Solved Multiple iexplore.exe running in task manager, even if IE isn't open

Linda R · Jan 2, 2014

Was able to boot into safe mode but JRT still won't run. Any other suggestions?

Broni · Jan 2, 2014

Don't worry about JRT

Uninstall McAfee Security Scan, typical foistware.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (TrueSight)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\dsNcAdpt.sys -- (dsNcAdpt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Linda\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2007/11/14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found


:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

Linda R · Jan 2, 2014

Removed McAfee, had to run OTL in safe mode. Still took 10 min + or - to reboot. Malwarebytes still blocking "potentially malicious website" even when no browser is running. Moving on to next steps, here's the report for OTL:
All processes killed
========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service UIUSys stopped successfully!
Service UIUSys deleted successfully!
File System32\DRIVERS\UIUSYS.SYS not found.
Error: No service named TrueSight was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrueSight deleted successfully.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service dsNcAdpt stopped successfully!
Service dsNcAdpt deleted successfully!
File system32\DRIVERS\dsNcAdpt.sys not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\Linda\LOCALS~1\Temp\catchme.sys not found.
Service vsdatant stopped successfully!
Service vsdatant deleted successfully!
C:\WINDOWS\system32\vsdatant.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\FRST\Quarantine\Zyypop folder moved successfully.
C:\FRST\Quarantine\Zaxoneo folder moved successfully.
C:\FRST\Quarantine\Yzynul folder moved successfully.
C:\FRST\Quarantine\Ywcuum folder moved successfully.
C:\FRST\Quarantine\Yqyfpal folder moved successfully.
C:\FRST\Quarantine\Yqydkui folder moved successfully.
C:\FRST\Quarantine\Ynedve folder moved successfully.
C:\FRST\Quarantine\Ygviiryd folder moved successfully.
C:\FRST\Quarantine\Xysayqod folder moved successfully.
C:\FRST\Quarantine\Xisynu folder moved successfully.
C:\FRST\Quarantine\Wiydhaca folder moved successfully.
C:\FRST\Quarantine\Waguku folder moved successfully.
C:\FRST\Quarantine\Vaqiusl folder moved successfully.
C:\FRST\Quarantine\Usegyfw folder moved successfully.
C:\FRST\Quarantine\Unosehul folder moved successfully.
C:\FRST\Quarantine\Unixkypu folder moved successfully.
C:\FRST\Quarantine\Ufhada folder moved successfully.
C:\FRST\Quarantine\Udawzow folder moved successfully.
C:\FRST\Quarantine\Ubifcuol folder moved successfully.
C:\FRST\Quarantine\Tyyfepaq folder moved successfully.
C:\FRST\Quarantine\Taytgek folder moved successfully.
C:\FRST\Quarantine\Suvakir folder moved successfully.
C:\FRST\Quarantine\Soluhi folder moved successfully.
C:\FRST\Quarantine\Sesalisi folder moved successfully.
C:\FRST\Quarantine\Seibup folder moved successfully.
C:\FRST\Quarantine\Saecegyb folder moved successfully.
C:\FRST\Quarantine\Riigakk folder moved successfully.
C:\FRST\Quarantine\Pyexfudu folder moved successfully.
C:\FRST\Quarantine\Puzaadu folder moved successfully.
C:\FRST\Quarantine\Piaryk folder moved successfully.
C:\FRST\Quarantine\Pabiwex folder moved successfully.
C:\FRST\Quarantine\Opityh folder moved successfully.
C:\FRST\Quarantine\Opiffao folder moved successfully.
C:\FRST\Quarantine\Omduiklo folder moved successfully.
C:\FRST\Quarantine\Ohhaylk folder moved successfully.
C:\FRST\Quarantine\Ocubysc folder moved successfully.
C:\FRST\Quarantine\Ocorypi folder moved successfully.
C:\FRST\Quarantine\Naheav folder moved successfully.
C:\FRST\Quarantine\Myuffiy folder moved successfully.
C:\FRST\Quarantine\Myikrivu folder moved successfully.
C:\FRST\Quarantine\Maryag folder moved successfully.
C:\FRST\Quarantine\Maalep folder moved successfully.
C:\FRST\Quarantine\Lyukud folder moved successfully.
C:\FRST\Quarantine\Lumyza folder moved successfully.
C:\FRST\Quarantine\Logahi folder moved successfully.
C:\FRST\Quarantine\Leroxo folder moved successfully.
C:\FRST\Quarantine\Leiber folder moved successfully.
C:\FRST\Quarantine\Kyemyd folder moved successfully.
C:\FRST\Quarantine\Kutiqoka folder moved successfully.
C:\FRST\Quarantine\Kipoxai folder moved successfully.
C:\FRST\Quarantine\Ixfiam folder moved successfully.
C:\FRST\Quarantine\Ipumeddu folder moved successfully.
C:\FRST\Quarantine\Ipiqrioc folder moved successfully.
C:\FRST\Quarantine\Inpgsoft folder moved successfully.
C:\FRST\Quarantine\Ihuvor folder moved successfully.
C:\FRST\Quarantine\Idxoeges folder moved successfully.
C:\FRST\Quarantine\Hyziexap folder moved successfully.
C:\FRST\Quarantine\Huziov folder moved successfully.
C:\FRST\Quarantine\Huywypm folder moved successfully.
C:\FRST\Quarantine\Hiuntot folder moved successfully.
C:\FRST\Quarantine\Heovrex folder moved successfully.
C:\FRST\Quarantine\Fuoccai folder moved successfully.
C:\FRST\Quarantine\Folyce folder moved successfully.
C:\FRST\Quarantine\Feywohaw folder moved successfully.
C:\FRST\Quarantine\Exruhac folder moved successfully.
C:\FRST\Quarantine\Evamiw folder moved successfully.
C:\FRST\Quarantine\Esefibv folder moved successfully.
C:\FRST\Quarantine\Esbudu folder moved successfully.
C:\FRST\Quarantine\Emreikit folder moved successfully.
C:\FRST\Quarantine\Elaphif folder moved successfully.
C:\FRST\Quarantine\Ecivwity folder moved successfully.
C:\FRST\Quarantine\Duuvqet folder moved successfully.
C:\FRST\Quarantine\Diriacq folder moved successfully.
C:\FRST\Quarantine\Dibuegfy folder moved successfully.
C:\FRST\Quarantine\Cyziudv folder moved successfully.
C:\FRST\Quarantine\Cuzeroro folder moved successfully.
C:\FRST\Quarantine\Cuxyxuwu folder moved successfully.
C:\FRST\Quarantine\Cuaxro folder moved successfully.
C:\FRST\Quarantine\Coyhut folder moved successfully.
C:\FRST\Quarantine\Coreebaf folder moved successfully.
C:\FRST\Quarantine\Cofuhyxi folder moved successfully.
C:\FRST\Quarantine\Beebyrl folder moved successfully.
C:\FRST\Quarantine\Axumyn folder moved successfully.
C:\FRST\Quarantine\avgnt.exe folder moved successfully.
C:\FRST\Quarantine\Asawpate folder moved successfully.
C:\FRST\Quarantine\Amfogaov folder moved successfully.
C:\FRST\Quarantine\Abpyitut folder moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives\Users\00000002 folder moved successfully.
C:\FRST\Hives\Users\00000001 folder moved successfully.
C:\FRST\Hives\Users folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 66551 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Linda
->Temp folder emptied: 2404025 bytes
->Temporary Internet Files folder emptied: 17060541 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 18374901 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2677 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4823 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 36.00 mb
[EMPTYJAVA]
User: Administrator
User: All Users
User: Default User
User: Linda
->Java cache emptied: 0 bytes
User: LocalService
User: LogMeInRemoteUser
User: NetworkService
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
User: Linda
->Flash cache emptied: 0 bytes
User: LocalService
User: LogMeInRemoteUser
User: NetworkService
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01022014_212804

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Linda R · Jan 2, 2014

Results of screen317's Security Check version 0.99.78
x86
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
Avira successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 21
Java version out of Date!
Adobe Flash Player 11.9.900.170
Mozilla Firefox 24.0 Firefox out of Date!
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Linda R · Jan 2, 2014

Farbar Service Scanner Version: 05-12-2013
Ran by Linda (administrator) on 02-01-2014 at 22:10:22
Running from "D:\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
ATMDLC(11) DNE(12) Eacfilt(10) Gpc(3) IPSec(5) IPSECEXT(8) IPSECSHM(9) JNPRNA(13) jnprTdi_730_32781(14) NetBT(6) PSched(7) Tcpip(4)
0x0E00000005000000010000000200000003000000040000000E000000060000000700000008000000090000000A0000000B0000000C0000000D000000
IpSec Tag value is correct.

**** End of log ****

Linda R · Jan 3, 2014

10 hours into the ESET scan, BSOD. Trying again. It was only 68% done after 10 hours, does that seem normal??

Broni · Jan 3, 2014

It may take time.

Linda R · Jan 3, 2014

I started it again this morning. 6 hours later it was almost to 50%. I stopped it so I could try to work some. Do you think I should make myself a ubcd4win boot disk? I really needto be able to work on this thing again soon...missed too many deadlines already. Was thinking if I could somehow scan it without booting into windows.... ?????

Broni · Jan 3, 2014

You can use your computer normally while scanning.

Linda R · Jan 3, 2014

It barely runs without any extra programs running...besides...it will disconnect when I log onto the vpn. No internet connection allowed when I'm on their network. So any other suggestions of something that might help and not take as long to run would be greatly appreciated!

Broni · Jan 3, 2014

OK, this one should be faster...

Please run F-Secure Online Scanner

Disable your Antivirus program.
Click on Run now button.
NOTE. If you're using non-IE browser you'll be asked to download small file (F-SecureOnlineScanner.exe). After downloading double click on the file to run the scan.
Click on Start button.
Click on "Accept" button.
When scan is done, in Step 3: Clean the files, leave all settings as they're.
Click Next button.
Click Full report... button.
Copy report's content and paste it into your next reply.

Linda R · Jan 3, 2014

Ran that one, but it came back that it didn't find any harmful applications.

The ESET scan had found 3 items before I stopped it. This is what it found:

C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\extensions\{36680766-DB0F-2FE2-454F-617C65152C54}\components\DAOTableDef120.js Win32/Boaxxe.BE trojan
C:\Documents and Settings\Linda\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\49\cddeb1-580cea0b Java/Exploit.Agent.QQF trojan
C:\Documents and Settings\Linda\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\62\23de233e-6ec20068 multiple threats

Linda R · Jan 3, 2014

Should also mention that it keeps opening these things that look like web pages but there is no minimize or close button and it takes away the task bar. You can get the task bar back by using the windows button, it is opening explorer windows which contain these "pages" but there is no way to close out of them until there are several, then you can right click and tell windows to close the group.

Broni · Jan 4, 2014

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.
Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Linda R · Jan 4, 2014

Finally tried running the ESET scan without checking the scan archives box and it ran and completed. Posting the resuls below. Moving on to TDSSkiller after I reboot.

C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\extensions\{36680766-DB0F-2FE2-454F-617C65152C54}\components\DAOTableDef120.js Win32/Boaxxe.BE trojan cleaned by deleting - quarantined
C:\Documents and Settings\Linda\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\49\cddeb1-580cea0b Java/Exploit.Agent.QQF trojan cleaned by deleting - quarantined
D:\_OTL\MovedFiles\01022014_212804\C_FRST\Quarantine\Inpgsoft\normalPaddlg.dll a variant of Win32/Sefnit.CV trojan cleaned by deleting - quarantined

Linda R · Jan 4, 2014

Report from TDSSkiller... I updated to the latest version before scanning, hope that's ok. Computer still taking about 10-15 minutes to reboot.

11:18:15.0421 0x146c TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
11:19:19.0640 0x146c ============================================================
11:19:19.0640 0x146c Current date / time: 2014/01/04 11:19:19.0640
11:19:19.0640 0x146c SystemInfo:
11:19:19.0640 0x146c
11:19:19.0640 0x146c OS Version: 5.1.2600 ServicePack: 3.0
11:19:19.0640 0x146c Product type: Workstation
11:19:19.0640 0x146c ComputerName: WELLSCO-LAPPY
11:19:19.0640 0x146c UserName: Linda
11:19:19.0640 0x146c Windows directory: C:\WINDOWS
11:19:19.0640 0x146c System windows directory: C:\WINDOWS
11:19:19.0640 0x146c Processor architecture: Intel x86
11:19:19.0640 0x146c Number of processors: 2
11:19:19.0640 0x146c Page size: 0x1000
11:19:19.0640 0x146c Boot type: Normal boot
11:19:19.0640 0x146c ============================================================
11:19:23.0359 0x146c KLMD registered as C:\WINDOWS\system32\drivers\71056829.sys
11:19:25.0015 0x146c System UUID: {5A99D1BC-519C-8A99-713F-58C72D49D1EB}
11:19:29.0156 0x146c Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
11:19:29.0171 0x146c ============================================================
11:19:29.0171 0x146c \Device\Harddisk0\DR0:
11:19:29.0171 0x146c MBR partitions:
11:19:29.0171 0x146c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3BFFED1
11:19:29.0171 0x146c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3BFFF4F, BlocksNum 0x590A6B1
11:19:29.0171 0x146c ============================================================
11:19:29.0203 0x146c C: <-> \Device\Harddisk0\DR0\Partition1
11:19:29.0234 0x146c D: <-> \Device\Harddisk0\DR0\Partition2
11:19:29.0250 0x146c ============================================================
11:19:29.0250 0x146c Initialize success
11:19:29.0250 0x146c ============================================================
11:19:52.0062 0x0c4c ============================================================
11:19:52.0062 0x0c4c Scan started
11:19:52.0062 0x0c4c Mode: Manual;
11:19:52.0062 0x0c4c ============================================================
11:19:52.0062 0x0c4c KSN ping started
11:20:03.0828 0x0c4c KSN ping finished: true
11:20:08.0046 0x0c4c ================ Scan system memory ========================
11:20:08.0046 0x0c4c System memory - ok
11:20:08.0046 0x0c4c ================ Scan services =============================
11:20:08.0859 0x0c4c Abiosdsk - ok
11:20:08.0859 0x0c4c abp480n5 - ok
11:20:08.0906 0x0c4c [ 2AD11B75224BC6C54735FB6853105B8B, FDEEEF3CF0B01EE4CE127D690213E54BE9B0DB2C6BADD35ECE57C3591F654C5A ] Accelerometer C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
11:20:08.0921 0x0c4c Accelerometer - ok
11:20:09.0156 0x0c4c [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:20:09.0156 0x0c4c ACPI - ok
11:20:09.0203 0x0c4c [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:20:09.0203 0x0c4c ACPIEC - ok
11:20:09.0718 0x0c4c [ FBC4BDBD3D00E7A83075DB95DCD658D4, 342082BEE2524D577332E92C40071321C7D172BE74196F791E1A22C6DECFE5B9 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
11:20:09.0765 0x0c4c AcrSch2Svc - ok
11:20:09.0984 0x0c4c [ 7356EFF52AD50B8946D346002118CE62, 4AFE5F103989B78C1FE48A06CD95054D9AEAFFB018C2F89703D4EEA16C20F0DA ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
11:20:10.0015 0x0c4c ADIHdAudAddService - ok
11:20:10.0203 0x0c4c [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:20:10.0390 0x0c4c AdobeFlashPlayerUpdateSvc - ok
11:20:10.0406 0x0c4c adpu160m - ok
11:20:10.0500 0x0c4c [ FFF87A9B1AB36EE4B7BEC98A4CB01B79, EC11E349E6236E7384E689ED8CE2876DD358AF6E820F1D99B7E269AB6998C5D3 ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys
11:20:10.0562 0x0c4c AEAudio - ok
11:20:10.0656 0x0c4c [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:20:10.0781 0x0c4c aec - ok
11:20:10.0890 0x0c4c [ F132D0BFDE7C5EA1AB42325C5694A969, 5BDAB6D6D390C7C65A3075B749D304449AC6F9E8A2DF54516B8C57A0ACE01B5F ] afcdp C:\WINDOWS\system32\DRIVERS\afcdp.sys
11:20:10.0921 0x0c4c afcdp - ok
11:20:12.0250 0x0c4c [ 986A134B1A1770599B7AF9354CBB066F, 5F61A40685DB300C1807D220C0CAC7B0295635942DFB758C1131B131F91EE3D3 ] afcdpsrv C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
11:20:13.0468 0x0c4c afcdpsrv - ok
11:20:13.0578 0x0c4c [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:20:13.0656 0x0c4c AFD - ok
11:20:13.0671 0x0c4c Aha154x - ok
11:20:13.0687 0x0c4c aic78u2 - ok
11:20:13.0687 0x0c4c aic78xx - ok
11:20:13.0718 0x0c4c [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:20:13.0734 0x0c4c Alerter - ok
11:20:13.0765 0x0c4c [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
11:20:13.0765 0x0c4c ALG - ok
11:20:13.0781 0x0c4c AliIde - ok
11:20:13.0781 0x0c4c amsint - ok
11:20:14.0140 0x0c4c [ FE79366FECD444A16CCA9979134DBEA8, 91D2301E35C89B9FAD5680124EA51DC346159DC78556ACCD935F9B236B9FDCBC ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:20:14.0453 0x0c4c AntiVirSchedulerService - ok
11:20:14.0781 0x0c4c [ FDE9C7030FB1E9E2715E113EE6A10F90, 541F278D743C34C6D9940FC1250B90674EB88EC429D481012F27817DAB1B557A ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:20:14.0796 0x0c4c AntiVirService - ok
11:20:14.0968 0x0c4c [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
11:20:15.0250 0x0c4c AppMgmt - ok
11:20:15.0406 0x0c4c [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:20:15.0500 0x0c4c Arp1394 - ok
11:20:15.0500 0x0c4c asc - ok
11:20:15.0500 0x0c4c asc3350p - ok
11:20:15.0515 0x0c4c asc3550 - ok
11:20:15.0671 0x0c4c [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:20:15.0734 0x0c4c aspnet_state - ok
11:20:15.0750 0x0c4c [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:20:15.0765 0x0c4c AsyncMac - ok
11:20:15.0828 0x0c4c [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:20:15.0843 0x0c4c atapi - ok
11:20:15.0843 0x0c4c Atdisk - ok
11:20:15.0890 0x0c4c [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:20:15.0953 0x0c4c Atmarpc - ok
11:20:16.0046 0x0c4c [ C0513711BAB78F790F56D8F008F7CA89, F809088F3E33B9DB23413CAACC2EBEC538724BD0380A17D3CCA751AD3AF33E07 ] ATMDLC C:\WINDOWS\system32\DRIVERS\atmdlc.sys
11:20:16.0078 0x0c4c ATMDLC - ok
11:20:16.0234 0x0c4c [ 69E65A2CE11619F0C868967CA9540B80, 4A2712D0A96070AC362BFA94C69D28BB27DD5658AB90B4BFC7A112CAC8C92DEA ] ATSWPDRV C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
11:20:16.0250 0x0c4c ATSWPDRV - ok
11:20:16.0296 0x0c4c [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:20:16.0328 0x0c4c AudioSrv - ok
11:20:16.0359 0x0c4c [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:20:16.0359 0x0c4c audstub - ok
11:20:16.0437 0x0c4c [ B8C10FF9369394EB84993F331810CF29, 84D674EF4FB73FD9D1539DFCC52361C2FBAFD5A2DEF1FFF4F1F416721AA80F85 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
11:20:16.0437 0x0c4c avgntflt - ok
11:20:16.0546 0x0c4c [ 4189E5AB2CAD6F395D87DAAE73EB090F, 8A98667451F0A9E81204BC9DD34B7BDA147FB867F0969361ED6F9C0CD422E49C ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
11:20:16.0546 0x0c4c avipbb - ok
11:20:16.0593 0x0c4c [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
11:20:16.0593 0x0c4c avkmgr - ok
11:20:16.0703 0x0c4c [ C0ACD392ECE55784884CC208AAFA06CE, B87B47062E2BAFED50D0A9CC83D00B986298A2A9E33B52D5EA331CDC5C046C56 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:20:16.0843 0x0c4c b57w2k - ok
11:20:16.0875 0x0c4c [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:20:16.0890 0x0c4c Beep - ok
11:20:17.0437 0x0c4c [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
11:20:17.0828 0x0c4c BITS - ok
11:20:17.0906 0x0c4c [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
11:20:17.0937 0x0c4c Browser - ok
11:20:18.0218 0x0c4c [ DF74D51BA41AD84D72B2CB844337D3ED, 48B26DC5EA1B9D867F3824E0F61CB907D39BD850F121D6A78EBA43CC03E5F932 ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
11:20:18.0625 0x0c4c btaudio - ok
11:20:18.0703 0x0c4c [ 048F90A830E4DFBE050EA9F4C9F98AE3, CF6AF36E198FB0AE3AACBFDDF930F7A8E40C7F063107F357C87FDE9A637E4913 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
11:20:18.0734 0x0c4c BTDriver - ok
11:20:19.0687 0x0c4c [ 6B6AD8CBF3984C3B39D4D06C38F52010, 929B19514914CFE94FC9A90B77BA4D438592E0BFA37EBD84DEBF4568626D6EAD ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
11:20:19.0718 0x0c4c BTKRNL - ok
11:20:19.0921 0x0c4c [ 8A03AAD8AFAA0E5DDEC3D319EC5029AA, CF560BB35C6C84B92910A8945A0D79F8FA432E851D61D5A80E45742A9F039286 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
11:20:19.0937 0x0c4c btwdins - ok
11:20:20.0031 0x0c4c [ 8AA19A3C1CBDFEEF118F0E4EF874A8A7, 54C6622EA8CF33059B20B1C2C59FB62FAB172A480B868E6B096C783056D06D08 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
11:20:20.0171 0x0c4c BTWDNDIS - ok
11:20:20.0437 0x0c4c [ EC98BFF6E8CE3CF49957797D954E7F7F, 4A48B1DF40A3B2C3185485FA43B2216A7F19AB7CF3381D2D83BD8C6ABD6356B0 ] btwhid C:\WINDOWS\system32\DRIVERS\btwhid.sys
11:20:20.0484 0x0c4c btwhid - ok
11:20:20.0531 0x0c4c [ 00C8988DA469E4AC087539BD77420123, 2F613A96284707A3F9AAD14769B636A680908E73A5995A0F8D8CE5BAB4BD9B0D ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
11:20:20.0562 0x0c4c BTWUSB - ok
11:20:20.0609 0x0c4c [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:20:20.0625 0x0c4c cbidf2k - ok
11:20:20.0625 0x0c4c cd20xrnt - ok
11:20:20.0656 0x0c4c [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:20:20.0687 0x0c4c Cdaudio - ok
11:20:20.0750 0x0c4c [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:20:20.0781 0x0c4c Cdfs - ok
11:20:20.0828 0x0c4c [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:20:20.0875 0x0c4c Cdrom - ok
11:20:20.0906 0x0c4c [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:20:20.0921 0x0c4c CiSvc - ok
11:20:20.0953 0x0c4c [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:20:20.0984 0x0c4c ClipSrv - ok
11:20:21.0093 0x0c4c [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:20:21.0281 0x0c4c clr_optimization_v2.0.50727_32 - ok
11:20:21.0453 0x0c4c [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:20:21.0562 0x0c4c clr_optimization_v4.0.30319_32 - ok
11:20:21.0578 0x0c4c [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:20:21.0593 0x0c4c CmBatt - ok
11:20:21.0593 0x0c4c CmdIde - ok
11:20:21.0625 0x0c4c [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:20:21.0640 0x0c4c Compbatt - ok
11:20:21.0640 0x0c4c COMSysApp - ok
11:20:21.0640 0x0c4c Cpqarray - ok
11:20:21.0718 0x0c4c [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:20:21.0750 0x0c4c CryptSvc - ok
11:20:21.0781 0x0c4c [ B5ECADF7708960F1818C7FA015F4C239, A58BA71B08A9D46EB79EB3DF0858F553A11DE3461E13B6D926E25D21D4CBB2D8 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
11:20:21.0796 0x0c4c CVirtA - ok
11:20:22.0671 0x0c4c [ D4A26B0926171DC4F969955D157D1311, 22E954B0E2F0A0D0CAEFBA8BADA5AA8CE4F7AECB64A2AA75A2E031C3E405A1FF ] CVPND D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
11:20:23.0187 0x0c4c CVPND - ok
11:20:23.0531 0x0c4c [ C23025AC5AE45A105D63BD6E2408EDD4, 4457628A9DF3DCF3B160D2804198D8664FD76D93ACC2D23B4161D04FE2D37442 ] CVPNDRVA C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
11:20:23.0546 0x0c4c CVPNDRVA - ok
11:20:23.0546 0x0c4c dac2w2k - ok
11:20:23.0562 0x0c4c dac960nt - ok
11:20:23.0796 0x0c4c [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:20:23.0812 0x0c4c DcomLaunch - ok
11:20:23.0906 0x0c4c [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:20:23.0906 0x0c4c Dhcp - ok
11:20:23.0953 0x0c4c [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:20:23.0968 0x0c4c Disk - ok
11:20:23.0968 0x0c4c dmadmin - ok
11:20:24.0437 0x0c4c [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:20:25.0250 0x0c4c dmboot - ok
11:20:25.0359 0x0c4c [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:20:25.0468 0x0c4c dmio - ok
11:20:25.0500 0x0c4c [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:20:25.0500 0x0c4c dmload - ok
11:20:25.0546 0x0c4c [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
11:20:25.0562 0x0c4c dmserver - ok
11:20:25.0609 0x0c4c [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:20:25.0640 0x0c4c DMusic - ok
11:20:25.0750 0x0c4c [ B5AA5AA5AC327BD7C1AEC0C58F0C1144, 14C147B79786C5DCEC54AF191E8815D871906E30DE90B00C7929F0E6CC025E6A ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
11:20:25.0765 0x0c4c DNE - ok
11:20:25.0828 0x0c4c [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:20:25.0843 0x0c4c Dnscache - ok
11:20:25.0953 0x0c4c [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:20:26.0031 0x0c4c Dot3svc - ok
11:20:26.0046 0x0c4c dpti2o - ok
11:20:26.0078 0x0c4c [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:20:26.0093 0x0c4c drmkaud - ok
11:20:26.0140 0x0c4c [ EF61CAABCBC8F7992ACCEC153B9BBF41, B077FB2B06BAF890DCFEF0645DF8E14DE72F1516BF58988E2347FBF3B6E1B51D ] Eacfilt C:\WINDOWS\system32\DRIVERS\eacfilt.sys
11:20:26.0265 0x0c4c Eacfilt - ok
11:20:26.0312 0x0c4c [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:20:26.0343 0x0c4c EapHost - ok
11:20:26.0390 0x0c4c [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:20:26.0421 0x0c4c ERSvc - ok
11:20:26.0500 0x0c4c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
11:20:26.0531 0x0c4c Eventlog - ok
11:20:26.0687 0x0c4c [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\System32\es.dll
11:20:26.0812 0x0c4c EventSystem - ok
11:20:27.0343 0x0c4c [ 9C05985861E6E4E80271EA5DA047C90B, 87A1885319AFFC931B1FFC3102456F979B00FD0B1055F04F26033FEC88EB26C1 ] ExtranetAccess C:\Program Files\Nortel Networks\Extranet_serv.exe
11:20:27.0968 0x0c4c ExtranetAccess - ok
11:20:28.0250 0x0c4c [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:20:28.0250 0x0c4c Fastfat - ok
11:20:28.0453 0x0c4c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:20:28.0578 0x0c4c FastUserSwitchingCompatibility - ok
11:20:28.0609 0x0c4c [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
11:20:28.0640 0x0c4c Fdc - ok
11:20:28.0687 0x0c4c [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:20:28.0703 0x0c4c Fips - ok
11:20:28.0718 0x0c4c [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
11:20:28.0734 0x0c4c Flpydisk - ok
11:20:28.0812 0x0c4c [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
11:20:28.0906 0x0c4c FltMgr - ok
11:20:28.0968 0x0c4c [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:20:29.0000 0x0c4c FontCache3.0.0.0 - ok
11:20:29.0031 0x0c4c [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:20:29.0031 0x0c4c Fs_Rec - ok
11:20:29.0125 0x0c4c [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:20:29.0328 0x0c4c Ftdisk - ok
11:20:29.0437 0x0c4c [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:20:29.0468 0x0c4c Gpc - ok
11:20:29.0546 0x0c4c [ F3C9F09AA3EDA29A1C841877E7E39158, 4DB6883D24434EF2DBEA5128851C8F2D8A146E1EC2B34D2497E6B702E351EB7F ] GTIPCI21 C:\WINDOWS\system32\DRIVERS\gtipci21.sys
11:20:29.0625 0x0c4c GTIPCI21 - ok
11:20:29.0750 0x0c4c [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
11:20:29.0750 0x0c4c gupdate - ok
11:20:29.0812 0x0c4c [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
11:20:29.0828 0x0c4c gupdatem - ok
11:20:29.0953 0x0c4c [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:20:30.0078 0x0c4c gusvc - ok
11:20:30.0109 0x0c4c [ DE15777902A5D9121857D155873A1D1B, 98D6E8204B9A773C8B11D6011ADC77676B0F94F6236CC764D3234FFD43AC86EB ] HBtnKey C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
11:20:30.0125 0x0c4c HBtnKey - ok
11:20:30.0250 0x0c4c [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:20:30.0250 0x0c4c HDAudBus - ok
11:20:30.0515 0x0c4c [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:20:30.0531 0x0c4c helpsvc - ok
11:20:30.0578 0x0c4c [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
11:20:30.0593 0x0c4c HidServ - ok
11:20:30.0625 0x0c4c [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:20:30.0640 0x0c4c hidusb - ok
11:20:30.0703 0x0c4c [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:20:30.0765 0x0c4c hkmsvc - ok
11:20:30.0781 0x0c4c [ B5E68A5D9E0AAC82E4DDD340E1F0274A, 3A335DC4FFBA2EFE2E127A86C9FBEB05207DEF434030D23C1FB4511B4646F5AC ] hpdskflt C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
11:20:30.0812 0x0c4c hpdskflt - ok
11:20:30.0812 0x0c4c hpn - ok
11:20:30.0859 0x0c4c [ 35956140E686D53BF676CF0C778880FC, AFFE1CC956E75AF1DE87F19A58CB03C861907C48DCA03F7454EF7762DEB46F2D ] HpqKbFiltr C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
11:20:30.0875 0x0c4c HpqKbFiltr - ok
11:20:30.0984 0x0c4c [ F8968C9778F25A90A35755C3C97C7F62, 98645C36D90B2CC4628BA8FCCEFFD54D1DB7B87962791A88897C2025ACCA76B1 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
11:20:31.0000 0x0c4c hpqwmiex - ok
11:20:31.0390 0x0c4c [ 50AED60EA813124D6DAEE41814E4AAAC, F4FA4FB37D77CFEA72A68437B2EA14A7CFB6B12EB004E2FCB03A5F2402B668C8 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
11:20:31.0890 0x0c4c HPSLPSVC - ok
11:20:32.0015 0x0c4c [ 3C01C18B866488FB6CC4E7D5472986A0, 463640F67397DC2C3B9B0733D4771406951230731FF3E02731513DEE6B37B8C4 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
11:20:32.0156 0x0c4c HSFHWAZL - ok
11:20:33.0015 0x0c4c [ 0D7D34441E37E4A41B61CFF0CBCA1E3D, 0BD7985049A39BEEB566CB1ECE638C01686151AD9105BC841C328FCA6789A6D7 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
11:20:33.0968 0x0c4c HSF_DPV - ok
11:20:34.0140 0x0c4c [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:20:34.0156 0x0c4c HTTP - ok
11:20:34.0234 0x0c4c [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:20:34.0250 0x0c4c HTTPFilter - ok
11:20:34.0250 0x0c4c i2omp - ok
11:20:34.0359 0x0c4c [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:20:34.0531 0x0c4c i8042prt - ok
11:20:36.0078 0x0c4c [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:20:37.0500 0x0c4c idsvc - ok
11:20:37.0562 0x0c4c [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:20:37.0625 0x0c4c Imapi - ok
11:20:37.0734 0x0c4c [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
11:20:37.0750 0x0c4c ImapiService - ok
11:20:37.0781 0x0c4c ini910u - ok
11:20:37.0828 0x0c4c [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
11:20:37.0859 0x0c4c IntelIde - ok
11:20:37.0906 0x0c4c [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:20:37.0906 0x0c4c intelppm - ok
11:20:37.0968 0x0c4c [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
11:20:38.0000 0x0c4c ip6fw - ok
11:20:38.0062 0x0c4c [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:20:38.0062 0x0c4c IpFilterDriver - ok
11:20:38.0093 0x0c4c [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:20:38.0109 0x0c4c IpInIp - ok
11:20:38.0218 0x0c4c [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:20:38.0218 0x0c4c IpNat - ok
11:20:38.0281 0x0c4c [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:20:38.0406 0x0c4c IPSec - ok
11:20:38.0593 0x0c4c [ A663FF4CBE396F919CF1746CCB12481A, F320FD11B4D515BCF886FEE1B5AD3D768978D0BEEB61C239AE04C8AAE5F16FA3 ] IPSECEXT C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
11:20:38.0609 0x0c4c IPSECEXT - ok
11:20:38.0718 0x0c4c [ A663FF4CBE396F919CF1746CCB12481A, F320FD11B4D515BCF886FEE1B5AD3D768978D0BEEB61C239AE04C8AAE5F16FA3 ] IPSECSHM C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
11:20:38.0718 0x0c4c IPSECSHM - ok
11:20:38.0750 0x0c4c [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:20:38.0781 0x0c4c IRENUM - ok
11:20:38.0828 0x0c4c [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:20:38.0859 0x0c4c isapnp - ok
11:20:39.0093 0x0c4c [ 5739F2821D49975CEDE6BF0153D0CF01, DF45BD1A9F6DDB893C99F28C3730C50C61A612C4297A4B00D857533FC0973CD9 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
11:20:39.0109 0x0c4c JavaQuickStarterService - ok
11:20:39.0546 0x0c4c [ 7624A0F5879811E27290EE7C96B50E7A, C480191CD8F5175EE9757C7BAD1DB39D9178788CB277951A7AD66D2FFC507941 ] JNPRNA C:\WINDOWS\system32\DRIVERS\jnprna5.sys
11:20:39.0593 0x0c4c JNPRNA - ok
11:20:39.0656 0x0c4c [ 498B26C0EE72694B83822CCDB70D8A68, EFF0209C1C58864F818CC8F5CD918FB7894EC09BB5800338C5A555BF596DD636 ] jnprTdi_730_32781 C:\WINDOWS\system32\Drivers\jnprTdi_730_32781.sys
11:20:39.0718 0x0c4c jnprTdi_730_32781 - ok
11:20:39.0765 0x0c4c [ 3BF87CBCA676A1FC84F1E88B7B56E881, 0BD75A837B26FFE7B94D9A61DBCDB894BF9CA9F9A4C9BD24F2CE6B12527FF650 ] jnprva C:\WINDOWS\system32\DRIVERS\jnprva.sys
11:20:39.0781 0x0c4c jnprva - ok
11:20:39.0812 0x0c4c [ 570AD4AB1EC34B4E68532BE21C7A5A7F, 58F328D9A5D4A3925B2E80C5F13A87B768805C8F927D327CAD1930370A612D05 ] JnprVaMgr C:\WINDOWS\system32\DRIVERS\jnprvamgr.sys
11:20:39.0828 0x0c4c JnprVaMgr - ok
11:20:39.0984 0x0c4c [ 29E88C17520882215B29F8C7311BDADA, 9CEFF7FCDBFB73A0F6D1956BDAD8C8B845818735383097DC7C4F5A7C011FBD66 ] JuniperAccessService C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
11:20:39.0984 0x0c4c JuniperAccessService - ok
11:20:40.0015 0x0c4c [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:20:40.0031 0x0c4c Kbdclass - ok
11:20:40.0046 0x0c4c [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:20:40.0062 0x0c4c kbdhid - ok
11:20:40.0171 0x0c4c [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:20:40.0171 0x0c4c kmixer - ok
11:20:40.0250 0x0c4c [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:20:40.0359 0x0c4c KSecDD - ok
11:20:40.0484 0x0c4c [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
11:20:40.0625 0x0c4c lanmanserver - ok
11:20:40.0718 0x0c4c [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:20:40.0812 0x0c4c lanmanworkstation - ok
11:20:40.0890 0x0c4c [ 8577CA80212A3EE1CF2FD1FC91E1CFF6, F261153366CF9C325BDC4C38A155720FA59EF0F7208112C1B5B40B9E412DB8CF ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
11:20:40.0906 0x0c4c LightScribeService - ok
11:20:40.0953 0x0c4c [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:20:40.0953 0x0c4c LmHosts - ok
11:20:41.0218 0x0c4c [ 8EA530CED3D86E08605C169BD94B4B2E, F1610FCCFA6B93F9E27C6C0FE2A1DF0B4D462276206E7317281C04E9528CAE4F ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
11:20:41.0250 0x0c4c LMIGuardianSvc - ok
11:20:41.0296 0x0c4c [ 26E3BEC8F2F0CFAF9FFE4C7AEF1BC049, CFB86B860FF4F856DA75EB132E06B77C71DC5D994799C08EDC01F2CA8B47AB44 ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
11:20:41.0328 0x0c4c LMIInfo - ok
11:20:41.0562 0x0c4c [ 82A8D587C59BDE1CEF36EDBA8008B82D, 4C1B70F5AE9B545A44558EEF58BA283D36CAA916112DA9B7EA7D1A4553176BF4 ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
11:20:41.0750 0x0c4c LMIMaint - ok
11:20:41.0765 0x0c4c [ 4477689E2D8AE6B78BA34C9AF4CC1ED1, 0BC8AF546901E6C20611C5250BD65ACD0C4A8613BD8F8835F0D4680B5777F051 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
11:20:41.0765 0x0c4c lmimirr - ok
11:20:41.0765 0x0c4c LMIRfsClientNP - ok
11:20:41.0828 0x0c4c [ 3FAA563DDF853320F90259D455A01D79, D81B5FCC0CBCF9CE18E44A31071D357B12F5016159E24954E50E68D80C9F61B8 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
11:20:41.0843 0x0c4c LMIRfsDriver - ok
11:20:42.0078 0x0c4c [ 432618FA75B61059D2C57D6A7E55147A, 0E7D771AE9F98667A68C8C07A664D70B71B78EC08D7FEA92AD979E1E049EC0B1 ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
11:20:42.0296 0x0c4c LogMeIn - ok
11:20:42.0343 0x0c4c [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
11:20:42.0359 0x0c4c MBAMProtector - ok
11:20:42.0640 0x0c4c [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:20:42.0671 0x0c4c MBAMScheduler - ok
11:20:43.0328 0x0c4c [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:20:43.0359 0x0c4c MBAMService - ok
11:20:43.0546 0x0c4c [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:20:43.0562 0x0c4c mdmxsdk - ok
11:20:43.0671 0x0c4c [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:20:43.0734 0x0c4c Messenger - ok
11:20:44.0093 0x0c4c Microsoft SharePoint Workspace Audit Service - ok
11:20:44.0140 0x0c4c [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:20:44.0140 0x0c4c mnmdd - ok
11:20:44.0218 0x0c4c [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
11:20:44.0265 0x0c4c mnmsrvc - ok
11:20:44.0359 0x0c4c [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:20:44.0468 0x0c4c Modem - ok
11:20:44.0578 0x0c4c [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:20:44.0593 0x0c4c Mouclass - ok
11:20:44.0609 0x0c4c [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:20:44.0625 0x0c4c mouhid - ok
11:20:44.0671 0x0c4c [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:20:44.0718 0x0c4c MountMgr - ok
11:20:44.0828 0x0c4c [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:20:44.0828 0x0c4c MozillaMaintenance - ok
11:20:44.0828 0x0c4c mraid35x - ok
11:20:44.0937 0x0c4c [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:20:45.0046 0x0c4c MRxDAV - ok
11:20:45.0359 0x0c4c [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:20:45.0656 0x0c4c MRxSmb - ok
11:20:45.0687 0x0c4c [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\System32\msdtc.exe
11:20:45.0687 0x0c4c MSDTC - ok
11:20:45.0734 0x0c4c [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:20:45.0734 0x0c4c Msfs - ok
11:20:45.0750 0x0c4c MSIServer - ok
11:20:45.0765 0x0c4c [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:20:45.0781 0x0c4c MSKSSRV - ok
11:20:45.0812 0x0c4c [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:20:45.0828 0x0c4c MSPCLOCK - ok
11:20:45.0859 0x0c4c [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:20:45.0875 0x0c4c MSPQM - ok
11:20:45.0890 0x0c4c [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:20:45.0890 0x0c4c mssmbios - ok
11:20:45.0968 0x0c4c [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:20:46.0031 0x0c4c Mup - ok
11:20:46.0234 0x0c4c [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:20:46.0421 0x0c4c napagent - ok
11:20:46.0546 0x0c4c [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:20:46.0671 0x0c4c NDIS - ok
11:20:46.0718 0x0c4c [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:20:46.0734 0x0c4c NdisTapi - ok
11:20:46.0781 0x0c4c [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:20:46.0796 0x0c4c Ndisuio - ok
11:20:46.0859 0x0c4c [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:20:46.0937 0x0c4c NdisWan - ok
11:20:47.0000 0x0c4c [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:20:47.0031 0x0c4c NDProxy - ok
11:20:47.0109 0x0c4c [ 51C6D8BFBD4EA5B62A1BA7F4469250D3, 29ACA9D8A5426333F75858D9D3960A4DCDDA4ACC986B3E9E37D255E4FAECDB7C ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
11:20:47.0140 0x0c4c Net Driver HPZ12 - ok
11:20:47.0203 0x0c4c [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:20:47.0234 0x0c4c NetBIOS - ok
11:20:47.0390 0x0c4c [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:20:47.0750 0x0c4c NetBT - ok
11:20:47.0859 0x0c4c [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
11:20:47.0937 0x0c4c NetDDE - ok
11:20:48.0000 0x0c4c [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:20:48.0000 0x0c4c NetDDEdsdm - ok
11:20:48.0046 0x0c4c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:20:48.0046 0x0c4c Netlogon - ok
11:20:48.0171 0x0c4c [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
11:20:48.0187 0x0c4c Netman - ok
11:20:48.0281 0x0c4c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:20:48.0421 0x0c4c NetTcpPortSharing - ok
11:20:50.0000 0x0c4c [ 9EB7001200BC53DAD5BC531F0E58970E, 0AB9A85B606CBA7F4A81D5CE840FCE4B4EA880147A9AFBD02A3410B2B4CE8769 ] NETw4x32 C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
11:20:51.0109 0x0c4c NETw4x32 - ok
11:20:51.0171 0x0c4c [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:20:51.0171 0x0c4c NIC1394 - ok
11:20:51.0312 0x0c4c [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
11:20:51.0312 0x0c4c Nla - ok
11:20:51.0359 0x0c4c [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:20:51.0390 0x0c4c Npfs - ok
11:20:51.0781 0x0c4c [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:20:52.0093 0x0c4c Ntfs - ok
11:20:52.0125 0x0c4c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
11:20:52.0125 0x0c4c NtLmSsp - ok
11:20:52.0375 0x0c4c [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:20:52.0687 0x0c4c NtmsSvc - ok
11:20:52.0718 0x0c4c [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
11:20:52.0718 0x0c4c Null - ok
11:20:56.0906 0x0c4c [ 71D5AE11BF1A595D987BE8EA36365E83, 91A0A991B9499F84020FC9BDC0B9F11B7C0D1B850E425E3B5EA96573B862496E ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:21:00.0625 0x0c4c nv - ok
11:21:00.0750 0x0c4c [ 5E8878F15555EF4DD41AB2908249E843, 5EB9E5D2883077E6DC287251B0C75AF712AA20419AC8E8A6677FDC807F9EFAB3 ] NVSvc C:\WINDOWS\System32\nvsvc32.exe
11:21:00.0765 0x0c4c NVSvc - ok
11:21:00.0828 0x0c4c [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:21:00.0859 0x0c4c NwlnkFlt - ok
11:21:00.0906 0x0c4c [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:21:00.0937 0x0c4c NwlnkFwd - ok
11:21:01.0000 0x0c4c [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:21:01.0000 0x0c4c ohci1394 - ok
11:21:01.0125 0x0c4c [ 470D05D7F6313927F58D8FF9AF800441, BF2E98C28B09212B3B3BD9AD1D31043A90BCF81153A3E642777613365EF11DC7 ] OracleClientCache80 C:\orant\BIN\ONRSD80.EXE
11:21:01.0203 0x0c4c OracleClientCache80 - ok

Linda R · Jan 4, 2014

Report continued.....

11:21:01.0312 0x0c4c [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:21:01.0406 0x0c4c ose - ok
11:21:03.0921 0x0c4c [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:21:06.0453 0x0c4c osppsvc - ok
11:21:06.0546 0x0c4c [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
11:21:06.0593 0x0c4c Parport - ok
11:21:06.0656 0x0c4c [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:21:06.0671 0x0c4c PartMgr - ok
11:21:06.0750 0x0c4c [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:21:06.0765 0x0c4c ParVdm - ok
11:21:06.0812 0x0c4c [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:21:06.0875 0x0c4c PCI - ok
11:21:06.0906 0x0c4c [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:21:06.0937 0x0c4c PCIIde - ok
11:21:07.0000 0x0c4c [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:21:07.0078 0x0c4c Pcmcia - ok
11:21:07.0078 0x0c4c perc2 - ok
11:21:07.0078 0x0c4c perc2hib - ok
11:21:07.0171 0x0c4c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
11:21:07.0171 0x0c4c PlugPlay - ok
11:21:07.0218 0x0c4c [ 79834AA2FBF9FE81EEBB229024F6F7FC, 4E243765C11AE9B5D003C3220B8AA0C4671B2627221D2323F80189CA3A307FEF ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
11:21:07.0234 0x0c4c Pml Driver HPZ12 - ok
11:21:07.0265 0x0c4c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:21:07.0265 0x0c4c PolicyAgent - ok
11:21:07.0296 0x0c4c [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:21:07.0328 0x0c4c PptpMiniport - ok
11:21:07.0359 0x0c4c [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
11:21:07.0390 0x0c4c Processor - ok
11:21:07.0390 0x0c4c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:21:07.0390 0x0c4c ProtectedStorage - ok
11:21:07.0453 0x0c4c [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:21:07.0515 0x0c4c PSched - ok
11:21:07.0562 0x0c4c [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:21:07.0578 0x0c4c Ptilink - ok
11:21:07.0578 0x0c4c ql1080 - ok
11:21:07.0578 0x0c4c Ql10wnt - ok
11:21:07.0593 0x0c4c ql12160 - ok
11:21:07.0593 0x0c4c ql1240 - ok
11:21:07.0593 0x0c4c ql1280 - ok
11:21:07.0640 0x0c4c [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:21:07.0656 0x0c4c RasAcd - ok
11:21:07.0718 0x0c4c [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:21:07.0781 0x0c4c RasAuto - ok
11:21:07.0828 0x0c4c [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:21:07.0859 0x0c4c Rasl2tp - ok
11:21:08.0000 0x0c4c [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:21:08.0000 0x0c4c RasMan - ok
11:21:08.0031 0x0c4c [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:21:08.0062 0x0c4c RasPppoe - ok
11:21:08.0093 0x0c4c [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:21:08.0109 0x0c4c Raspti - ok
11:21:08.0218 0x0c4c [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:21:08.0328 0x0c4c Rdbss - ok
11:21:08.0359 0x0c4c [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:21:08.0359 0x0c4c RDPCDD - ok
11:21:08.0500 0x0c4c [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:21:08.0625 0x0c4c rdpdr - ok
11:21:08.0734 0x0c4c [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:21:08.0828 0x0c4c RDPWD - ok
11:21:08.0937 0x0c4c [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:21:09.0031 0x0c4c RDSessMgr - ok
11:21:09.0078 0x0c4c [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:21:09.0125 0x0c4c redbook - ok
11:21:09.0171 0x0c4c [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:21:09.0218 0x0c4c RemoteAccess - ok
11:21:09.0281 0x0c4c [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:21:09.0328 0x0c4c RemoteRegistry - ok
11:21:09.0375 0x0c4c [ F17713D108ACA124A139FDE877EEF68A, AB254B8B4BDB10685280A8595CA69FEA2F1E68923E676C8CAF3F5468AE4C566E ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
11:21:09.0390 0x0c4c RimUsb - ok
11:21:09.0437 0x0c4c [ 2C4FB2E9F039287767C384E46EE91030, 5290E9457256C007A3FCAE246D0C536179C54D9F4B365E3143B9D0764FCBFCDB ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
11:21:09.0453 0x0c4c RimVSerPort - ok
11:21:09.0484 0x0c4c [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
11:21:09.0500 0x0c4c ROOTMODEM - ok
11:21:09.0578 0x0c4c [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\System32\locator.exe
11:21:09.0640 0x0c4c RpcLocator - ok
11:21:09.0859 0x0c4c [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\System32\rpcss.dll
11:21:09.0875 0x0c4c RpcSs - ok
11:21:09.0968 0x0c4c [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\System32\rsvp.exe
11:21:10.0046 0x0c4c RSVP - ok
11:21:10.0062 0x0c4c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
11:21:10.0062 0x0c4c SamSs - ok
11:21:10.0125 0x0c4c [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:21:10.0140 0x0c4c SCardSvr - ok
11:21:10.0265 0x0c4c [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:21:10.0375 0x0c4c Schedule - ok
11:21:10.0437 0x0c4c [ 8D04819A3CE51B9EB47E5689B44D43C4, B0588AF967A7611F05BC8A8AD0C945DBB7BF995D7DA5C28FD0D007E33BF1F502 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
11:21:10.0500 0x0c4c sdbus - ok
11:21:10.0531 0x0c4c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:21:10.0546 0x0c4c Secdrv - ok
11:21:10.0593 0x0c4c [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:21:10.0593 0x0c4c seclogon - ok
11:21:10.0625 0x0c4c [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
11:21:10.0640 0x0c4c SENS - ok
11:21:10.0703 0x0c4c [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\drivers\Serial.sys
11:21:10.0765 0x0c4c Serial - ok
11:21:10.0828 0x0c4c [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:21:10.0843 0x0c4c Sfloppy - ok
11:21:11.0046 0x0c4c [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:21:11.0062 0x0c4c SharedAccess - ok
11:21:11.0140 0x0c4c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:21:11.0140 0x0c4c ShellHWDetection - ok
11:21:11.0156 0x0c4c Simbad - ok
11:21:11.0234 0x0c4c [ 1E715247EFFFDDA938C085913045D599, 9C00C8257E4937F764FB55908715AB9F88F9D2648081AAC177BC3D913C9B02DB ] SMSIVZAM5 C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
11:21:11.0265 0x0c4c SMSIVZAM5 - ok
11:21:11.0390 0x0c4c [ FFD9B64DB2CD7B74B766C3A8452A5816, 48842988977E57C57989B7AF73A9A23A93595085E3ED78C472E323716C2F819B ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
11:21:11.0500 0x0c4c snapman - ok
11:21:11.0500 0x0c4c Sparrow - ok
11:21:11.0531 0x0c4c [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:21:11.0531 0x0c4c splitter - ok
11:21:11.0593 0x0c4c [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:21:11.0625 0x0c4c Spooler - ok
11:21:11.0703 0x0c4c [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:21:11.0750 0x0c4c sr - ok
11:21:11.0859 0x0c4c [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
11:21:11.0937 0x0c4c srservice - ok
11:21:12.0140 0x0c4c [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:21:12.0359 0x0c4c Srv - ok
11:21:12.0437 0x0c4c [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:21:12.0437 0x0c4c SSDPSRV - ok
11:21:12.0468 0x0c4c [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
11:21:12.0484 0x0c4c ssmdrv - ok
11:21:12.0703 0x0c4c [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:21:12.0906 0x0c4c stisvc - ok
11:21:12.0937 0x0c4c [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:21:12.0953 0x0c4c swenum - ok
11:21:13.0015 0x0c4c [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:21:13.0093 0x0c4c swmidi - ok
11:21:13.0109 0x0c4c SwPrv - ok
11:21:13.0109 0x0c4c symc810 - ok
11:21:13.0109 0x0c4c symc8xx - ok
11:21:13.0125 0x0c4c sym_hi - ok
11:21:13.0125 0x0c4c sym_u3 - ok
11:21:13.0281 0x0c4c [ 13E0D1974CE03E88C265A68325CB16DE, 010A15C35AC7966AEC8CD684F508D441454B375608E663A9813D5598E691D767 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:21:13.0421 0x0c4c SynTP - ok
11:21:13.0468 0x0c4c [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:21:13.0515 0x0c4c sysaudio - ok
11:21:13.0593 0x0c4c [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:21:13.0687 0x0c4c SysmonLog - ok
11:21:13.0828 0x0c4c [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:21:13.0843 0x0c4c TapiSrv - ok
11:21:14.0062 0x0c4c [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:21:14.0296 0x0c4c Tcpip - ok
11:21:14.0328 0x0c4c [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:21:14.0343 0x0c4c TDPIPE - ok
11:21:14.0828 0x0c4c [ 3630F5B8181554DEECFE2E4252BC4C4C, 4C827CD4C3880854DE1CE232118F21E09A8731441D7203D5CA1ACBF8CDDF8B70 ] tdrpman251 C:\WINDOWS\system32\DRIVERS\tdrpm251.sys
11:21:15.0328 0x0c4c tdrpman251 - ok
11:21:15.0343 0x0c4c [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:21:15.0375 0x0c4c TDTCP - ok
11:21:15.0406 0x0c4c [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:21:15.0437 0x0c4c TermDD - ok
11:21:15.0625 0x0c4c [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
11:21:15.0828 0x0c4c TermService - ok
11:21:15.0921 0x0c4c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
11:21:15.0921 0x0c4c Themes - ok
11:21:16.0109 0x0c4c [ E4C85C291DDB3DC5E4A2F227CA465BA6, 743AC3C497DE0DEA466E52FA992DF9AFF65C2F8ED6C6FD69DF3C14221E05DDD2 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
11:21:16.0140 0x0c4c tifm21 - ok
11:21:16.0453 0x0c4c [ C820BFC70FEB25EC877C49E81CD477C1, 5830A2A028C30CF3331832056A698C9B35B0765CAE82EB916AD603CF15B7C03C ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
11:21:16.0765 0x0c4c timounter - ok
11:21:16.0828 0x0c4c [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
11:21:16.0890 0x0c4c TlntSvr - ok
11:21:16.0890 0x0c4c TosIde - ok
11:21:16.0968 0x0c4c [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:21:17.0015 0x0c4c TrkWks - ok
11:21:17.0093 0x0c4c [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:21:17.0156 0x0c4c Udfs - ok
11:21:17.0156 0x0c4c ultra - ok
11:21:17.0390 0x0c4c [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:21:17.0609 0x0c4c Update - ok
11:21:17.0734 0x0c4c [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
11:21:17.0875 0x0c4c upnphost - ok
11:21:17.0890 0x0c4c [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
11:21:17.0921 0x0c4c UPS - ok
11:21:17.0953 0x0c4c [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:21:18.0000 0x0c4c usbccgp - ok
11:21:18.0031 0x0c4c [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:21:18.0062 0x0c4c usbehci - ok
11:21:18.0171 0x0c4c [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:21:18.0234 0x0c4c usbhub - ok
11:21:18.0281 0x0c4c [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:21:18.0296 0x0c4c usbprint - ok
11:21:18.0359 0x0c4c [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:21:18.0375 0x0c4c usbscan - ok
11:21:18.0421 0x0c4c [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:21:18.0437 0x0c4c USBSTOR - ok
11:21:18.0484 0x0c4c [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:21:18.0500 0x0c4c usbuhci - ok
11:21:18.0546 0x0c4c [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:21:18.0562 0x0c4c VgaSave - ok
11:21:18.0578 0x0c4c ViaIde - ok
11:21:18.0656 0x0c4c [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:21:18.0734 0x0c4c VolSnap - ok
11:21:18.0937 0x0c4c [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
11:21:19.0140 0x0c4c VSS - ok
11:21:19.0265 0x0c4c [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\system32\w32time.dll
11:21:19.0375 0x0c4c W32Time - ok
11:21:19.0406 0x0c4c [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:21:19.0437 0x0c4c Wanarp - ok
11:21:19.0484 0x0c4c [ D6EFAF429FD30C5DF613D220E344CCE7, 807D4563E8AD4073688691078EB13AF240E14BA5E0C8506A48B3060A20B90082 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
11:21:19.0500 0x0c4c WDC_SAM - ok
11:21:19.0828 0x0c4c [ FD47474BD21794508AF449D9D91AF6E6, 2AD586390824F673B5DC5D86FC2423ED9252413D221E1C7EC3A760782DB6436A ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:21:19.0859 0x0c4c Wdf01000 - ok
11:21:20.0109 0x0c4c [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:21:20.0187 0x0c4c wdmaud - ok
11:21:20.0296 0x0c4c [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
11:21:20.0343 0x0c4c WebClient - ok
11:21:20.0750 0x0c4c [ BB62E6FADCFE4096151103AC4B07F1ED, E552D7FB982008AE1AADEE2F6E3BE793960AF90311834233B3AB1494609A3E64 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:21:21.0156 0x0c4c winachsf - ok
11:21:21.0328 0x0c4c [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:21:21.0421 0x0c4c winmgmt - ok
11:21:21.0515 0x0c4c [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
11:21:21.0546 0x0c4c WmdmPmSN - ok
11:21:21.0921 0x0c4c [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi C:\WINDOWS\System32\advapi32.dll
11:21:21.0953 0x0c4c Wmi - ok
11:21:21.0984 0x0c4c [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:21:22.0000 0x0c4c WmiAcpi - ok
11:21:22.0109 0x0c4c [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
11:21:22.0187 0x0c4c WmiApSrv - ok
11:21:22.0625 0x0c4c [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:21:23.0109 0x0c4c WPFFontCache_v0400 - ok
11:21:23.0171 0x0c4c [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:21:23.0203 0x0c4c WS2IFSL - ok
11:21:23.0296 0x0c4c [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:21:23.0312 0x0c4c wscsvc - ok
11:21:23.0312 0x0c4c WSearch - ok
11:21:23.0375 0x0c4c [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:21:23.0375 0x0c4c wuauserv - ok
11:21:23.0656 0x0c4c [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:21:23.0671 0x0c4c WZCSVC - ok
11:21:23.0765 0x0c4c [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:21:23.0875 0x0c4c xmlprov - ok
11:21:24.0218 0x0c4c [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
11:21:24.0234 0x0c4c YahooAUService - ok
11:21:24.0265 0x0c4c ================ Scan global ===============================
11:21:24.0312 0x0c4c [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
11:21:24.0531 0x0c4c [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
11:21:24.0968 0x0c4c [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
11:21:25.0078 0x0c4c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
11:21:25.0109 0x0c4c [ Global ] - ok
11:21:25.0109 0x0c4c ================ Scan MBR ==================================
11:21:25.0140 0x0c4c [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:21:26.0546 0x0c4c \Device\Harddisk0\DR0 - ok
11:21:26.0546 0x0c4c ================ Scan VBR ==================================
11:21:26.0562 0x0c4c [ 3926EEF7D8808C2E447BB00F3A376AB7 ] \Device\Harddisk0\DR0\Partition1
11:21:26.0562 0x0c4c \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
11:21:26.0562 0x0c4c \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
11:21:27.0187 0x0c4c [ E10FBA56B86391628990753A1ABD1578 ] \Device\Harddisk0\DR0\Partition2
11:21:27.0187 0x0c4c \Device\Harddisk0\DR0\Partition2 - ok
11:21:27.0187 0x0c4c Waiting for KSN requests completion. In queue: 99
11:21:28.0265 0x0c4c AV detected via SS1: Avira Desktop, 14.0.1.519, enabled, updated
11:21:28.0281 0x0c4c Win FW state via NFM: enabled
11:21:28.0890 0x0c4c ============================================================
11:21:28.0890 0x0c4c Scan finished
11:21:28.0890 0x0c4c ============================================================
11:21:28.0890 0x15e0 Detected object count: 1
11:21:28.0890 0x15e0 Actual detected object count: 1
11:21:45.0953 0x15e0 \Device\Harddisk0\DR0\Partition1 - copied to quarantine
11:21:45.0968 0x15e0 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
11:21:45.0984 0x15e0 \Device\Harddisk0\DR0\Partition1 - ok
11:21:45.0984 0x15e0 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure
11:21:48.0203 0x15e0 KLMD registered as C:\WINDOWS\system32\drivers\05408568.sys
11:21:57.0046 0x1644 Deinitialize success

Broni · Jan 4, 2014

How are things now?

Linda R · Jan 4, 2014

Machine is still slow to boot and really drags when opening a new program, but once in the program it seems to run ok. So far today, no pop-ups from MBAM telling me that it blocked an attempt to connect to a malicious website and none of those annoying web pages that aren't web pages have popped up. So overall I would say it's a lot better, just need to clean up whatever it is that is making it boot so slow and open programs slowly. Definitely see an improvement!

Broni · Jan 4, 2014

Update Firefox to the latest 26.0 version.

1. Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Do NOT post JavaRa log.

========================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Linda R · Jan 4, 2014

Oh, and only one instance of explorer running and no iexplore, so I think that is resolved as well. (y)

Broni · Jan 4, 2014

Linda R · Jan 4, 2014

Had to run OTL in safe mode again. Will try doing the cleanup step from normal boot, but can it be done in safe mode if need be as well?

Boot time is now 8 minutes, and it takes one full minute for firefox to load.

All processes killed
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Linda
->Temp folder emptied: 2594647353 bytes
->Temporary Internet Files folder emptied: 917444652 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39316838 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 166514 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 59066 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 3,387.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
User: Linda
->Flash cache emptied: 0 bytes
User: LocalService
User: LogMeInRemoteUser
User: NetworkService
Total Flash Files Cleaned = 0.00 mb
[EMPTYJAVA]
User: Administrator
User: All Users
User: Default User
User: Linda
->Java cache emptied: 0 bytes
User: LocalService
User: LogMeInRemoteUser
User: NetworkService
Total Java Files Cleaned = 0.00 mb
Unable to start System Restore Service. Error code 10
OTL by OldTimer - Version 3.2.69.0 log created on 01042014_173630

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Broni · Jan 4, 2014

Boot time is now 8 minutes, and it takes one full minute for firefox to load.

This is not normal but at this point....

In this forum, we make sure, your computer is free of malware and your computer is clean

Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck

Linda R · Jan 4, 2014

Thank you so much for all your help! I don't know how you keep all of us straight! I saw it was a lot of posts you were looking after.

At least once it gets booted it does run pretty good, so I'll get some work done and fight with the slow boot issue later.

Have a great weekend! Sending you a donation, sorry it couldn't be more.

Solved Multiple iexplore.exe running in task manager, even if IE isn't open

Posts: 36 +0

Posts: 56,041 +516

Posts: 36 +0

Posts: 36 +0

Posts: 36 +0

Posts: 36 +0

Posts: 56,041 +516

Posts: 36 +0

Posts: 56,041 +516

Posts: 36 +0

Posts: 56,041 +516

Posts: 36 +0

Posts: 36 +0

Posts: 56,041 +516

Posts: 36 +0

Posts: 36 +0

Posts: 36 +0

Posts: 56,041 +516

Posts: 36 +0

Posts: 56,041 +516

Posts: 36 +0

Posts: 56,041 +516

Posts: 36 +0

Posts: 56,041 +516

Posts: 36 +0

Similar threads