF382E4FCC6819ABA84F5BFEFD4, 17DF89BB018109F8D1397136FA39C0A9FCD683ED8FEF3C42B5442EEA3005C6C3 ] C:\WINDOWS\system32\rastls.dll
10:16:42.0593 0x0170 C:\WINDOWS\system32\rastls.dll - ok
10:16:42.0593 0x0170 [ 4AC302BF714DC163E685D0A187A36D0F, 0F3755AE617A6436ACDECB7962579AD951769853FFA6E958266D1D55CC021C9D ] C:\WINDOWS\system32\cryptui.dll
10:16:42.0593 0x0170 C:\WINDOWS\system32\cryptui.dll - ok
10:16:42.0671 0x0170 [ 587729679B4FE04CE06A5C61D6C56DCD, BE436136D681D20EB3D046FBB22207A234AC2245255D23BBC5D48C969999BE27 ] C:\WINDOWS\system32\cscdll.dll
10:16:42.0671 0x0170 C:\WINDOWS\system32\cscdll.dll - ok
10:16:42.0671 0x0170 [ 7DB59FFF2AF32C27EB2276424FA5EDDB, 5A5DAFB79E84C98F81D5DD99A7B780FB09E7E49E5358F3BC429A0A78AD686BB8 ] C:\WINDOWS\system32\logonui.exe
10:16:42.0671 0x0170 C:\WINDOWS\system32\logonui.exe - ok
10:16:42.0687 0x0170 [ CDF533D11FF7213D5215844053242D5F, 3A4BA4632498786C8C7D3B53B0900DD1445D0AE154867238F1EF9983B02580DE ] C:\WINDOWS\system32\LMIinit.dll
10:16:42.0687 0x0170 C:\WINDOWS\system32\LMIinit.dll - ok
10:16:42.0687 0x0170 [ A599E5E366C1408E48AA5D37882D4E3E, 2898445CC1E75F69892C3BB155A347E8C065C9A644302D68D94F8493008D26FE ] C:\WINDOWS\system32\wlnotify.dll
10:16:42.0687 0x0170 C:\WINDOWS\system32\wlnotify.dll - ok
10:16:42.0687 0x0170 [ ED7E847905DD2797565B4B695E92F42B, 25AD78AFA86F71288073915BE882C3923C2A50AA7809A9787D621F7A9D76AD51 ] C:\WINDOWS\system32\duser.dll
10:16:42.0687 0x0170 C:\WINDOWS\system32\duser.dll - ok
10:16:42.0703 0x0170 [ 83306356DE710DA87ED91A6AF6233214, C3D98836258561891B2A7268D4C62CA35E8F07338DC1800F217A2821C46F0A97 ] C:\WINDOWS\system32\wininet.dll
10:16:42.0703 0x0170 C:\WINDOWS\system32\wininet.dll - ok
10:16:42.0812 0x0170 [ 777EB29D0135D81AD9828A2B05443496, 952F211CA3B590BB8436781DF72CB5391B73A8E319484720B13F80A8F111F227 ] C:\WINDOWS\system32\winspool.drv
10:16:42.0812 0x0170 C:\WINDOWS\system32\winspool.drv - ok
10:16:42.0812 0x0170 [ B5331F2B6F37C66C29C847F3B94FF900, 3AE195AEEEFC737D27E82EE13B66254C8F5B819CCE8C75BDF5BD392FF6ACE12E ] C:\WINDOWS\system32\msimg32.dll
10:16:42.0812 0x0170 C:\WINDOWS\system32\msimg32.dll - ok
10:16:42.0812 0x0170 [ 5F2DBE3CB563741C8084657BF956CE64, 53BBC2375CCBCF918EF8552FDF56F5572F0DF7DC0D72FF90E090F04314C3A6D4 ] C:\WINDOWS\system32\oleacc.dll
10:16:42.0812 0x0170 C:\WINDOWS\system32\oleacc.dll - ok
10:16:42.0828 0x0170 [ 02CF580510234E519736559A7F19EA20, 93DC16678B01DF2E12672AB93778151FDD7FF10C30CEF7A921553D86F97C3819 ] C:\WINDOWS\system32\WgaLogon.dll
10:16:42.0828 0x0170 C:\WINDOWS\system32\WgaLogon.dll - ok
10:16:42.0828 0x0170 [ 524F073B1241F5D37CD70FF389B3B7FD, 1C73D686F250A9543242B1D58C26E996CF525617AC38ACAD606A8E1EAA370A25 ] C:\WINDOWS\system32\msxml3.dll
10:16:42.0828 0x0170 C:\WINDOWS\system32\msxml3.dll - ok
10:16:42.0921 0x0170 [ 1D3A8A40F8045100A3E35C5F9BC6C5DE, CF68BE29DAFC0CC5392B2E54100EC12C1D181A1505220BC1FDD454AB61EA0E66 ] C:\WINDOWS\system32\shgina.dll
10:16:42.0921 0x0170 C:\WINDOWS\system32\shgina.dll - ok
10:16:42.0937 0x0170 [ 28D1D65D22D76A07D4E168F64CE6A15A, 21DB5F03BDD96B6A58D470FB8A09D09A144280BB7EECBB376863781A1E139534 ] C:\WINDOWS\system32\iertutil.dll
10:16:42.0937 0x0170 C:\WINDOWS\system32\iertutil.dll - ok
10:16:42.0937 0x0170 [ 10753A3ADC3E39A3B10CC3F08E98E6B4, 99C7B1B04CD593139917ED3D68BEC36C63BCE76663505CB5D026B62AF39BB383 ] C:\WINDOWS\system32\normaliz.dll
10:16:42.0937 0x0170 C:\WINDOWS\system32\normaliz.dll - ok
10:16:42.0937 0x0170 [ 9F78F329B1858E845087B923B4DBA0F3, 0BBFE7A8441AD4F97DE283772277A9F5564603BC5248875FC458660B16CAC375 ] C:\WINDOWS\system32\mprapi.dll
10:16:42.0937 0x0170 C:\WINDOWS\system32\mprapi.dll - ok
10:16:42.0953 0x0170 [ CD1F7ED9842138BEADF9ECBF37818BEF, 1B918D5334F6E22ABBCDAB39B077BC44BB8BA077D65488D07931F2614DDD284D ] C:\WINDOWS\system32\rasapi32.dll
10:16:42.0953 0x0170 C:\WINDOWS\system32\rasapi32.dll - ok
10:16:42.0953 0x0170 [ 30E244A707E6CE0A4B099CD6384EC6CA, 77D55AC7EFF75FA95AD51344E235A9BDFD3363BECE6594EFAD08EBCDAB990780 ] C:\WINDOWS\system32\rasman.dll
10:16:42.0953 0x0170 C:\WINDOWS\system32\rasman.dll - ok
10:16:43.0046 0x0170 [ B78F5E78D50216A1302F50C12ABEE801, B906634B4F64EBB37B0BA44F3DEEB00B6D60A7970FBA26BF7948F45BA40723B1 ] C:\WINDOWS\system32\riched20.dll
10:16:43.0046 0x0170 C:\WINDOWS\system32\riched20.dll - ok
10:16:43.0062 0x0170 [ 6307A1B82F6CA87D7E0CDF49E6E7BC00, 09355E39BB39959E93E0122FC78CF730F392CE670DE3D7399A1ABFB124B36481 ] C:\WINDOWS\system32\tapi32.dll
10:16:43.0062 0x0170 C:\WINDOWS\system32\tapi32.dll - ok
10:16:43.0062 0x0170 [ 0B8EB60C983666C3F09AB770EDFD2F96, D77BD26059A09B4C8DF74C25E5544F8AE47719E97AD54B8ABBB496A1C8FD25FB ] C:\WINDOWS\system32\raschap.dll
10:16:43.0062 0x0170 C:\WINDOWS\system32\raschap.dll - ok
10:16:43.0062 0x0170 [ 92360854316611F6CC471612213C3D92, A45DC437FA0DEC1DB540DC889A2469E8C3C4360F2F41FE60BFA3F78462507959 ] C:\WINDOWS\system32\schedsvc.dll
10:16:43.0062 0x0170 C:\WINDOWS\system32\schedsvc.dll - ok
10:16:43.0078 0x0170 [ 249817F51C84D283E96E6B2580D21FFD, DB09F4EB56A875448D25A49ED9A6BC02011B216583757C79A2A2B7C83125F835 ] C:\WINDOWS\system32\msidle.dll
10:16:43.0078 0x0170 C:\WINDOWS\system32\msidle.dll - ok
10:16:43.0203 0x0170 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F, 521257429493F31516EDE549869EFA4B7A262F6A69EA1E82A9C875456C10E702 ] C:\WINDOWS\system32\spoolsv.exe
10:16:43.0203 0x0170 C:\WINDOWS\system32\spoolsv.exe - ok
10:16:43.0203 0x0170 [ DB66DB626E4882EBEF55F136F12C1829, E4FA63031E8FCF456D45160C29ADD0989355D5C5C8E17C949C278421D41DAB62 ] C:\WINDOWS\system32\audiosrv.dll
10:16:43.0203 0x0170 C:\WINDOWS\system32\audiosrv.dll - ok
10:16:43.0218 0x0170 [ E1F27CFCD114EC9F1E1F44674B2FF9F0, 7147A1B3694200EEBC32BD66DAED6E075476371E03ED5FDD23431AB79D990957 ] C:\WINDOWS\system32\wkssvc.dll
10:16:43.0218 0x0170 C:\WINDOWS\system32\wkssvc.dll - ok
10:16:43.0218 0x0170 [ 29414447EB5BDE2F8397DC965DBB3156, 351D359CC6C1C35522BB55B7CAC6C881B25FD6A0E057A8D7F84EE5A193029A23 ] C:\WINDOWS\system32\drivers\mrxdav.sys
10:16:43.0218 0x0170 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
10:16:43.0218 0x0170 [ 265F534EF76832435AFBF771EC97176D, 67C1C932A20A92D2D180D6763AC9297FA0B6D4C225501C7739B0B45F52FEC6E1 ] C:\WINDOWS\system32\webclnt.dll
10:16:43.0218 0x0170 C:\WINDOWS\system32\webclnt.dll - ok
10:16:43.0234 0x0170 [ CC184933B1DD73F34DB5346515639A59, 8B9F4889C73C6EAE719210B9C911340DF4CD64B312EF4038835527B77B962CC3 ] C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
10:16:43.0234 0x0170 C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe - ok
10:16:43.0328 0x0170 [ E920440D131BC29816F1C262F97A8D52, 59927426648540CD0D7D8D317F6E365EE9AB9AFCC829EB022125DBE795E54EDF ] C:\Program Files\Broadcom\ASFIPMon\BMAPI.dll
10:16:43.0328 0x0170 C:\Program Files\Broadcom\ASFIPMon\BMAPI.dll - ok
10:16:43.0328 0x0170 [ 3D87B0484BE1093C6614062701F375C5, 88BE4A9AD309F8258A8509AF9B60421449CE039C1809A5BCE83B2174D5EAE082 ] C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
10:16:43.0328 0x0170 C:\Program Files\Broadcom\ASFIPMon\BASFND.sys - ok
10:16:43.0328 0x0170 [ 0FCB11B39AF688035E1CDE754684EE5C, 4FABA01A777113662B5B74FB5E5D346A4F08181A52AAA31BFA952272FE361CA0 ] C:\WINDOWS\system32\cfgmgr32.dll
10:16:43.0328 0x0170 C:\WINDOWS\system32\cfgmgr32.dll - ok
10:16:43.0343 0x0170 [ 1011978867274E7D30776123E7F1998D, 1EF8AC511267FB4B45B6F45457D8066F041020296975376A84B6248326A038DD ] C:\Program Files\Wave Systems Corp\common\DataServer.exe
10:16:43.0343 0x0170 C:\Program Files\Wave Systems Corp\common\DataServer.exe - ok
10:16:43.0343 0x0170 [ 10654F9DDCEA9C46CFB77554231BE73B, 4EEAF6523941228FC440E9EA758545E2F2A2DD98565F90B5351EF2C9B82139ED ] C:\WINDOWS\system32\cryptsvc.dll
10:16:43.0343 0x0170 C:\WINDOWS\system32\cryptsvc.dll - ok
10:16:43.0343 0x0170 [ AD44C5BC21213F394F6AFCB55CC39293, 08366526D759083DE0F6DF624E4B768E515637E2449B5C96AE1ACE1501C0A2B8 ] C:\WINDOWS\system32\certcli.dll
10:16:43.0343 0x0170 C:\WINDOWS\system32\certcli.dll - ok
10:16:43.0437 0x0170 [ 2C69EC7E5A311334D10DD95F338FCCEA, 3A4335B8D723311F66FA2A30972C65EEED63161D6A2B4ABD6FCF1C374083BC0F ] C:\WINDOWS\system32\qmgr.dll
10:16:43.0437 0x0170 C:\WINDOWS\system32\qmgr.dll - ok
10:16:43.0437 0x0170 [ 66704E142C7297665AFA0B12AB69D27F, 8D4A2EC6C515402CC4E941422FA43A2ED3ED3E3550AE957E51749341A1B63134 ] C:\WINDOWS\system32\tcg15.dll
10:16:43.0437 0x0170 C:\WINDOWS\system32\tcg15.dll - ok
10:16:43.0453 0x0170 [ 7C8F371C924DAA376217E553378275BA, 40A954D81B0FD20888D66A6393218155E2B53AFFB852FDBD11949E0FC0EA2517 ] C:\WINDOWS\system32\shfolder.dll
10:16:43.0453 0x0170 C:\WINDOWS\system32\shfolder.dll - ok
10:16:43.0453 0x0170 [ DCE3C277C4C9ADBC11850DBC4AD131B3, 9D5045256E4F2D4559FF1AEA744D658B5C731B9A3D47D2D74AA98BDF6B259D4B ] C:\WINDOWS\system32\winhttp.dll
10:16:43.0453 0x0170 C:\WINDOWS\system32\winhttp.dll - ok
10:16:43.0453 0x0170 [ 9D1AA0F5435EFD70FB04A22E437C3923, 49EA2473366B3C4E0E1417ECDC41DD29471143D39075D89C55604433C6A65A8A ] C:\WINDOWS\system32\Tsp.dll
10:16:43.0453 0x0170 C:\WINDOWS\system32\Tsp.dll - ok
10:16:43.0468 0x0170 [ 53AF9F2B2CE4B6EFF41C70417359D010, 26CCE1738C4C795F522C2358ECB47E9915798AC4B9FA28A6D6E6CFCEF775E8E4 ] C:\WINDOWS\system32\wsock32.dll
10:16:43.0468 0x0170 C:\WINDOWS\system32\wsock32.dll - ok
10:16:43.0578 0x0170 [ 56CD5B0C302DE3E4C65CE36D580A8F6B, EBC33F4F7C159648B88BF78C9351EB0377623F35DAC64FB4200196B49A76ADE7 ] C:\WINDOWS\system32\wclient14.dll
10:16:43.0578 0x0170 C:\WINDOWS\system32\wclient14.dll - ok
10:16:43.0578 0x0170 [ 561FA2ABB31DFA8FAB762145F81667C2, DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B ] C:\Program Files\Wave Systems Corp\common\msvcp71.dll
10:16:43.0578 0x0170 C:\Program Files\Wave Systems Corp\common\msvcp71.dll - ok
10:16:43.0593 0x0170 [ 86F1895AE8C5E8B17D99ECE768A70732, 8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE ] C:\Program Files\Wave Systems Corp\common\msvcr71.dll
10:16:43.0593 0x0170 C:\Program Files\Wave Systems Corp\common\msvcr71.dll - ok
10:16:43.0593 0x0170 [ C12B0858FC67EF7A875F48B96A62180E, D4C5DBD804C82EC87418E6537A5C0BD251DF35ECF305EB2A09C495D12A202507 ] C:\WINDOWS\system32\ATSC51.dll
10:16:43.0593 0x0170 C:\WINDOWS\system32\ATSC51.dll - ok
10:16:43.0593 0x0170 [ 4602907535FD682195DFFF9117365826, EA37CEED9CA7455AF1D9DEB479B3D8700C4BBEEE039291BA8D4785D8187F974E ] C:\WINDOWS\system32\mfc42.dll
10:16:43.0593 0x0170 C:\WINDOWS\system32\mfc42.dll - ok
10:16:43.0703 0x0170 [ B687C5E86BC6E937D3040C30EDDCC116, 53F2A7839C8C683361358C452B0246494E93962551E1C99DDB9AE86EF3DCC85F ] C:\WINDOWS\system32\TspPopup_ENU.dll
10:16:43.0703 0x0170 C:\WINDOWS\system32\TspPopup_ENU.dll - ok
10:16:43.0703 0x0170 [ 1639D9964C9E1B2ECCA95C8217D3E70D, A42E985697E673B89F5BD314BA9FE93A1CD8DDEBC6312AD52E196BFDFFA9E513 ] C:\WINDOWS\system32\dmserver.dll
10:16:43.0703 0x0170 C:\WINDOWS\system32\dmserver.dll - ok
10:16:43.0703 0x0170 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A, 305F39E4D18DC079E48578C31AE87BA1D0D781A2613BD5DA4689AC6F2794D326 ] C:\WINDOWS\system32\ersvc.dll
10:16:43.0703 0x0170 C:\WINDOWS\system32\ersvc.dll - ok
10:16:43.0703 0x0170 [ 60D1A6342238378BFB7545C81EE3606C, 40186F096F2AC3E5E12D0B8713A08E449D5F23DCD1C0EEFC3FA82002CA1B030F ] C:\WINDOWS\system32\es.dll
10:16:43.0703 0x0170 C:\WINDOWS\system32\es.dll - ok
10:16:43.0718 0x0170 [ 66D889718ED15A35BF0152C6E446934A, D051B857ABD5C6D4DBB6F8347EB7CBBB98871E29A25D70DC19F7DBF475284812 ] C:\WINDOWS\system32\urlmon.dll
10:16:43.0718 0x0170 C:\WINDOWS\system32\urlmon.dll - ok
10:16:43.0718 0x0170 [ B122BE74E283A2BC7FEBC180BFD2EFD5, 3FB9AE63AB2ECAC62C03FF19BE60E39C8C2985868FBA393039795A660A05DED3 ] C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
10:16:43.0718 0x0170 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe - ok
10:16:43.0828 0x0170 [ 8827911A8C37E40C027CBFC88E69D967, ED381F089E6143896B890BD5450FFFB271FC68983412376F54869A93F9D7DA9D ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
10:16:43.0828 0x0170 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
10:16:43.0843 0x0170 [ EA2A733A99E389C374DCABDE08D400FA, C08F90024D13718401E0229D083C13CB2223F11AA192FB35E4DE38658402B86B ] C:\Program Files\LogMeIn\x86\LMIGuardianDll.dll
10:16:43.0843 0x0170 C:\Program Files\LogMeIn\x86\LMIGuardianDll.dll - ok
10:16:43.0843 0x0170 [ 6BB3BB07E06377C2AB2A8834807A64DA, 18A738FB9BCFA896F383BF2D3A903D7B8FEBB8F829DC1EFBCD922C0952EA9869 ] C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
10:16:43.0843 0x0170 C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe - ok
10:16:43.0843 0x0170 [ 18AFEE0EDE045B6255408D634372DC29, 45CF51A125E4C3C44A6B708F25EB98165D66628EBFA1D10A538FDEF0AFFF74EA ] C:\WINDOWS\system32\hid.dll
10:16:43.0843 0x0170 C:\WINDOWS\system32\hid.dll - ok
10:16:43.0859 0x0170 [ 9376E6893E52B368ABC6255BF54F0B28, D3E6B03145988BC80A1F62E5E312BB060E062118B12D30F27C8A432D30962E58 ] C:\WINDOWS\system32\hidserv.dll
10:16:43.0859 0x0170 C:\WINDOWS\system32\hidserv.dll - ok
10:16:43.0859 0x0170 [ 0CB3AF149A0BAC0836022CA307C7A0F8, FCA50F229A9A2D120A260620AF454E1808246E45EC249582298D669BCED50B3E ] C:\WINDOWS\system32\srvsvc.dll
10:16:43.0859 0x0170 C:\WINDOWS\system32\srvsvc.dll - ok
10:16:43.0984 0x0170 [ 20FD44370267CCD0A64A1B31861C21D2, D98194A17D1C63434EC6449742C10033F1B94D80826B20464519B1DD4DE1DB5F ] C:\WINDOWS\system32\netmsg.dll
10:16:43.0984 0x0170 C:\WINDOWS\system32\netmsg.dll - ok
10:16:43.0984 0x0170 [ 7A4F147CC6B133F905F6E65E2F8669FB, 82E3C4F1A92D8D8129CC1CA07F516B537EA6A3B2EEDF47A2C32BEC7828A83A32 ] C:\WINDOWS\system32\drivers\srv.sys
10:16:43.0984 0x0170 C:\WINDOWS\system32\drivers\srv.sys - ok
10:16:44.0000 0x0170 [ 26E3BEC8F2F0CFAF9FFE4C7AEF1BC049, CFB86B860FF4F856DA75EB132E06B77C71DC5D994799C08EDC01F2CA8B47AB44 ] C:\Program Files\LogMeIn\x86\rainfo.sys
10:16:44.0000 0x0170 C:\Program Files\LogMeIn\x86\rainfo.sys - ok
10:16:44.0000 0x0170 [ D344C240F7ACEA5E15F11F2F488624F0, 13339962703F6E5EC31B6E564D2EC11CE1D70190EB6B3A30D07F967D30D4DB56 ] C:\Program Files\LogMeIn\x86\ramaint.exe
10:16:44.0000 0x0170 C:\Program Files\LogMeIn\x86\ramaint.exe - ok
10:16:44.0000 0x0170 [ 3FAA563DDF853320F90259D455A01D79, D81B5FCC0CBCF9CE18E44A31071D357B12F5016159E24954E50E68D80C9F61B8 ] C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
10:16:44.0000 0x0170 C:\WINDOWS\system32\drivers\LMIRfsDriver.sys - ok
10:16:44.0015 0x0170 [ 0D2516100703142CFA35CF8281611430, 087B54D96B102E60E99F465B2100041E6F332199787F93392A23DE25A6AE39E9 ] C:\WINDOWS\system32\nvsvc32.exe
10:16:44.0015 0x0170 C:\WINDOWS\system32\nvsvc32.exe - ok
10:16:44.0125 0x0170 [ F485C0DE9BF714C7F686D611FF79CD3A, 172BCB0B3412E0802F371DCEBCBCD4DA7B530D39441193C3A50D7277B144A528 ] C:\WINDOWS\system32\rassapi.dll
10:16:44.0125 0x0170 C:\WINDOWS\system32\rassapi.dll - ok
10:16:44.0125 0x0170 [ D1E299962B5956005113EC4AB1E0D9B7, 7B3723A9F514DE4E3E28A3B90ABCD32B70DAA85468D1999A691489D15D51ACCD ] C:\WINDOWS\system32\ipsecsvc.dll
10:16:44.0125 0x0170 C:\WINDOWS\system32\ipsecsvc.dll - ok
10:16:44.0125 0x0170 [ 25A750813F800CFE1DD148106B818A3C, B3C79862EAF76A5942BC12164C96DBE1B1DF5FBD31B5AB2312F8BBA499070D3F ] C:\WINDOWS\system32\nvcpl.dll
10:16:44.0125 0x0170 C:\WINDOWS\system32\nvcpl.dll - ok
10:16:44.0140 0x0170 [ E7E39B9152E6C27E5F608574EA6C5A52, FFCA5D8C5376D88CA3E914460708241067C02D25A4FC7EA3758E55451D761816 ] C:\WINDOWS\system32\oakley.dll
10:16:44.0140 0x0170 C:\WINDOWS\system32\oakley.dll - ok
10:16:44.0140 0x0170 [ 1B5F6923ABB450692E9FE0672C897AED, C1150C8D3CD586B336DFFB78E00A0F6FC60A3730EB541E6F8C14AF97A4CBEC14 ] C:\WINDOWS\system32\powrprof.dll
10:16:44.0140 0x0170 C:\WINDOWS\system32\powrprof.dll - ok
10:16:44.0296 0x0170 [ 3151427DB7D87107D1C5BE58FAC53960, 11988626648B2E416A07A8FF7D96BD8F20B150CC24CE9AB139F45A1DDE1D2225 ] C:\WINDOWS\system32\regsvc.dll
10:16:44.0296 0x0170 C:\WINDOWS\system32\regsvc.dll - ok
10:16:44.0296 0x0170 [ B1E0CE09895376871746F36DC5773B4F, 686458ED5D4C72AAF2F45B4FCBB44BFA0D84DFE93B5E01ECCBEAD33CBAC52BD5 ] C:\WINDOWS\system32\seclogon.dll
10:16:44.0296 0x0170 C:\WINDOWS\system32\seclogon.dll - ok
10:16:44.0296 0x0170 [ DFD9870CF39C791D86C4C209DA9FA919, 336A0525630149EF160AE8346AF6BEE2FAA0289629FA052ADAF887B5B84A918D ] C:\WINDOWS\system32\sens.dll
10:16:44.0296 0x0170 C:\WINDOWS\system32\sens.dll - ok
10:16:44.0312 0x0170 [ 36CC8C01B5E50163037BEF56CB96DE

Edited by Spyderturbo007, 02 December 2013 - 10:30 AM.

#12
Spyderturbo007

Posted 02 December 2013 - 10:35 AM

Member

Topic Starter
Member
760 posts

It looks like it might have gotten cut off. I'll try this again...

10:14:12.0171 0x0130 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
10:14:12.0953 0x0130 ============================================================
10:14:12.0953 0x0130 Current date / time: 2013/12/02 10:14:12.0953
10:14:12.0953 0x0130 SystemInfo:
10:14:12.0968 0x0130
10:14:12.0968 0x0130 OS Version: 5.1.2600 ServicePack: 2.0
10:14:12.0968 0x0130 Product type: Workstation
10:14:12.0968 0x0130 ComputerName: MAS-SERVER
10:14:12.0968 0x0130 UserName: Admin
10:14:12.0968 0x0130 Windows directory: C:\WINDOWS
10:14:12.0968 0x0130 System windows directory: C:\WINDOWS
10:14:12.0968 0x0130 Processor architecture: Intel x86
10:14:12.0968 0x0130 Number of processors: 2
10:14:12.0968 0x0130 Page size: 0x1000
10:14:12.0968 0x0130 Boot type: Normal boot
10:14:12.0968 0x0130 ============================================================
10:14:12.0968 0x0130 BG loaded
10:14:13.0968 0x0130 System UUID: {16ED8D45-ED85-E240-E431-F9C4C4F75810}
10:14:22.0859 0x0130 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:14:22.0890 0x0130 Drive \Device\Harddisk1\DR1 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:14:22.0890 0x0130 ============================================================
10:14:22.0890 0x0130 \Device\Harddisk0\DR0:
10:14:22.0906 0x0130 MBR partitions:
10:14:22.0906 0x0130 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x1D189832
10:14:22.0906 0x0130 \Device\Harddisk1\DR1:
10:14:22.0906 0x0130 MBR partitions:
10:14:22.0906 0x0130 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A050BD
10:14:22.0906 0x0130 ============================================================
10:14:22.0984 0x0130 C: <-> \Device\Harddisk0\DR0\Partition1
10:14:23.0031 0x0130 D: <-> \Device\Harddisk1\DR1\Partition1
10:14:23.0031 0x0130 ============================================================
10:14:23.0031 0x0130 Initialize success
10:14:23.0031 0x0130 ============================================================
10:14:32.0250 0x0170 ============================================================
10:14:32.0250 0x0170 Scan started
10:14:32.0250 0x0170 Mode: Manual; SigCheck; TDLFS;
10:14:32.0250 0x0170 ============================================================
10:14:32.0250 0x0170 KSN ping started
10:14:46.0171 0x0170 KSN ping finished: true
10:14:46.0296 0x0170 ================ Scan system memory ========================
10:14:46.0296 0x0170 System memory - ok
10:14:46.0296 0x0170 ================ Scan services =============================
10:14:46.0437 0x0170 Abiosdsk - ok
10:14:46.0468 0x0170 [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:14:47.0046 0x0170 abp480n5 - ok
10:14:47.0140 0x0170 [ A10C7534F7223F4A73A948967D00E69B, EBF46FBB4C7C04433E91D95A079354E51A40CC05EAA00A86DEE261AFA81162FC ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:14:47.0296 0x0170 ACPI - ok
10:14:47.0343 0x0170 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:14:47.0406 0x0170 ACPIEC - ok
10:14:47.0437 0x0170 [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:14:47.0515 0x0170 adpu160m - ok
10:14:47.0578 0x0170 [ 1EE7B434BA961EF845DE136224C30FEC, 0216D2277B6B4AB9B0E47E093CEEAC2030EFB4B87BA048EA730E40119AA06444 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:14:48.0203 0x0170 aec - ok
10:14:48.0234 0x0170 [ 55E6E1C51B6D30E54335750955453702, 49BE694FB65F195A65EC631558BA599345C6641A6A5AA2F1053611B715F4677A ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:14:48.0281 0x0170 AFD - ok
10:14:48.0296 0x0170 [ 2C428FA0C3E3A01ED93C9B2A27D8D4BB, A11AA25C0FF052578AE342717C85AED26B79CCE39040C42C69105868F6059A34 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
10:14:48.0406 0x0170 agp440 - ok
10:14:48.0437 0x0170 [ 67288B07D6ABA6C1267B626E67BC56FD, 476EB4F9530AAFFB25B50931F91B0D93CB4BEBBE09BE1D2F202C9665C21BF443 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:14:48.0515 0x0170 agpCPQ - ok
10:14:48.0515 0x0170 [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:14:48.0578 0x0170 Aha154x - ok
10:14:48.0593 0x0170 [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:14:48.0656 0x0170 aic78u2 - ok
10:14:48.0687 0x0170 [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:14:48.0750 0x0170 aic78xx - ok
10:14:48.0796 0x0170 [ C7AE0FD3867DB0D42B03B73C18F3D671, 13AE5D3DD13BC4C0EAB234FC3F87DA918793CE317A07EE37F107C8C6104E0BA9 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:14:48.0859 0x0170 Alerter - ok
10:14:48.0859 0x0170 [ F1958FBF86D5C004CF19A5951A9514B7, E8DF2330D48E9BF97A7061A84E42CCB2AD197C90FECB56150FB573B4D0C62883 ] ALG C:\WINDOWS\System32\alg.exe
10:14:48.0906 0x0170 ALG - ok
10:14:48.0906 0x0170 [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
10:14:48.0968 0x0170 AliIde - ok
10:14:49.0000 0x0170 [ F312B7CEF21EFF52FA23056B9D815FAD, D2FC307ED900B74ECDD17BC9F1334C78C423C40BBB3D41917D8FE841AFEA316E ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:14:49.0078 0x0170 alim1541 - ok
10:14:49.0093 0x0170 [ 675C16A3C1F8482F85EE4A97FC0DDE3D, A5BC4E924FFE42F760F91481B83D737A4E47035B037EBE3F1FCF3A25C684DE9C ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:14:49.0156 0x0170 amdagp - ok
10:14:49.0171 0x0170 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
10:14:49.0203 0x0170 amsint - ok
10:14:49.0234 0x0170 [ 9C3C12975C97119412802B181FBEEFFE, A20B1557702B2178354710823659E1E89E5C641C018CF964D95D481716B920B3 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
10:14:49.0265 0x0170 AppMgmt - ok
10:14:49.0265 0x0170 [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
10:14:49.0328 0x0170 asc - ok
10:14:49.0328 0x0170 [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:14:49.0375 0x0170 asc3350p - ok
10:14:49.0375 0x0170 [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:14:49.0437 0x0170 asc3550 - ok
10:14:49.0531 0x0170 [ CC184933B1DD73F34DB5346515639A59, 8B9F4889C73C6EAE719210B9C911340DF4CD64B312EF4038835527B77B962CC3 ] ASFIPmon C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
10:14:49.0531 0x0170 ASFIPmon - detected UnsignedFile.Multi.Generic ( 1 )
10:14:52.0859 0x0170 Detect skipped due to KSN trusted
10:14:52.0859 0x0170 ASFIPmon - ok
10:14:52.0921 0x0170 [ E1A1206A4FB19B675E947B29CCD25FBA, A9855FAB141E327DBC05B845939304749175B78F883B7FEC24552D96DA15609F ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
10:14:52.0937 0x0170 aspnet_state - detected UnsignedFile.Multi.Generic ( 1 )
10:14:55.0687 0x0170 Detect skipped due to KSN trusted
10:14:55.0687 0x0170 aspnet_state - ok
10:14:55.0703 0x0170 [ 02000ABF34AF4C218C35D257024807D6, FDE21F7FCB198A44A6F2BCAF5EB11C9D90A094B4A2F8C307244A7655848954DA ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:14:55.0796 0x0170 AsyncMac - ok
10:14:55.0843 0x0170 [ CDFE4411A69C224BD1D11B2DA92DAC51, 0E6B23A80F171550575BEBC56F7500CD87A5CF03B2B9FDC49BC3DE96282CD69D ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:14:55.0921 0x0170 atapi - ok
10:14:55.0921 0x0170 Atdisk - ok
10:14:55.0937 0x0170 [ EC88DA854AB7D7752EC8BE11A741BB7F, 91FAF224CB4B44608C85CC25C3A82A3EC83F379D14A119A60A75505A30043255 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:14:56.0000 0x0170 Atmarpc - ok
10:14:56.0031 0x0170 [ DBF0D7E2DF33B469EB55406FEA759350, D7BCE2D8DC42F9104E734C466498E6B0ACB1F64060CF5767444C46C936C1DE3F ] atmeltpm C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
10:14:56.0062 0x0170 atmeltpm - ok
10:14:56.0109 0x0170 [ DB66DB626E4882EBEF55F136F12C1829, E4FA63031E8FCF456D45160C29ADD0989355D5C5C8E17C949C278421D41DAB62 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:14:56.0171 0x0170 AudioSrv - ok
10:14:56.0203 0x0170 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:14:56.0250 0x0170 audstub - ok
10:14:56.0265 0x0170 [ BB1A2A73F993B623F99E03ED2F9E014C, 9C60E599087CBD242BAA618AC5E7655B214BEB6DA1EA9D0AD76F16A40B09FC02 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
10:14:56.0312 0x0170 b57w2k - ok
10:14:56.0468 0x0170 [ 3D87B0484BE1093C6614062701F375C5, 88BE4A9AD309F8258A8509AF9B60421449CE039C1809A5BCE83B2174D5EAE082 ] BASFND C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
10:14:56.0468 0x0170 BASFND - detected UnsignedFile.Multi.Generic ( 1 )
10:14:59.0750 0x0170 Detect skipped due to KSN trusted
10:14:59.0750 0x0170 BASFND - ok
10:14:59.0812 0x0170 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:14:59.0875 0x0170 Beep - ok
10:14:59.0937 0x0170 [ 2C69EC7E5A311334D10DD95F338FCCEA, 3A4335B8D723311F66FA2A30972C65EEED63161D6A2B4ABD6FCF1C374083BC0F ] BITS C:\WINDOWS\system32\qmgr.dll
10:15:00.0171 0x0170 BITS - ok
10:15:00.0203 0x0170 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8, DDFCCB3BC9A840ED0D6FC4B46086AD15AAF9D0D9AB8ED3A7B8860A1DA4D33970 ] Browser C:\WINDOWS\System32\browser.dll
10:15:00.0281 0x0170 Browser - ok
10:15:00.0406 0x0170 catchme - ok
10:15:00.0406 0x0170 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:15:00.0468 0x0170 cbidf - ok
10:15:00.0484 0x0170 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:15:00.0531 0x0170 cbidf2k - ok
10:15:00.0562 0x0170 [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:15:00.0609 0x0170 cd20xrnt - ok
10:15:00.0656 0x0170 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:15:00.0718 0x0170 Cdaudio - ok
10:15:00.0781 0x0170 [ CD7D5152DF32B47F4E36F710B35AAE02, 7382890CC1B27FC66C3E94E064562BBD87B3C75577CB0FD10860B8E2CE07D12E ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:15:00.0843 0x0170 Cdfs - ok
10:15:00.0890 0x0170 [ AF9C19B3100FE010496B1A27181FBF72, 64E9E4461F631EED2B2A1FC80DCC9C31DCECB5738289D322E6A6428C840DC621 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:15:00.0953 0x0170 Cdrom - ok
10:15:00.0953 0x0170 Changer - ok
10:15:00.0984 0x0170 [ 3192BD04D032A9C4A85A3278C268A13A, 7844F229916A9BC8670D3CCF80AD674C626EC6DD9D741FF10986E67F6AFD8757 ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:15:01.0062 0x0170 CiSvc - ok
10:15:01.0078 0x0170 [ C8DEC22C4137D7A90F8BDF41CA4B82AE, 92CE7B388236DBC196C92AE9929433C0F1E045EA5DB86802EF8C6041B56FE81F ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:15:01.0140 0x0170 ClipSrv - ok
10:15:01.0140 0x0170 [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:15:01.0218 0x0170 CmdIde - ok
10:15:01.0250 0x0170 [ DF1B1A24BF52D0EBC01ED4ECE8979F50, 78C5E7BE2FFA6A0709F3095AB006C86E3991AFC9E9B5ABEC94C3E8DF2EA2169D ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:15:01.0312 0x0170 Compbatt - ok
10:15:01.0312 0x0170 COMSysApp - ok
10:15:01.0328 0x0170 [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:15:01.0390 0x0170 Cpqarray - ok
10:15:01.0406 0x0170 [ 10654F9DDCEA9C46CFB77554231BE73B, 4EEAF6523941228FC440E9EA758545E2F2A2DD98565F90B5351EF2C9B82139ED ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:15:01.0484 0x0170 CryptSvc - ok
10:15:01.0531 0x0170 [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:15:01.0609 0x0170 dac2w2k - ok
10:15:01.0718 0x0170 [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:15:01.0781 0x0170 dac960nt - ok
10:15:01.0937 0x0170 [ 1011978867274E7D30776123E7F1998D, 1EF8AC511267FB4B45B6F45457D8066F041020296975376A84B6248326A038DD ] DataSvr2 C:\Program Files\Wave Systems Corp\Common\DataServer.exe
10:15:01.0937 0x0170 DataSvr2 - detected UnsignedFile.Multi.Generic ( 1 )
10:15:04.0953 0x0170 Detect skipped due to KSN trusted
10:15:04.0953 0x0170 DataSvr2 - ok
10:15:05.0000 0x0170 [ 24B5D53B9ACCC1E2EDCF0A878D6659D4, BE82521204BACF24436DD9067772F059105D743408823B135B840FF9BE197389 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:15:05.0093 0x0170 DcomLaunch - ok
10:15:05.0171 0x0170 [ EF545E1A4B043DA4C84E230DD471C55F, AD96922E58E8146F03E719D3A5CAAD677CAF3B7B525599F1B32F01BF72CCAFA4 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:15:05.0187 0x0170 Dhcp - ok
10:15:05.0187 0x0170 [ 00CA44E4534865F8A3B64F7C0984BFF0, 3FD73CCD9892F6CFEE776CB384C2E35FA15F4101D308A67E1358F85299501E3D ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:15:05.0250 0x0170 Disk - ok
10:15:05.0312 0x0170 [ E2D0DE31442390C35E3163C87CB6A9EB, 399B4678C18DB92AC186128CE8AC2784FFCD76FDE9DBD4615D47586E3493914E ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
10:15:05.0312 0x0170 DLABOIOM - detected UnsignedFile.Multi.Generic ( 1 )
10:15:08.0609 0x0170 Detect skipped due to KSN trusted
10:15:08.0609 0x0170 DLABOIOM - ok
10:15:08.0609 0x0170 [ D979BEBCF7EDCC9C9EE1857D1A68C67B, 936450704E4F2ADA6FB87F827C042FEC67F67C83D361F858F5F41AA6E8B7256D ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
10:15:08.0625 0x0170 DLACDBHM - detected UnsignedFile.Multi.Generic ( 1 )
10:15:11.0828 0x0170 Detect skipped due to KSN trusted
10:15:11.0828 0x0170 DLACDBHM - ok
10:15:11.0843 0x0170 [ 83545593E297F50A8E2524B4C071A153, 25B18FEF62395ABB1EB4C17D81D9EB31759F6C5DBAA5CDB192949055D69E3071 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
10:15:11.0843 0x0170 DLADResN - detected UnsignedFile.Multi.Generic ( 1 )
10:15:14.0906 0x0170 Detect skipped due to KSN trusted
10:15:14.0906 0x0170 DLADResN - ok
10:15:14.0906 0x0170 [ 96E01D901CDC98C7817155CC057001BF, 77F78754230D9235255F6F4907ACB03D9750E12B9D92B8250DD1DFF605DD2E5B ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
10:15:14.0906 0x0170 DLAIFS_M - detected UnsignedFile.Multi.Generic ( 1 )
10:15:17.0546 0x0170 Detect skipped due to KSN trusted
10:15:17.0546 0x0170 DLAIFS_M - ok
10:15:17.0546 0x0170 [ 0A60A39CC5E767980A31CA5D7238DFA9, 09826251C384F2E62ABFAA2097007D75B51DB29EAEF13D46174FBE5A3FE3E433 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
10:15:17.0546 0x0170 DLAOPIOM - detected UnsignedFile.Multi.Generic ( 1 )
10:15:20.0328 0x0170 Detect skipped due to KSN trusted
10:15:20.0328 0x0170 DLAOPIOM - ok
10:15:20.0328 0x0170 [ 9FE2B72558FC808357F427FD83314375, 37CCBC46ADCFD3B165A383589786C715006767EEFC8D6559C621745B72F9E59F ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
10:15:20.0328 0x0170 DLAPoolM - detected UnsignedFile.Multi.Generic ( 1 )
10:15:22.0750 0x0170 Detect skipped due to KSN trusted
10:15:22.0750 0x0170 DLAPoolM - ok
10:15:22.0765 0x0170 [ 7EE0852AE8907689DF25049DCD2342E8, A5F08D78200F5CB02539C87EA574EB34F0C330C290D7BE5D21ED42B0E04E5CF4 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
10:15:22.0828 0x0170 DLARTL_N - detected UnsignedFile.Multi.Generic ( 1 )
10:15:25.0609 0x0170 Detect skipped due to KSN trusted
10:15:25.0609 0x0170 DLARTL_N - ok
10:15:25.0671 0x0170 [ F08E1DAFAC457893399E03430A6A1397, 0784ACE7CA81313A5A8E7B7CCCAFF21E607251FEF604574FDCC81A3AFC6FD127 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
10:15:25.0734 0x0170 DLAUDFAM - detected UnsignedFile.Multi.Generic ( 1 )
10:15:28.0515 0x0170 Detect skipped due to KSN trusted
10:15:28.0515 0x0170 DLAUDFAM - ok
10:15:28.0531 0x0170 [ E7D105ED1E694449D444A9933DF8E060, DA66408DF44AB7099BEEED82C21A93F65A04C6FCDBA1D2F5791852EF9FE74D0D ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
10:15:28.0531 0x0170 DLAUDF_M - detected UnsignedFile.Multi.Generic ( 1 )
10:15:30.0937 0x0170 Detect skipped due to KSN trusted
10:15:30.0937 0x0170 DLAUDF_M - ok
10:15:30.0937 0x0170 dmadmin - ok
10:15:31.0062 0x0170 [ C0FBB516E06E243F0CF31F597E7EBF7D, 1FC205AC5D8D6BDA176438CEBFAC92CD4DEF50A6C1EBDCBCE2B149FF08D40032 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:15:31.0281 0x0170 dmboot - ok
10:15:31.0375 0x0170 [ F5E7B358A732D09F4BCF2824B88B9E28, 97B8317354659EFBA076E20AF20741C9FBC0961723483514E43D7EC6D66186C3 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:15:31.0546 0x0170 dmio - ok
10:15:31.0593 0x0170 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:15:31.0671 0x0170 dmload - ok
10:15:31.0671 0x0170 [ 1639D9964C9E1B2ECCA95C8217D3E70D, A42E985697E673B89F5BD314BA9FE93A1CD8DDEBC6312AD52E196BFDFFA9E513 ] dmserver C:\WINDOWS\System32\dmserver.dll
10:15:31.0750 0x0170 dmserver - ok
10:15:31.0796 0x0170 [ A6F881284AC1150E37D9AE47FF601267, 6C07654CF21637E527FC727EB50F4138BF0EFF0680000AC94001063B436389DB ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:15:31.0859 0x0170 DMusic - ok
10:15:31.0984 0x0170 [ AAC8FFBFD61E784FA3BAC851D4A0BD5F, F811288AC18DB28D9577EA9B40810DE000FC28EF234D1A790DD0578E0D565EBC ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:15:32.0015 0x0170 Dnscache - ok
10:15:32.0062 0x0170 [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:15:32.0125 0x0170 dpti2o - ok
10:15:32.0250 0x0170 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E, B941AB5D9D504486083E0D1539B1A96E27721C9EFD7A67CA1DB7258B0D33AB78 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:15:32.0312 0x0170 drmkaud - ok
10:15:32.0421 0x0170 [ FD0F95981FEF9073659D8EC58E40AA3C, 9EF2D538A90276DFF72BCE0E9A3AF50E607F2FD17B9EE46506156FBF3FC9E970 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
10:15:32.0437 0x0170 DRVMCDB - detected UnsignedFile.Multi.Generic ( 1 )
10:15:35.0046 0x0170 Detect skipped due to KSN trusted
10:15:35.0046 0x0170 DRVMCDB - ok
10:15:35.0109 0x0170 [ B4869D320428CDC5EC4D7F5E808E99B5, A84D1D65E84C0B17CE48188AD95DF52E1FEF785E6C6415E028CB5F7F4F31C466 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
10:15:35.0171 0x0170 DRVNDDM - detected UnsignedFile.Multi.Generic ( 1 )
10:15:37.0828 0x0170 Detect skipped due to KSN trusted
10:15:37.0828 0x0170 DRVNDDM - ok
10:15:37.0875 0x0170 [ 3FCA03CBCA11269F973B70FA483C88EF, 0995989B9EBE5CE1C5489139849FB2AD69DE9749650BBC262AD754E5CE457C59 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:15:38.0015 0x0170 E100B - ok
10:15:38.0078 0x0170 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A, 305F39E4D18DC079E48578C31AE87BA1D0D781A2613BD5DA4689AC6F2794D326 ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:15:38.0156 0x0170 ERSvc - ok
10:15:38.0375 0x0170 [ 4712531AB7A01B7EE059853CA17D39BD, D029A599E95F1FDF8AAC122FDE70E8DA6A4CEF0F8DB6543C6BF4AF35169B2203 ] Eventlog C:\WINDOWS\system32\services.exe
10:15:38.0375 0x0170 Eventlog - ok
10:15:38.0515 0x0170 [ 60D1A6342238378BFB7545C81EE3606C, 40186F096F2AC3E5E12D0B8713A08E449D5F23DCD1C0EEFC3FA82002CA1B030F ] EventSystem C:\WINDOWS\system32\es.dll
10:15:38.0562 0x0170 EventSystem - ok
10:15:38.0765 0x0170 [ 3117F595E9615E04F05A54FC15A03B20, 4708E8F1CDE6E9663B5DBEBAB8C684B16E45D41AEF20E4071D0A2931B305BD76 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:15:38.0812 0x0170 Fastfat - ok
10:15:38.0921 0x0170 [ 6815DEF9B810AEFAC107EEAF72DA6F82, 0132004894326B54D1B8AD2C31FB8BDE45EA66DB9962C0CE1207941A13630896 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:15:38.0921 0x0170 FastUserSwitchingCompatibility - detected UnsignedFile.Multi.Generic ( 1 )
10:15:41.0750 0x0170 Detect skipped due to KSN trusted
10:15:41.0750 0x0170 FastUserSwitchingCompatibility - ok
10:15:41.0812 0x0170 [ FCBD571FA0EE8DC238944AE5FAB74461, D083D2FE0A526814DD5F82E673AE0847BFCBE77B54CB4BA3190B7937F288F2FD ] Fax C:\WINDOWS\system32\fxssvc.exe
10:15:41.0890 0x0170 Fax - ok
10:15:41.0937 0x0170 [ CED2E8396A8838E59D8FD529C680E02C, 8542AE6A2D65D3F843EA70F5FFBC150B773C5CFA3FE6388FA68A95416FAD0F6E ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
10:15:42.0000 0x0170 Fdc - ok
10:15:42.0031 0x0170 [ E153AB8A11DE5452BCF5AC7652DBF3ED, AEB48687C604B0CDE5F1A13C2EC854CFFBE1CE0837C3898D6D4C6B71265D0ED0 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:15:42.0109 0x0170 Fips - ok
10:15:42.0140 0x0170 [ 0DD1DE43115B93F4D85E889D7A86F548, D50F7AAE5416C6D41845960BDDA24E97226F609AA726E4F88601ADC9ED50E872 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:15:42.0203 0x0170 Flpydisk - ok
10:15:42.0265 0x0170 [ 3D234FB6D6EE875EB009864A299BEA29, 9FEB003BDE7900AECDE9F9FFE0ECD7079B460714B582B7EB8EDB89E7F4D1FE59 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:15:42.0500 0x0170 FltMgr - ok
10:15:42.0500 0x0170 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:15:42.0578 0x0170 Fs_Rec - ok
10:15:42.0625 0x0170 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:15:42.0718 0x0170 Ftdisk - ok
10:15:42.0734 0x0170 [ C0F1D4A21DE5A415DF8170616703DEBF, 3E21AAD06CF6EB95662B568671B1DBD129CED481761BCDB67088E965E5C0BC5B ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:15:42.0812 0x0170 Gpc - ok
10:15:42.0875 0x0170 [ E31363D186B3E1D7C4E9117884A6AEE5, AC42CA69D1D973F8DC11103BA42EB4F355E0E90EAB15B3A2F03A5FF6B87E6313 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:15:42.0890 0x0170 HDAudBus - ok
10:15:42.0937 0x0170 [ 8827911A8C37E40C027CBFC88E69D967, ED381F089E6143896B890BD5450FFFB271FC68983412376F54869A93F9D7DA9D ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:15:43.0015 0x0170 helpsvc - ok
10:15:43.0062 0x0170 [ 13C0D55DA4B7148EF980E130B85D9F2C, DBABAA2FA47D919C66D21C6E25F89EBEBA69F05F8B6A875C8BE8C9AAFCAA7451 ] HidBatt C:\WINDOWS\system32\DRIVERS\HidBatt.sys
10:15:43.0125 0x0170 HidBatt - ok
10:15:43.0187 0x0170 [ 9376E6893E52B368ABC6255BF54F0B28, D3E6B03145988BC80A1F62E5E312BB060E062118B12D30F27C8A432D30962E58 ] HidServ C:\WINDOWS\System32\hidserv.dll
10:15:43.0265 0x0170 HidServ - ok
10:15:43.0312 0x0170 [ 1DE6783B918F540149AA69943BDFEBA8, 6ED28109CA0A7738857D840E369EAB91C1605F2643950762D327CCE241C135A1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:15:43.0375 0x0170 HidUsb - ok
10:15:43.0390 0x0170 [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
10:15:43.0453 0x0170 hpn - ok
10:15:43.0531 0x0170 [ 9F8B0F4276F618964FD118BE4289B7CD, 5E72367D731A99D3E13004D7070494365E2DBD4D8134445F35E889D9E046BBA7 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:15:43.0531 0x0170 HTTP - ok
10:15:43.0593 0x0170 [ 064D8581ADF77C25133E7D751D917D83, E8623C32E48D3E7A0179C8333C14D8A051C9F7300D0F465E94184F1C75E13A0F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:15:43.0703 0x0170 HTTPFilter - ok
10:15:43.0750 0x0170 [ 8F09F91B5C91363B77BCD15599570F2C, D855AA7187616E056EA01A0CB1DC9AC16A13B54143FF3C61333BD9A2C0CF3D29 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
10:15:43.0828 0x0170 i2omgmt - ok
10:15:43.0828 0x0170 [ ED6BF9E441FDEA13292A6D30A64A24C3, 900BCB5A180F82A7030F442EC73D6F3E06E8D85B6B9813588189274F39725776 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:15:43.0921 0x0170 i2omp - ok
10:15:43.0937 0x0170 [ 5502B58EEF7486EE6F93F3F164DCB808, 7E56E49D6444F2F48037B859B491DF95E1C90EC7ED4EF9C477CD2C49783E62E0 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:15:44.0015 0x0170 i8042prt - ok
10:15:44.0093 0x0170 [ B122BE74E283A2BC7FEBC180BFD2EFD5, 3FB9AE63AB2ECAC62C03FF19BE60E39C8C2985868FBA393039795A660A05DED3 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
10:15:44.0093 0x0170 IAANTMON - detected UnsignedFile.Multi.Generic ( 1 )
10:15:54.0218 0x0170 IAANTMON ( UnsignedFile.Multi.Generic ) - warning
10:15:58.0625 0x0170 [ 019CF5F31C67030841233C545A0E217A, 594D97054E3A8034D8BC3AE3B9CD8A00D95BB68F8CDA84E96D8EE08D5F24E101 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
10:15:58.0625 0x0170 iaStor - ok
10:15:58.0640 0x0170 [ F8AA320C6A0409C0380E5D8A99D76EC6, A848B9C489DDFBD48BDA140CB9DD43097686115042745F6444F803739168D391 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:15:58.0718 0x0170 Imapi - ok
10:15:58.0765 0x0170 [ FA788520BCAC0F5D9D5CDE5615C0D931, 7C70D1875B302CABC809627212E33CDD56F12B169EA548F1C94ECF2D14236514 ] ImapiService C:\WINDOWS\system32\imapi.exe
10:15:58.0843 0x0170 ImapiService - ok
10:15:58.0890 0x0170 [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:15:58.0968 0x0170 ini910u - ok
10:15:58.0984 0x0170 [ 2D722B2B54AB55B2FA475EB58D7B2AAD, 1D4BB8F3ABA0EE51EE9F398E383621882189ABCA63D7F0D8A16581AFD1A85553 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
10:15:59.0062 0x0170 IntelIde - ok
10:15:59.0093 0x0170 [ 279FB78702454DFF2BB445F238C048D2, 51A559AD7C9CAA8BD60D4E167E850B978083FAE9C5632E47D13B1092B56FD0BA ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:15:59.0187 0x0170 intelppm - ok
10:15:59.0187 0x0170 [ 4448006B6BC60E6C027932CFC38D6855, C377235EBE475C281ACB6A3267F12D8FE623433F05134A6CE50562414F94D7B1 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:15:59.0265 0x0170 Ip6Fw - ok
10:15:59.0265 0x0170 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:15:59.0343 0x0170 IpFilterDriver - ok
10:15:59.0359 0x0170 [ E1EC7F5DA720B640CD8FB8424F1B14BB, E5CF9F43D8C8028E8F29CAF8AD1E2179E5B02DCAA430900672FCB4C4EE288EF0 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:15:59.0437 0x0170 IpInIp - ok
10:15:59.0484 0x0170 [ E2168CBC7098FFE963C6F23F472A3593, 93B60D02ACBDDCE78BD4020B9CE0C132A8DD28FC2266B2748A22717B93AFF7C9 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:15:59.0718 0x0170 IpNat - ok
10:15:59.0765 0x0170 [ 64537AA5C003A6AFEEE1DF819062D0D1, 5A6C11317DEF14B8C34A8C669EB75F7A8D46F05090C43D3DFF602CFA13CC504E ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:15:59.0843 0x0170 IPSec - ok
10:15:59.0843 0x0170 [ 50708DAA1B1CBB7D6AC1CF8F56A24410, A5657038A66B83472B456246E58884D5DF2E5B63BD176AE3DFFB6D5B6998E8B7 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:15:59.0890 0x0170 IRENUM - ok
10:15:59.0906 0x0170 [ E504F706CCB699C2596E9A3DA1596E87, 80675B90DEFA75A58CB83FB88ED9CB849FE5CE2522A90F4AF08D54DC5B412541 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:15:59.0984 0x0170 isapnp - ok
10:16:00.0000 0x0170 [ EBDEE8A2EE5393890A1ACEE971C4C246, ACC57A7BACAB100FB2903451D2A48BFE936E3B8F9B13882C1D2DFF9D19BD1D34 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:16:00.0062 0x0170 Kbdclass - ok
10:16:00.0078 0x0170 [ E182FA8E49E8EE41B4ADC53093F3C7E6, 2E713992C9B40F6010373A2FFF6DBCC8723BB328DE6875793C46072D8323E9BB ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:16:00.0156 0x0170 kbdhid - ok
10:16:00.0218 0x0170 [ BA5DEDA4D934E6288C2F66CAF58D2562, 2250B75EEAD92CA56A1F8BB3F6523F9A5625676E38845A4DE0BFECE5EA17DBFA ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:16:00.0484 0x0170 kmixer - ok
10:16:00.0515 0x0170 [ 1BE7CC2535D760AE4D481576EB789F24, F110888377411C3D1E1C2AEA7D627207BBE7C6D37A82D1617C4DC7A31B6AC061 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:16:00.0515 0x0170 KSecDD - ok
10:16:00.0562 0x0170 [ 0CB3AF149A0BAC0836022CA307C7A0F8, FCA50F229A9A2D120A260620AF454E1808246E45EC249582298D669BCED50B3E ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:16:00.0796 0x0170 lanmanserver - ok
10:16:00.0843 0x0170 [ E1F27CFCD114EC9F1E1F44674B2FF9F0, 7147A1B3694200EEBC32BD66DAED6E075476371E03ED5FDD23431AB79D990957 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:16:00.0859 0x0170 lanmanworkstation - ok
10:16:00.0859 0x0170 lbrtfdc - ok
10:16:00.0921 0x0170 [ B3EFF6D938C572E90A07B3D87A3C7657, 8C02DEFD2F1A15740CD5421D20B3808BD27583019AF1B79D087880A71807EEE1 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:16:01.0000 0x0170 LmHosts - ok
10:16:01.0265 0x0170 [ 6BB3BB07E06377C2AB2A8834807A64DA, 18A738FB9BCFA896F383BF2D3A903D7B8FEBB8F829DC1EFBCD922C0952EA9869 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
10:16:01.0328 0x0170 LMIGuardianSvc - ok
10:16:01.0406 0x0170 [ 26E3BEC8F2F0CFAF9FFE4C7AEF1BC049, CFB86B860FF4F856DA75EB132E06B77C71DC5D994799C08EDC01F2CA8B47AB44 ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
10:16:02.0265 0x0170 LMIInfo - ok
10:16:02.0312 0x0170 [ D344C240F7ACEA5E15F11F2F488624F0, 13339962703F6E5EC31B6E564D2EC11CE1D70190EB6B3A30D07F967D30D4DB56 ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
10:16:02.0343 0x0170 LMIMaint - ok
10:16:02.0390 0x0170 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1, 0BC8AF546901E6C20611C5250BD65ACD0C4A8613BD8F8835F0D4680B5777F051 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
10:16:02.0406 0x0170 lmimirr - ok
10:16:02.0406 0x0170 LMIRfsClientNP - ok
10:16:02.0437 0x0170 [ 3FAA563DDF853320F90259D455A01D79, D81B5FCC0CBCF9CE18E44A31071D357B12F5016159E24954E50E68D80C9F61B8 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
10:16:02.0453 0x0170 LMIRfsDriver - ok
10:16:02.0609 0x0170 [ 432618FA75B61059D2C57D6A7E55147A, 0E7D771AE9F98667A68C8C07A664D70B71B78EC08D7FEA92AD979E1E049EC0B1 ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
10:16:02.0656 0x0170 LogMeIn - ok
10:16:02.0734 0x0170 [ 95FD808E4AC22ABA025A7B3EAC0375D2, 4A067A8B7C539A0C2BFAC55A1869EF56FED835C28F5F7DD7D7BA65A5B273CF5F ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:16:02.0828 0x0170 Messenger - ok
10:16:02.0828 0x0170 MFE_RR - ok
10:16:02.0890 0x0170 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:16:02.0953 0x0170 mnmdd - ok
10:16:03.0015 0x0170 [ F6415361201915B9FE3896B0E4E724FF, C99C1EE0EABF8847BD4F737D72DB3EE5A57D773F008EC6596E83DAE48474F3F2 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:16:03.0109 0x0170 mnmsrvc - ok
10:16:03.0125 0x0170 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05, BF2C49E4D4C2D2E865B1C59FFE76BF29146ADD971D845FBD659A96AA26D72A11 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:16:03.0187 0x0170 Modem - ok
10:16:03.0250 0x0170 [ 34E1F0031153E491910E12551400192C, D608F77DB7035FD676773A3DF8DBC5DD52CC5198D0681A73D7EAA6C161047A90 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:16:03.0328 0x0170 Mouclass - ok
10:16:03.0343 0x0170 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:16:03.0437 0x0170 mouhid - ok
10:16:03.0468 0x0170 [ 65653F3B4477F3C63E68A9659F85EE2E, 32A34B22A4C1F50A966F321FD228C6B85F0F0315ABF3D40FC416618E786A4024 ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:16:03.0562 0x0170 MountMgr - ok
10:16:03.0593 0x0170 [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:16:03.0687 0x0170 mraid35x - ok
10:16:03.0718 0x0170 [ 29414447EB5BDE2F8397DC965DBB3156, 351D359CC6C1C35522BB55B7CAC6C881B25FD6A0E057A8D7F84EE5A193029A23 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:16:03.0953 0x0170 MRxDAV - ok
10:16:04.0125 0x0170 [ FB6C89BB3CE282B08BDB1E3C179E1C39, 0558617DB859228332F4B7E44875AB3CDBA370E78C23BB5E80B159AAA7087B3E ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:16:04.0156 0x0170 MRxSmb - ok
10:16:04.0218 0x0170 [ C7C3D89EB0A6F3DBA622EA737FA335B1, 4392887A5F312DBD0971E1D72B85B3CA5636D7FB3A409E5A99CA925BD05493E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:16:04.0296 0x0170 MSDTC - ok
10:16:04.0343 0x0170 [ 561B3A4333CA2DBDBA28B5B956822519, 5B53906A29B9AA55A399F880CA989F9878BD943D3E97FB10A25BFD723654AF49 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:16:04.0421 0x0170 Msfs - ok
10:16:04.0421 0x0170 MSIServer - ok
10:16:04.0453 0x0170 [ AE431A8DD3C1D0D0610CDBAC16057AD0, 8B3BCAC3DA71778DC8B863E6DEF10F02F65D1BDD3381802DDC0B2980F4F1FBB9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:16:04.0531 0x0170 MSKSSRV - ok
10:16:04.0609 0x0170 [ 13E75FEF9DFEB08EEDED9D0246E1F448, 69D4CF483753FF253431656E1CB680F6702375696F94E259729BD11C25004031 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:16:04.0703 0x0170 MSPCLOCK - ok
10:16:04.0734 0x0170 [ 1988A33FF19242576C3D0EF9CE785DA7, 9E1C07F364DA7EF0D859BB7A3A06F849A153722E27E872640120CC6855D9FC51 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:16:04.0828 0x0170 MSPQM - ok
10:16:04.0859 0x0170 [ 469541F8BFD2B32659D5D463A6714BCE, 46AA7D2442DCC4C51C08BA0C00136F058F9160E6D6EDE78B2FD82545AE4FD10B ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:16:04.0937 0x0170 mssmbios - ok
10:16:04.0968 0x0170 [ 82035E0F41C2DD05AE41D27FE6CF7DE1, 6111D330E7ACB77E23EA6A9E001FC651DE1DC49D772DC6FDD3C4B8EDA57E1C7A ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:16:05.0062 0x0170 Mup - ok
10:16:05.0171 0x0170 [ 558635D3AF1C7546D26067D5D9B6959E, 8C1802908DF35E442575969D29F4B22019A2B3E4C309B8E193F98F75AE81F013 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:16:05.0296 0x0170 NDIS - ok
10:16:05.0359 0x0170 [ 08D43BBDACDF23F34D79E44ED35C1B4C, F72CB8FA67C361C40B4C83F08302D7B2FD9178C1C60A7C236AF08B9CB5162591 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:16:05.0421 0x0170 NdisTapi - ok
10:16:05.0484 0x0170 [ 34D6CD56409DA9A7ED573E1C90A308BF, DE2060F57C913272524AFB0D472714ABF6F7E49A01534F23D95EE67F207CC6CF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:16:05.0562 0x0170 Ndisuio - ok
10:16:05.0593 0x0170 [ 0B90E255A9490166AB368CD55A529893, 90EB17422BF52FE6D0CC6ADA4262D605806C5B583DE04EDEC95FD47EE9697865 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:16:05.0671 0x0170 NdisWan - ok
10:16:05.0703 0x0170 [ 59FC3FB44D2669BC144FD87826BB571F, B3C8CEFB09D5C85CBF12AED8CDB1FE455679D3436337263EFDABDC5116D92453 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:16:05.0781 0x0170 NDProxy - ok
10:16:05.0812 0x0170 [ 3A2ACA8FC1D7786902CA434998D7CEB4, ECE218DCDCB4D0A5CA8CBD14E931BAA3B5F381B70BBACB65B0EBBB46D2D31683 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:16:05.0890 0x0170 NetBIOS - ok
10:16:05.0984 0x0170 [ 0C80E410CD2F47134407EE7DD19CC86B, 2A1D0CE9797F4AB7A24873947A26DD6413B8DBB5A82C24CF28D1FC243AEFC5C8 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:16:06.0046 0x0170 NetBT - ok
10:16:06.0078 0x0170 [ 05AFB5AD06462257BEA7495283C86D50, 2D6584D0BFB168E48433EA702E6CABC7CB9B98675D2E99F78D9B84A63D4BD977 ] NetDDE C:\WINDOWS\system32\netdde.exe
10:16:06.0171 0x0170 NetDDE - ok
10:16:06.0171 0x0170 [ 05AFB5AD06462257BEA7495283C86D50, 2D6584D0BFB168E48433EA702E6CABC7CB9B98675D2E99F78D9B84A63D4BD977 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:16:06.0250 0x0170 NetDDEdsdm - ok
10:16:06.0312 0x0170 [ 84885F9B82F4D55C6146EBF6065D75D2, 76FE1B6C432B6C74FC283DE52D14EF668F8C4AAD0D139F362635EFB30482B4ED ] Netlogon C:\WINDOWS\system32\lsass.exe
10:16:06.0375 0x0170 Netlogon - ok
10:16:06.0484 0x0170 [ 36739B39267914BA69AD0610A0299732, 04CC0D2F45D4F3A86B2E4F23E1226F182349C98C53508C1F49C8CAC2D223D5A7 ] Netman C:\WINDOWS\System32\netman.dll
10:16:06.0703 0x0170 Netman - ok
10:16:06.0812 0x0170 [ 097722F235A1FB698BF9234E01B52637, 994F81F506B081FFB760BA7B95469DE9311DDB00D14F77DA9752C19A9B932289 ] Nla C:\WINDOWS\System32\mswsock.dll
10:16:06.0859 0x0170 Nla - ok
10:16:06.0906 0x0170 [ 4F601BCB8F64EA3AC0994F98FED03F8E, D9D6783B970CB871DE0C6EDD8BE42F30CD1DCD55D4DF006922D9CFC0CF020D27 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:16:06.0984 0x0170 Npfs - ok
10:16:07.0250 0x0170 [ 19A811EF5F1ED5C926A028CE107FF1AF, 97606850041DE4E568188FB28AA3D5B10A4E96DB9551A77BC3A17ED67D5D4474 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:16:07.0593 0x0170 Ntfs - ok
10:16:07.0625 0x0170 [ 84885F9B82F4D55C6146EBF6065D75D2, 76FE1B6C432B6C74FC283DE52D14EF668F8C4AAD0D139F362635EFB30482B4ED ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:16:07.0687 0x0170 NtLmSsp - ok
10:16:07.0750 0x0170 [ B62F29C00AC55A761B2E45877D85EA0F, 8B4B96BDBE26D73F89CC51876929515C1AEA18A8E9CA4E76FAEF538D9E5BDA90 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:16:08.0000 0x0170 NtmsSvc - ok
10:16:08.0046 0x0170 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
10:16:08.0156 0x0170 Null - ok
10:16:09.0406 0x0170 [ A93A67F645EA424F0752F8887860FB5F, ACE9D2D66BE6E79407F6CAF7E1B34B237492B3293A55888A8C5DEB86B64988F5 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:16:10.0156 0x0170 nv - ok
10:16:10.0312 0x0170 [ 0D2516100703142CFA35CF8281611430, 087B54D96B102E60E99F465B2100041E6F332199787F93392A23DE25A6AE39E9 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
10:16:10.0328 0x0170 NVSvc - ok
10:16:10.0375 0x0170 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:16:10.0453 0x0170 NwlnkFlt - ok
10:16:10.0468 0x0170 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:16:10.0546 0x0170 NwlnkFwd - ok
10:16:10.0703 0x0170 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:16:10.0734 0x0170 ose - ok
10:16:10.0765 0x0170 [ 29744EB4CE659DFE3B4122DEB45BC478, 5F7B63152CDAA031ACB77E793BB7E8210472D6D1EED911F3A0BD70455FC282FC ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
10:16:10.0843 0x0170 Parport - ok
10:16:10.0875 0x0170 [ 3334430C29DC338092F79C38EF7B4CD0, B54989B46D77F124D66741A939FF2033F73854FC39AF13C8165D01203A94A94E ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:16:10.0968 0x0170 PartMgr - ok
10:16:11.0015 0x0170 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:16:11.0093 0x0170 ParVdm - ok
10:16:11.0140 0x0170 [ 6EF25FB20CD269E3E51D8CA54935FFF2, 1308EBE46A701B3CA1FF6F1A65D2F5E57AC3AA77BB74062EBC4ABD620B9D56FC ] PBADRV C:\WINDOWS\system32\drivers\pbadrv.sys
10:16:11.0203 0x0170 PBADRV - detected UnsignedFile.Multi.Generic ( 1 )
10:16:13.0859 0x0170 Detect skipped due to KSN trusted
10:16:13.0859 0x0170 PBADRV - ok
10:16:13.0890 0x0170 [ 8086D9979234B603AD5BC2F5D890B234, 4FCB98D3B6F95B6979B255287480943C1F87A12ECB30D446294C1E84B6DFE620 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:16:13.0968 0x0170 PCI - ok
10:16:13.0968 0x0170 PCIDump - ok
10:16:14.0031 0x0170 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:16:14.0171 0x0170 PCIIde - ok
10:16:14.0218 0x0170 [ 82A087207DECEC8456FBE8537947D579, 92305DC8BC1CA3BD93A8D996AAA7433E816931B17D5BDFAC06C7251F2759D023 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
10:16:14.0390 0x0170 Pcmcia - ok
10:16:14.0390 0x0170 PDCOMP - ok
10:16:14.0406 0x0170 PDFRAME - ok
10:16:14.0406 0x0170 PDRELI - ok
10:16:14.0421 0x0170 PDRFRAME - ok
10:16:14.0437 0x0170 [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
10:16:14.0531 0x0170 perc2 - ok
10:16:14.0562 0x0170 [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:16:14.0625 0x0170 perc2hib - ok
10:16:14.0671 0x0170 [ 4712531AB7A01B7EE059853CA17D39BD, D029A599E95F1FDF8AAC122FDE70E8DA6A4CEF0F8DB6543C6BF4AF35169B2203 ] PlugPlay C:\WINDOWS\system32\services.exe
10:16:14.0703 0x0170 PlugPlay - ok
10:16:14.0734 0x0170 [ 84885F9B82F4D55C6146EBF6065D75D2, 76FE1B6C432B6C74FC283DE52D14EF668F8C4AAD0D139F362635EFB30482B4ED ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:16:14.0812 0x0170 PolicyAgent - ok
10:16:14.0828 0x0170 [ 1C5CC65AAC0783C344F16353E60B72AC, 7786CFE970A79B327DB57AEBADA8B0B94B4DE07CE8AF285E9835B2AADD597296 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:16:14.0906 0x0170 PptpMiniport - ok
10:16:14.0937 0x0170 [ 84885F9B82F4D55C6146EBF6065D75D2, 76FE1B6C432B6C74FC283DE52D14EF668F8C4AAD0D139F362635EFB30482B4ED ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:16:15.0000 0x0170 ProtectedStorage - ok
10:16:15.0046 0x0170 [ 48671F327553DCF1D27F6197F622A668, CB34A17BC36E8F8BB5F87F9EE21311C50DE9AE156513D682581DE47C93EC155D ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:16:15.0140 0x0170 PSched - ok
10:16:15.0171 0x0170 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:16:15.0296 0x0170 Ptilink - ok
10:16:15.0343 0x0170 [ D970470F8F39470BDAE94D313A1CCDCE, C41B314F3A1CD6A747A4578C2A1F20373884C2AD96880A81255E66BA9D886EB4 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:16:15.0375 0x0170 PxHelp20 - ok
10:16:15.0453 0x0170 [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:16:15.0546 0x0170 ql1080 - ok
10:16:15.0578 0x0170 [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:16:15.0656 0x0170 Ql10wnt - ok
10:16:15.0687 0x0170 [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:16:15.0765 0x0170 ql12160 - ok
10:16:15.0796 0x0170 [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:16:15.0890 0x0170 ql1240 - ok
10:16:15.0906 0x0170 [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:16:16.0000 0x0170 ql1280 - ok
10:16:16.0015 0x0170 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:16:16.0078 0x0170 RasAcd - ok
10:16:16.0156 0x0170 [ 44DB7A9BDD2FB58747D123FBF1D35ADB, 1546B32AE19015213236031E82BF5C44ACF4C1B5F9E379908A1B413C6CA65755 ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:16:16.0250 0x0170 RasAuto - ok
10:16:16.0296 0x0170 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C, F59974A2A3C21071BC72CA4DAF5D2DDF93471EC16FD1A34DE9DC1A50027F6835 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:16:16.0390 0x0170 Rasl2tp - ok
10:16:16.0484 0x0170 [ 49B5EED5FB89D39456A2F616CCD8BA5D, F09D6EE04BC0AB3B5BA76CAE64CE6B5E845006F912E0CBF1359900700F5C1146 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:16:16.0703 0x0170 RasMan - ok
10:16:16.0734 0x0170 [ 7306EEED8895454CBED4669BE9F79FAA, DC6874ECAD9105BC9EAB007291958911D7D4D3649124472070B3496B36C45200 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:16:16.0812 0x0170 RasPppoe - ok
10:16:16.0843 0x0170 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:16:16.0906 0x0170 Raspti - ok
10:16:17.0031 0x0170 [ 03B965B1CA47F6EF60EB5E51CB50E0AF, 56B0F5FC470385F2FF4E4573099C96772EDB985398859B9F7ACE0AA704BB47B7 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:16:17.0250 0x0170 Rdbss - ok
10:16:17.0296 0x0170 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:16:17.0375 0x0170 RDPCDD - ok
10:16:17.0421 0x0170 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD, 586900D30F44E132AC75520EFF4FF615AA46283F1F050AC93FF9C235AC0F1D75 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:16:17.0500 0x0170 rdpdr - ok
10:16:17.0609 0x0170 [ B54CD38A9EBFBF2B3561426E3FE26F62, 2BE75A68C598A2E162F09BCBA140909B9480A7E06A733B5D58673A172CAD8084 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:16:17.0843 0x0170 RDPWD - ok
10:16:17.0937 0x0170 [ 729798E0933076B8FCFCD9934698F164, 87CCF85E6C7F9AB9A5EB97BD9D2BE97429CB178B35FCA17CB1C9B58A0475D726 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:16:18.0031 0x0170 RDSessMgr - ok
10:16:18.0062 0x0170 [ B31B4588E4086D8D84ADBF9845C2402B, 0B45979623B0AC774A9426C428954E7

#13
Spyderturbo007

Posted 02 December 2013 - 10:40 AM

Member

Topic Starter
Member
760 posts

I'm going to try and attach the file because it keeps cutting it off when I try and paste it into a reply. Sorry for the confusion.

Attached Files

TDSSKiller.3.0.0.19_02.12.2013_10.14.12_log.txt 370.86KB 109 downloads

#14
Machiavelli

Posted 02 December 2013 - 10:40 AM

GeekU Moderator

GeekU Moderator
4,722 posts

Nope in the last scan you didn't cut the log -- but now you have.

EDIT:

I'm going to try and attach the file because it keeps cutting it off when I try and paste it into a reply. Sorry for the confusion.

OK.

Edited by Machiavelli, 02 December 2013 - 10:40 AM.

#15
Machiavelli

Posted 02 December 2013 - 11:59 AM

GeekU Moderator

GeekU Moderator
4,722 posts

Command Prompt

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

Click on the Start button and in the search box, type Command Prompt
When you see Command Prompt on the list, right-click on it and select Run as administrator
When command prompt opens, copy and paste the following command into it, press enter

netsh winsock reset

MiniToolBox

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Devices
List Users, Partitions and Memory size.
List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Question

Try ESET and Security Check again

Hopefully it works ...