Iexplore problem

Jwill1919 · Dec 19, 2014

im having issues guys. I tried to remove by taking the steps in this post

I can't even run the first program in safe mode, it won't scan, also my computer wont connect to the Internet in safe mode, but I can open it in regular mode through Internet explorer, which I don't use. I use Firefox, any help? Thanks

Justin
210-268-2979

TwinHeadedEagle · Dec 20, 2014

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
Please attach all report using

button below. Doing this, you make it easier for me to analyze and fix your problem.
Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

Download

Malwarebytes Anti-Rootkit to your desktop.

Double-click the icon to start the tool.
It will ask you where to extract it, then it will start.
Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Click in the introduction screen "next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been found select "Exit".
If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
Open the MBAR folder and paste the content of the following files in your next reply:
- "mbar-log-{date} (xx-xx-xx).txt"
- "system-log.txt"

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Jwill1919 · Dec 20, 2014

TwinHeaded Eagle, thanks for helping me! I'm having trouble doing this on my CPU, I can only use Internet Explorer and it is horrible especially with iexplore.exe popping up all over the place. One question: Should I be doing these scans in Safe Mode or in Regular? I can't connect to internet in Safe, it's not allowing me to for some reason. Anyway, it also isn't allowing me to use the "upload a file" feature, so I am going to copy and paste if thats ok?

Here are the scans in the order you wanted..

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.12.18.01

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 7.0.5730.13
JW :: JUSTIN [administrator]

12/20/2014 11:01:14 AM
mbar-log-2014-12-20 (11-01-14).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 307994
Time elapsed: 1 hour(s), 5 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 1
Physical Sector #20973568 on Drive #0 (Rootkit.Cidox.J.VBR) -> Replace on reboot. [7d7dbd13c655408b7ccbeef6503fdbdb]

(end)

NEXT IS SYSTEM.....

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.607000 GHz
Memory total: 937758720, free: 418856960

=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 43A90CE8

Partition information:

Partition 0 type is Other (0x12)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 20971520

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 20973568 Numsec = 291587072
Partition file system is NTFS
Partition is bootable

Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 312560640 Numsec = 21152
Partition is not bootable
Infected: VBR on Hidden (not active) partition --> [Rootkit.Alureon.E.VBR]

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...
Done!
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.607000 GHz
Memory total: 937758720, free: 347623424

=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 43A90CE8

Partition information:

Partition 0 type is Other (0x12)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 20971520

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 20973568 Numsec = 291587072
Partition file system is NTFS
Partition is bootable

Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 312560640 Numsec = 21152
Partition is not bootable
Hidden partition VBR is not infected.

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-1-20973568-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-2-312560640-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.607000 GHz
Memory total: 937758720, free: 509095936

Downloaded database version: v2014.12.17.02
Downloaded database version: v2014.12.14.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 43A90CE8

Partition information:

Partition 0 type is Other (0x12)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 20971520

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 20973568 Numsec = 291587072
Partition file system is NTFS
Partition is bootable
Infected: VBR on Active partition --> [Rootkit.Cidox.J.VBR]

Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 312560640 Numsec = 21152
Partition is not bootable
Hidden partition VBR is not infected.

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...
Done!
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.607000 GHz
Memory total: 937758720, free: 593297408

Downloaded database version: v2014.12.17.03
Downloaded database version: v2014.12.17.04
Downloaded database version: v2014.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
12/17/2014 22:03:58
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\WINDOWS\system32\ntkrnlpa.exe
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvnetbus.sys
\SystemRoot\system32\DRIVERS\NVNRM.SYS
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\Drt2870.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\HPZius12.sys
\SystemRoot\system32\DRIVERS\HPZid412.sys
\SystemRoot\system32\DRIVERS\HPZipr12.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\??\C:\WINDOWS\system32\ANIO.SYS
\??\C:\WINDOWS\system32\drivers\int15.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR6
Upper Device Object: 0xffffffff84a7aab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000076\
Lower Device Object: 0xffffffff85311818
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR5
Upper Device Object: 0xffffffff84a6b030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000073\
Lower Device Object: 0xffffffff8531a030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffff852c42b0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000072\
Lower Device Object: 0xffffffff853173d0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff853afab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-12\
Lower Device Object: 0xffffffff8545fd98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff853afab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff853e4900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff853afab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff854dc928, DeviceName: \Device\00000063\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8545fd98, DeviceName: \Device\Ide\IdeDeviceP4T0L0-12\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 43A90CE8

Partition information:

Partition 0 type is Other (0x12)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 20971520

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 20973568 Numsec = 291587072
Partition file system is NTFS
Partition is bootable
Infected: VBR on Active partition --> [Rootkit.Cidox.J.VBR]

Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 312560640 Numsec = 21152
Partition is not bootable
Hidden partition VBR is not infected.

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff852c42b0, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff852bb4b0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff852c42b0, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff853173d0, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff84a6b030, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff852c1600, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff84a6b030, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8531a030, DeviceName: \Device\00000073\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff84a7aab8, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84fac9b8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff84a7aab8, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85311818, DeviceName: \Device\00000076\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
Creating System Restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.607000 GHz
Memory total: 937758720, free: 754548736

=======================================
Initializing...
------------ Kernel report ------------
12/20/2014 11:00:37
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\WINDOWS\system32\ntoskrnl.exe
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\Drt2870.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\HPZius12.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR6
Upper Device Object: 0xffffffff84f14ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000076\
Lower Device Object: 0xffffffff84efe9a8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR5
Upper Device Object: 0xffffffff84f07ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000073\
Lower Device Object: 0xffffffff84f0dab0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffff84f0aab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000072\
Lower Device Object: 0xffffffff854c0030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff854c9ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-12\
Lower Device Object: 0xffffffff854d1940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff854c9ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85407a10, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff854c9ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff854cd6d0, DeviceName: \Device\00000066\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff854d1940, DeviceName: \Device\Ide\IdeDeviceP4T0L0-12\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 43A90CE8

Partition information:

Partition 0 type is Other (0x12)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 20971520

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 20973568 Numsec = 291587072
Partition file system is NTFS
Partition is bootable
Infected: VBR on Active partition --> [Rootkit.Cidox.J.VBR]

Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 312560640 Numsec = 21152
Partition is not bootable
Hidden partition VBR is not infected.

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff84f0aab8, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84f0a890, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff84f0aab8, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff854c0030, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff84f07ab8, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84f07890, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff84f07ab8, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84f0dab0, DeviceName: \Device\00000073\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff84f14ab8, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff853ef9d8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff84f14ab8, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84efe9a8, DeviceName: \Device\00000076\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
Creating System Restore point...
Could not create restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

NEXT IS FRST.......

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-12-2014
Ran by JW (administrator) on JUSTIN on 20-12-2014 14:31:28
Running from C:\Documents and Settings\JW\Desktop
Loaded Profile: JW (Available profiles: JW)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WZCSLDR2] => C:\Program Files\D-Link\DWA-140 revB\WZCSLDR2.exe
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16862720 2008-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-14] ()
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [D-Link D-Link RangeBooster N DWA-140] => C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe [1708032 2009-09-18] (D-Link Corp.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [ANIWZCS2Service] => C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [98304 2009-08-21] (Wireless Service)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [282624 2007-04-27] (Apple Inc.)
HKU\S-1-5-21-3723271197-3957454863-557728558-1005\...\MountPoints2: {905bd734-a42b-11e1-8f14-001d72b8b401} - I:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0112&m=el1300g
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-3723271197-3957454863-557728558-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-3723271197-3957454863-557728558-1005\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-3723271197-3957454863-557728558-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0112&m=el1300g
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKU\S-1-5-21-3723271197-3957454863-557728558-1005 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\JW\Application Data\Mozilla\Firefox\Profiles\xwkj47g7.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-01-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-02-03]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-06]
FF HKU\S-1-5-21-3723271197-3957454863-557728558-1005\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - {23fcfd51-4958-4f00-80a3-ae97e717ed8b} [Not Found]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-06]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ANIWConnService; C:\WINDOWS\system32\ANIWConnService.exe [151552 2009-07-07] () [File not signed]
S4 ANIWZCSdService; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [102400 2009-08-21] (Wireless Service) [File not signed]
S4 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-07-16] () [File not signed]
S2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-01-18] (Hewlett-Packard) [File not signed]
S2 PEVSystemStart; C:\ComboFix\SWREG.3XE [518144 2000-08-30] (SteelWerX) [File not signed]
S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-01-18] (Hewlett-Packard) [File not signed]
S4 Norton Internet Security; "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1
S4 SophosVirusRemovalTool; C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 A2DDA; C:\EEK\BIN\a2ddax86.sys [22056 2014-12-18] (Emsisoft GmbH)
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2008-04-14] (Microsoft Corporation)
S2 ANIO; C:\WINDOWS\system32\ANIO.SYS [29411 2009-02-09] () [File not signed]
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2014-12-18] (Emsisoft GmbH)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [35992 2014-12-19] ()
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-08-05] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-08-05] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-08-05] (HP)
S3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54016 2008-01-28] (NVIDIA Corporation)
S3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-01-28] (NVIDIA Corporation)
R3 rt2870; C:\WINDOWS\System32\DRIVERS\Drt2870.sys [724736 2009-08-03] (Ralink Technology, Corp.)
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [35064 2014-12-19] ()
S3 int15.sys; \??\c:\acernb\int15.sys [X]
S3 NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S1 SRTSP; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X]
S1 SRTSPX; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X]
U3 TlntSvr; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 14:31 - 2014-12-20 14:32 - 00011100 _____ () C:\Documents and Settings\JW\Desktop\FRST.txt
2014-12-20 14:15 - 2014-12-20 14:15 - 01114112 _____ (Farbar) C:\Documents and Settings\JW\Desktop\FRST.exe
2014-12-19 12:27 - 2014-12-19 12:29 - 00000000 ___SD () C:\ComboFix
2014-12-19 12:03 - 2014-12-19 12:03 - 00035992 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-12-19 01:05 - 2014-12-19 01:05 - 00000639 _____ () C:\Documents and Settings\JW\Desktop\Start Emsisoft Emergency Kit.lnk
2014-12-19 01:04 - 2014-12-19 01:06 - 00000000 ____D () C:\EEK
2014-12-19 00:53 - 2014-12-19 00:53 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-12-19 00:53 - 2014-12-19 00:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-12-18 23:40 - 2014-12-20 11:00 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-18 23:40 - 2014-12-18 23:40 - 00000779 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-18 23:40 - 2014-12-18 23:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-18 23:39 - 2014-12-20 11:00 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-18 23:39 - 2014-12-18 23:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-18 23:39 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-18 12:36 - 2014-12-18 22:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-12-18 12:22 - 2014-12-19 12:13 - 00002404 _____ () C:\Documents and Settings\JW\Desktop\Rkill.txt
2014-12-18 12:18 - 2014-08-29 14:11 - 00000211 _____ () C:\Boot.bak
2014-12-18 12:18 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-12-18 12:17 - 2014-12-18 12:18 - 00000000 ____D () C:\cmdcons
2014-12-18 12:11 - 2014-12-18 12:11 - 00000000 ____D () C:\Qoobox
2014-12-18 12:11 - 2011-06-26 00:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-12-18 12:11 - 2010-11-07 11:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-12-18 12:11 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-12-18 12:11 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-12-18 12:11 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-12-18 12:11 - 2000-08-30 18:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-12-18 12:11 - 2000-08-30 18:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-12-18 12:11 - 2000-08-30 18:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-12-18 12:11 - 2000-08-30 18:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-12-18 12:10 - 2014-12-18 12:10 - 00000000 ____D () C:\WINDOWS\erdnt
2014-12-18 12:04 - 2014-12-18 12:05 - 162702208 _____ () C:\Documents and Settings\JW\Desktop\EmsisoftEmergencyKit.exe
2014-12-18 11:58 - 2014-12-18 11:59 - 10284408 _____ (SurfRight B.V.) C:\Documents and Settings\JW\Desktop\HitmanPro.exe
2014-12-18 11:54 - 2014-12-18 11:54 - 15201368 _____ () C:\Documents and Settings\JW\Desktop\RogueKiller.exe
2014-12-18 11:51 - 2014-12-18 11:51 - 20447072 _____ (Malwarebytes Corporation ) C:\Documents and Settings\JW\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-18 11:47 - 2014-12-18 11:47 - 01940728 _____ (Bleeping Computer, LLC) C:\Documents and Settings\JW\Desktop\iExplore.exe
2014-12-18 11:46 - 2014-12-18 11:46 - 05601641 ____R (Swearware) C:\Documents and Settings\JW\Desktop\ComboFix.exe
2014-12-16 09:56 - 2014-12-16 09:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 14:32 - 2012-01-31 18:38 - 00000000 ____D () C:\Documents and Settings\JW\Local Settings\Temp
2014-12-20 14:31 - 2014-08-28 16:00 - 00000000 ____D () C:\FRST
2014-12-20 14:21 - 2009-04-04 16:26 - 00511902 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-20 14:16 - 2014-08-28 20:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-12-20 14:12 - 2009-04-05 00:31 - 01505617 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-20 14:07 - 2014-04-01 09:27 - 00003284 _____ () C:\WINDOWS\system32\ANIWZCS{CDC36A6F-EAFC-428B-8888-3A9296B22B5F}
2014-12-20 14:07 - 2014-04-01 09:26 - 00000003 _____ () C:\WINDOWS\system32\ANIWZCSUSERNAME{CDC36A6F-EAFC-428B-8888-3A9296B22B5F}
2014-12-20 14:07 - 2014-03-20 08:23 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-12-20 14:07 - 2009-04-05 00:34 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-20 14:07 - 2009-04-04 16:29 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-12-20 14:07 - 2009-04-04 16:29 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-12-20 14:05 - 2014-08-28 20:03 - 00000000 ____D () C:\Documents and Settings\JW\Desktop\mbar
2014-12-20 14:05 - 2012-01-31 18:38 - 00000178 ___SH () C:\Documents and Settings\JW\ntuser.ini
2014-12-19 12:28 - 2009-04-05 00:34 - 00032608 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-19 00:51 - 2012-01-31 19:21 - 00529402 _____ () C:\WINDOWS\setupapi.log
2014-12-18 22:53 - 2012-01-31 19:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2014-12-18 22:53 - 2012-01-31 19:26 - 00001712 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2014-12-18 12:18 - 2009-04-05 00:20 - 00000327 __RSH () C:\boot.ini
2014-12-18 11:41 - 2014-09-23 12:55 - 00054156 ____H () C:\WINDOWS\QTFont.qfn
2014-12-17 23:04 - 2009-04-05 00:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-12-17 22:52 - 2013-07-20 08:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-17 22:31 - 2012-03-31 22:38 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-17 22:10 - 2012-02-03 13:28 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-16 09:58 - 2012-01-31 18:38 - 00000000 ____D () C:\Documents and Settings\JW
2014-12-16 09:58 - 2009-04-05 00:34 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-12-16 09:58 - 2009-04-05 00:34 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-12-16 09:58 - 2009-04-05 00:30 - 00000000 ____D () C:\WINDOWS\Registration
2014-12-16 09:56 - 2012-05-01 22:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-16 09:40 - 2009-04-05 00:18 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-09 10:53 - 2012-12-16 11:46 - 00000000 ____D () C:\Documents and Settings\JW\Desktop\Credentials
2014-12-08 17:11 - 2014-03-20 08:23 - 00000210 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-12-06 11:33 - 2012-01-31 19:53 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-11-25 21:28 - 2014-08-07 10:26 - 00000000 ____D () C:\Documents and Settings\JW\Desktop\Scrambler

Some content of TEMP:
====================
C:\Documents and Settings\JW\Local Settings\Temp\dllnt_dump.dll
C:\Documents and Settings\JW\Local Settings\Temp\hpzmsi01.exe
C:\Documents and Settings\JW\Local Settings\Temp\hpzscr01.EXE

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

LAST IS ADDITION......

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-12-2014
Ran by JW at 2014-12-20 14:32:49
Running from C:\Documents and Settings\JW\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.4 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Agere Systems PCI-SV92EX Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
ANIO Service (HKLM\...\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}) (Version: - )
ANIWZCS2 Service (HKLM\...\{4C590030-7469-453E-8589-D15DA9D03F52}) (Version: - )
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D110 (Version: 140.0.283.000 - Hewlett-Packard) Hidden
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)
D-Link RangeBooster N DWA-140 (HKLM\...\{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}) (Version: - D-Link)
eMachines Recovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3005 - Acer Incorporated)
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPAppStudio (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java(TM) 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PS_AIO_07_D110_SW_Min (Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{08094E03-AFE4-4853-9D31-6D0743DF5328}) (Version: 7.1.6.200 - Apple Computer, Inc.)
QuickTransfer (Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5628 - Realtek Semiconductor Corp.)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (Version: 140.0.256.000 - Hewlett-Packard) Hidden
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

19-09-2014 14:52:01 System Checkpoint
21-09-2014 11:11:32 System Checkpoint
22-09-2014 11:46:44 System Checkpoint
23-09-2014 13:50:01 System Checkpoint
24-09-2014 14:45:17 System Checkpoint
25-09-2014 15:45:19 System Checkpoint
27-09-2014 11:47:36 System Checkpoint
28-09-2014 12:39:52 System Checkpoint
29-09-2014 13:39:40 System Checkpoint
01-10-2014 09:35:19 System Checkpoint
02-10-2014 11:05:52 System Checkpoint
03-10-2014 13:49:37 System Checkpoint
06-10-2014 10:05:05 System Checkpoint
07-10-2014 19:54:53 System Checkpoint
09-10-2014 10:27:18 System Checkpoint
10-10-2014 11:36:19 System Checkpoint
11-10-2014 11:43:04 System Checkpoint
12-10-2014 12:43:04 System Checkpoint
13-10-2014 13:26:05 System Checkpoint
15-10-2014 11:31:18 System Checkpoint
16-10-2014 02:01:01 Software Distribution Service 3.0
17-10-2014 02:55:48 System Checkpoint
23-10-2014 09:54:28 Restore Operation
27-10-2014 10:50:28 Software Distribution Service 3.0
27-10-2014 11:08:52 Software Distribution Service 3.0
27-10-2014 16:38:21 Restore Operation
28-10-2014 09:15:37 Software Distribution Service 3.0
29-10-2014 09:59:30 System Checkpoint
30-10-2014 13:53:05 System Checkpoint
01-11-2014 12:53:30 System Checkpoint
02-11-2014 13:27:26 System Checkpoint
03-11-2014 14:28:38 System Checkpoint
05-11-2014 12:42:14 System Checkpoint
06-11-2014 13:08:34 System Checkpoint
07-11-2014 14:25:20 System Checkpoint
09-11-2014 14:07:10 System Checkpoint
10-11-2014 15:13:51 System Checkpoint
11-11-2014 16:10:42 System Checkpoint
12-11-2014 03:01:33 Software Distribution Service 3.0
13-11-2014 03:08:21 System Checkpoint
14-11-2014 11:25:01 System Checkpoint
15-11-2014 12:04:03 System Checkpoint
16-11-2014 20:49:45 System Checkpoint
18-11-2014 11:00:22 System Checkpoint
19-11-2014 11:50:56 System Checkpoint
20-11-2014 12:19:24 System Checkpoint
21-11-2014 13:07:36 System Checkpoint
22-11-2014 12:13:52 Restore Operation
24-11-2014 07:31:09 System Checkpoint
25-11-2014 10:18:17 System Checkpoint
26-11-2014 10:21:10 System Checkpoint
27-11-2014 11:21:05 System Checkpoint
28-11-2014 12:36:25 System Checkpoint
29-11-2014 13:21:08 System Checkpoint
30-11-2014 14:21:05 System Checkpoint
01-12-2014 15:25:32 System Checkpoint
02-12-2014 16:21:06 System Checkpoint
03-12-2014 17:21:22 System Checkpoint
05-12-2014 16:40:28 System Checkpoint
08-12-2014 09:59:17 System Checkpoint
09-12-2014 10:17:24 System Checkpoint
10-12-2014 12:42:54 Restore Operation
16-12-2014 09:42:52 Software Distribution Service 3.0
16-12-2014 09:50:41 Restore Operation
17-12-2014 21:03:05 Malwarebytes Anti-Rootkit Restore Point
17-12-2014 22:07:16 Software Distribution Service 3.0
17-12-2014 23:23:43 Malwarebytes Anti-Rootkit Restore Point
18-12-2014 22:52:27 Removed HiJackThis

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-04-05 00:18 - 2014-12-19 01:00 - 00000768 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:0B4227B4

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^JW^Start Menu^Programs^Startup^ZooskMessenger.lnk => C:\WINDOWS\pss\ZooskMessenger.lnkStartup
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime

========================= Accounts: ==========================

Administrator (S-1-5-21-3723271197-3957454863-557728558-500 - Administrator - Enabled)
Guest (S-1-5-21-3723271197-3957454863-557728558-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-3723271197-3957454863-557728558-1004 - Limited - Disabled)
JW (S-1-5-21-3723271197-3957454863-557728558-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\JW
SUPPORT_388945a0 (S-1-5-21-3723271197-3957454863-557728558-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/18/2014 05:05:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application wzcsldr2.exe, version 1.0.14.9283, faulting module wlanapp.dll, version 1.1.10.707, fault address 0x00013c4b.
Processing media-specific event for [wzcsldr2.exe!ws!]

Error: (11/17/2014 00:57:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application wzcsldr2.exe, version 1.0.14.9283, faulting module wlanapp.dll, version 1.1.10.707, fault address 0x000170c6.
Processing media-specific event for [wzcsldr2.exe!ws!]

Error: (11/15/2014 00:52:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application wzcsldr2.exe, version 1.0.14.9283, faulting module wlanapp.dll, version 1.1.10.707, fault address 0x00013e3b.
Processing media-specific event for [wzcsldr2.exe!ws!]

Error: (11/13/2014 01:36:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application wzcsldr2.exe, version 1.0.14.9283, faulting module wlanapp.dll, version 1.1.10.707, fault address 0x000170c6.
Processing media-specific event for [wzcsldr2.exe!ws!]

Error: (10/13/2014 01:35:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application wzcsldr2.exe, version 1.0.14.9283, faulting module wlanapp.dll, version 1.1.10.707, fault address 0x000117b5.
Processing media-specific event for [wzcsldr2.exe!ws!]

Error: (10/03/2014 04:49:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application wzcsldr2.exe, version 1.0.14.9283, faulting module wlanapp.dll, version 1.1.10.707, fault address 0x000178e8.
Processing media-specific event for [wzcsldr2.exe!ws!]

Error: (09/13/2014 10:17:33 AM) (Source: ESENT) (EventID: 455) (User: )
Description: wuaueng.dll (1756) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error: (09/13/2014 10:17:33 AM) (Source: ESENT) (EventID: 489) (User: )
Description: wuauclt (1756) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (09/13/2014 10:17:23 AM) (Source: ESENT) (EventID: 455) (User: )
Description: wuaueng.dll (1756) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error: (09/13/2014 10:17:22 AM) (Source: ESENT) (EventID: 489) (User: )
Description: wuauclt (1756) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

System errors:
=============
Error: (12/20/2014 02:31:22 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/20/2014 02:18:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
Processor
SRTSP
SRTSPX

Error: (12/20/2014 02:07:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SRTSP
SRTSPX

Error: (12/20/2014 02:05:52 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/20/2014 10:57:31 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/19/2014 06:40:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
Processor
SRTSP
SRTSPX

Error: (12/19/2014 00:18:59 PM) (Source: DCOM) (EventID: 10010) (User: JUSTIN)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (12/19/2014 00:03:39 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort4

Error: (12/19/2014 00:03:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SRTSP
SRTSPX

Error: (12/19/2014 00:01:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD Athlon(tm) Processor 2650e
Percentage of memory in use: 22%
Total physical RAM: 894.32 MB
Available physical RAM: 694.72 MB
Total Pagefile: 2171.47 MB
Available Pagefile: 2079.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1939.78 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:139.04 GB) (Free:100.82 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 43A90CE8)
Partition 1: (Not Active) - (Size=10 GB) - (Type=12)
Partition 2: (Active) - (Size=139 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 MB) - (Type=17) ATTENTION ===> Suspicious partition bootkit on partition 3

==================== End Of Log ============================

thanks!!

Justin

TwinHeadedEagle · Dec 21, 2014

Very good. Any progress?

Scan with TDSSKiller

Please download TDSSKiller by Kaspersky and save it to your desktop.

Right-click on

icon and select

Run as Administrator to start the tool.
Click on Change parameters and put a checkmark beside Loaded modules. A reboot will be needed to apply the changes, allow it to do so.
Your machine may appear very slow and unusable after that - it's normal.
TDSSKiller will run automaticaly. Click on Change parameters and click OK.
Click the Start Scan button and wait patiently.

If anything will be found follow this guidelines:

If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
If Cure is not available, please choose Skip instead.
Do not choose Delete unless instructed!

A report will be created in your root directory, (usually C:\ drive) in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt. Please include the contents of that file in your next post.

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Jwill1919 · Dec 21, 2014

Ok, here are the latest results. I'm still unable to open and use Firefox, the system just won't let me...

11:01:57.0000 0x06dc TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
11:01:57.0171 0x06dc ============================================================
11:01:57.0171 0x06dc Current date / time: 2014/12/21 11:01:57.0171
11:01:57.0171 0x06dc SystemInfo:
11:01:57.0171 0x06dc
11:01:57.0171 0x06dc OS Version: 5.1.2600 ServicePack: 3.0
11:01:57.0171 0x06dc Product type: Workstation
11:01:57.0171 0x06dc ComputerName: JUSTIN
11:01:57.0171 0x06dc UserName: JW
11:01:57.0171 0x06dc Windows directory: C:\WINDOWS
11:01:57.0328 0x06dc System windows directory: C:\WINDOWS
11:01:57.0328 0x06dc Processor architecture: Intel x86
11:01:57.0328 0x06dc Number of processors: 1
11:01:57.0328 0x06dc Page size: 0x1000
11:01:57.0328 0x06dc Boot type: Normal boot
11:01:57.0328 0x06dc ============================================================
11:01:57.0328 0x06dc BG loaded
11:01:58.0640 0x06dc System UUID: {81D3F674-931D-82DB-D38F-56C914F3BD50}
11:02:05.0828 0x06dc Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000044
11:02:05.0859 0x06dc ============================================================
11:02:05.0859 0x06dc \Device\Harddisk0\DR0:
11:02:05.0859 0x06dc MBR partitions:
11:02:05.0859 0x06dc \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x11614400
11:02:05.0859 0x06dc ============================================================
11:02:05.0953 0x06dc C: <-> \Device\Harddisk0\DR0\Partition1
11:02:05.0953 0x06dc ============================================================
11:02:05.0953 0x06dc Initialize success
11:02:05.0953 0x06dc ============================================================
11:02:41.0812 0x0d40 ============================================================
11:02:41.0828 0x0d40 Scan started
11:02:41.0828 0x0d40 Mode: Manual;
11:02:41.0828 0x0d40 ============================================================
11:02:41.0828 0x0d40 KSN ping started
11:02:42.0203 0x0d40 KSN ping finished: true
11:02:45.0453 0x0d40 ================ Scan system memory ========================
11:02:45.0453 0x0d40 System memory - ok
11:02:45.0468 0x0d40 ================ Scan services =============================
11:02:45.0546 0x0d40 [ B0CC0B50441372157F31C4C023D43A3E, A0FCC03588C06E42D3B8465AC7D0F7A909E8CABEEE3C82B3CBD68F150D7692EE ] A2DDA C:\EEK\BIN\a2ddax86.sys
11:02:45.0546 0x0d40 A2DDA - ok
11:02:45.0890 0x0d40 Abiosdsk - ok
11:02:45.0937 0x0d40 [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:02:45.0937 0x0d40 abp480n5 - ok
11:02:46.0015 0x0d40 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:02:46.0046 0x0d40 ACPI - ok
11:02:46.0078 0x0d40 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
11:02:46.0078 0x0d40 ACPIEC - ok
11:02:46.0187 0x0d40 [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:02:46.0234 0x0d40 AdobeFlashPlayerUpdateSvc - ok
11:02:46.0312 0x0d40 [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:02:46.0328 0x0d40 adpu160m - ok
11:02:46.0375 0x0d40 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:02:46.0375 0x0d40 aec - ok
11:02:46.0453 0x0d40 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:02:46.0453 0x0d40 AFD - ok
11:02:46.0500 0x0d40 [ 8ED60797908FD394EEE0D6949F493224, E07C471050F8D13F0BE52BC2CF88BA0EB8612B4957C43FF16B90197C57738C99 ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe
11:02:46.0500 0x0d40 AgereModemAudio - ok
11:02:46.0718 0x0d40 [ BAF68DCBA949633DF0C16D37AF2A2351, 85BE7F87685BF3BF1B8CE8CD79A9DA44E3B611F712A5C1EDA6AF45EE1A933C0B ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
11:02:46.0765 0x0d40 AgereSoftModem - ok
11:02:46.0812 0x0d40 [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
11:02:46.0812 0x0d40 agp440 - ok
11:02:46.0843 0x0d40 [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:02:46.0843 0x0d40 agpCPQ - ok
11:02:46.0875 0x0d40 [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:02:46.0875 0x0d40 Aha154x - ok
11:02:46.0890 0x0d40 [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:02:46.0906 0x0d40 aic78u2 - ok
11:02:46.0921 0x0d40 [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:02:46.0937 0x0d40 aic78xx - ok
11:02:46.0984 0x0d40 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:02:46.0984 0x0d40 Alerter - ok
11:02:47.0015 0x0d40 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
11:02:47.0015 0x0d40 ALG - ok
11:02:47.0046 0x0d40 [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
11:02:47.0046 0x0d40 AliIde - ok
11:02:47.0093 0x0d40 [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:02:47.0109 0x0d40 alim1541 - ok
11:02:47.0140 0x0d40 [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:02:47.0140 0x0d40 amdagp - ok
11:02:47.0156 0x0d40 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
11:02:47.0171 0x0d40 amsint - ok
11:02:47.0203 0x0d40 [ 2953A157A783BFC06F42F99FEFA5EB07, 90236C68F46FA25F6C0561A38CAE7BEB2E35281AF33B3779BC52CDA0F73018CC ] ANIO C:\WINDOWS\system32\ANIO.SYS
11:02:47.0203 0x0d40 ANIO - ok
11:02:47.0265 0x0d40 [ 3C417A392EC51E601AC55B5E196549E7, 913228A695B92F2EB597960E88E4D0A4CD117E08BC3BE714926E9EA71B7081E9 ] ANIWConnService C:\WINDOWS\system32\ANIWConnService.exe
11:02:47.0296 0x0d40 ANIWConnService - ok
11:02:47.0359 0x0d40 [ 495874EB368DCBACB56591B5DCB7336F, 59148D49E23AA0CE338CE82999ED1B9F8C8771AB980A7FF5095CC94D81840CA9 ] ANIWZCSdService C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
11:02:47.0406 0x0d40 ANIWZCSdService - ok
11:02:47.0468 0x0d40 [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:02:47.0468 0x0d40 Apple Mobile Device - ok
11:02:47.0500 0x0d40 AppMgmt - ok
11:02:47.0546 0x0d40 [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
11:02:47.0546 0x0d40 asc - ok
11:02:47.0578 0x0d40 [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:02:47.0578 0x0d40 asc3350p - ok
11:02:47.0593 0x0d40 [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:02:47.0593 0x0d40 asc3550 - ok
11:02:47.0718 0x0d40 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:02:47.0750 0x0d40 aspnet_state - ok
11:02:47.0765 0x0d40 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:02:47.0781 0x0d40 AsyncMac - ok
11:02:47.0906 0x0d40 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:02:47.0906 0x0d40 atapi - ok
11:02:47.0937 0x0d40 Atdisk - ok
11:02:47.0984 0x0d40 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:02:47.0984 0x0d40 Atmarpc - ok
11:02:48.0078 0x0d40 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:02:48.0078 0x0d40 AudioSrv - ok
11:02:48.0125 0x0d40 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:02:48.0125 0x0d40 audstub - ok
11:02:48.0171 0x0d40 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:02:48.0171 0x0d40 Beep - ok
11:02:48.0281 0x0d40 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
11:02:48.0375 0x0d40 BITS - ok
11:02:48.0484 0x0d40 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:02:48.0546 0x0d40 Bonjour Service - ok
11:02:48.0609 0x0d40 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
11:02:48.0609 0x0d40 Browser - ok
11:02:48.0656 0x0d40 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:02:48.0656 0x0d40 cbidf - ok
11:02:48.0671 0x0d40 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:02:48.0671 0x0d40 cbidf2k - ok
11:02:48.0718 0x0d40 [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:02:48.0718 0x0d40 cd20xrnt - ok
11:02:48.0734 0x0d40 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:02:48.0734 0x0d40 Cdaudio - ok
11:02:48.0765 0x0d40 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:02:48.0765 0x0d40 Cdfs - ok
11:02:48.0812 0x0d40 [ 4B0A100EAF5C49EF3CCA8C641431EACC, 88D9C066FFB863910EE1863CE63D38846ACA2DF72D6B5FDFCE0F3379A6DA5EF9 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:02:48.0812 0x0d40 Cdrom - ok
11:02:48.0828 0x0d40 Changer - ok
11:02:48.0875 0x0d40 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:02:48.0890 0x0d40 CiSvc - ok
11:02:48.0921 0x0d40 [ DBC8CDAFC84E96E894C3BAAED9B30F47, A25CDF4BBF8227878D3CBB8E74904A43751EC4E98DFEBFE4CBD3953890A170F9 ] cleanhlp C:\EEK\bin\cleanhlp32.sys
11:02:48.0937 0x0d40 cleanhlp - ok
11:02:48.0968 0x0d40 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:02:48.0968 0x0d40 ClipSrv - ok
11:02:49.0015 0x0d40 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:02:49.0093 0x0d40 clr_optimization_v2.0.50727_32 - ok
11:02:49.0156 0x0d40 [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:02:49.0156 0x0d40 CmdIde - ok
11:02:49.0171 0x0d40 COMSysApp - ok
11:02:49.0187 0x0d40 [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:02:49.0203 0x0d40 Cpqarray - ok
11:02:49.0234 0x0d40 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:02:49.0250 0x0d40 CryptSvc - ok
11:02:49.0312 0x0d40 [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:02:49.0343 0x0d40 dac2w2k - ok
11:02:49.0359 0x0d40 [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:02:49.0359 0x0d40 dac960nt - ok
11:02:49.0468 0x0d40 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:02:49.0484 0x0d40 DcomLaunch - ok
11:02:49.0546 0x0d40 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:02:49.0546 0x0d40 Dhcp - ok
11:02:49.0593 0x0d40 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:02:49.0609 0x0d40 Disk - ok
11:02:49.0609 0x0d40 dmadmin - ok
11:02:49.0781 0x0d40 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:02:49.0921 0x0d40 dmboot - ok
11:02:49.0984 0x0d40 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:02:50.0062 0x0d40 dmio - ok
11:02:50.0281 0x0d40 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:02:50.0281 0x0d40 dmload - ok
11:02:50.0312 0x0d40 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
11:02:50.0312 0x0d40 dmserver - ok
11:02:50.0359 0x0d40 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:02:50.0359 0x0d40 DMusic - ok
11:02:50.0406 0x0d40 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:02:50.0421 0x0d40 Dnscache - ok
11:02:50.0468 0x0d40 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:02:50.0515 0x0d40 Dot3svc - ok
11:02:50.0546 0x0d40 [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:02:50.0546 0x0d40 dpti2o - ok
11:02:50.0593 0x0d40 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:02:50.0593 0x0d40 drmkaud - ok
11:02:50.0625 0x0d40 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:02:50.0640 0x0d40 EapHost - ok
11:02:50.0671 0x0d40 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:02:50.0671 0x0d40 ERSvc - ok
11:02:50.0781 0x0d40 [ 23112102BC2A8FE44B8AC44A05BDF4C3, F986F92C8D60531E3652ADB4767709531C444CE51B55F638E8B898B3C274C47F ] ETService C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
11:02:50.0781 0x0d40 ETService - ok
11:02:50.0843 0x0d40 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
11:02:50.0890 0x0d40 Eventlog - ok
11:02:50.0968 0x0d40 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll
11:02:50.0984 0x0d40 EventSystem - ok
11:02:51.0046 0x0d40 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:02:51.0078 0x0d40 Fastfat - ok
11:02:51.0125 0x0d40 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:02:51.0140 0x0d40 FastUserSwitchingCompatibility - ok
11:02:51.0218 0x0d40 [ E97D6A8684466DF94FF3BC24FB787A07, 89E5A6889E3C5AB9AD3E80FFC16DD608278F3ADC282048B40B60196336A5CBEB ] Fax C:\WINDOWS\system32\fxssvc.exe
11:02:51.0234 0x0d40 Fax - ok
11:02:51.0250 0x0d40 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
11:02:51.0250 0x0d40 Fdc - ok
11:02:51.0312 0x0d40 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:02:51.0312 0x0d40 Fips - ok
11:02:51.0328 0x0d40 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
11:02:51.0328 0x0d40 Flpydisk - ok
11:02:51.0375 0x0d40 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
11:02:51.0406 0x0d40 FltMgr - ok
11:02:51.0500 0x0d40 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:02:51.0515 0x0d40 FontCache3.0.0.0 - ok
11:02:51.0562 0x0d40 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:02:51.0562 0x0d40 Fs_Rec - ok
11:02:51.0609 0x0d40 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:02:51.0625 0x0d40 Ftdisk - ok
11:02:51.0671 0x0d40 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:02:51.0671 0x0d40 GEARAspiWDM - ok
11:02:51.0718 0x0d40 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:02:51.0718 0x0d40 Gpc - ok
11:02:51.0765 0x0d40 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:02:51.0781 0x0d40 HDAudBus - ok
11:02:51.0875 0x0d40 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:02:51.0875 0x0d40 helpsvc - ok
11:02:51.0906 0x0d40 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
11:02:51.0921 0x0d40 HidServ - ok
11:02:51.0968 0x0d40 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:02:51.0968 0x0d40 hidusb - ok
11:02:52.0000 0x0d40 [ B3635FD088BA2F6F03A276A961BE6ED2, 119E3283E9101031883A1742BD904672C84DD6971F4DE42932B4B798B02C86D4 ] hitmanpro37 C:\WINDOWS\system32\drivers\hitmanpro37.sys
11:02:52.0015 0x0d40 hitmanpro37 - ok
11:02:52.0031 0x0d40 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:02:52.0062 0x0d40 hkmsvc - ok
11:02:52.0093 0x0d40 [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
11:02:52.0093 0x0d40 hpn - ok
11:02:52.0234 0x0d40 [ 5DA42D24712E00728CEA2342A65009B2, 73EC5250DCFD556525B24B3CA66C64AC7747E77652A2AD6119936A59A9E8562A ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
11:02:52.0250 0x0d40 hpqcxs08 - ok
11:02:52.0328 0x0d40 [ D86A39BF100069444D026D22D9A6E555, 7B24D48D5BA67704C88697FADB64364E0E64D26259408E3C219820C5404C5EEC ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
11:02:52.0343 0x0d40 hpqddsvc - ok
11:02:52.0484 0x0d40 [ A04F4AC48895774A2CF9D1C9EAAACEF0, 012F10DE086C3551D75716EF1F6DCC477C8C1E776267D9FC4073BEADAFD37C9C ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
11:02:52.0500 0x0d40 HPSLPSVC - ok
11:02:52.0578 0x0d40 [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:02:52.0593 0x0d40 HPZid412 - ok
11:02:52.0640 0x0d40 [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:02:52.0640 0x0d40 HPZipr12 - ok
11:02:52.0687 0x0d40 [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:02:52.0687 0x0d40 HPZius12 - ok
11:02:52.0812 0x0d40 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:02:52.0828 0x0d40 HTTP - ok
11:02:52.0859 0x0d40 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:02:52.0906 0x0d40 HTTPFilter - ok
11:02:53.0000 0x0d40 [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
11:02:53.0000 0x0d40 i2omgmt - ok
11:02:53.0031 0x0d40 [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:02:53.0046 0x0d40 i2omp - ok
11:02:53.0078 0x0d40 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:02:53.0093 0x0d40 i8042prt - ok
11:02:53.0546 0x0d40 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:02:54.0062 0x0d40 idsvc - ok
11:02:54.0109 0x0d40 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:02:54.0109 0x0d40 Imapi - ok
11:02:54.0234 0x0d40 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
11:02:54.0234 0x0d40 ImapiService - ok
11:02:54.0296 0x0d40 [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:02:54.0328 0x0d40 ini910u - ok
11:02:54.0421 0x0d40 [ C6E5276C00EBDEB096BB5EF4B797D1B6, 2620D2F7B5242E9DD0217FB4E0CBACF1DB8AB1B92187AD2847904948E1ABFEC1 ] int15 C:\WINDOWS\system32\drivers\int15.sys
11:02:54.0421 0x0d40 int15 - ok
11:02:54.0437 0x0d40 int15.sys - ok
11:02:56.0062 0x0d40 [ 19AFBB8427CE65042599555E578170DF, 2EC8FA208CF3DD93934B85E1DB99469D390A33CC23D4F2D4ADB523C8BFFF8D10 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:02:56.0250 0x0d40 IntcAzAudAddService - ok
11:02:56.0343 0x0d40 [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
11:02:56.0406 0x0d40 IntelIde - ok
11:02:56.0515 0x0d40 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
11:02:56.0531 0x0d40 Ip6Fw - ok
11:02:56.0593 0x0d40 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:02:56.0625 0x0d40 IpFilterDriver - ok
11:02:56.0671 0x0d40 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:02:56.0687 0x0d40 IpInIp - ok
11:02:56.0765 0x0d40 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:02:56.0765 0x0d40 IpNat - ok
11:02:56.0906 0x0d40 [ 463790AEF94D8EAB674631257F53252E, A02972457F45AD6816CB5F60DE4CD15D68256695FA0F3E4EAD6F9E36CBE54576 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:02:57.0046 0x0d40 iPod Service - ok
11:02:57.0125 0x0d40 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:02:57.0125 0x0d40 IPSec - ok
11:02:57.0156 0x0d40 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:02:57.0156 0x0d40 IRENUM - ok
11:02:57.0203 0x0d40 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:02:57.0203 0x0d40 isapnp - ok
11:02:57.0234 0x0d40 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:02:57.0234 0x0d40 Kbdclass - ok
11:02:57.0250 0x0d40 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:02:57.0250 0x0d40 kbdhid - ok
11:02:57.0312 0x0d40 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:02:57.0359 0x0d40 kmixer - ok
11:02:57.0406 0x0d40 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:02:57.0484 0x0d40 KSecDD - ok
11:02:57.0578 0x0d40 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
11:02:57.0578 0x0d40 LanmanServer - ok
11:02:57.0687 0x0d40 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:02:57.0703 0x0d40 lanmanworkstation - ok
11:02:57.0718 0x0d40 lbrtfdc - ok
11:02:57.0843 0x0d40 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:02:57.0843 0x0d40 LmHosts - ok
11:02:57.0890 0x0d40 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:02:57.0921 0x0d40 Messenger - ok
11:02:57.0984 0x0d40 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:02:57.0984 0x0d40 mnmdd - ok
11:02:58.0031 0x0d40 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:02:58.0062 0x0d40 mnmsrvc - ok
11:02:58.0125 0x0d40 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:02:58.0140 0x0d40 Modem - ok
11:02:58.0171 0x0d40 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:02:58.0187 0x0d40 Mouclass - ok
11:02:58.0203 0x0d40 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:02:58.0203 0x0d40 mouhid - ok
11:02:58.0250 0x0d40 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:02:58.0265 0x0d40 MountMgr - ok
11:02:58.0421 0x0d40 [ DEA022193DF8C88F6E2B3E33D148A5DB, 97DFC47DB83E04A975A1969AA120385463FCAF4E1A9984FD3220442D7026B45A ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:02:58.0531 0x0d40 MozillaMaintenance - ok
11:02:58.0593 0x0d40 [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:02:58.0609 0x0d40 mraid35x - ok
11:02:58.0796 0x0d40 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:02:58.0828 0x0d40 MRxDAV - ok
11:02:58.0984 0x0d40 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:02:59.0046 0x0d40 MRxSmb - ok
11:02:59.0140 0x0d40 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:02:59.0187 0x0d40 MSDTC - ok
11:02:59.0234 0x0d40 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:02:59.0234 0x0d40 Msfs - ok
11:02:59.0265 0x0d40 MSIServer - ok
11:02:59.0296 0x0d40 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:02:59.0312 0x0d40 MSKSSRV - ok
11:02:59.0343 0x0d40 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:02:59.0359 0x0d40 MSPCLOCK - ok
11:02:59.0390 0x0d40 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:02:59.0406 0x0d40 MSPQM - ok
11:02:59.0453 0x0d40 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:02:59.0453 0x0d40 mssmbios - ok
11:02:59.0515 0x0d40 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:02:59.0546 0x0d40 Mup - ok
11:02:59.0625 0x0d40 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:02:59.0718 0x0d40 napagent - ok
11:02:59.0984 0x0d40 NAVENG - ok
11:02:59.0984 0x0d40 NAVEX15 - ok
11:03:00.0062 0x0d40 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:03:00.0109 0x0d40 NDIS - ok
11:03:00.0156 0x0d40 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:03:00.0156 0x0d40 NdisTapi - ok
11:03:00.0218 0x0d40 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:03:00.0218 0x0d40 Ndisuio - ok
11:03:00.0406 0x0d40 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:03:00.0406 0x0d40 NdisWan - ok
11:03:00.0500 0x0d40 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:03:00.0500 0x0d40 NDProxy - ok
11:03:00.0562 0x0d40 [ 80B7A96F908DA13617E7E6832C5C6A64, 08B81AFE120B8064B6E001BDF424168305D55F38AE2071300F57C8EA32BEAE56 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
11:03:00.0562 0x0d40 Net Driver HPZ12 - ok
11:03:00.0625 0x0d40 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:03:00.0625 0x0d40 NetBIOS - ok
11:03:00.0765 0x0d40 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:03:00.0765 0x0d40 NetBT - ok
11:03:00.0843 0x0d40 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
11:03:00.0875 0x0d40 NetDDE - ok
11:03:00.0953 0x0d40 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:03:00.0968 0x0d40 NetDDEdsdm - ok
11:03:01.0156 0x0d40 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:03:01.0156 0x0d40 Netlogon - ok
11:03:01.0406 0x0d40 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
11:03:01.0406 0x0d40 Netman - ok
11:03:01.0531 0x0d40 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:03:01.0578 0x0d40 NetTcpPortSharing - ok
11:03:01.0656 0x0d40 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
11:03:01.0671 0x0d40 Nla - ok
11:03:01.0687 0x0d40 Norton Internet Security - ok
11:03:01.0734 0x0d40 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:03:01.0734 0x0d40 Npfs - ok
11:03:01.0859 0x0d40 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:03:01.0984 0x0d40 Ntfs - ok
11:03:02.0000 0x0d40 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:03:02.0015 0x0d40 NtLmSsp - ok
11:03:02.0125 0x0d40 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:03:02.0421 0x0d40 NtmsSvc - ok
11:03:02.0500 0x0d40 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
11:03:02.0515 0x0d40 Null - ok
11:03:06.0265 0x0d40 [ 7C56F3FD65B2BDB315CA3605A5392D7B, 1C33B2723BBD958FE06D71B6AC5C54DF1F46491C292749FE0DB8577BF056A765 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:03:06.0812 0x0d40 nv - ok
11:03:06.0921 0x0d40 [ 45BA510DB13A0496DB1CD16826519E03, AE6B736B243E789927EE06ACF3C3E059B68C8D72281C8F4940090E31908E9D4C ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
11:03:06.0953 0x0d40 NVENETFD - ok
11:03:07.0015 0x0d40 [ 57CBDB934FB1AFB7E03B413D151A6152, 2FC08150CB2F16EEE906E07E1462D2289E0E4CE56331F2AA9DD96392D8A9D670 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
11:03:07.0031 0x0d40 nvnetbus - ok
11:03:07.0109 0x0d40 [ 7E5B3BE5DCD54BBB44B0C7DB7BD3EC8F, 540C18DA16E8463F373ACA931C911CCEA09781A56156D125804BBF9D6B6CEFDD ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
11:03:07.0156 0x0d40 NVSvc - ok
11:03:07.0328 0x0d40 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:03:07.0406 0x0d40 NwlnkFlt - ok
11:03:07.0484 0x0d40 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:03:07.0500 0x0d40 NwlnkFwd - ok
11:03:07.0890 0x0d40 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:03:07.0968 0x0d40 odserv - ok
11:03:08.0046 0x0d40 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:03:08.0125 0x0d40 ose - ok
11:03:08.0203 0x0d40 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\drivers\Parport.sys
11:03:08.0218 0x0d40 Parport - ok
11:03:08.0265 0x0d40 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:03:08.0296 0x0d40 PartMgr - ok
11:03:08.0328 0x0d40 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:03:08.0359 0x0d40 ParVdm - ok
11:03:08.0375 0x0d40 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:03:08.0390 0x0d40 PCI - ok
11:03:08.0406 0x0d40 PCIDump - ok
11:03:08.0437 0x0d40 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:03:08.0468 0x0d40 PCIIde - ok
11:03:08.0703 0x0d40 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
11:03:08.0734 0x0d40 Pcmcia - ok
11:03:08.0750 0x0d40 PDCOMP - ok
11:03:08.0937 0x0d40 PDFRAME - ok
11:03:08.0968 0x0d40 PDRELI - ok
11:03:08.0984 0x0d40 PDRFRAME - ok
11:03:09.0062 0x0d40 [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
11:03:09.0078 0x0d40 perc2 - ok
11:03:09.0109 0x0d40 [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:03:09.0109 0x0d40 perc2hib - ok
11:03:09.0593 0x0d40 [ F042EE4C8D66248D9B86DCF52ABAE416, AE0F5CC54E4B133DF66A54572A7CE52FAFF11F8FD0CAEAB088AAD3699D6EC924 ] PEVSystemStart C:\ComboFix\pev.3XE
11:03:09.0609 0x0d40 PEVSystemStart - ok
11:03:09.0656 0x0d40 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
11:03:09.0656 0x0d40 PlugPlay - ok
11:03:09.0734 0x0d40 [ 0C155C5D8942B3CBCF9506A9D376B9AD, 37F4878548DD7063CA31FB21D6955A45C25F648C332A736DA84DEA5AAE7486AF ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
11:03:09.0750 0x0d40 Pml Driver HPZ12 - ok
11:03:09.0765 0x0d40 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:03:09.0781 0x0d40 PolicyAgent - ok
11:03:09.0875 0x0d40 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:03:09.0875 0x0d40 PptpMiniport - ok
11:03:09.0906 0x0d40 [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
11:03:09.0906 0x0d40 Processor - ok
11:03:09.0937 0x0d40 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:03:09.0937 0x0d40 ProtectedStorage - ok
11:03:09.0968 0x0d40 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:03:09.0968 0x0d40 PSched - ok
11:03:10.0000 0x0d40 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:03:10.0000 0x0d40 Ptilink - ok
11:03:10.0046 0x0d40 [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:03:10.0062 0x0d40 ql1080 - ok
11:03:10.0109 0x0d40 [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:03:10.0125 0x0d40 Ql10wnt - ok
11:03:10.0156 0x0d40 [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:03:10.0171 0x0d40 ql12160 - ok
11:03:10.0187 0x0d40 [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:03:10.0203 0x0d40 ql1240 - ok
11:03:10.0218 0x0d40 [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:03:10.0250 0x0d40 ql1280 - ok
11:03:10.0265 0x0d40 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:03:10.0265 0x0d40 RasAcd - ok
11:03:10.0343 0x0d40 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:03:10.0359 0x0d40 RasAuto - ok
11:03:10.0390 0x0d40 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:03:10.0390 0x0d40 Rasl2tp - ok
11:03:10.0468 0x0d40 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:03:10.0484 0x0d40 RasMan - ok
11:03:10.0500 0x0d40 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:03:10.0500 0x0d40 RasPppoe - ok
11:03:10.0531 0x0d40 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:03:10.0531 0x0d40 Raspti - ok
11:03:10.0609 0x0d40 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:03:10.0625 0x0d40 Rdbss - ok
11:03:10.0656 0x0d40 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:03:10.0656 0x0d40 RDPCDD - ok
11:03:10.0750 0x0d40 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:03:10.0796 0x0d40 rdpdr - ok
11:03:10.0890 0x0d40 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:03:10.0921 0x0d40 RDPWD - ok
11:03:11.0046 0x0d40 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:03:11.0125 0x0d40 RDSessMgr - ok
11:03:11.0171 0x0d40 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:03:11.0171 0x0d40 redbook - ok
11:03:11.0250 0x0d40 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:03:11.0281 0x0d40 RemoteAccess - ok
11:03:11.0328 0x0d40 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
11:03:11.0359 0x0d40 RpcLocator - ok
11:03:11.0500 0x0d40 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\system32\rpcss.dll
11:03:11.0515 0x0d40 RpcSs - ok
11:03:11.0734 0x0d40 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:03:11.0796 0x0d40 RSVP - ok
11:03:12.0031 0x0d40 [ 84BEAF4A13A36CB9BB0663DF9089CEA2, FAD68F354491E90C81854815A363174440893729856032DB6B6254BEB1A1F856 ] rt2870 C:\WINDOWS\system32\DRIVERS\Drt2870.sys
11:03:12.0046 0x0d40 rt2870 - ok
11:03:12.0078 0x0d40 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
11:03:12.0078 0x0d40 SamSs - ok
11:03:12.0187 0x0d40 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:03:12.0250 0x0d40 SCardSvr - ok
11:03:12.0328 0x0d40 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:03:12.0343 0x0d40 Schedule - ok
11:03:12.0421 0x0d40 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:03:12.0468 0x0d40 Secdrv - ok
11:03:12.0546 0x0d40 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:03:12.0546 0x0d40 seclogon - ok
11:03:12.0593 0x0d40 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
11:03:12.0593 0x0d40 SENS - ok
11:03:12.0656 0x0d40 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\drivers\Serial.sys
11:03:12.0656 0x0d40 Serial - ok
11:03:12.0828 0x0d40 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:03:12.0828 0x0d40 Sfloppy - ok
11:03:12.0968 0x0d40 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:03:12.0984 0x0d40 SharedAccess - ok
11:03:13.0046 0x0d40 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:03:13.0046 0x0d40 ShellHWDetection - ok
11:03:13.0078 0x0d40 Simbad - ok
11:03:13.0140 0x0d40 [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:03:13.0187 0x0d40 sisagp - ok
11:03:13.0203 0x0d40 SophosVirusRemovalTool - ok
11:03:13.0250 0x0d40 [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:03:13.0265 0x0d40 Sparrow - ok
11:03:13.0296 0x0d40 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:03:13.0296 0x0d40 splitter - ok
11:03:13.0390 0x0d40 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:03:13.0390 0x0d40 Spooler - ok
11:03:13.0437 0x0d40 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:03:13.0453 0x0d40 sr - ok
11:03:13.0546 0x0d40 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
11:03:13.0562 0x0d40 srservice - ok
11:03:13.0562 0x0d40 SRTSP - ok
11:03:13.0593 0x0d40 SRTSPX - ok
11:03:13.0703 0x0d40 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:03:13.0734 0x0d40 Srv - ok
11:03:13.0843 0x0d40 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:03:13.0843 0x0d40 SSDPSRV - ok
11:03:13.0968 0x0d40 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:03:13.0984 0x0d40 stisvc - ok
11:03:14.0031 0x0d40 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:03:14.0031 0x0d40 swenum - ok
11:03:14.0062 0x0d40 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:03:14.0078 0x0d40 swmidi - ok
11:03:14.0093 0x0d40 SwPrv - ok
11:03:14.0156 0x0d40 [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
11:03:14.0156 0x0d40 symc810 - ok
11:03:14.0203 0x0d40 [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:03:14.0203 0x0d40 symc8xx - ok
11:03:14.0265 0x0d40 [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:03:14.0281 0x0d40 sym_hi - ok
11:03:14.0312 0x0d40 [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:03:14.0328 0x0d40 sym_u3 - ok
11:03:14.0390 0x0d40 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:03:14.0390 0x0d40 sysaudio - ok
11:03:14.0453 0x0d40 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:03:14.0484 0x0d40 SysmonLog - ok
11:03:14.0593 0x0d40 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:03:14.0593 0x0d40 TapiSrv - ok
11:03:14.0718 0x0d40 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:03:14.0812 0x0d40 Tcpip - ok
11:03:14.0890 0x0d40 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:03:14.0906 0x0d40 TDPIPE - ok
11:03:14.0937 0x0d40 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:03:14.0953 0x0d40 TDTCP - ok
11:03:15.0031 0x0d40 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:03:15.0031 0x0d40 TermDD - ok
11:03:15.0125 0x0d40 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
11:03:15.0140 0x0d40 TermService - ok
11:03:15.0187 0x0d40 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
11:03:15.0203 0x0d40 Themes - ok
11:03:15.0250 0x0d40 [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
11:03:15.0265 0x0d40 TosIde - ok
11:03:15.0343 0x0d40 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:03:15.0343 0x0d40 TrkWks - ok
11:03:15.0421 0x0d40 [ FD44FA80DA03EA144153A76DEBBB61B4, 0C46717F489A415A583470DAE8CF58E47BC307B9CB0F9DB6C4EDF33B7525475C ] TrueSight C:\WINDOWS\system32\drivers\TrueSight.sys
11:03:15.0453 0x0d40 TrueSight - ok
11:03:15.0500 0x0d40 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:03:15.0531 0x0d40 Udfs - ok
11:03:15.0593 0x0d40 [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
11:03:15.0671 0x0d40 ultra - ok
11:03:15.0812 0x0d40 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:03:15.0828 0x0d40 Update - ok
11:03:15.0937 0x0d40 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
11:03:16.0015 0x0d40 upnphost - ok
11:03:16.0046 0x0d40 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
11:03:16.0046 0x0d40 UPS - ok
11:03:16.0093 0x0d40 [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
11:03:16.0109 0x0d40 USBAAPL - ok
11:03:16.0203 0x0d40 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:03:16.0203 0x0d40 usbccgp - ok
11:03:16.0234 0x0d40 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:03:16.0234 0x0d40 usbehci - ok
11:03:16.0312 0x0d40 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:03:16.0312 0x0d40 usbhub - ok
11:03:16.0343 0x0d40 [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:03:16.0343 0x0d40 usbohci - ok
11:03:16.0406 0x0d40 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:03:16.0406 0x0d40 usbprint - ok
11:03:16.0468 0x0d40 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:03:16.0468 0x0d40 usbscan - ok
11:03:16.0515 0x0d40 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:03:16.0531 0x0d40 USBSTOR - ok
11:03:16.0578 0x0d40 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:03:16.0578 0x0d40 VgaSave - ok
11:03:16.0609 0x0d40 [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:03:16.0625 0x0d40 viaagp - ok
11:03:16.0671 0x0d40 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
11:03:16.0687 0x0d40 ViaIde - ok
11:03:16.0734 0x0d40 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:03:16.0750 0x0d40 VolSnap - ok
11:03:16.0859 0x0d40 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
11:03:16.0937 0x0d40 VSS - ok
11:03:17.0000 0x0d40 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\system32\w32time.dll
11:03:17.0015 0x0d40 W32Time - ok
11:03:17.0062 0x0d40 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:03:17.0062 0x0d40 Wanarp - ok
11:03:17.0062 0x0d40 WDICA - ok
11:03:17.0156 0x0d40 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:03:17.0156 0x0d40 wdmaud - ok
11:03:17.0203 0x0d40 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
11:03:17.0218 0x0d40 WebClient - ok
11:03:17.0421 0x0d40 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:03:17.0421 0x0d40 winmgmt - ok
11:03:17.0953 0x0d40 [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:03:18.0390 0x0d40 wlidsvc - ok
11:03:18.0578 0x0d40 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:03:18.0625 0x0d40 WmdmPmSN - ok
11:03:18.0859 0x0d40 [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:03:18.0875 0x0d40 WmiAcpi - ok
11:03:19.0015 0x0d40 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:03:19.0109 0x0d40 WmiApSrv - ok
11:03:19.0578 0x0d40 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
11:03:20.0109 0x0d40 WMPNetworkSvc - ok
11:03:20.0218 0x0d40 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:03:20.0218 0x0d40 WS2IFSL - ok
11:03:20.0343 0x0d40 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:03:20.0343 0x0d40 wscsvc - ok
11:03:20.0421 0x0d40 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:03:20.0421 0x0d40 wuauserv - ok
11:03:20.0531 0x0d40 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:03:20.0562 0x0d40 WudfPf - ok
11:03:20.0593 0x0d40 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:03:20.0609 0x0d40 WudfRd - ok
11:03:20.0671 0x0d40 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:03:20.0734 0x0d40 WudfSvc - ok
11:03:20.0921 0x0d40 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:03:20.0953 0x0d40 WZCSVC - ok
11:03:21.0015 0x0d40 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:03:21.0078 0x0d40 xmlprov - ok
11:03:21.0109 0x0d40 ================ Scan global ===============================
11:03:21.0171 0x0d40 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
11:03:21.0250 0x0d40 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
11:03:21.0343 0x0d40 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
11:03:21.0406 0x0d40 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
11:03:21.0421 0x0d40 [ Global ] - ok
11:03:21.0421 0x0d40 ================ Scan MBR ==================================
11:03:21.0453 0x0d40 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:03:27.0484 0x0d40 \Device\Harddisk0\DR0 - ok
11:03:27.0484 0x0d40 ================ Scan VBR ==================================
11:03:27.0531 0x0d40 [ 5393A4AF0797DC1BAEC7A5353AE5F840 ] \Device\Harddisk0\DR0\Partition1
11:03:27.0625 0x0d40 \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
11:03:27.0625 0x0d40 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
11:03:28.0078 0x0d40 ================ Scan active images ========================
11:03:28.0093 0x0d40 [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] C:\WINDOWS\system32\drivers\processr.sys
11:03:28.0093 0x0d40 C:\WINDOWS\system32\drivers\processr.sys - ok
11:03:28.0156 0x0d40 [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] C:\WINDOWS\system32\drivers\wmiacpi.sys
11:03:28.0156 0x0d40 C:\WINDOWS\system32\drivers\wmiacpi.sys - ok
11:03:28.0187 0x0d40 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] C:\WINDOWS\system32\drivers\i8042prt.sys
11:03:28.0187 0x0d40 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
11:03:28.0203 0x0d40 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] C:\WINDOWS\system32\drivers\kbdclass.sys
11:03:28.0203 0x0d40 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
11:03:28.0218 0x0d40 [ 6DF35CA139C3BC15CC74390ABB114EFE, 5401724E49243625C43B3F9032E592EF43605C2510E809C1D318A7792AB9FBBA ] C:\WINDOWS\system32\drivers\usbport.sys
11:03:28.0218 0x0d40 C:\WINDOWS\system32\drivers\usbport.sys - ok
11:03:28.0250 0x0d40 [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] C:\WINDOWS\system32\drivers\usbohci.sys
11:03:28.0250 0x0d40 C:\WINDOWS\system32\drivers\usbohci.sys - ok
11:03:28.0265 0x0d40 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] C:\WINDOWS\system32\drivers\usbehci.sys
11:03:28.0265 0x0d40 C:\WINDOWS\system32\drivers\usbehci.sys - ok
11:03:28.0281 0x0d40 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] C:\WINDOWS\system32\drivers\hdaudbus.sys
11:03:28.0281 0x0d40 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
11:03:28.0296 0x0d40 [ F0C9DED56439020A56FEC577E1151C52, C548CF128732A100C73AAF50B80A32E8593A72312EBC1C824840895542BBF4B0 ] C:\WINDOWS\system32\drivers\nvnrm.sys
11:03:28.0296 0x0d40 C:\WINDOWS\system32\drivers\nvnrm.sys - ok
11:03:28.0296 0x0d40 [ 57CBDB934FB1AFB7E03B413D151A6152, 2FC08150CB2F16EEE906E07E1462D2289E0E4CE56331F2AA9DD96392D8A9D670 ] C:\WINDOWS\system32\drivers\nvnetbus.sys
11:03:28.0296 0x0d40 C:\WINDOWS\system32\drivers\nvnetbus.sys - ok
11:03:28.0312 0x0d40 [ 4B0A100EAF5C49EF3CCA8C641431EACC, 88D9C066FFB863910EE1863CE63D38846ACA2DF72D6B5FDFCE0F3379A6DA5EF9 ] C:\WINDOWS\system32\drivers\cdrom.sys
11:03:28.0312 0x0d40 C:\WINDOWS\system32\drivers\cdrom.sys - ok
11:03:28.0343 0x0d40 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] C:\WINDOWS\system32\drivers\imapi.sys
11:03:28.0343 0x0d40 C:\WINDOWS\system32\drivers\imapi.sys - ok
11:03:28.0343 0x0d40 [ 0753515F78DF7F271A5E61C20BCD36A1, A8D600CD0C592DFB875DE2D4F1AEDB207B80A43CF724051B6552BB6E539E9AFC ] C:\WINDOWS\system32\drivers\ks.sys
11:03:28.0343 0x0d40 C:\WINDOWS\system32\drivers\ks.sys - ok
11:03:28.0359 0x0d40 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] C:\WINDOWS\system32\drivers\redbook.sys
11:03:28.0359 0x0d40 C:\WINDOWS\system32\drivers\redbook.sys - ok
11:03:28.0375 0x0d40 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
11:03:28.0375 0x0d40 C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - ok
11:03:28.0406 0x0d40 [ 04FE5EF6ED4818EC4839EA5C611A6310, 666479AF6789FC5DF2EA8D4B6216FDA9A4998D252F95BD003619D9376B1DC9E7 ] C:\WINDOWS\system32\drivers\usbd.sys
11:03:28.0406 0x0d40 C:\WINDOWS\system32\drivers\usbd.sys - ok
11:03:28.0421 0x0d40 [ BAF68DCBA949633DF0C16D37AF2A2351, 85BE7F87685BF3BF1B8CE8CD79A9DA44E3B611F712A5C1EDA6AF45EE1A933C0B ] C:\WINDOWS\system32\drivers\AGRSM.sys
11:03:28.0421 0x0d40 C:\WINDOWS\system32\drivers\AGRSM.sys - ok
11:03:28.0437 0x0d40 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] C:\WINDOWS\system32\drivers\modem.sys
11:03:28.0437 0x0d40 C:\WINDOWS\system32\drivers\modem.sys - ok
11:03:28.0453 0x0d40 [ E28726B72C46821A28830E077D39A55B, 66BE8A1055544C8CEBB7125726C1C306A026F3A1764589FCDDF3792076AF891F ] C:\WINDOWS\system32\drivers\videoprt.sys
11:03:28.0453 0x0d40 C:\WINDOWS\system32\drivers\videoprt.sys - ok
11:03:28.0468 0x0d40 [ 7C56F3FD65B2BDB315CA3605A5392D7B, 1C33B2723BBD958FE06D71B6AC5C54DF1F46491C292749FE0DB8577BF056A765 ] C:\WINDOWS\system32\drivers\nv4_mini.sys
11:03:28.0468 0x0d40 C:\WINDOWS\system32\drivers\nv4_mini.sys - ok
11:03:28.0468 0x0d40 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] C:\WINDOWS\system32\drivers\audstub.sys
11:03:28.0468 0x0d40 C:\WINDOWS\system32\drivers\audstub.sys - ok
11:03:28.0484 0x0d40 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] C:\WINDOWS\system32\drivers\ndistapi.sys
11:03:28.0484 0x0d40 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
11:03:28.0546 0x0d40 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] C:\WINDOWS\system32\drivers\rasl2tp.sys
11:03:28.0546 0x0d40 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
11:03:28.0625 0x0d40 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] C:\WINDOWS\system32\drivers\ndiswan.sys
11:03:28.0625 0x0d40 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
11:03:28.0656 0x0d40 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] C:\WINDOWS\system32\drivers\raspppoe.sys
11:03:28.0656 0x0d40 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
11:03:28.0687 0x0d40 [ 0539D5E53587F82D1B4FD74C5BE205CF, 9C578FC46AC3B8260258B83C89A33C3D7990B365D7708AEF2296CD235C7D301A ] C:\WINDOWS\system32\drivers\tdi.sys
11:03:28.0687 0x0d40 C:\WINDOWS\system32\drivers\tdi.sys - ok
11:03:28.0718 0x0d40 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] C:\WINDOWS\system32\drivers\raspptp.sys
11:03:28.0718 0x0d40 C:\WINDOWS\system32\drivers\raspptp.sys - ok
11:03:28.0750 0x0d40 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] C:\WINDOWS\system32\drivers\msgpc.sys
11:03:28.0750 0x0d40 C:\WINDOWS\system32\drivers\msgpc.sys - ok
11:03:28.0765 0x0d40 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] C:\WINDOWS\system32\drivers\psched.sys
11:03:28.0765 0x0d40 C:\WINDOWS\system32\drivers\psched.sys - ok
11:03:28.0796 0x0d40 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] C:\WINDOWS\system32\drivers\ptilink.sys
11:03:28.0796 0x0d40 C:\WINDOWS\system32\drivers\ptilink.sys - ok
11:03:28.0812 0x0d40 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] C:\WINDOWS\system32\drivers\raspti.sys
11:03:28.0812 0x0d40 C:\WINDOWS\system32\drivers\raspti.sys - ok
11:03:28.0875 0x0d40 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] C:\WINDOWS\system32\drivers\mouclass.sys
11:03:28.0875 0x0d40 C:\WINDOWS\system32\drivers\mouclass.sys - ok
11:03:28.0890 0x0d40 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] C:\WINDOWS\system32\drivers\termdd.sys
11:03:28.0890 0x0d40 C:\WINDOWS\system32\drivers\termdd.sys - ok
11:03:28.0921 0x0d40 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] C:\WINDOWS\system32\drivers\swenum.sys
11:03:28.0921 0x0d40 C:\WINDOWS\system32\drivers\swenum.sys - ok
11:03:29.0000 0x0d40 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] C:\WINDOWS\system32\drivers\update.sys
11:03:29.0000 0x0d40 C:\WINDOWS\system32\drivers\update.sys - ok
11:03:29.0015 0x0d40 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] C:\WINDOWS\system32\drivers\mssmbios.sys
11:03:29.0015 0x0d40 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
11:03:29.0031 0x0d40 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] C:\WINDOWS\system32\drivers\ndproxy.sys
11:03:29.0031 0x0d40 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
11:03:29.0078 0x0d40 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] C:\WINDOWS\system32\drivers\usbhub.sys
11:03:29.0078 0x0d40 C:\WINDOWS\system32\drivers\usbhub.sys - ok
11:03:29.0140 0x0d40 [ 6CB08593487F5701D2D2254E693EAFCE, 0518A1FC540C036E6864DA8C01CADE043D4F897D7FCF8C61352865131DEB7414 ] C:\WINDOWS\system32\drivers\drmk.sys
11:03:29.0140 0x0d40 C:\WINDOWS\system32\drivers\drmk.sys - ok
11:03:29.0171 0x0d40 [ E82A496C3961EFC6828B508C310CE98F, E142A0809525B34A376B3063B07B8822930056BBCB886B7CF1D7585BCEC371A0 ] C:\WINDOWS\system32\drivers\portcls.sys
11:03:29.0171 0x0d40 C:\WINDOWS\system32\drivers\portcls.sys - ok
11:03:29.0203 0x0d40 [ 19AFBB8427CE65042599555E578170DF, 2EC8FA208CF3DD93934B85E1DB99469D390A33CC23D4F2D4ADB523C8BFFF8D10 ] C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:03:29.0203 0x0d40 C:\WINDOWS\system32\drivers\RtkHDAud.sys - ok
11:03:29.0234 0x0d40 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] C:\WINDOWS\system32\drivers\fdc.sys
11:03:29.0234 0x0d40 C:\WINDOWS\system32\drivers\fdc.sys - ok
11:03:29.0250 0x0d40 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] C:\WINDOWS\system32\drivers\flpydisk.sys
11:03:29.0250 0x0d40 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
11:03:29.0265 0x0d40 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] C:\WINDOWS\system32\drivers\sfloppy.sys
11:03:29.0265 0x0d40 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
11:03:29.0296 0x0d40 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] C:\WINDOWS\system32\drivers\cdaudio.sys
11:03:29.0296 0x0d40 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
11:03:29.0312 0x0d40 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] C:\WINDOWS\system32\drivers\fs_rec.sys
11:03:29.0312 0x0d40 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
11:03:29.0421 0x0d40 [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] C:\WINDOWS\system32\drivers\i2omgmt.sys
11:03:29.0421 0x0d40 C:\WINDOWS\system32\drivers\i2omgmt.sys - ok
11:03:29.0562 0x0d40 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] C:\WINDOWS\system32\drivers\beep.sys
11:03:29.0562 0x0d40 C:\WINDOWS\system32\drivers\beep.sys - ok
11:03:29.0593 0x0d40 [ C569EF030B11F896E123A30AC92678DB, F851E99B968BBAB82E3B0D1D2F985AEE1EAD10C3BBACDD02BAB2ACEE57CB048A ] C:\WINDOWS\system32\drivers\hidparse.sys
11:03:29.0593 0x0d40 C:\WINDOWS\system32\drivers\hidparse.sys - ok
11:03:29.0640 0x0d40 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] C:\WINDOWS\system32\drivers\kbdhid.sys
11:03:29.0640 0x0d40 C:\WINDOWS\system32\drivers\kbdhid.sys - ok
11:03:29.0656 0x0d40 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] C:\WINDOWS\system32\drivers\vga.sys
11:03:29.0656 0x0d40 C:\WINDOWS\system32\drivers\vga.sys - ok
11:03:29.0687 0x0d40 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] C:\WINDOWS\system32\drivers\mnmdd.sys
11:03:29.0687 0x0d40 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
11:03:29.0718 0x0d40 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] C:\WINDOWS\system32\drivers\msfs.sys
11:03:29.0718 0x0d40 C:\WINDOWS\system32\drivers\msfs.sys - ok
11:03:29.0734 0x0d40 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] C:\WINDOWS\system32\drivers\rdpcdd.sys
11:03:29.0734 0x0d40 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
11:03:29.0796 0x0d40 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] C:\WINDOWS\system32\drivers\npfs.sys
11:03:29.0796 0x0d40 C:\WINDOWS\system32\drivers\npfs.sys - ok
11:03:29.0828 0x0d40 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] C:\WINDOWS\system32\drivers\rasacd.sys
11:03:29.0828 0x0d40 C:\WINDOWS\system32\drivers\rasacd.sys - ok
11:03:29.0843 0x0d40 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] C:\WINDOWS\system32\drivers\ipsec.sys
11:03:29.0843 0x0d40 C:\WINDOWS\system32\drivers\ipsec.sys - ok
11:03:29.0906 0x0d40 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] C:\WINDOWS\system32\drivers\tcpip.sys
11:03:29.0906 0x0d40 C:\WINDOWS\system32\drivers\tcpip.sys - ok
11:03:30.0031 0x0d40 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] C:\WINDOWS\system32\drivers\netbt.sys
11:03:30.0031 0x0d40 C:\WINDOWS\system32\drivers\netbt.sys - ok
11:03:30.0062 0x0d40 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] C:\WINDOWS\system32\drivers\ipnat.sys
11:03:30.0062 0x0d40 C:\WINDOWS\system32\drivers\ipnat.sys - ok
11:03:30.0171 0x0d40 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
11:03:30.0171 0x0d40 C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
11:03:30.0437 0x0d40 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] C:\WINDOWS\system32\drivers\afd.sys
11:03:30.0437 0x0d40 C:\WINDOWS\system32\drivers\afd.sys - ok
11:03:30.0453 0x0d40 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] C:\WINDOWS\system32\drivers\netbios.sys
11:03:30.0453 0x0d40 C:\WINDOWS\system32\drivers\netbios.sys - ok
11:03:30.0578 0x0d40 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] C:\WINDOWS\system32\drivers\rdbss.sys
11:03:30.0578 0x0d40 C:\WINDOWS\system32\drivers\rdbss.sys - ok
11:03:30.0687 0x0d40 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] C:\WINDOWS\system32\drivers\wanarp.sys
11:03:30.0687 0x0d40 C:\WINDOWS\system32\drivers\wanarp.sys - ok
11:03:30.0703 0x0d40 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
11:03:30.0703 0x0d40 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
11:03:30.0765 0x0d40 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] C:\WINDOWS\system32\drivers\fips.sys
11:03:30.0765 0x0d40 C:\WINDOWS\system32\drivers\fips.sys - ok
11:03:30.0859 0x0d40 [ B0CC0B50441372157F31C4C023D43A3E, A0FCC03588C06E42D3B8465AC7D0F7A909E8CABEEE3C82B3CBD68F150D7692EE ] C:\EEK\bin\a2ddax86.sys
11:03:30.0859 0x0d40 C:\EEK\bin\a2ddax86.sys - ok
11:03:31.0078 0x0d40 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] C:\WINDOWS\system32\drivers\usbccgp.sys
11:03:31.0078 0x0d40 C:\WINDOWS\system32\drivers\usbccgp.sys - ok
11:03:31.0234 0x0d40 [ 5F816C1F539266D2D4C78694239DA0B5, 10BFCCF4EFFC3813A563D528DC5464827BEF10AE21D6B9C1138930228E7047D1 ] C:\WINDOWS\system32\smss.exe
11:03:31.0234 0x0d40 C:\WINDOWS\system32\smss.exe - ok
11:03:31.0281 0x0d40 [ F8F0D25CA553E39DDE485D8FC7FCCE89, 54DF909101AAEC63234A5C33B51D6689FEF58B943942BFFA9606864F43EC1085 ] C:\WINDOWS\system32\ntdll.dll
11:03:31.0281 0x0d40 C:\WINDOWS\system32\ntdll.dll - ok
11:03:31.0406 0x0d40 [ 23043C91A0F9DFB4B9E9F87B680863B4, 318A6F6DB4A1EDE7D3758E324350EA852449ABD2A7BB77004FBC403CF9FFB08B ] C:\WINDOWS\system32\autochk.exe
11:03:31.0406 0x0d40 C:\WINDOWS\system32\autochk.exe - ok
11:03:31.0453 0x0d40 [ 9DD07AF82244867CA36681EA2D29CE79, 84926A50CB38C322D1CDFD4C0D5F8FFE3B2EF3080B3401F5D5AE8CBD0A719685 ] C:\WINDOWS\system32\sfcfiles.dll
11:03:31.0453 0x0d40 C:\WINDOWS\system32\sfcfiles.dll - ok
11:03:31.0531 0x0d40 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] C:\WINDOWS\system32\drivers\cdfs.sys
11:03:31.0531 0x0d40 C:\WINDOWS\system32\drivers\cdfs.sys - ok
11:03:31.0718 0x0d40 [ 84BEAF4A13A36CB9BB0663DF9089CEA2, FAD68F354491E90C81854815A363174440893729856032DB6B6254BEB1A1F856 ] C:\WINDOWS\system32\drivers\Drt2870.sys
11:03:31.0718 0x0d40 C:\WINDOWS\system32\drivers\Drt2870.sys - ok
11:03:31.0781 0x0d40 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] C:\WINDOWS\system32\drivers\USBSTOR.SYS
11:03:31.0781 0x0d40 C:\WINDOWS\system32\drivers\USBSTOR.SYS - ok
11:03:31.0906 0x0d40 [ 1AF592532532A402ED7C060F6954004F, 84A55432A7FBBD1B84FF8DD1BD84266747E4A88297BDAA84AAD12F13B848BFF2 ] C:\WINDOWS\system32\drivers\hidclass.sys
11:03:31.0906 0x0d40 C:\WINDOWS\system32\drivers\hidclass.sys - ok
11:03:31.0921 0x0d40 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] C:\WINDOWS\system32\drivers\hidusb.sys
11:03:31.0921 0x0d40 C:\WINDOWS\system32\drivers\hidusb.sys - ok
11:03:31.0937 0x0d40 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] C:\WINDOWS\system32\drivers\usbscan.sys
11:03:31.0937 0x0d40 C:\WINDOWS\system32\drivers\usbscan.sys - ok
11:03:31.0953 0x0d40 [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] C:\WINDOWS\system32\drivers\HPZius12.sys
11:03:31.0953 0x0d40 C:\WINDOWS\system32\drivers\HPZius12.sys - ok
11:03:32.0000 0x0d40 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] C:\WINDOWS\system32\drivers\usbprint.sys
11:03:32.0000 0x0d40 C:\WINDOWS\system32\drivers\usbprint.sys - ok
11:03:32.0062 0x0d40 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] C:\WINDOWS\system32\drivers\mouhid.sys
11:03:32.0062 0x0d40 C:\WINDOWS\system32\drivers\mouhid.sys - ok
11:03:32.0156 0x0d40 [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] C:\WINDOWS\system32\drivers\HPZid412.sys
11:03:32.0156 0x0d40 C:\WINDOWS\system32\drivers\HPZid412.sys - ok
11:03:32.0187 0x0d40 [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] C:\WINDOWS\system32\drivers\HPZipr12.sys
11:03:32.0187 0x0d40 C:\WINDOWS\system32\drivers\HPZipr12.sys - ok
11:03:32.0203 0x0d40 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] C:\WINDOWS\system32\drivers\atapi.sys
11:03:32.0203 0x0d40 C:\WINDOWS\system32\drivers\atapi.sys - ok
11:03:32.0218 0x0d40 [ 2F31B7F954BED437F2C75026C65CAF7B, 1F8D6CBB01AD403BC89D1E987012E2F63CDFD9C49F402F358B64B31C13E4DD14 ] C:\WINDOWS\system32\drivers\wmilib.sys
11:03:32.0218 0x0d40 C:\WINDOWS\system32\drivers\wmilib.sys - ok
11:03:32.0281 0x0d40 [ FE97D0343ACFDEBDD578FC67CC91FA87, FE26FBA13079189EF96A1C994036EA472A4BF34FA14C163C693AD481BF31E676 ] C:\WINDOWS\system32\drivers\dxapi.sys
11:03:32.0281 0x0d40 C:\WINDOWS\system32\drivers\dxapi.sys - ok
11:03:32.0312 0x0d40 [ 9A10AACBFDC4922715375FB4065EC930, E407953587C04F75DDB163420A5121FF520D31F74753D452E316042C42D360CF ] C:\WINDOWS\system32\watchdog.sys
11:03:32.0312 0x0d40 C:\WINDOWS\system32\watchdog.sys - ok
11:03:32.0343 0x0d40 [ 80AAA73D56272FD54DC6DE8643D10E9F, 0DC91699D5AF322C78AF7783CF3D55A1F561219EE32DC8DA186F2255704D52FC ] C:\WINDOWS\system32\win32k.sys
11:03:32.0343 0x0d40 C:\WINDOWS\system32\win32k.sys - ok
11:03:32.0375 0x0d40 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
11:03:32.0375 0x0d40 C:\WINDOWS\system32\basesrv.dll - ok
11:03:32.0390 0x0d40 [ DD40363ABAD230A84C5E2178B11EFA88, E4B406C0B10686CF245EC0053A03424CE1FB8AC7FB3545525F13BB3BC5086FF1 ] C:\WINDOWS\system32\csrsrv.dll
11:03:32.0390 0x0d40 C:\WINDOWS\system32\csrsrv.dll - ok
11:03:32.0484 0x0d40 [ 44F275C64738EA2056E3D9580C23B60F, 5D4B7306E71A44440E7F0B32A373AEC120C01B69F87756589E39EB85C40CD742 ] C:\WINDOWS\system32\csrss.exe
11:03:32.0484 0x0d40 C:\WINDOWS\system32\csrss.exe - ok
11:03:32.0500 0x0d40 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
11:03:32.0500 0x0d40 C:\WINDOWS\system32\winsrv.dll - ok
11:03:32.0578 0x0d40 [ AFFE0B7126A86603D3F49A19A5B7DC46, 63C91B4726F583C1DC1B3F26CC8DC39C519401CF0005F223EE17A363BDBEA22F ] C:\WINDOWS\system32\gdi32.dll
11:03:32.0578 0x0d40 C:\WINDOWS\system32\gdi32.dll - ok
11:03:32.0609 0x0d40 [ 4A45B692D2BAA74124DF57472D5EA2F1, DFC6B595BBADFEF4930CCCF48E9FE55551CF0891571257E3E0A0DE328077A89B ] C:\WINDOWS\system32\kernel32.dll
11:03:32.0609 0x0d40 C:\WINDOWS\system32\kernel32.dll - ok
11:03:32.0640 0x0d40 [ B26B135FF1B9F60C9388B4A7D16F600B, ACD0AE7B4D5F871E148276C6CC4AE3A216E33F67FC78D827C16986E1F945438C ] C:\WINDOWS\system32\user32.dll
11:03:32.0640 0x0d40 C:\WINDOWS\system32\user32.dll - ok
11:03:32.0671 0x0d40 [ 012DF358CEBAA23ACB26D82077820817, FEDD177BD4F0EB589E23AEE20FA9492FA4824478B34B46377C43E3A12F8A96D8 ] C:\WINDOWS\system32\lpk.dll
11:03:32.0671 0x0d40 C:\WINDOWS\system32\lpk.dll - ok
11:03:32.0718 0x0d40 [ 1D845821F5ADB076831DE4C2818F858B, 5F1F18042E6B16BC149F2B0F22ECE3D3668E846C843F016D33C9E6C60E2D64C6 ] C:\WINDOWS\system32\usp10.dll
11:03:32.0718 0x0d40 C:\WINDOWS\system32\usp10.dll - ok
11:03:32.0734 0x0d40 [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] C:\WINDOWS\system32\advapi32.dll
11:03:32.0734 0x0d40 C:\WINDOWS\system32\advapi32.dll - ok
11:03:32.0750 0x0d40 [ 44C164B34A72F29087ECA32411F2ED44, 112761CCEFE8F4B936AC58FF1F13589C0DBA3BE1AC348584D874B65DAB1EDED6 ] C:\WINDOWS\system32\rpcrt4.dll
11:03:32.0750 0x0d40 C:\WINDOWS\system32\rpcrt4.dll - ok
11:03:32.0781 0x0d40 [ 5357826C8A8DD6A07F17C48BB45BE46E, E081B04F8C8A31951A0ADEC889E6CA4DEED5FF738446D5A5614B11B113000BCA ] C:\WINDOWS\system32\secur32.dll
11:03:32.0781 0x0d40 C:\WINDOWS\system32\secur32.dll - ok
11:03:32.0812 0x0d40 [ AC7280566A7BB85CB3291F04DDC1198E, 7640BC4C28B5D5167A10C4B0DA0FC8C7A255334D4BA11FD3E28A697A5B58583C ] C:\WINDOWS\system32\drivers\dxg.sys
11:03:32.0812 0x0d40 C:\WINDOWS\system32\drivers\dxg.sys - ok
11:03:32.0828 0x0d40 [ A73F5D6705B1D820C19B18782E176EFD, C36486504C3A596FDCA487143F6D3B43C0BEE01321F6F1F3071976556533C419 ] C:\WINDOWS\system32\drivers\dxgthk.sys
11:03:32.0828 0x0d40 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
11:03:32.0859 0x0d40 [ 02EF59B043D03C5A75B66B75520CBEDF, 59F1C09971664004290F00DC02C7A0760BC07F2457B4A200ADACD490A1E6D324 ] C:\WINDOWS\system32\nv4_disp.dll
11:03:32.0859 0x0d40 C:\WINDOWS\system32\nv4_disp.dll - ok
11:03:32.0890 0x0d40 [ ECB7591870F8BFB1A4C17B718AD5A4AA, 67E8D218F107F78F9C62999F560E47AEC799E4B4DC4AB3EBC0DC61670BFE3E3D ] C:\WINDOWS\system32\vga.dll
11:03:32.0890 0x0d40 C:\WINDOWS\system32\vga.dll - ok
11:03:32.0906 0x0d40 [ ED0EF0A136DEC83DF69F04118870003E, 45377CB8E9F0120F836FC8261C711F7DBF7199117AFB3652EBF100D5F0429B1E ] C:\WINDOWS\system32\winlogon.exe
11:03:32.0906 0x0d40 C:\WINDOWS\system32\winlogon.exe - ok
11:03:32.0953 0x0d40 [ 714705F29A917993536A6AB2DEDB0B7F, 5C3EA97044A7AF8027000DFA40901C0097EC935A7149C0A46AA2C6A2F9FD6CC1 ] C:\WINDOWS\system32\authz.dll
11:03:32.0953 0x0d40 C:\WINDOWS\system32\authz.dll - ok
11:03:33.0000 0x0d40 [ 355EDBB4D412B01F1740C17E3F50FA00, 8619D345C864CD8EA704EFAA0A391F5F31AA56BB6D30F62FC60F465873CC1BF9 ] C:\WINDOWS\system32\msvcrt.dll
11:03:33.0000 0x0d40 C:\WINDOWS\system32\msvcrt.dll - ok
11:03:33.0078 0x0d40 [ 636DF3FF20A1B69B3F9D21325E7115C7, 6B38CF96E92273995F40B6D7029D20B4041342D6EDD5B6CA73967A401823D4F5 ] C:\WINDOWS\system32\crypt32.dll
11:03:33.0078 0x0d40 C:\WINDOWS\system32\crypt32.dll - ok
11:03:33.0234 0x0d40 [ 04D898830DF96A17A20FD35D7590F87E, 09C75D1D434FF6BBE9B3F5E0A8E63944ACB34E364C4A89676DED2204DBD1AEF5 ] C:\WINDOWS\system32\msasn1.dll
11:03:33.0234 0x0d40 C:\WINDOWS\system32\msasn1.dll - ok
11:03:33.0296 0x0d40 [ 013C1148C1EC025596896E093F60F608, E19D20E0852372ED7DA66939E995F8F7ECC52ED5B650E8B833944788C0A34F61 ] C:\WINDOWS\system32\nddeapi.dll
11:03:33.0296 0x0d40 C:\WINDOWS\system32\nddeapi.dll - ok
11:03:33.0328 0x0d40 [ CAC752BF84DB4666ED3CE0948E6EA937, C84F9D57C076DE6ACC1720B66147D0CA963C65714593FAFD7FB1FE1F01CC464B ] C:\WINDOWS\system32\netapi32.dll
11:03:33.0328 0x0d40 C:\WINDOWS\system32\netapi32.dll - ok
11:03:33.0359 0x0d40 [ FCFA1C55971CC229D353B3A15ACCD995, 6C21D6EAD676AF8C100666261CE7AA5AA86671883B78092AD61008234C96BBBA ] C:\WINDOWS\system32\profmap.dll
11:03:33.0359 0x0d40 C:\WINDOWS\system32\profmap.dll - ok
11:03:33.0390 0x0d40 [ 43D13C80EBEC0135A3611E0F616F179B, 9C5409ECBD2C3B89C80F0A59B96220178E790A7D78967C6281D56EB1965E9ECD ] C:\WINDOWS\system32\userenv.dll
11:03:33.0390 0x0d40 C:\WINDOWS\system32\userenv.dll - ok
11:03:33.0437 0x0d40 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31, CC0A76B55B38183B8C6141C290D1858A9D118333C804784AB305FE76A0FCE775 ] C:\WINDOWS\system32\psapi.dll
11:03:33.0437 0x0d40 C:\WINDOWS\system32\psapi.dll - ok
11:03:33.0500 0x0d40 [ AF11C591F2F4AFF4A6CF699D376F618B, B61C0D1944D5D8F536AB5422017C99773BD89EA59784969E4F8F269BF9EF57C3 ] C:\WINDOWS\system32\regapi.dll
11:03:33.0500 0x0d40 C:\WINDOWS\system32\regapi.dll - ok
11:03:33.0546 0x0d40 [ 24192246760E0E64435522E246B1D6C2, B1C5A16A73250DEA900FF6ECE71F604E2411B4FDFD497564BEB7D867A75640BF ] C:\WINDOWS\system32\setupapi.dll
11:03:33.0546 0x0d40 C:\WINDOWS\system32\setupapi.dll - ok
11:03:33.0578 0x0d40 [ C7CE131408739B0B3A318BE2D0032719, CAEEED45F6BAB22F611B2200DC91E68426F169F5646247893CF3AC7EFDDD07B8 ] C:\WINDOWS\system32\version.dll
11:03:33.0578 0x0d40 C:\WINDOWS\system32\version.dll - ok
11:03:33.0593 0x0d40 [ 430CEB794F6E6EF8AC86958C242366D6, 48066566EDC18654095EAD7F4449CD42B44AD758465A6B36A42B489F32C7E64B ] C:\WINDOWS\system32\winsta.dll
11:03:33.0593 0x0d40 C:\WINDOWS\system32\winsta.dll - ok
11:03:33.0625 0x0d40 [ D458B738B4C2CE33174CFB2CE12412DB, C8FCA4B1BE8358B1F14BB25F39899A18804133544701DFCF40E8782C2487C912 ] C:\WINDOWS\system32\wintrust.dll
11:03:33.0625 0x0d40 C:\WINDOWS\system32\wintrust.dll - ok
11:03:33.0703 0x0d40 [ 16E916243BDDBAF44D98E623B2D0CEAD, A1C56AC378EDA9ACBE73342BEE0897E028BDD368288552108FC77A7AA1478690 ] C:\WINDOWS\system32\imagehlp.dll
11:03:33.0703 0x0d40 C:\WINDOWS\system32\imagehlp.dll - ok
11:03:33.0750 0x0d40 [ 2CCC474EB85CEAA3E1FA1726580A3E5A, 6E99D2FB4997E54E8B1B7D769CF2C0FAE296A6441DC39984850EA26BFEB7E500 ] C:\WINDOWS\system32\ws2_32.dll
11:03:33.0750 0x0d40 C:\WINDOWS\system32\ws2_32.dll - ok
11:03:33.0781 0x0d40 [ 0DA85218E92526972A821587E6A8BF8F, 9377F61D4B10974D5962E03F54BB89C8F804883245D61C670E51228AFE4559EB ] C:\WINDOWS\system32\imm32.dll
11:03:33.0781 0x0d40 C:\WINDOWS\system32\imm32.dll - ok
11:03:33.0796 0x0d40 [ 9789E95E1D88EEB4B922BF3EA7779C28, 2D17FD78E71BDB5D51B69DE6B36D7481A7AA3C61EA7636CD71638AF501883A91 ] C:\WINDOWS\system32\ws2help.dll
11:03:33.0796 0x0d40 C:\WINDOWS\system32\ws2help.dll - ok
11:03:33.0828 0x0d40 [ 56C5B179FE3308B655EB6208C3256FEC, C70BCE54E5DF47D37C835804EAAEC7C06C1A226EFA2003226BE290D1D552126F ] C:\WINDOWS\system32\kbdus.dll
11:03:33.0828 0x0d40 C:\WINDOWS\system32\kbdus.dll - ok
11:03:33.0937 0x0d40 [ D7B7A57C0E57C836F18CF12A4C62A1CA, 651B16027B4F4B0ED2F827E32B7E66188CDB023DB8C7B1A9A1A44063FB35B9DE ] C:\WINDOWS\system32\msgina.dll
11:03:33.0937 0x0d40 C:\WINDOWS\system32\msgina.dll - ok
11:03:34.0015 0x0d40 [ 93AFB83FBC1F9443CAC722FCA63D73BF, 853C4A03A153F232E5CAF219F7FD732CB82CB62171F077DE737B32169F7832AB ] C:\WINDOWS\system32\comctl32.dll
11:03:34.0015 0x0d40 C:\WINDOWS\system32\comctl32.dll - ok
11:03:34.0093 0x0d40 [ 40B0F98BAD16AD5DEF894E88C3EF8014, 916B7BFC23BB5A3F757160BCF2013A8260D9382EFDE6AADAFC4D297828C71003 ] C:\WINDOWS\system32\odbc32.dll
11:03:34.0093 0x0d40 C:\WINDOWS\system32\odbc32.dll - ok
11:03:34.0203 0x0d40 [ 86987A5000DFA3EBE2275C0456BCF2FE, 31B699E8FD11DD59ADBAE56650C1B7AE80484091B3B6D9015A95F590E2C3EB05 ] C:\WINDOWS\system32\comdlg32.dll
11:03:34.0203 0x0d40 C:\WINDOWS\system32\comdlg32.dll - ok
11:03:34.0250 0x0d40 [ 6843D54BC4A40CC8C5741AF750233D10, D998B54B7D23A986DD14D8BC56169A10EE43267F4F1914FBDD55B6B028993FAC ] C:\WINDOWS\system32\shell32.dll
11:03:34.0250 0x0d40 C:\WINDOWS\system32\shell32.dll - ok
11:03:34.0281 0x0d40 [ C448A248B743F5FB935C787A5D97268B, 26E88FF449F938B218FAED6D8F3F095577216A29D656D17ACEA7F6C16E638BED ] C:\WINDOWS\system32\shlwapi.dll
11:03:34.0281 0x0d40 C:\WINDOWS\system32\shlwapi.dll - ok
11:03:34.0406 0x0d40 [ 694503348B586E99D56C0E30AB5B3EF8, 53A0C2604574058F1520D8F0805F1247B15BB0E00A5B5BAFE027C702D55E5076 ] C:\WINDOWS\system32\sxs.dll
11:03:34.0406 0x0d40 C:\WINDOWS\system32\sxs.dll - ok
11:03:34.0468 0x0d40 [ 736B12B725AEB2B07F0241A9F680CB10, 9EF1406CAEE256117DA8C8904BCB20FB8F9421F02F812B4DC2CE1F16D2B315F2 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
11:03:34.0468 0x0d40 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
11:03:34.0515 0x0d40 [ 6B7C6B32F8E84D56C6260D684019FEA2, A10B4D413452D95B6B4087838F2FCE0B9F42D8C0CBE7A91DC080AE1163FB6D1A ] C:\WINDOWS\system32\odbcint.dll
11:03:34.0515 0x0d40 C:\WINDOWS\system32\odbcint.dll - ok
11:03:34.0562 0x0d40 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] C:\WINDOWS\system32\shsvcs.dll
11:03:34.0562 0x0d40 C:\WINDOWS\system32\shsvcs.dll - ok
11:03:34.0609 0x0d40 [ 96E1C926F22EE1BFBAE82901A35F6BF3, 95568F138216FFADCFC4BAE8A12825FFE53F2EA04C5CAC2AD10F65FC0C4E3CDB ] C:\WINDOWS\system32\sfc.dll
11:03:34.0609 0x0d40 C:\WINDOWS\system32\sfc.dll - ok
11:03:34.0671 0x0d40 [ 6B5DB6789177A4FD0DEBC248041D0739, 3E3239C3613CCBB9EE2539D78BC745ED19134E1D3BED88C3D5273796FA2507DA ] C:\WINDOWS\system32\sfc_os.dll
11:03:34.0671 0x0d40 C:\WINDOWS\system32\sfc_os.dll - ok
11:03:34.0765 0x0d40 [ 59B408E5B8489B0B36A0D783D150EDCC, CB234B25502B0CE0C1E6CFA883FDDF64DAB7A6E50A6AD36CAB3B30A7C872B403 ] C:\WINDOWS\system32\ole32.dll
11:03:34.0765 0x0d40 C:\WINDOWS\system32\ole32.dll - ok
11:03:35.0031 0x0d40 [ CF492D7E9AF1C628B3536D20EF6F5CC7, 3D7A5A5D6B804C0A3F3E7256B3AC19397567700271CABCD7C4C8B51565958BC8 ] C:\WINDOWS\system32\apphelp.dll
11:03:35.0031 0x0d40 C:\WINDOWS\system32\apphelp.dll - ok
11:03:35.0125 0x0d40 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] C:\WINDOWS\system32\lsass.exe
11:03:35.0125 0x0d40 C:\WINDOWS\system32\lsass.exe - ok
11:03:35.0187 0x0d40 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
11:03:35.0187 0x0d40 C:\WINDOWS\system32\services.exe - ok
11:03:35.0203 0x0d40 [ BD31DC6DBE9333C4FBD4BDF0899F2160, 545D83178CCD74C68B72C607201EF9E1C8A5FC26A08288F8D3A77106964D1034 ] C:\WINDOWS\system32\lsasrv.dll
11:03:35.0203 0x0d40 C:\WINDOWS\system32\lsasrv.dll - ok
11:03:35.0343 0x0d40 [ EC29A79F1E76DC509E24D401F29D0678, 2CECCD7CE806152F6DD1A6812C7DAEC46FB197E63D14414808D713C829EE4260 ] C:\WINDOWS\system32\ncobjapi.dll
11:03:35.0343 0x0d40 C:\WINDOWS\system32\ncobjapi.dll - ok
11:03:35.0359 0x0d40 [ F404830F3CD9BF8F2515E489C0CDA297, 4FFFBBDD04B82623983B8B51E52E113EBF0E32E8328BFD3754B7A299E5673569 ] C:\WINDOWS\system32\msvcp60.dll
11:03:35.0359 0x0d40 C:\WINDOWS\system32\msvcp60.dll - ok
11:03:35.0390 0x0d40 [ DD7BD97FB8BD800963789158A5E4B41D, 4C265CB9AC1B8C398E625C1775A5AADD8A030D158B557E24F90CA57C0253FF0D ] C:\WINDOWS\system32\mpr.dll
11:03:35.0390 0x0d40 C:\WINDOWS\system32\mpr.dll - ok
11:03:35.0453 0x0d40 [ B24A42A413E694AD73FDFB7FBD492C31, 52411B5C714ED7FCFF3A120980EB75BF5A64E022303D3E717048E0E44F604AC0 ] C:\WINDOWS\system32\scesrv.dll
11:03:35.0453 0x0d40 C:\WINDOWS\system32\scesrv.dll - ok
11:03:35.0468 0x0d40 [ EC4C0D9BFD9F7E33F8B395AD54E13063, 18E60FF334376604F213F3323FAB81F392493496C6CA809FAD66BB8B0EEB3396 ] C:\WINDOWS\system32\ntdsapi.dll
11:03:35.0468 0x0d40 C:\WINDOWS\system32\ntdsapi.dll - ok
11:03:35.0500 0x0d40 [ 389496118B3B03C2328024AF320132AC, 11F85CA49596CE12B1F80B5BC059B6F5549FC09A43E2C47841A688F2ACEBB8B8 ] C:\WINDOWS\system32\dnsapi.dll
11:03:35.0500 0x0d40 C:\WINDOWS\system32\dnsapi.dll - ok
11:03:35.0515 0x0d40 [ 2EDFC2A8893435723AD80481803C6D5C, CD547E4749EE6466FD4F50CF2EAD37AD993C6BC89068BD51726869D5ADB2AF8E ] C:\WINDOWS\system32\umpnpmgr.dll
11:03:35.0531 0x0d40 C:\WINDOWS\system32\umpnpmgr.dll - ok
11:03:35.0578 0x0d40 [ 0492CF5870F0E616B0C71695A433D162, 47C9FB64A4CF3DF54F664B2B31A834ACF75B504650007E6201546C2D0E44D9C2 ] C:\WINDOWS\system32\wldap32.dll
11:03:35.0578 0x0d40 C:\WINDOWS\system32\wldap32.dll - ok
11:03:35.0609 0x0d40 [ 8329A39D5A402A75A74301D6A62ECDA1, 1947B2B19F2D0C690EC880B5A92F88903D78C6BB6EE47261B3D744B5A863D562 ] C:\WINDOWS\system32\samlib.dll
11:03:35.0609 0x0d40 C:\WINDOWS\system32\samlib.dll - ok
11:03:35.0640 0x0d40 [ F05B8CDB7FE0E55DCCFB1D946CE80064, E59BC2F25EBFF5F0CF459C9B8DEE882ADE227323F4768EBACFCC6784861BF260 ] C:\WINDOWS\system32\samsrv.dll
11:03:35.0640 0x0d40 C:\WINDOWS\system32\samsrv.dll - ok
11:03:35.0656 0x0d40 [ 1F03103598BD817B1078DAB1326DDE11, 0F0D19E67E25E9D2113920166B7326B46BACD22BA08476EC91D9C564AFC1FAF3 ] C:\WINDOWS\system32\shimeng.dll
11:03:35.0656 0x0d40 C:\WINDOWS\system32\shimeng.dll - ok
11:03:35.0671 0x0d40 [ EA9EE60B408878E5F2012F9C783836DB, 354A6660705759C0E767BCD7FB6F1B4371B74784A986431A626DF3793D0421EC ] C:\WINDOWS\AppPatch\AcAdProc.dll
11:03:35.0671 0x0d40 C:\WINDOWS\AppPatch\AcAdProc.dll - ok
11:03:35.0687 0x0d40 [ 17A1D675C12BBF80CAAC54A4855C41D0, F6185E42180218E932ADFFD63EF78EE8324B816BD57EA217322A46D1D2F47928 ] C:\WINDOWS\system32\cryptdll.dll
11:03:35.0687 0x0d40 C:\WINDOWS\system32\cryptdll.dll - ok
11:03:35.0750 0x0d40 [ 310C15FD8358B2C4CD7A5B98A112883F, CA656F066373B164A138032F5BF7EF68603EBDB0D49BD4663C99061F47F29085 ] C:\WINDOWS\AppPatch\AcGenral.dll
11:03:35.0750 0x0d40 C:\WINDOWS\AppPatch\AcGenral.dll - ok
11:03:35.0781 0x0d40 [ 4A953F13942867BA8FB41F141EC1B80C, BAE05A8CEDA4411324E38DB8A2153A988C6A3FAC8AD7CB27EE14E18FE7C47569 ] C:\WINDOWS\system32\winmm.dll
11:03:35.0781 0x0d40 C:\WINDOWS\system32\winmm.dll - ok
11:03:35.0812 0x0d40 [ EFF03460E542EEA6B0ABDEC6BF19C897, C2A0DDE6E8B49B152C295E97CFC35557391DEEE5A3A0B1BB4E445C405C716C55 ] C:\WINDOWS\system32\oleaut32.dll
11:03:35.0812 0x0d40 C:\WINDOWS\system32\oleaut32.dll - ok
11:03:35.0843 0x0d40 [ 2098AB52BD5316E59AA36F3437B13BE6, C4C9F2CFCAFF91B4A6F68E28EFE12EED216B41F081F8D577597C0634ECE57018 ] C:\WINDOWS\system32\msacm32.dll
11:03:35.0843 0x0d40 C:\WINDOWS\system32\msacm32.dll - ok
11:03:35.0875 0x0d40 [ 7A2CC3719B255E6B5D74396183B7715B, 2C4A2D5B42CFFE42BE72A652D1B0EED43D7EECF7CA3416660A3E0C539AA2AC34 ] C:\WINDOWS\system32\uxtheme.dll
11:03:35.0875 0x0d40 C:\WINDOWS\system32\uxtheme.dll - ok
11:03:35.0890 0x0d40 [ F24B12786D60A17008319E3F2AEE7799, BF916F65D770C61612678171CC184A0BF259992CEC0BF607D26834CE2A234FB3 ] C:\WINDOWS\system32\msapsspc.dll
11:03:35.0890 0x0d40 C:\WINDOWS\system32\msapsspc.dll - ok
11:03:35.0937 0x0d40 [ 7A660EDC0757849DF5F8706FB6E9F740, CA3820507A92EE9AB4EE8E804736FE1795224AE02D396AADB5BFD53223D9B7E2 ] C:\WINDOWS\system32\msvcrt40.dll
11:03:35.0937 0x0d40 C:\WINDOWS\system32\msvcrt40.dll - ok
11:03:35.0953 0x0d40 [ 0F64207B49390C8063C36AE7CBF9C2DB, 52C4A7A38EE11CA247001EB0A3C67BFEB1A09E9AC406486132D5AC38BE3A6A6F ] C:\WINDOWS\system32\schannel.dll
11:03:35.0953 0x0d40 C:\WINDOWS\system32\schannel.dll - ok
11:03:35.0968 0x0d40 [ 3D76DD0CBC536E0F8C45D23ED230BEB2, F74F94525AB7CE1E269452C9E1DD08411A668CFDD94F069C90FC2EE33CB35A12 ] C:\WINDOWS\system32\digest.dll
11:03:35.0968 0x0d40 C:\WINDOWS\system32\digest.dll - ok
11:03:36.0000 0x0d40 [ A4388DF80E52695AE92EE5F3F61F1619, A4B7C6E10B92B5022CA6E8FD9094098614FD63178EA86A7B035EB89B373BF033 ] C:\WINDOWS\system32\msnsspc.dll
11:03:36.0000 0x0d40 C:\WINDOWS\system32\msnsspc.dll - ok
11:03:36.0015 0x0d40 [ 5733177BCF16EE78B99543C9B0AB81EA, 6504D3D665AC8AB27A44F863F9C1A23FF3B68EAC0512F418712CC0D56F739E24 ] C:\WINDOWS\system32\MSCTFIME.IME
11:03:36.0015 0x0d40 C:\WINDOWS\system32\MSCTFIME.IME - ok
11:03:36.0046 0x0d40 [ C6BB1D1500DB4A0E224CB65E6C7E8A80, 32099A486457D1DC3B1269DE9570EE922F118C3BD443FE78ED051DD764EF4DE3 ] C:\WINDOWS\system32\msprivs.dll
11:03:36.0046 0x0d40 C:\WINDOWS\system32\msprivs.dll - ok
11:03:36.0062 0x0d40 [ 318FAA70D9B0FB8DD168D4ED628E27B2, 2C407FFDA4A02D4A1CB9592C6FA4293BA31BE8852670436F1187A8107572ED41 ] C:\WINDOWS\system32\atmfd.dll
11:03:36.0062 0x0d40 C:\WINDOWS\system32\atmfd.dll - ok
11:03:36.0078 0x0d40 [ A525C96C51D55111FDF3BEA9FFFFC7AE, AA5B080E01573B96A37E67F871F97AE975E1E9519EDB16476472AA3FA2144643 ] C:\WINDOWS\system32\kerberos.dll
11:03:36.0078 0x0d40 C:\WINDOWS\system32\kerberos.dll - ok
11:03:36.0093 0x0d40 [ 517561A1113B04E51D936CD018DE1C1F, A5F572C3557705F28F7A465970F0432F55B616EFD208BA0CBDFFBF7A41F07C04 ] C:\WINDOWS\system32\msv1_0.dll
11:03:36.0093 0x0d40 C:\WINDOWS\system32\msv1_0.dll - ok
11:03:36.0125 0x0d40 [ AF07DC9B7CC455629E732340C7B15F3A, 4403503F24FB76AB55D347273319B98BC0955AB3E537FA5ADA498B9AED76484A ] C:\WINDOWS\system32\iphlpapi.dll
11:03:36.0125 0x0d40 C:\WINDOWS\system32\iphlpapi.dll - ok
11:03:36.0125 0x0d40 [ 1B7F071C51B77C272875C3A23E1E4550, 9D6EA6DF4F4A531E35B843CE11AB6BDBEF0C2716773C14660E98038C1F68B7C4 ] C:\WINDOWS\system32\netlogon.dll
11:03:36.0125 0x0d40 C:\WINDOWS\system32\netlogon.dll - ok
11:03:36.0156 0x0d40 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] C:\WINDOWS\system32\w32time.dll
11:03:36.0156 0x0d40 C:\WINDOWS\system32\w32time.dll - ok
11:03:36.0171 0x0d40 [ 3AAF9B35939FF9E58CCD18D41655C2FC, AF7358AB0A507D77569A8D38D2392C224BFBEFD1264C069BBC6C677BC20C6B8B ] C:\WINDOWS\system32\wdigest.dll
11:03:36.0171 0x0d40 C:\WINDOWS\system32\wdigest.dll - ok
11:03:36.0187 0x0d40 [ 54DAE3EA34802B4ED9AE1C6B1209FA56, EEB1FA90DB44C821B371D5F7C323B4F88E843107BBA16DA2ACB124D6A848B257 ] C:\WINDOWS\system32\rsaenh.dll
11:03:36.0187 0x0d40 C:\WINDOWS\system32\rsaenh.dll - ok
11:03:36.0203 0x0d40 [ 02988B904C386B500CD08639C4C20EEA, 66E96045957AABD7F5C364D64DE23A09D4C292C844FA00C45626A8D1EC21F206 ] C:\WINDOWS\system32\winscard.dll
11:03:36.0203 0x0d40 C:\WINDOWS\system32\winscard.dll - ok
11:03:36.0218 0x0d40 [ 0E2735281FBB9A764D5584C2A5DCBA59, B1EFF5D7BFDDFEC3A3E5B2F17A6A0F3F47C344A64AB57E6918B4DEC094FC9444 ] C:\WINDOWS\system32\wtsapi32.dll
11:03:36.0218 0x0d40 C:\WINDOWS\system32\wtsapi32.dll - ok
11:03:36.0234 0x0d40 [ A86BB5E61BF3E39B62AB4C7E7085A084, B88446E007153BB58C5AE867AC3FB4C46618BBAA5A152687201E0E81F881465A ] C:\WINDOWS\system32\scecli.dll
11:03:36.0234 0x0d40 C:\WINDOWS\system32\scecli.dll - ok
11:03:36.0250 0x0d40 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18, 2910EBC692D833D949BFD56059E8106D324A276D5F165F874F3FB1B6C613CDD5 ] C:\WINDOWS\system32\svchost.exe
11:03:36.0250 0x0d40 C:\WINDOWS\system32\svchost.exe - ok
11:03:36.0265 0x0d40 [ 549290DBC280C887681D7652978DBBE0, CA2CA8561F11CDD5FD5D23D9D88A96A7FFE4AF6DFE8CE783B0969B6ED3C4CBF8 ] C:\WINDOWS\system32\ntmarta.dll
11:03:36.0265 0x0d40 C:\WINDOWS\system32\ntmarta.dll - ok
11:03:36.0281 0x0d40 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] C:\WINDOWS\system32\rpcss.dll
11:03:36.0281 0x0d40 C:\WINDOWS\system32\rpcss.dll - ok
11:03:36.0281 0x0d40 [ 16403217AB6FC5C30C14C6B12098AD4B, DEA7C556BA9C91E056E6035E77A793A77E428D493518D1C6F796B003D4F07305 ] C:\WINDOWS\system32\xpsp2res.dll
11:03:36.0281 0x0d40 C:\WINDOWS\system32\xpsp2res.dll - ok
11:03:36.0296 0x0d40 [ 6D4FEB43EE538FC5428CC7F0565AA656, 4091D82537198562F0CA1D032B2D4BEC75101342B7BCA7778FDA2D515300BC36 ] C:\WINDOWS\system32\eventlog.dll
11:03:36.0296 0x0d40 C:\WINDOWS\system32\eventlog.dll - ok
11:03:36.0312 0x0d40 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] C:\WINDOWS\system32\mswsock.dll
11:03:36.0312 0x0d40 C:\WINDOWS\system32\mswsock.dll - ok
11:03:36.0328 0x0d40 [ 3CB32D3B8CBE79899D63280BB7A83CD9, F34DB3B3DD65F0135F1F7005703B824D2C9B17F7A43062F1FFBEC53B3B26EFC3 ] C:\WINDOWS\system32\hnetcfg.dll
11:03:36.0328 0x0d40 C:\WINDOWS\system32\hnetcfg.dll - ok
11:03:36.0328 0x0d40 [ 4E3D06D6E68EEDB52565080F55B460D3, A503BFC29D3936045488EDC1771914EC84BE80E422F772F53D7961F526D707E6 ] C:\WINDOWS\system32\wshtcpip.dll
11:03:36.0328 0x0d40 C:\WINDOWS\system32\wshtcpip.dll - ok
11:03:36.0359 0x0d40 [ 40947436A70E0034E41123DF5A0A7702, 5D40FD92DA5CA59C1BADB58AD509DB6A6D613F18660A9A270A53ECA85D34C3A9 ] C:\Program Files\Bonjour\mdnsNSP.dll
11:03:36.0359 0x0d40 C:\Program Files\Bonjour\mdnsNSP.dll - ok
11:03:36.0390 0x0d40 [ D72B9EC3337B247A666F098F3D6B43DE, 4BC52AD1116078B0B313AB6555024302225D6CC03CA428151F78B7C48821489F ] C:\WINDOWS\system32\winrnr.dll
11:03:36.0390 0x0d40 C:\WINDOWS\system32\winrnr.dll - ok
11:03:36.0421 0x0d40 [ 6F9BEF24C578D5D6740E080BEDD6A448, 72426D49BC31488261D226C7D0C98AD11192019E71654F53D1D17183C328CC7C ] C:\WINDOWS\system32\rasadhlp.dll
11:03:36.0421 0x0d40 C:\WINDOWS\system32\rasadhlp.dll - ok
11:03:36.0453 0x0d40 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23, 032B6D1F541F180A2FE619664EF180D3FD748AEF7E311BA925FCED74E7ED4713 ] C:\WINDOWS\system32\logonui.exe
11:03:36.0453 0x0d40 C:\WINDOWS\system32\logonui.exe - ok
11:03:36.0468 0x0d40 [ 515A7FAE2070C2B0242B2353443E2F11, 6121C5613784831F584B50E8DC91BBD7AC58BDB602FE4CDB4B237670B6BB4537 ] C:\WINDOWS\system32\cscdll.dll
11:03:36.0468 0x0d40 C:\WINDOWS\system32\cscdll.dll - ok
11:03:36.0500 0x0d40 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] C:\WINDOWS\system32\drivers\ndisuio.sys
11:03:36.0500 0x0d40 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
11:03:36.0531 0x0d40 [ 3D41A9326F0376FC73AF961DD23B1FB1, 1242F3B57599675D1E0E26615E206CE3DB15FA6A23BC5D21EB630EE9858EBC7B ] C:\WINDOWS\system32\duser.dll
11:03:36.0531 0x0d40 C:\WINDOWS\system32\duser.dll - ok
11:03:36.0546 0x0d40 [ E2092F0A1D7ABC243F9C2362483D150D, 50028400D6BA1C5B27BFC9AAC9D41539383F3EC723977CA937715E14094D846A ] C:\WINDOWS\system32\dimsntfy.dll
11:03:36.0546 0x0d40 C:\WINDOWS\system32\dimsntfy.dll - ok
11:03:36.0562 0x0d40 [ 2CC34E8BB667EEF78899546E12649196, 5BA2604041BF7C1D580D4D2AEDC7708F9E9B0AF6E0928663E3D9C7297296D721 ] C:\WINDOWS\system32\wlnotify.dll
11:03:36.0562 0x0d40 C:\WINDOWS\system32\wlnotify.dll - ok
11:03:36.0593 0x0d40 [ BD83ABA61E8ACCC8D9FFB869F29418CE, 45ED22E825047A1BE07B017F95FBF965A90602C59E6B110D0C604FBE07DE1562 ] C:\WINDOWS\system32\winspool.drv
11:03:36.0593 0x0d40 C:\WINDOWS\system32\winspool.drv - ok
11:03:36.0640 0x0d40 [ AFFC87E2501FCE8F09D4C10BA6421CCF, E63837B281C4AE90A7CBA8E072E07A9A5A2FDD5B15E7FB5C2D7562FE72BE5408 ] C:\WINDOWS\system32\msimg32.dll
11:03:36.0640 0x0d40 C:\WINDOWS\system32\msimg32.dll - ok
11:03:36.0734 0x0d40 [ 20200EE3CFE10E9F0C028D8653BE11C6, 3ACF2110D72509CBA3BF780C5D6D662BAFEEA6CA423BE8B0F97288B953127035 ] C:\WINDOWS\system32\oleacc.dll
11:03:36.0734 0x0d40 C:\WINDOWS\system32\oleacc.dll - ok
11:03:36.0750 0x0d40 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] C:\WINDOWS\system32\dhcpcsvc.dll
11:03:36.0750 0x0d40 C:\WINDOWS\system32\dhcpcsvc.dll - ok
11:03:36.0765 0x0d40 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] C:\WINDOWS\system32\dnsrslvr.dll
11:03:36.0765 0x0d40 C:\WINDOWS\system32\dnsrslvr.dll - ok
11:03:36.0781 0x0d40 [ F137A0CA70003DB20448D540651FA003, 4D3095FD8431D0839B6EE785A979D005A1035368A152CDC705804E85B7673198 ] C:\WINDOWS\system32\clbcatq.dll
11:03:36.0781 0x0d40 C:\WINDOWS\system32\clbcatq.dll - ok
11:03:36.0796 0x0d40 [ 1280A158C722FA95A80FB7AEBE78FA7D, 9B6E8158E581500C5C417F6453A6414901020123D34FDBC04289750E8B072538 ] C:\WINDOWS\system32\comres.dll
11:03:36.0796 0x0d40 C:\WINDOWS\system32\comres.dll - ok
11:03:36.0812 0x0d40 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] C:\WINDOWS\system32\lmhsvc.dll
11:03:36.0812 0x0d40 C:\WINDOWS\system32\lmhsvc.dll - ok
11:03:36.0859 0x0d40 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] C:\WINDOWS\system32\wzcsvc.dll
11:03:36.0859 0x0d40 C:\WINDOWS\system32\wzcsvc.dll - ok
11:03:36.0875 0x0d40 [ E5EDBD51476DB5001ABF5C82AE5C3DD1, 5C97ABF5802A7F886781788FE6107F9F06962F9D704A2A43A03062C9405F56C3 ] C:\WINDOWS\system32\shgina.dll
11:03:36.0875 0x0d40 C:\WINDOWS\system32\shgina.dll - ok
11:03:36.0890 0x0d40 [ 876CCF164E08D6B903CD14398E056DD2, 9AC7887F992F20E10EB3ED9B3AEF47B5C840172FA7895531F4EF86D6EA642D0F ] C:\WINDOWS\system32\rtutils.dll
11:03:36.0890 0x0d40 C:\WINDOWS\system32\rtutils.dll - ok
11:03:36.0921 0x0d40 [ 7B0770526801F05D58C51A3DFB87B4BD, 7A2858DD3AE8C26DE88F8CC71E8DC9A8A50C363BA4FB34EE6EE2D81C18845A96 ] C:\WINDOWS\system32\wmi.dll
11:03:36.0921 0x0d40 C:\WINDOWS\system32\wmi.dll - ok
11:03:36.0953 0x0d40 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F, EC80729BDD250C161B29DA853D45C703CB4844DE185C5665DB0627D9568995AB ] C:\WINDOWS\system32\eapolqec.dll
11:03:36.0953 0x0d40 C:\WINDOWS\system32\eapolqec.dll - ok
11:03:36.0984 0x0d40 [ 224FB925C641DA16CEB6D60F40CA4C75, 2DDB3B019D2A22B359C5974DC366EC9B95F4382DB1BF7F1958CFF0EC277895C7 ] C:\WINDOWS\system32\atl.dll
11:03:36.0984 0x0d40 C:\WINDOWS\system32\atl.dll - ok
11:03:37.0000 0x0d40 [ 8AE93AACC648921BAACB8602991AC4B3, 78292B1BAEE64C997C50B6D907FE623C2EDF937A62D3C3690FA24342180B7AB2 ] C:\WINDOWS\system32\qutil.dll
11:03:37.0000 0x0d40 C:\WINDOWS\system32\qutil.dll - ok
11:03:37.0015 0x0d40 [ 8E2CC37BA87D8F681066E0E9C8A19F73, 90536FD502D92AE4FECE0C250373742D2E8AC9E9BE314070BB28C4A2BEA15508 ] C:\WINDOWS\system32\dot3api.dll
11:03:37.0015 0x0d40 C:\WINDOWS\system32\dot3api.dll - ok
11:03:37.0031 0x0d40 [ F5B754CDEA20BBB3A31E16A776EDE6D6, C5D682FA9B86810C6E3D741E507EDA024C4554BEB5B6A1686F70E109EE9CD746 ] C:\WINDOWS\system32\esent.dll
11:03:37.0031 0x0d40 C:\WINDOWS\system32\esent.dll - ok
11:03:37.0062 0x0d40 [ 085ED2E391A871C7BAE87E0228B546BA, 15C050965A7377CDE1178A0C28C3E05B16838A1D7DEB1DD190E3C5D58511F5AC ] C:\WINDOWS\system32\cscui.dll
11:03:37.0062 0x0d40 C:\WINDOWS\system32\cscui.dll - ok
11:03:37.0093 0x0d40 [ 50A166237A0FA771261275A405646CC0, CFA9B2C8CDCDB56C27B89593A106AAE211E24D8EA433129A6E9BD2FBF39AB5BB ] C:\WINDOWS\system32\powrprof.dll
11:03:37.0093 0x0d40 C:\WINDOWS\system32\powrprof.dll - ok
11:03:37.0140 0x0d40 [ 3E2F3E2F4A82B7FAE23BAB864FB0F837, 78FEB881B5F1C90AD13DD69BB8C95CDF60C84E127871916D1EE8A938849E6282 ] C:\WINDOWS\system32\dpcdll.dll
11:03:37.0140 0x0d40 C:\WINDOWS\system32\dpcdll.dll - ok
11:03:37.0187 0x0d40 [ A39BE37C9237DB5F1990D61B268EA555, ABAB9D73DF10D2AC78F00A6C5E5318C4DE166CDF70683408D83D218CB39B7449 ] C:\WINDOWS\system32\rastls.dll
11:03:37.0187 0x0d40 C:\WINDOWS\system32\rastls.dll - ok
11:03:37.0250 0x0d40 [ A93AEE1928A9D7CE3E16D24EC7380F89, 944CD2135E171AF338352568AA7FE1B8004733A4281395AD6723E0CF43D5F53F ] C:\WINDOWS\system32\userinit.exe
11:03:37.0250 0x0d40 C:\WINDOWS\system32\userinit.exe - ok
11:03:37.0250 0x0d40 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3, 9085384DD71F983E7FD8B6C8F54A3097412DA3C802C813C8AAB1F30558C416D6 ] C:\WINDOWS\system32\cryptui.dll
11:03:37.0250 0x0d40 C:\WINDOWS\system32\cryptui.dll - ok
11:03:37.0281 0x0d40 [ 9F20FEF7F8B411165174CEC20583462A, 9511FA64CF8D03A69FEACDFBAF53211A5EC7E069C313C875E1962E97D283A0A5 ] C:\WINDOWS\system32\wininet.dll
11:03:37.0281 0x0d40 C:\WINDOWS\system32\wininet.dll - ok
11:03:37.0312 0x0d40 [ 94F96C1648D5F8E4375BF64D404C74BB, FE789E83436302DC0C9D0B1D0E9B0F8A546A9BD9693F3EB64C0B4F4159DCE379 ] C:\WINDOWS\system32\iertutil.dll
11:03:37.0312 0x0d40 C:\WINDOWS\system32\iertutil.dll - ok
11:03:37.0328 0x0d40 [ 10753A3ADC3E39A3B10CC3F08E98E6B4, 99C7B1B04CD593139917ED3D68BEC36C63BCE76663505CB5D026B62AF39BB383 ] C:\WINDOWS\system32\normaliz.dll
11:03:37.0328 0x0d40 C:\WINDOWS\system32\normaliz.dll - ok
11:03:37.0343 0x0d40 [ EA5B8BECA3F279C757578CD7F1E95855, 6FA42A9C8A114208BCB1D0A799C43CD07FB0F986495191D58C1BBD150B7B3A90 ] C:\WINDOWS\system32\mprapi.dll
11:03:37.0343 0x0d40 C:\WINDOWS\system32\mprapi.dll - ok
11:03:37.0359 0x0d40 [ 2CDAE321B8E878A278BA2D2FA013060B, 51A382D665EB4A8BD66A3EF9B518DC02D3637318768758AB6F1017E50826CC56 ] C:\WINDOWS\system32\activeds.dll
11:03:37.0359 0x0d40 C:\WINDOWS\system32\activeds.dll - ok
11:03:37.0375 0x0d40 [ 0D84657DBF93DB98673DEFDF2B29E25A, 22105E297D663790BFA1EAE5AC670B283E69FDF2428DEBC596F3EB920E53AFF9 ] C:\WINDOWS\system32\adsldpc.dll
11:03:37.0375 0x0d40 C:\WINDOWS\system32\adsldpc.dll - ok
11:03:37.0390 0x0d40 [ 92C4F48B62B0B876194584C3FF09CCB6, B24FF5E8D4F09B8200395B68A20A083E7ED9A29B9E9FB85F42E1A6BBB911D1C4 ] C:\WINDOWS\system32\rasapi32.dll
11:03:37.0390 0x0d40 C:\WINDOWS\system32\rasapi32.dll - ok
11:03:37.0437 0x0d40 [ 12896823FB95BFB3DC9B46BCAEDC9923, 1E675CB7DF214172F7EB0497F7275556038A0D09C6E5A3E6862C5E26885EF455 ] C:\WINDOWS\explorer.exe
11:03:37.0437 0x0d40 C:\WINDOWS\explorer.exe - ok
11:03:37.0468 0x0d40 [ 4DEF926F6A0545AE486A03C84F2EE482, 2D209061632634D7338C0BBEEE8056E8085BE22FA6974A2CC6BAEDC14CF6F6B1 ] C:\WINDOWS\system32\rasman.dll
11:03:37.0468 0x0d40 C:\WINDOWS\system32\rasman.dll - ok
11:03:37.0531 0x0d40 [ 00AABF131B4823785818DB99A075A313, FF0F24D35325EC246C758C7CF51FDDEF13757DFD7BE5F6F5D51E0DD7C6673686 ] C:\WINDOWS\system32\tapi32.dll
11:03:37.0531 0x0d40 C:\WINDOWS\system32\tapi32.dll - ok
11:03:37.0546 0x0d40 [ C1FAEA15E41F62D7BFA7FBC395C24BA6, 5DAA7F6E1EEA128AEDEDCAF04EB83AED4BCF856BC123BC134E9FA634DC569C0B ] C:\WINDOWS\system32\riched20.dll
11:03:37.0546 0x0d40 C:\WINDOWS\system32\riched20.dll - ok
11:03:37.0578 0x0d40 [ E392E172687BE172F8600C5F41AB03D9, 5E928035FA9DB71FDCEB74D6D4859E43169A0B202A87653A2CE5F88865D13D2E ] C:\WINDOWS\system32\browseui.dll
11:03:37.0578 0x0d40 C:\WINDOWS\system32\browseui.dll - ok
11:03:37.0609 0x0d40 [ 56CE97FF94B7662A300D359CD6F4D601, D67A792E176AE3394CEB8FEF16F9E56DC614D7D4F58F6B9202E49EFD42BAE9E4 ] C:\WINDOWS\system32\raschap.dll
11:03:37.0609 0x0d40 C:\WINDOWS\system32\raschap.dll - ok
11:03:37.0671 0x0d40 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] C:\WINDOWS\system32\netman.dll
11:03:37.0671 0x0d40 C:\WINDOWS\system32\netman.dll - ok
11:03:37.0687 0x0d40 [ 26CB10FA893F940AB09713FF46DCDADE, B113E03877FF2073ABAC1A7DF53A575F15915438C5EB10401FFEF7CAAEA902BC ] C:\WINDOWS\system32\shdocvw.dll
11:03:37.0687 0x0d40 C:\WINDOWS\system32\shdocvw.dll - ok
11:03:37.0718 0x0d40 [ 062F837C1FBDB6A0A75F82EFC2EE8E74, 3C0BFA381CBC2C55B58A8942A7148A6C27E244D26313EFB4708DD5858C689E02 ] C:\WINDOWS\system32\netshell.dll
11:03:37.0718 0x0d40 C:\WINDOWS\system32\netshell.dll - ok
11:03:37.0734 0x0d40 [ 235892E493845D64D890163CFEF90E97, 48FC98DD1E5F8F05DE6954FE26C0A448AA9838D7DC716518C715F35E3CFA227D ] C:\WINDOWS\system32\credui.dll
11:03:37.0734 0x0d40 C:\WINDOWS\system32\credui.dll - ok
11:03:37.0765 0x0d40 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C, 62E73A7D4C58F2E30670F6A72E734B618AF45F60A8CB2177A4D504283F829BE5 ] C:\WINDOWS\system32\dot3dlg.dll
11:03:37.0765 0x0d40 C:\WINDOWS\system32\dot3dlg.dll - ok
11:03:37.0781 0x0d40 [ CA04959077AFE36369D37B3504740C87, CBB90BC35A74EC03DC04CD60DAC966A9FA98DC9EEFB926089DBE7A47D3B710B1 ] C:\WINDOWS\system32\onex.dll
11:03:37.0781 0x0d40 C:\WINDOWS\system32\onex.dll - ok
11:03:37.0796 0x0d40 [ 5DB625E7D095604010CF84DE2D8ACFA6, DEED8055CD1F2E2D898C5C77283B56078414CC7D9FCA6FCF58BA0B66B565E826 ] C:\WINDOWS\system32\eappcfg.dll
11:03:37.0796 0x0d40 C:\WINDOWS\system32\eappcfg.dll - ok
11:03:37.0828 0x0d40 [ ABC4206543450C0666D152F4B65833B8, D78D5E719E7744805DF6DD1D9567E67E11223F4E3B13170E35F27D46FCB6C244 ] C:\WINDOWS\system32\eappprxy.dll
11:03:37.0828 0x0d40 C:\WINDOWS\system32\eappprxy.dll - ok
11:03:37.0859 0x0d40 [ 767FF54A552732CE772C2302025FA82F, 7761546C33B0E55B0A8214798FD035C2499D31D690CE03E25B0068C81EDECF3F ] C:\WINDOWS\system32\wzcsapi.dll
11:03:37.0859 0x0d40 C:\WINDOWS\system32\wzcsapi.dll - ok
11:03:37.0875 0x0d40 [ B4ED498E3BFEE64E952BC44FC6057DB8, 1FB5ABAE69103BF477F704189D75B0395F587234BFE94F9F79961D8FE2CE55AC ] C:\WINDOWS\system32\desk.cpl
11:03:37.0875 0x0d40 C:\WINDOWS\system32\desk.cpl - ok
11:03:37.0984 0x0d40 [ EE9710428FFB95FD3845D41E7148AC31, 5CFBE4B7BCCB136B958E21EACB965E09F7D6CC0CB29DEA9022047809582B1065 ] C:\WINDOWS\system32\themeui.dll
11:03:37.0984 0x0d40 C:\WINDOWS\system32\themeui.dll - ok
11:03:38.0109 0x0d40 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] C:\WINDOWS\system32\schedsvc.dll
11:03:38.0109 0x0d40 C:\WINDOWS\system32\schedsvc.dll - ok
11:03:38.0359 0x0d40 [ E47E364C96467FD54FA44D59F927C3AB, D48C377A7ACF805C413D4618A099A50BE6724E8996C151B00DEAFD27CA935183 ] C:\WINDOWS\system32\msidle.dll
11:03:38.0359 0x0d40 C:\WINDOWS\system32\msidle.dll - ok
11:03:38.0437 0x0d40 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] C:\WINDOWS\system32\spoolsv.exe
11:03:38.0437 0x0d40 C:\WINDOWS\system32\spoolsv.exe - ok
11:03:38.0468 0x0d40 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] C:\WINDOWS\system32\audiosrv.dll
11:03:38.0468 0x0d40 C:\WINDOWS\system32\audiosrv.dll - ok
11:03:38.0609 0x0d40 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] C:\WINDOWS\system32\wkssvc.dll
11:03:38.0609 0x0d40 C:\WINDOWS\system32\wkssvc.dll - ok
11:03:38.0687 0x0d40 [ 912B67BB8249925A5C972FC5839EAE09, 11F9F26C2D5EADD683F9FA4FDC8C25A1FB7EE9D6E3F4419C9DAB8C4E434F1857 ] C:\WINDOWS\system32\actxprxy.dll
11:03:38.0687 0x0d40 C:\WINDOWS\system32\actxprxy.dll - ok
11:03:38.0781 0x0d40 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] C:\WINDOWS\system32\drivers\mrxdav.sys
11:03:38.0781 0x0d40 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
11:03:38.0812 0x0d40 [ C0D4312262C7B1A46AADB8418B85D8FA, 7614A88F0C811E6D78D8B481D64DA986A7E1CE786CC1BEC02968303EEEB8103B ] C:\WINDOWS\system32\urlmon.dll
11:03:38.0812 0x0d40 C:\WINDOWS\system32\urlmon.dll - ok
11:03:38.0875 0x0d40 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] C:\WINDOWS\system32\webclnt.dll
11:03:38.0875 0x0d40 C:\WINDOWS\system32\webclnt.dll - ok
11:03:38.0968 0x0d40 [ E16B687057603A249DA9271E9727CDB0, 0537DF45574FB17A1B8AD2AF0D571A9622B5A0A4D631F98ED115988FF075189E ] C:\WINDOWS\system32\ieframe.dll
11:03:38.0968 0x0d40 C:\WINDOWS\system32\ieframe.dll - ok
11:03:39.0093 0x0d40 [ 6D778E0F95447E6546553EEEA709D03C, 62ABED7D45040381BBCED97EA7B6C697B418448FD3322FD4BFB2BBFDB6155EB4 ] C:\WINDOWS\system32\cmd.exe
11:03:39.0093 0x0d40 C:\WINDOWS\system32\cmd.exe - ok
11:03:39.0156 0x0d40 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] C:\WINDOWS\system32\drivers\parport.sys
11:03:39.0156 0x0d40 C:\WINDOWS\system32\drivers\parport.sys - ok
11:03:39.0171 0x0d40 [ B714735C12A70171DE28657948FD91F1, DF7BF2D1BEBB016A8CB739EEE2670CF9F44A5CC2319A532E5C3DE0F5AA3AA144 ] C:\WINDOWS\system32\mlang.dll
11:03:39.0171 0x0d40 C:\WINDOWS\system32\mlang.dll - ok
11:03:39.0187 0x0d40 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] C:\WINDOWS\system32\drivers\serial.sys
11:03:39.0187 0x0d40 C:\WINDOWS\system32\drivers\serial.sys - ok
11:03:39.0218 0x0d40 [ 566382CA5F2C41FEAEEEFAC908F1EB92, FF25ACB5CC757F6D7FE8724EDAC16A36332406AF39745C45858AB24CAF24AC48 ] C:\WINDOWS\system32\xmlprovi.dll
11:03:39.0218 0x0d40 C:\WINDOWS\system32\xmlprovi.dll - ok
11:03:39.0234 0x0d40 [ 2953A157A783BFC06F42F99FEFA5EB07, 90236C68F46FA25F6C0561A38CAE7BEB2E35281AF33B3779BC52CDA0F73018CC ] C:\WINDOWS\system32\ANIO.sys
11:03:39.0234 0x0d40 C:\WINDOWS\system32\ANIO.sys - ok
11:03:39.0281 0x0d40 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] C:\WINDOWS\system32\cryptsvc.dll
11:03:39.0281 0x0d40 C:\WINDOWS\system32\cryptsvc.dll - ok
11:03:39.0453 0x0d40 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] C:\WINDOWS\system32\drivers\wdmaud.sys
11:03:39.0453 0x0d40 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
11:03:39.0578 0x0d40 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4, C095D8A3A1CEAD1D78B0EE17B982718CDF4B3FE1F86D9D273875B8C1893C981B ] C:\WINDOWS\system32\wdmaud.drv
11:03:39.0578 0x0d40 C:\WINDOWS\system32\wdmaud.drv - ok
11:03:39.0656 0x0d40 [ FE2571A8C9FFAB1D45502D6B0BF472AA, 1442FC0180B555BC4F9B97B9A0D7674F75E67A6F61B87A6D690A20AE7D1EF360 ] C:\WINDOWS\system32\xp_eos.exe
11:03:39.0656 0x0d40 C:\WINDOWS\system32\xp_eos.exe - ok
11:03:39.0718 0x0d40 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] C:\WINDOWS\system32\drivers\sysaudio.sys
11:03:39.0718 0x0d40 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
11:03:39.0734 0x0d40 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] C:\WINDOWS\system32\drivers\aec.sys
11:03:39.0734 0x0d40 C:\WINDOWS\system32\drivers\aec.sys - ok
11:03:39.0765 0x0d40 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] C:\WINDOWS\system32\drivers\splitter.sys
11:03:39.0765 0x0d40 C:\WINDOWS\system32\drivers\splitter.sys - ok
11:03:39.0796 0x0d40 [ 00709952D444EAE14DBBD30D36FBAE0F, A65B57C68F9119940133F6680AF3644866EEBDA5378F9B6AED441FB999B50526 ] C:\WINDOWS\system32\certcli.dll
11:03:39.0796 0x0d40 C:\WINDOWS\system32\certcli.dll - ok
11:03:39.0843 0x0d40 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] C:\WINDOWS\system32\drivers\swmidi.sys
11:03:39.0843 0x0d40 C:\WINDOWS\system32\drivers\swmidi.sys - ok
11:03:39.0921 0x0d40 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] C:\WINDOWS\system32\ersvc.dll
11:03:39.0921 0x0d40 C:\WINDOWS\system32\ersvc.dll - ok
11:03:39.0937 0x0d40 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] C:\WINDOWS\system32\drivers\DMusic.sys
11:03:39.0937 0x0d40 C:\WINDOWS\system32\drivers\DMusic.sys - ok
11:03:39.0953 0x0d40 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] C:\WINDOWS\system32\drivers\kmixer.sys
11:03:39.0953 0x0d40 C:\WINDOWS\system32\drivers\kmixer.sys - ok
11:03:39.0968 0x0d40 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
11:03:39.0968 0x0d40 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
11:03:39.0984 0x0d40 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] C:\WINDOWS\system32\es.dll
11:03:39.0984 0x0d40 C:\WINDOWS\system32\es.dll - ok
11:03:39.0984 0x0d40 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] C:\WINDOWS\system32\drivers\drmkaud.sys
11:03:39.0984 0x0d40 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
11:03:40.0031 0x0d40 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] C:\WINDOWS\system32\hidserv.dll
11:03:40.0031 0x0d40 C:\WINDOWS\system32\hidserv.dll - ok
11:03:40.0062 0x0d40 [ 8973122796E3B5D6B5900FC186E55FEA, 350120A20F8591C27E68A5903E3175DD3F4F85BA2FF1F8B6E1D3B3758B5B509D ] C:\WINDOWS\system32\hid.dll
11:03:40.0062 0x0d40 C:\WINDOWS\system32\hid.dll - ok
11:03:40.0078 0x0d40 [ D86A39BF100069444D026D22D9A6E555, 7B24D48D5BA67704C88697FADB64364E0E64D26259408E3C219820C5404C5EEC ] C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
11:03:40.0078 0x0d40 C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll - ok
11:03:40.0109 0x0d40 [ 2A6B16AAD88A449B9E124FBF2D308E07, 0320AC1DD22095E56ED53D25262E5E80F11877D7C40EB33A8C07DFD8BDC02F7E ] C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll
11:03:40.0109 0x0d40 C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll - ok
11:03:40.0140 0x0d40 [ A04F4AC48895774A2CF9D1C9EAAACEF0, 012F10DE086C3551D75716EF1F6DCC477C8C1E776267D9FC4073BEADAFD37C9C ] C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
11:03:40.0140 0x0d40 C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL - ok
11:03:40.0156 0x0d40 [ C6E5276C00EBDEB096BB5EF4B797D1B6, 2620D2F7B5242E9DD0217FB4E0CBACF1DB8AB1B92187AD2847904948E1ABFEC1 ] C:\WINDOWS\system32\drivers\int15.sys
11:03:40.0156 0x0d40 C:\WINDOWS\system32\drivers\int15.sys - ok
11:03:40.0218 0x0d40 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] C:\WINDOWS\system32\srvsvc.dll
11:03:40.0218 0x0d40 C:\WINDOWS\system32\srvsvc.dll - ok
11:03:40.0343 0x0d40 [ 9A3BD5F55AADFF859539142F6328A66E, B8165F650F0E24D380601D54BC81A84C06D886A6CF995EA6CA63EABCFA75554A ] C:\WINDOWS\system32\msacm32.drv
11:03:40.0343 0x0d40 C:\WINDOWS\system32\msacm32.drv - ok
11:03:40.0359 0x0d40 [ 20FD44370267CCD0A64A1B31861C21D2, D98194A17D1C63434EC6449742C10033F1B94D80826B20464519B1DD4DE1DB5F ] C:\WINDOWS\system32\netmsg.dll
11:03:40.0359 0x0d40 C:\WINDOWS\system32\netmsg.dll - ok
11:03:40.0437 0x0d40 [ 5C12660A97822F6E61576943B49AAAD6, 621BE8E009DC95A8901F701F529ED98BD8E6D62D272AE0E1FAF69889A4D5633B ] C:\WINDOWS\system32\midimap.dll
11:03:40.0437 0x0d40 C:\WINDOWS\system32\midimap.dll - ok
11:03:40.0656 0x0d40 [ 4C39358EBDD2FFCD9132A30E1EC31E16, 06918CF99AD26CD6CF106881C0D5BDB212DC0BAC4549805C9F5906E3D03D152C ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
11:03:40.0656 0x0d40 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll - ok
11:03:40.0718 0x0d40 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] C:\WINDOWS\system32\drivers\srv.sys
11:03:40.0718 0x0d40 C:\WINDOWS\system32\drivers\srv.sys - ok
11:03:40.0828 0x0d40 [ 80B7A96F908DA13617E7E6832C5C6A64, 08B81AFE120B8064B6E001BDF424168305D55F38AE2071300F57C8EA32BEAE56 ] C:\WINDOWS\system32\HPZinw12.dll
11:03:40.0828 0x0d40 C:\WINDOWS\system32\HPZinw12.dll - ok
11:03:40.0921 0x0d40 [ F042EE4C8D66248D9B86DCF52ABAE416, AE0F5CC54E4B133DF66A54572A7CE52FAFF11F8FD0CAEAB088AAD3699D6EC924 ] C:\ComboFix\pev.3XE
11:03:40.0921 0x0d40 C:\ComboFix\pev.3XE - ok
11:03:40.0968 0x0d40 [ 67156D5A9AC356DC99D7BCCB388E3316, 449A140065197779C0F8588E5C53014BBF54A9C74818D5CFDCB88CC7B36F44CF ] C:\WINDOWS\system32\wsock32.dll
11:03:40.0968 0x0d40 C:\WINDOWS\system32\wsock32.dll - ok
11:03:41.0031 0x0d40 [ CDBE9690CF2B8409FACAD94FAC9479C9, 8E7FE1A1F3550C479FFD86A77BC9D10686D47F8727025BB891D8F4F0259354C8 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
11:03:41.0031 0x0d40 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll - ok
11:03:41.0062 0x0d40 [ ABC6379205DE2618851C4FCBF72112EB, 22E7528E56DFFAA26CFE722994655686C90824B13EB51184ABFE44D4E95D473F ] C:\ComboFix\hidec.3XE
11:03:41.0062 0x0d40 C:\ComboFix\hidec.3XE - ok
11:03:41.0093 0x0d40 [ 0C155C5D8942B3CBCF9506A9D376B9AD, 37F4878548DD7063CA31FB21D6955A45C25F648C332A736DA84DEA5AAE7486AF ] C:\WINDOWS\system32\HPZipm12.dll
11:03:41.0093 0x0d40 C:\WINDOWS\system32\HPZipm12.dll - ok
11:03:41.0109 0x0d40 [ 332760FBA1655FCFD35BD6F4FD871300, 6C539FD14B9CF9423E305EAF60CB5C12CA0F7AEF571FB09BAF64E83F108B7F2D ] C:\WINDOWS\system32\ipsecsvc.dll
11:03:41.0109 0x0d40 C:\WINDOWS\system32\ipsecsvc.dll - ok
11:03:41.0140 0x0d40 [ A46842C9B0C567A5A9584E83A163560C, 715C24BF2BFDFB50C5B9BFF41B7CC2728D6986AF97EDEEB1F1DF0C35D673AD98 ] C:\ComboFix\swreg.3XE
11:03:41.0140 0x0d40 C:\ComboFix\swreg.3XE - ok
11:03:41.0156 0x0d40 [ 584C4DA856450CB22EBBE7A68CC6250F, 56030767CFD2DAFDAE8CC767DC1EED39DD2E6E42152BFAE7904C2C8826B2C3E2 ] C:\WINDOWS\system32\oakley.dll
11:03:41.0156 0x0d40 C:\WINDOWS\system32\oakley.dll - ok
11:03:41.0187 0x0d40 [ 22D89D84E8E081CDA529DBF8C0255A38, 26863A2D27BE257D99EF28A612FC1B514558B27002EF10B0F682BC15C6D1CD74 ] C:\WINDOWS\system32\psbase.dll
11:03:41.0187 0x0d40 C:\WINDOWS\system32\psbase.dll - ok
11:03:41.0203 0x0d40 [ 853D0D0C6F02D7BFDF1CF99DD7553732, AC761B4CA518B787CB2C18101606E5F64245049D140C72B6B1112556DEC86B2E ] C:\WINDOWS\system32\pstorsvc.dll
11:03:41.0203 0x0d40 C:\WINDOWS\system32\pstorsvc.dll - ok
11:03:41.0218 0x0d40 [ 248712EA6BA17B9FF0C542A3828375DD, 03EFDE351860C4C49F42D6129C6A6F2B3FC859C20F14FE0652F9C4FBD81244B4 ] C:\WINDOWS\system32\winipsec.dll
11:03:41.0218 0x0d40 C:\WINDOWS\system32\winipsec.dll - ok
11:03:41.0250 0x0d40 [ FEDE68BF80052BAD393AFD5C2E60DCB0, 6A40D89524317C554C5C33A35FB659147A3118F4C646AB36653A19A8811627CB ] C:\WINDOWS\system32\dssenh.dll
11:03:41.0250 0x0d40 C:\WINDOWS\system32\dssenh.dll - ok
11:03:41.0265 0x0d40 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] C:\WINDOWS\system32\seclogon.dll
11:03:41.0265 0x0d40 C:\WINDOWS\system32\seclogon.dll - ok
11:03:41.0281 0x0d40 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] C:\WINDOWS\system32\sens.dll
11:03:41.0281 0x0d40 C:\WINDOWS\system32\sens.dll - ok
11:03:41.0312 0x0d40 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] C:\WINDOWS\system32\srsvc.dll
11:03:41.0312 0x0d40 C:\WINDOWS\system32\srsvc.dll - ok
11:03:41.0343 0x0d40 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] C:\WINDOWS\system32\wiaservc.dll
11:03:41.0343 0x0d40 C:\WINDOWS\system32\wiaservc.dll - ok
11:03:41.0390 0x0d40 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] C:\WINDOWS\system32\trkwks.dll
11:03:41.0390 0x0d40 C:\WINDOWS\system32\trkwks.dll - ok
11:03:41.0406 0x0d40 [ 5F0CE62E0831CF972EC6949FD3E37DA7, DFDD251D3FC6CDBD971F52EF0AECEC0344B57214615AA486AA9234D30A40AF60 ] C:\WINDOWS\system32\cfgmgr32.dll
11:03:41.0406 0x0d40 C:\WINDOWS\system32\cfgmgr32.dll - ok
11:03:41.0437 0x0d40 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] C:\WINDOWS\system32\tapisrv.dll
11:03:41.0437 0x0d40 C:\WINDOWS\system32\tapisrv.dll - ok
11:03:41.0453 0x0d40 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1, 502B9D43EB6305508E8CDF034528C3F1DDF4525727C1B7663EA835BE2307FF20 ] C:\WINDOWS\system32\mscms.dll
11:03:41.0453 0x0d40 C:\WINDOWS\system32\mscms.dll - ok
11:03:41.0484 0x0d40 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] C:\WINDOWS\system32\wbem\wmisvc.dll
11:03:41.0484 0x0d40 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
11:03:41.0531 0x0d40 [ ACACB8B14E66109B8ACD6644B5574B9A, 2373E67EB51F8045E7CD346F75B4BAD093E29CC609955BBC4C9FEF7A97A5FD86 ] C:\WINDOWS\system32\vssapi.dll
11:03:41.0531 0x0d40 C:\WINDOWS\system32\vssapi.dll - ok
11:03:41.0562 0x0d40 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] C:\WINDOWS\system32\browser.dll
11:03:41.0562 0x0d40 C:\WINDOWS\system32\browser.dll - ok
11:03:41.0593 0x0d40 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] C:\WINDOWS\system32\wuauserv.dll
11:03:41.0593 0x0d40 C:\WINDOWS\system32\wuauserv.dll - ok
11:03:41.0625 0x0d40 [ E97D6A8684466DF94FF3BC24FB787A07, 89E5A6889E3C5AB9AD3E80FFC16DD608278F3ADC282048B40B60196336A5CBEB ] C:\WINDOWS\system32\fxssvc.exe
11:03:41.0625 0x0d40 C:\WINDOWS\system32\fxssvc.exe - ok
11:03:41.0640 0x0d40 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] C:\WINDOWS\system32\wuaueng.dll
11:03:41.0640 0x0d40 C:\WINDOWS\system32\wuaueng.dll - ok
11:03:41.0671 0x0d40 [ BDB83C844EDEC9BD01A94750D2C38DDF, B18B9E9B9EE74143153CA2479BF7FC9A5528DB4023FA085D0DA5E9B8795C7428 ] C:\WINDOWS\system32\fxsevent.dll
11:03:41.0671 0x0d40 C:\WINDOWS\system32\fxsevent.dll - ok
11:03:41.0703 0x0d40 [ 1144EF6B4BB72E33B41912AE1AE4F97A, 75144F64352D0A426F7171487F733BA85786D3279C18E741F06484440CA0BC19 ] C:\WINDOWS\system32\fxstiff.dll
11:03:41.0703 0x0d40 C:\WINDOWS\system32\fxstiff.dll - ok
11:03:41.0703 0x0d40 [ 684559A03CBC1D05BA120A18B0D8BA5D, 7425F27C8EF8CEF26B071D7FD5FED538C74EF524AEF73E427B1781F3A3C16C42 ] C:\WINDOWS\system32\winhttp.dll
11:03:41.0703 0x0d40 C:\WINDOWS\system32\winhttp.dll - ok
11:03:41.0750 0x0d40 [ F9D3C78CFE15271D80790677C893CE45, 885425736648DF7B315E92680ED3BD058ACE97A86D388FEA80EB0C039ADF25D7 ] C:\WINDOWS\system32\cabinet.dll
11:03:41.0750 0x0d40 C:\WINDOWS\system32\cabinet.dll - ok
11:03:41.0781 0x0d40 [ 0329D0A4F230094B669A87BB3B85606E, F9A45480E1433B55123DD56327B5777EEF0013BB1693818C28D3D6EFC29D50B4 ] C:\WINDOWS\system32\fxsapi.dll
11:03:41.0781 0x0d40 C:\WINDOWS\system32\fxsapi.dll - ok
11:03:41.0796 0x0d40 [ B85E95679B5ADC12311BCD3F5385D623, 378D304CF408AE1928EF6290A5A9F2388920B55FD69382759B356B6A3FF94F3A ] C:\WINDOWS\system32\mspatcha.dll
11:03:41.0796 0x0d40 C:\WINDOWS\system32\mspatcha.dll - ok
11:03:41.0812 0x0d40 [ 3458EDA96E30FBD0477A2800D3FB1909, BDF84362E4D8A102E7FB5F352D950B84D1A8E1E7928521B68E7671D4176803C5 ] C:\WINDOWS\system32\wups.dll
11:03:41.0812 0x0d40 C:\WINDOWS\system32\wups.dll - ok
11:03:41.0828 0x0d40 [ 79E3A8C328E7E569C32B0998377D9742, F5854956E452AD663004679BBDF8B006695B69C8962534CD243193F04F294DF3 ] C:\WINDOWS\system32\spoolss.dll
11:03:41.0828 0x0d40 C:\WINDOWS\system32\spoolss.dll - ok
11:03:41.0859 0x0d40 [ BDC0C99E472176C8C2C853A68ADC5073, 9A0A0CEE321C9BAF5545D6CB0BE3E725228B694F331FFACCEB770350AAF2C8C3 ] C:\WINDOWS\system32\wups2.dll
11:03:41.0859 0x0d40 C:\WINDOWS\system32\wups2.dll - ok
11:03:41.0875 0x0d40 [ C14350FC0D47D806699C4F907FC6785B, A8862B47A74F5FB03C9916A42B986D9B352549ED486AD2B9DAD405A98B5564B3 ] C:\WINDOWS\system32\cryptnet.dll
11:03:41.0875 0x0d40 C:\WINDOWS\system32\cryptnet.dll - ok
11:03:41.0906 0x0d40 [ 5B7D974F49ADECFFFEDFD2C7C2AC0894, 5B433968D0BFCE26E5991EE529C127AA8D9F84B5ACBB85DAAD3F26B58682E5E9 ] C:\WINDOWS\system32\hposwia_p04a.dll
11:03:41.0906 0x0d40 C:\WINDOWS\system32\hposwia_p04a.dll - ok
11:03:41.0937 0x0d40 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] C:\WINDOWS\system32\wscsvc.dll
11:03:41.0937 0x0d40 C:\WINDOWS\system32\wscsvc.dll - ok
11:03:41.0953 0x0d40 [ 5677DFE438EC1F009273FC84FEED6B10, 44B62CC4D138E13C22FC29E9751CB7ED0B0C6C8897A8E6469172F8642B0527BE ] C:\WINDOWS\system32\localspl.dll
11:03:41.0953 0x0d40 C:\WINDOWS\system32\localspl.dll - ok
11:03:42.0000 0x0d40 [ 5D3D1AB0EF4EA55B731863050482C111, 8713DAA48DBC5FDF95BE993863BEE669BBB4026347DC575D72F520F423EE21BA ] C:\WINDOWS\system32\cnbjmon.dll
11:03:42.0000 0x0d40 C:\WINDOWS\system32\cnbjmon.dll - ok
11:03:42.0046 0x0d40 [ D3F72D50DE53F9F1F55240115AF4D42E, F8831B6B33EE2EE49615AE45A81C8434E154331BEB1E64C491E64C1348314F3C ] C:\WINDOWS\system32\msi.dll
11:03:42.0046 0x0d40 C:\WINDOWS\system32\msi.dll - ok
11:03:42.0078 0x0d40 [ 3CBA2210FA39C6ED7895634842E930DD, 9AFC6A7E1F936ED3636F89FD49B5C944594F88A5BFB597348AF2FB83DA2E4E40 ] C:\WINDOWS\system32\sensapi.dll
11:03:42.0078 0x0d40 C:\WINDOWS\system32\sensapi.dll - ok
11:03:42.0109 0x0d40 [ 8FA382B5A54DC35875A067C84FBD6240, AA6E58E8AC7DB92A8B915BD25D183775FBA69A6E23CD7226F9557102B94C3777 ] C:\WINDOWS\system32\hpf3l101.dll
11:03:42.0109 0x0d40 C:\WINDOWS\system32\hpf3l101.dll - ok
11:03:42.0140 0x0d40 [ ED0C0DF222209E43AD9AFBF3FE87DDE0, 927329F9244DA9F0074FA0D4C101EE793AFCF433155E58714C33444C5EF35014 ] C:\WINDOWS\system32\comsvcs.dll
11:03:42.0140 0x0d40 C:\WINDOWS\system32\comsvcs.dll - ok
11:03:42.0171 0x0d40 [ 690D97864735E8ECD87F55777E266690, 2098D2AADEF82C3EDD82FD6182C14568CDE1EF02205ED1EA4CB19252B74BB807 ] C:\WINDOWS\system32\colbact.dll
11:03:42.0171 0x0d40 C:\WINDOWS\system32\colbact.dll - ok
11:03:42.0203 0x0d40 [ 36795A645EAA47FE31D2A8F136A2C69B, D681D7DFC4A2A2F10658D76A93F009BDBFC6117E245E0883C509A286DC952EAD ] C:\WINDOWS\system32\mtxclu.dll
11:03:42.0203 0x0d40 C:\WINDOWS\system32\mtxclu.dll - ok
11:03:42.0218 0x0d40 [ DF82E222578DBE59FCBBD69A02E4C806, 0F0CD9DC739500536F252475F84F8EF378428CAC7DD9CFCDEC676862A20A0C46 ] C:\WINDOWS\system32\clusapi.dll
11:03:42.0218 0x0d40 C:\WINDOWS\system32\clusapi.dll - ok
11:03:42.0234 0x0d40 [ CC6292CA575E851E5B74BF8883AB967A, 40DB13B96395FC753C4BC70C32A1845002DDD613955589F8EE0BF7E049A43779 ] C:\WINDOWS\system32\fxsmon.dll
11:03:42.0234 0x0d40 C:\WINDOWS\system32\fxsmon.dll - ok
11:03:42.0265 0x0d40 [ 222DE7F5EDB9DDBE628384A1A8BE59CE, 063AF8C6C251961ABC93A8E8A07DB9B9582CD1812CA3BB297FAFDF0AD3E5B4CC ] C:\WINDOWS\system32\pjlmon.dll
11:03:42.0265 0x0d40 C:\WINDOWS\system32\pjlmon.dll - ok
11:03:42.0296 0x0d40 [ F51EBB6FC536A6B2D588FD668D3A8249, 6C22B5FBE3F721025879447B006EC5A343D482A87E23674B5A3BB43983AB328E ] C:\WINDOWS\system32\resutils.dll
11:03:42.0296 0x0d40 C:\WINDOWS\system32\resutils.dll - ok
11:03:42.0343 0x0d40 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] C:\WINDOWS\system32\ipnathlp.dll
11:03:42.0343 0x0d40 C:\WINDOWS\system32\ipnathlp.dll - ok
11:03:42.0359 0x0d40 [ 2C6786656869093C521337D6AC813BC6, 111C4873DDEC20E8DB08B69A73B91D6213883C025DEB49AEB9D4C7B9818F65FC ] C:\WINDOWS\system32\Primomonnt.dll
11:03:42.0359 0x0d40 C:\WINDOWS\system32\Primomonnt.dll - ok
11:03:42.0375 0x0d40 [ C52CE534397E1D3A442FB4C88A3CBE42, 4289052A24780CEEE9C96290B47FDD596B7D4426F776BB7B2ACCBB6E01B41E52 ] C:\WINDOWS\system32\msonpmon.dll
11:03:42.0375 0x0d40 C:\WINDOWS\system32\msonpmon.dll - ok
11:03:42.0500 0x0d40 [ C9564CF4976E7E96B4052737AA2492B4, C3AC989C8489A23BB96400B1856F5325FFC67E844F04651EA5D61BC20A991C6D ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
11:03:42.0500 0x0d40 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
11:03:42.0562 0x0d40 [ 205ADD80FF8099B1A8101EB490B933D1, 6B4D94F1683B1D30A1BB0019E2E3E0AE1AA85561D416708198EC2BDAB649E178 ] C:\WINDOWS\system32\wbem\wbemprox.dll
11:03:42.0562 0x0d40 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
11:03:42.0578 0x0d40 [ AE0382AD9C73D343D85E1A50C80B7C20, 7477A5A33C0ACF80BE73F0169893A7D53AF8ABC514FCE190A6ACC677092E5A55 ] C:\WINDOWS\system32\tcpmon.dll
11:03:42.0578 0x0d40 C:\WINDOWS\system32\tcpmon.dll - ok
11:03:42.0593 0x0d40 [ D95C71052E5EF63B55997FB31483D02F, 829A559050680C039CA7AFCFE3246745D465ED11722A603AA32253FD413894C3 ] C:\WINDOWS\system32\wbem\wbemcomn.dll
11:03:42.0593 0x0d40 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
11:03:42.0609 0x0d40 [ F26385E8BA4549B5186B774EC0E45D86, 0BA8CA4C06918690EA68678CA5887F1B7E2B0976C99BDFAF99CC1C99F3E300A0 ] C:\WINDOWS\system32\usbmon.dll
11:03:42.0609 0x0d40 C:\WINDOWS\system32\usbmon.dll - ok
11:03:42.0625 0x0d40 [ F0BF811622F2DD6C8E26EE4600D83731, 81CFC1118551E84F5BBD2A863419529AA32DA92E5834C71DA77D13854F6CF048 ] C:\WINDOWS\system32\wbem\wbemcore.dll
11:03:42.0625 0x0d40 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
11:03:42.0656 0x0d40 [ 549443507E0A4D38EA7160927FA8AE5E, 88E1B4039ED42B3F53670D0D085F076060E505AB4FC785FBCFB55D99C1A4B961 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp101.dll
11:03:42.0656 0x0d40 C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp101.dll - ok
11:03:42.0687 0x0d40 [ EEE7F12D9FF46F68FBC0DA059A359E9E, 1D0D5AC87ACDF3F041D9C31A92BFE7B1B81CBAD81F8F7CE8183FC3F61CAFF8CC ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
11:03:42.0687 0x0d40 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
11:03:42.0718 0x0d40 [ E4616430709F440CF1809D88DC2366EA, C2CBC0A21A892FD8341E5A29E7164172340E07A75A5D54493036156D907AEAE7 ] C:\WINDOWS\system32\wbem\esscli.dll
11:03:42.0718 0x0d40 C:\WINDOWS\system32\wbem\esscli.dll - ok
11:03:42.0765 0x0d40 [ F348280907B38FDBDB3CEF55D456E149, 526A1A46491401EA9BA241ADA76A610E8D98831F8D2C82712B931B481EA5529E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
11:03:42.0765 0x0d40 C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll - ok
11:03:42.0812 0x0d40 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C, 7123FC923BA4C3DD3EDFE9F8936442C4CCE7757D370AB799B0B5668223B965EE ] C:\WINDOWS\system32\win32spl.dll
11:03:42.0812 0x0d40 C:\WINDOWS\system32\win32spl.dll - ok
11:03:42.0843 0x0d40 [ B41D53899E37CC43DA85DA19998BEE81, CA92B8313338F0F8B1B630A0057B9C114E8D8BC10F09825C9008A5A824B91FDC ] C:\WINDOWS\system32\netrap.dll
11:03:42.0843 0x0d40 C:\WINDOWS\system32\netrap.dll - ok
11:03:42.0953 0x0d40 [ EE4C651A217B01D636B5364AC77DA892, E40C7DD39234673A3BA8FD87C189653C391E326ECB3E8011B5020BB9D78F56D0 ] C:\WINDOWS\system32\inetpp.dll
11:03:42.0953 0x0d40 C:\WINDOWS\system32\inetpp.dll - ok
11:03:42.0984 0x0d40 [ 378A0AEFB11D8B0DC8C27B9F7604B88D, D0D6863FCE412B75B9B5FC38EA923759201E7193ED40CFBAA674630E2DE56FD3 ] C:\WINDOWS\system32\wbem\fastprox.dll
11:03:42.0984 0x0d40 C:\WINDOWS\system32\wbem\fastprox.dll - ok
11:03:43.0031 0x0d40 [ 010472D0AE758227C6F6E6933549C219, 4082365231756E2889BD9A19EEFA27665B9902F8C8BC376C70DC3AA80AEA541B ] C:\WINDOWS\system32\wbem\wbemsvc.dll
11:03:43.0031 0x0d40 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
11:03:43.0078 0x0d40 [ C14AA05881A35B6D6BB8D55B117EE22D, F30873FA983CE21734BE1A357CDF855EF33511990C14B454EBAA3D6059CD823D ] C:\WINDOWS\system32\shfolder.dll
11:03:43.0078 0x0d40 C:\WINDOWS\system32\shfolder.dll - ok
11:03:43.0140 0x0d40 [ 3273D1565BF30225C115B480A3BB2C9D, DF802F845EFEE506A0D3CA1EA9AEE1EDE73BCC02F2B64EDFACE0BBEFCF965455 ] C:\WINDOWS\system32\wbem\wmiutils.dll
11:03:43.0140 0x0d40 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
11:03:43.0156 0x0d40 [ 2E0B0A051FFAA86E358465BB0880D453, 493CF6150DE95B269727631D50FE21405A41E449C4FF43E94F93D27559EA5624 ] C:\WINDOWS\system32\wuauclt.exe
11:03:43.0156 0x0d40 C:\WINDOWS\system32\wuauclt.exe - ok
11:03:43.0187 0x0d40 [ 942A17D2901A31EA68627CBFFCD268CC, C75E1C03929E16EDDBACFC37BD6C40E941F9D99E3E40ED3A07238343342685BD ] C:\WINDOWS\system32\wbem\repdrvfs.dll
11:03:43.0187 0x0d40 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
11:03:43.0218 0x0d40 [ 071143F687B4F887E21461CA6CC7EB29, 92C849517F985F19926E6425CD99E21029E1CA14FC92C9E40091DC79D4A723F2 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
11:03:43.0218 0x0d40 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
11:03:43.0296 0x0d40 [ 26D881D27CBE51D3614E68D7313EA026, BC84CFD5F382F6D844815065118793950E922B8FB52944E337DAA62874C103A3 ] C:\WINDOWS\system32\wbem\wbemess.dll
11:03:43.0296 0x0d40 C:\WINDOWS\system32\wbem\wbemess.dll - ok
11:03:43.0343 0x0d40 [ 1A617835452EEE5060976C9B9F5FE635, DCCAAB049681BE876B73F0880EA32196CDA7EC954D452768A48D366096C5BD53 ] C:\WINDOWS\system32\wuapi.dll
11:03:43.0343 0x0d40 C:\WINDOWS\system32\wuapi.dll - ok
11:03:43.0390 0x0d40 [ 0CE5F8AE9C371A965D17E3F2ED134809, 22627A1E9A5B7068E2A783B5D218D530E2CCB26021333C097B4FF922400367FC ] C:\WINDOWS\system32\fxst30.dll
11:03:43.0390 0x0d40 C:\WINDOWS\system32\fxst30.dll - ok
11:03:43.0437 0x0d40 [ D26451B540720A7313A9BCBE794DAF62, 255B3594876F9D9222760A53D1119E73D3BA4E4766C9DFAD63DCB180C5F33846 ] C:\WINDOWS\system32\wbem\ncprov.dll
11:03:43.0437 0x0d40 C:\WINDOWS\system32\wbem\ncprov.dll - ok
11:03:43.0500 0x0d40 [ 2D583E2844FDD592D1629EB6B10E5702, 94F211492B347190275E8584D9CBDC900D636505A484AA3D624E89812C8AE28B ] C:\WINDOWS\system32\fxsroute.dll
11:03:43.0500 0x0d40 C:\WINDOWS\system32\fxsroute.dll - ok
11:03:43.0546 0x0d40 [ AACE07FE34FADDDF973CE068A6424957, A14DC612762F56EE3CF9FBDF58E9476400F2CD9513319AD90E3818B2DB9F4580 ] C:\WINDOWS\system32\unimdm.tsp
11:03:43.0546 0x0d40 C:\WINDOWS\system32\unimdm.tsp - ok
11:03:43.0546 0x0d40 [ 995252FCC4692B5B97EE17D596C9386E, E0EC754ADC0976BCF88C4777E788A67844428DF0B828D8EE7B8A039C763DFFDD ] C:\WINDOWS\system32\uniplat.dll
11:03:43.0546 0x0d40 C:\WINDOWS\system32\uniplat.dll - ok
11:03:43.0562 0x0d40 [ 19AE6CBA05B9005698A6DEDCC88F202E, 047016D4989FB1460BE11C0C22E10858E3D6598EBA31C98B8489413C1A350A9C ] C:\WINDOWS\system32\unimdmat.dll
11:03:43.0562 0x0d40 C:\WINDOWS\system32\unimdmat.dll - ok
11:03:43.0578 0x0d40 [ FE4A73CDBC882A19D070F1C01586E81A, EAF450BA7E168EA41EAA7556E14CBDFCF1B96D7E57A17EC20C3BECFDA9FDFD9A ] C:\WINDOWS\system32\modemui.dll
11:03:43.0578 0x0d40 C:\WINDOWS\system32\modemui.dll - ok
11:03:43.0593 0x0d40 [ 76EC97C5068D3D9FAA7774B0F659D31A, 4E2EF0DC0B05187A6154D4D672B7530E14103D7D1EDF1BDE960F9B988B5EC41F ] C:\WINDOWS\system32\kmddsp.tsp
11:03:43.0593 0x0d40 C:\WINDOWS\system32\kmddsp.tsp - ok
11:03:43.0609 0x0d40 [ 4589963D84F2984FA5949A72162BA4F4, BC927EC7D0EBDBD2B4780D892D41739840DD31B0FF8C79013014925F52860808 ] C:\WINDOWS\system32\ndptsp.tsp
11:03:43.0609 0x0d40 C:\WINDOWS\system32\ndptsp.tsp - ok
11:03:43.0625 0x0d40 [ 8BC2B02DC11C98D14CEE43B8E8393FF3, 1314C33E2E5F11B361CF1E88884B2A9862F8BAB1C498F48DC4C49ACDB28D4732 ] C:\WINDOWS\system32\h323.tsp
11:03:43.0625 0x0d40 C:\WINDOWS\system32\h323.tsp - ok
11:03:43.0656 0x0d40 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8, 7E3A0204FCDD5DFFB3B352451232DD86F8298F83918533D874C122A2EF29081B ] C:\WINDOWS\system32\ipconf.tsp
11:03:43.0656 0x0d40 C:\WINDOWS\system32\ipconf.tsp - ok
11:03:43.0687 0x0d40 [ 6B552ED3BEE5AA3C4560478FF779BA98, 1778F0B7200F93EB255E1F215BB5FBEAA0DBF63BC60B286D76120F8A787995C4 ] C:\WINDOWS\system32\hidphone.tsp
11:03:43.0687 0x0d40 C:\WINDOWS\system32\hidphone.tsp - ok
11:03:43.0687 0x0d40 [ 60655EF9F253944D9BA644BC6A480944, 35B277D05A5E804E325B5CD3C3AC1A75E9E54907E50384BFA0B8215F435B8490 ] C:\Program Files\Internet Explorer\iexplore.exe
11:03:43.0687 0x0d40 C:\Program Files\Internet Explorer\iexplore.exe - ok
11:03:43.0781 0x0d40 [ 6404807ABC7AF52FA3792697AE638B50, 75FB44348CCC53A4EA2C3677F42098A12CE882F3E015E3D847A07972C1E4AEF5 ] C:\WINDOWS\system32\wbem\wbemcons.dll
11:03:43.0781 0x0d40 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
11:03:43.0828 0x0d40 [ AF8841FEF8DE40D36E77C6662843EDAE, E7FAE0E448B7123CE4BBD20D5EBFCD8690F6902D7007C39733658EAD65A0A1DE ] C:\WINDOWS\AppPatch\aclayers.dll
11:03:43.0828 0x0d40 C:\WINDOWS\AppPatch\aclayers.dll - ok
11:03:43.0843 0x0d40 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] C:\WINDOWS\system32\termsrv.dll
11:03:43.0843 0x0d40 C:\WINDOWS\system32\termsrv.dll - ok
11:03:43.0875 0x0d40 [ 2523016B69F2D222DD2ED1CA532B2016, 2CD617CB80FA91A22517084BEDB819A496F645367A487B31DDC65B0F2BDA6D63 ] C:\WINDOWS\system32\mshtml.dll
11:03:43.0875 0x0d40 C:\WINDOWS\system32\mshtml.dll - ok
11:03:43.0890 0x0d40 [ DF6551E4C4C46655A0C76194F1FCEA5D, F3895AE4B36BC85C458EDC85FBD1F5AB5C33913CD91C60A65083DC0BDD037BF5 ] C:\WINDOWS\system32\icaapi.dll
11:03:43.0890 0x0d40 C:\WINDOWS\system32\icaapi.dll - ok
11:03:43.0921 0x0d40 [ 2D65D56C2F8B6CC5EBFF8E7200C30304, 10CD5FF00D110D1AE2313DBCBDB17C2B9DFF930F5DAD65C35C08FCF9C152C053 ] C:\WINDOWS\system32\mstlsapi.dll
11:03:43.0921 0x0d40 C:\WINDOWS\system32\mstlsapi.dll - ok
11:03:43.0984 0x0d40 [ 87B27E19DC5B4F8F3FEF061A155977B9, F76296565DA5471564F6146189AE392E1FB62A71BB61863AE860223873F6E2CF ] C:\WINDOWS\system32\msls31.dll
11:03:43.0984 0x0d40 C:\WINDOWS\system32\msls31.dll - ok
11:03:44.0015 0x0d40 [ 5DA42D24712E00728CEA2342A65009B2, 73EC5250DCFD556525B24B3CA66C64AC7747E77652A2AD6119936A59A9E8562A ] C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
11:03:44.0015 0x0d40 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll - ok
11:03:44.0046 0x0d40 [ FCA8CD0A6FB5048224EB3EFDCD51DF0A, 4E3F9A2ACF21162042FD514121EC7FD6231501386E3295E1C9AAE933C9BFB580 ] C:\WINDOWS\system32\ieapfltr.dll
11:03:44.0046 0x0d40 C:\WINDOWS\system32\ieapfltr.dll - ok
11:03:44.0078 0x0d40 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] C:\WINDOWS\system32\alg.exe
11:03:44.0078 0x0d40 C:\WINDOWS\system32\alg.exe - ok
11:03:44.0078 0x0d40 [ E11457C66FDD966EE415FBBC6D9BE643, 9CAF889C740D79F56F1CE817DA7C8F2BAEE740212B578DAC509EA2C8BA2D790E ] C:\WINDOWS\system32\MSIMTF.dll
11:03:44.0078 0x0d40 C:\WINDOWS\system32\MSIMTF.dll - ok
11:03:44.0093 0x0d40 [ E40FCF943127DDC8FD60554B722D762B, 2E7A7C08B56E07D69CB32F335D93F6D2C748EFA2CF4C41102A18C7761A4E9CF0 ] C:\WINDOWS\system32\MSCTF.dll
11:03:44.0093 0x0d40 C:\WINDOWS\system32\MSCTF.dll - ok
11:03:44.0125 0x0d40 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] C:\WINDOWS\system32\rasmans.dll
11:03:44.0125 0x0d40 C:\WINDOWS\system32\rasmans.dll - ok
11:03:44.0140 0x0d40 [ 37A62C6092AADD2EFDE0468DD8818E99, 2D01A2EEE0BE81B3252E1A3EAD21D3D91EA6DE826A1783B14948A0E0B475BAB1 ] C:\WINDOWS\system32\netcfgx.dll
11:03:44.0140 0x0d40 C:\WINDOWS\system32\netcfgx.dll - ok
11:03:44.0156 0x0d40 [ 5F7692CEC90E2E9AA32CD58321E234B8, 0F76BD005B6FC51EE8B2D167C5E792947F8A8FF1A4FBC7F9CB3572BEAFC12639 ] C:\WINDOWS\system32\rastapi.dll
11:03:44.0156 0x0d40 C:\WINDOWS\system32\rastapi.dll - ok
11:03:44.0187 0x0d40 [ D0545A010ED2259A740C8414899A938F, 5E6FD116C6F65241A075E4469C5AD1967B8D66DE11E223F7A3F00139FB0160C3 ] C:\WINDOWS\system32\rasppp.dll
11:03:44.0187 0x0d40 C:\WINDOWS\system32\rasppp.dll - ok
11:03:44.0218 0x0d40 [ B464BD425D5D09ABE4192234D1577B22, DF7333CAF299A18DEA43ACEF0A6D8C3F79918D1B3FCE437FDED6B54F95C106B9 ] C:\WINDOWS\system32\ntlsapi.dll
11:03:44.0218 0x0d40 C:\WINDOWS\system32\ntlsapi.dll - ok
11:03:44.0234 0x0d40 [ A655C88AA555BB8EF8957BD29408827F, 6CD48D32D1DFF68FEED5CC20D0DE12729101381EB8A6774408566C14E0B18FFB ] C:\WINDOWS\system32\rasqec.dll
11:03:44.0234 0x0d40 C:\WINDOWS\system32\rasqec.dll - ok
11:03:44.0281 0x0d40 [ F92E1076C42FCD6DB3D72D8CFE9816D5, 94135ACF2D9426BB78E4522429120B03D94B541422C277B9ACA31410874A464C ] C:\WINDOWS\system32\wscntfy.exe
11:03:44.0281 0x0d40 C:\WINDOWS\system32\wscntfy.exe - ok
11:03:44.0312 0x0d40 [ F7B098A08EFCF4AB4247264C0AC225D2, 7F5FB938F006E11239B319A23EBDFD7C21B528C49B37826D91A883EC01BCEAD3 ] C:\WINDOWS\system32\jscript.dll
11:03:44.0312 0x0d40 C:\WINDOWS\system32\jscript.dll - ok
11:03:44.0343 0x0d40 [ 277A5F9EAF1C88F9AC760C46D259CD3F, 92C7DC64B83B0E447A0DBCBDA793E3C912B6F5F77F409B218CF34C11D3445C13 ] C:\WINDOWS\system32\imgutil.dll
11:03:44.0343 0x0d40 C:\WINDOWS\system32\imgutil.dll - ok
11:03:44.0343 0x0d40 [ 33F9AECBCCDBE739C1FDCE879B621530, 8F9C49CF46A36476CE091A65F779334D163443501C3B97B599AB22D94E11F94F ] C:\WINDOWS\system32\pngfilt.dll
11:03:44.0343 0x0d40 C:\WINDOWS\system32\pngfilt.dll - ok
11:03:44.0359 0x0d40 [ 0B3C45D5E09D4F9FA312BC3196598B3F, BF8B8A7F962DF08AD5A43D0176766D994B231478F4B95937AAD9E5237A42BF7A ] C:\WINDOWS\system32\mshtmled.dll
11:03:44.0359 0x0d40 C:\WINDOWS\system32\mshtmled.dll - ok
11:03:44.0375 0x0d40 [ 03A02D5A2D50198BDF6C62AF209438D0, 7A2577BB31B937436689EB8E3F415F71D3744209EFFC110C9B12C42025F36C88 ] C:\WINDOWS\system32\msxml3.dll
11:03:44.0375 0x0d40 C:\WINDOWS\system32\msxml3.dll - ok
11:03:44.0390 0x0d40 [ A1EA582E8B94AE00C14FFACCE4D19E60, 8105AEE7DD563120EC90C500B14A540033599097D2C6635772D18D5981768443 ] C:\DOCUME~1\JW\LOCALS~1\Temp\{1A8A5614-6199-49E3-8A1B-06CEA730CF8B}.exe
11:03:44.0390 0x0d40 C:\DOCUME~1\JW\LOCALS~1\Temp\{1A8A5614-6199-49E3-8A1B-06CEA730CF8B}.exe - ok
11:03:44.0421 0x0d40 [ 17AA58A54C00F1746B8654C050491F43, AADA0D527FB96852998073E58F93710C4B3A25D7D1414BA9F23A28DA3D06B4CD ] C:\WINDOWS\system32\msutb.dll
11:03:44.0421 0x0d40 C:\WINDOWS\system32\msutb.dll - ok
11:03:44.0453 0x0d40 [ 798A9E6828997EEF4517ADA8A2259831, 64389FAD94D54E2D43A7292AD3C57CB16F90F2C80EA44099E02D11E19E390A5B ] C:\WINDOWS\system32\wbem\wmiprvse.exe
11:03:44.0453 0x0d40 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
11:03:44.0484 0x0d40 [ A70A2D85AD143D6BB823C246CEB699A5, D8ED98DC2964A2DAF448893718E6381FBABAB53DD7497266851E0F4221F1B01F ] C:\WINDOWS\system32\ntshrui.dll
11:03:44.0484 0x0d40 C:\WINDOWS\system32\ntshrui.dll - ok
11:03:44.0562 0x0d40 [ 91790D6749EBED90E2C40479C0A91879, 3C267950F13CCE412474C5228FC0E3D8D7F912E82464BD2CE6312A0326F84A80 ] C:\WINDOWS\system32\verclsid.exe
11:03:44.0562 0x0d40 C:\WINDOWS\system32\verclsid.exe - ok
11:03:44.0593 0x0d40 [ 2DC5A8019E2387987905F77C664E4BE2, 32FD8D0D3146A599CFB536955F9E93AA50467B2176A70E481133B61D4BD29AD9 ] C:\WINDOWS\system32\linkinfo.dll
11:03:44.0593 0x0d40 C:\WINDOWS\system32\linkinfo.dll - ok
11:03:44.0640 0x0d40 [ E837FDBB92E9873E538395B623F45462, E00D9F1471D9BDE7E53A5F8359B6F3B1606A432D4E94AB6B2A6898AB48E6751B ] C:\WINDOWS\system32\wbem\cimwin32.dll
11:03:44.0640 0x0d40 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
11:03:44.0703 0x0d40 [ 4306FA2F1099D7C606139255FDB62B19, 75A0A99B9D8B0E2B39A8093F72DC283D5F2D56FB731C2BA193579DCE916030A0 ] C:\WINDOWS\system32\wbem\framedyn.dll
11:03:44.0703 0x0d40 C:\WINDOWS\system32\wbem\framedyn.dll - ok
11:03:44.0765 0x0d40 [ 013A269E7AF8B01FF20B384FEEBFFDA5, 9815034A03EB20CD87F0007DE701CE85215DDA450AFE67AE9EAFFF71F7B4D4DD ] C:\WINDOWS\RTHDCPL.exe
11:03:44.0765 0x0d40 C:\WINDOWS\RTHDCPL.exe - ok
11:03:44.0796 0x0d40 [ 024DC0F68DF5FD6AE9DD82DFBAF479D6, FDBF0FD05CFB757C704B22703DF23E05207F14877A4EF52E3032012B6FD0C4E0 ] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
11:03:44.0796 0x0d40 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE - ok
11:03:44.0828 0x0d40 [ 1B17E09C1223F6D17336D2DD7A1AF4F4, 06DFAD95007532CCF46D593EEDC2474936614AEDCEA7BF983E36DAD22F850B08 ] C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE
11:03:44.0828 0x0d40 C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE - ok
11:03:44.0859 0x0d40 [ 4D83ED8BDDEC431FC8AD907B47CFB6E3, 4687B8DD40CA9B83AA5CE1268F62476EBA886C10CC8B7B5AB716E4C56AF1EEAF ] C:\WINDOWS\system32\dsound.dll
11:03:44.0859 0x0d40 C:\WINDOWS\system32\dsound.dll - ok
11:03:44.0890 0x0d40 [ 22D71D1DB6FC789A1CE8AC6963580259, DD5307A108936AAE840F973F7F718A6954E173D4E210A375C75DB644B2162CFD ] C:\WINDOWS\system32\hhctrl.ocx
11:03:44.0890 0x0d40 C:\WINDOWS\system32\hhctrl.ocx - ok
11:03:44.0921 0x0d40 [ 7BBE4CF421AECC7F0226EDD75F12079F, 8E78FC5E0657DB066F9EBAADEA9AFECB1AAA570DD9C08C7ED42116704D2E379D ] C:\WINDOWS\ime\imjp8_1\imjpmig.exe
11:03:44.0921 0x0d40 C:\WINDOWS\ime\imjp8_1\imjpmig.exe - ok
11:03:45.0000 0x0d40 [ 93C088C2AEB2F23E720BDA7E32BD5117, 7ECFCAF8E057986501B42181E049E48063D940A34A3F3E425FF82D2183008E90 ] C:\WINDOWS\system32\upnp.dll
11:03:45.0000 0x0d40 C:\WINDOWS\system32\upnp.dll - ok
11:03:45.0046 0x0d40 [ 3D075865DCC26931972F6476AD0497BE, E1FB17787F54D9A4E2A04DD699FA770C9CE100A427E6EFBF4E0CF24EAAD3A9BA ] C:\WINDOWS\system32\ssdpapi.dll
11:03:45.0046 0x0d40 C:\WINDOWS\system32\ssdpapi.dll - ok
11:03:45.0125 0x0d40 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] C:\WINDOWS\system32\drivers\http.sys
11:03:45.0125 0x0d40 C:\WINDOWS\system32\drivers\http.sys - ok
11:03:45.0156 0x0d40 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] C:\WINDOWS\system32\ssdpsrv.dll
11:03:45.0156 0x0d40 C:\WINDOWS\system32\ssdpsrv.dll - ok
11:03:45.0187 0x0d40 [ 6E1CF6B65639884BBDA7991D394F980E, 8C0EAC38ACF4F64CD77C9AD52D8E9DA94B5D8ED5C711611B47D5D3A46EA9AE94 ] C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe
11:03:45.0187 0x0d40 C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe - ok
11:03:45.0234 0x0d40 [ 8BCD11D38FCE43A519246A91CC40DE6A, 981EE4B29FDE6DB58FAA17BCCA66DB8143D693D91A00B7519F01ABBAE11AA580 ] C:\WINDOWS\system32\security.dll
11:03:45.0234 0x0d40 C:\WINDOWS\system32\security.dll - ok
11:03:45.0265 0x0d40 [ 0DACD368DB252F5E10886824524353A7, F216B345E5795EF67279D3B16DFD636DE0038619D4E263B860C9A9C247648638 ] C:\WINDOWS\system32\wnicapi.dll
11:03:45.0265 0x0d40 C:\WINDOWS\system32\wnicapi.dll - ok
11:03:45.0296 0x0d40 [ 886CC0E3DC1636ED5F2DB157F3ED790B, A6A09EC3FE110887026D937E1919286518474B63B930C968EB1C645CE10E272D ] C:\Program Files\D-Link\DWA-140 revB\ANIOApi.dll
11:03:45.0296 0x0d40 C:\Program Files\D-Link\DWA-140 revB\ANIOApi.dll - ok
11:03:45.0328 0x0d40 [ 76848CB1AA5818DB47D5F5986E0A7485, 03BAB6981C6F447E41B78A96187FA619E4755C2101FF1A0B2ABF111BE53D9F92 ] C:\WINDOWS\system32\mfc42.dll
11:03:45.0328 0x0d40 C:\WINDOWS\system32\mfc42.dll - ok
11:03:45.0359 0x0d40 [ 297ED2C21509D6B6F41EAAEE9CDC34B2, B0B5A7B3035B2EF75D45AC9A6A05AFF483EB75B22F6B7F3A14AFB6D6C4DF5286 ] C:\WINDOWS\system32\wlanapp.dll
11:03:45.0359 0x0d40 C:\WINDOWS\system32\wlanapp.dll - ok
11:03:45.0375 0x0d40 [ 94A4D6915D4F572309DF6137E1846528, E46BDF83CAA6683AA655DBA3D2C8DC7AC06251E952466A20CFDA3A16B1840455 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
11:03:45.0375 0x0d40 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
11:03:45.0390 0x0d40 [ 0B467F470CC9918FDCEEDCFD7DC4D697, 87C8BCC4DFF318FC393A8C0FB0B82CCC9DA83EC0F5811CF303F3AC265A575578 ] C:\WINDOWS\system32\oledlg.dll
11:03:45.0390 0x0d40 C:\WINDOWS\system32\oledlg.dll - ok
11:03:45.0406 0x0d40 [ 5652F6CE1D9E9D8068B9D29BC21B5409, 807A8B8FD8CCFC04409E1D64947FE35F847F194FF6FC09CCCF66F274F2A994C6 ] C:\WINDOWS\system32\olepro32.dll
11:03:45.0406 0x0d40 C:\WINDOWS\system32\olepro32.dll - ok
11:03:45.0437 0x0d40 [ E3C817F7FE44CC870ECDBCBC3EA36132, D769FAFA2B3232DE9FA7153212BA287F68E745257F1C00FAFB511E7A02DE7ADF ] C:\WINDOWS\system32\msvcp100.dll
11:03:45.0437 0x0d40 C:\WINDOWS\system32\msvcp100.dll - ok
11:03:45.0484 0x0d40 [ BF38660A9125935658CFA3E53FDC7D65, 60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA ] C:\WINDOWS\system32\msvcr100.dll
11:03:45.0484 0x0d40 C:\WINDOWS\system32\msvcr100.dll - ok
11:03:45.0500 0x0d40 [ F25BDB64996625C4B014F26572DEB647, 955E8D51E1F2B0B02790B07C0BAAE719A5FF457A745069E125F0B942E4479E63 ] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
11:03:45.0500 0x0d40 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe - ok
11:03:45.0656 0x0d40 [ 465FD8B39411D4A84A2B0DBF94B073E0, 5886C80B52B90C2A103792AB1C9662E60DAB07FDBF4963547D145AC4C24C993C ] C:\WINDOWS\system32\webcheck.dll
11:03:45.0656 0x0d40 C:\WINDOWS\system32\webcheck.dll - ok
11:03:45.0687 0x0d40 [ 50512FC9B7878E3C2C147BC17326A7DB, 670006280CA98213C3A23B442615FD729C83953795619360F9D2988E56A602D7 ] C:\WINDOWS\system32\stobject.dll
11:03:45.0687 0x0d40 C:\WINDOWS\system32\stobject.dll - ok
11:03:45.0781 0x0d40 [ 231A0B0E3BA7ABFE469A8262FAA1FD71, 76F8AE2680438B279081EDFC2728E3785736E82A5C6396AA705BFFFF5C361294 ] C:\WINDOWS\system32\batmeter.dll
11:03:45.0781 0x0d40 C:\WINDOWS\system32\batmeter.dll - ok
11:03:45.0812 0x0d40 [ 045E228F71C31901084B64BE59093499, BA463D9EC2C2D266A34DBAC542CFA0403BFB03DDF3037FBD043BB691A8E493FA ] C:\WINDOWS\system32\WPDShServiceObj.dll
11:03:45.0812 0x0d40 C:\WINDOWS\system32\WPDShServiceObj.dll - ok
11:03:45.0890 0x0d40 [ 29158B1DC3F86D4B0D6A127FE586ADFF, 03C17FA518200CE5C53AED55C5AF22D0A2D483110FB1E7EA6F990C56936570E6 ] C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
11:03:45.0890 0x0d40 C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
11:03:45.0921 0x0d40 [ E26E6A97B94304F78B3A2D85C6056CC2, A4D678729145E9A9E561564B4E15AA67DD8103153BCAA2DD38084E43E33D0D00 ] C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
11:03:45.0921 0x0d40 C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
11:03:45.0984 0x0d40 [ 9DD06F00898AA5CA7E24186EFC8E5E25, 51141D0D07DBC955B63281351D3F17163ACE9A5B08628EA1C82F33FD2913970E ] C:\DOCUME~1\JW\LOCALS~1\Temp\{B6F7E562-55C8-49DB-8A83-A76D45140BEC}\{9A56266E-730D-4B36-9C00-9CD5BDFE2046}.tmp
11:03:45.0984 0x0d40 C:\DOCUME~1\JW\LOCALS~1\Temp\{B6F7E562-55C8-49DB-8A83-A76D45140BEC}\{9A56266E-730D-4B36-9C00-9CD5BDFE2046}.tmp - ok
11:03:46.0093 0x0d40 [ 461299398E15909598B7002B3FAABCE8, 1965E672088268C91848A100D77A6CD6E689589185B528DD9E0907ED1AD60771 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
11:03:46.0093 0x0d40 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
11:03:46.0156 0x0d40 [ 8B4CBBA1EA526830C7F97E7822E2493A, 1DFD05B1C0050DB44F5B4293E5574BFC292AF804A63FC0A70131BB498C326977 ] C:\WINDOWS\Alcmtr.exe
11:03:46.0156 0x0d40 C:\WINDOWS\Alcmtr.exe - ok
11:03:46.0171 0x0d40 [ 538A270F35A713C360B7ED4168BB7521, 47D8784C811FCADD1E78A907AF56D3D0FA5ABE9AC7DA7CB41AF60D304CAA06BA ] C:\WINDOWS\system32\mydocs.dll
11:03:46.0171 0x0d40 C:\WINDOWS\system32\mydocs.dll - ok
11:03:46.0171 0x0d40 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] C:\WINDOWS\system32\imapi.exe
11:03:46.0171 0x0d40 C:\WINDOWS\system32\imapi.exe - ok
11:03:46.0203 0x0d40 [ 91A7771934C0D9D2DA7699D25BB5B348, 154A6EB866AF22B38AEE8DB5A864653FEB15DED69DE26E5B602B7C5056CDDF72 ] C:\DOCUME~1\JW\LOCALS~1\Temp\{B6F7E562-55C8-49DB-8A83-A76D45140BEC}\{32F99342-C432-4019-A027-AECB4FD00760}.tmp
11:03:46.0203 0x0d40 C:\DOCUME~1\JW\LOCALS~1\Temp\{B6F7E562-55C8-49DB-8A83-A76D45140BEC}\{32F99342-C432-4019-A027-AECB4FD00760}.tmp - ok
11:03:46.0265 0x0d40 [ EA6C35EBF9F3ED65724E1D65F09E6E7F, D39DD2D98277B0136C47E3C762E76EB12D6BDB79151F673E681B7EA49EBC6A6F ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
11:03:46.0265 0x0d40 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
11:03:46.0296 0x0d40 [ 8EAEB0ED23A98DE0F0C812D756E47CE9, D49AB526C0B0356AB1F778E3B6AFC4D148742942F8561C9C4C2183A649661A86 ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
11:03:46.0296 0x0d40 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok
11:03:46.0359 0x0d40 [ 80808656078CFCC32CF8BFEB0DD66279, 383F37599ABF16EEDEB2A60242DB7EDCC3D210A2A59DD61169047059F7041C5C ] C:\DOCUME~1\JW\LOCALS~1\Temp\{B6F7E562-55C8-49DB-8A83-A76D45140BEC}\{0B53D33B-5E2B-4078-9659-DDAC4CC20D4A}.tmp
11:03:46.0359 0x0d40 C:\DOCUME~1\JW\LOCALS~1\Temp\{B6F7E562-55C8-49DB-8A83-A76D45140BEC}\{0B53D33B-5E2B-4078-9659-DDAC4CC20D4A}.tmp - ok
11:03:46.0437 0x0d40 [ 5760B2B5BAA3449C045B6FA222205F60, AC566245868530F6A8F80BEA9C6AB532DB2280F280CA4889C09BCCA9D057C1D4 ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
11:03:46.0437 0x0d40 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
11:03:46.0484 0x0d40 [ BCE7DD8098CE6DD28EE2B0D5D5028B47, C48E1E455A0C6FC351CA2A8938C78D6D278B753FA7A621628B4E843C3A8F02FE ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
11:03:46.0484 0x0d40 C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll - ok
11:03:46.0546 0x0d40 [ 69B16C7B7746BA5C642FC05B3561FC73, 0DECEB6B1B7A2DD1F13133AC7328FF420DAD4610CEE1FA7466E8E0F6BAA39116 ] C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
11:03:46.0546 0x0d40 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe - ok
11:03:46.0593 0x0d40 [ DF471F11CC78BE02FE6BA15F2D94F65B, 9AC230DE58CE40E78AE6872BCF4778B69EEBF17E0E41B1301FF364ABD4737A78 ] C:\DOCUME~1\JW\LOCALS~1\Temp\{B6F7E562-55C8-49DB-8A83-A76D45140BEC}\{CA66E5C7-D1CC-4DA0-B292-643796175AD6}.tmp
11:03:46.0593 0x0d40 C:\DOCUME~1\JW\LOCALS~1\Temp\{B6F7E562-55C8-49DB-8A83-A76D45140BEC}\{CA66E5C7-D1CC-4DA0-B292-643796175AD6}.tmp - ok
11:03:46.0640 0x0d40 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC, 372AF797353F9335915CD06D4076BAB8410775DCAF2DAC0593197D7C41BBFFB2 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
11:03:46.0640 0x0d40 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
11:03:46.0656 0x0d40 [ 922563953E405AA9762F90778B711F77, 3DD35372DFC79F309BF419E9BF0043D1B1E00EDC47DCFF4D669416BDD5B094C5 ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
11:03:46.0656 0x0d40 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
11:03:46.0671 0x0d40 [ 0FD19BDDD2513874FF6903F717367795, DFAF9C33F993BA26FC84EF66ABC7C483E62762F7E1FC763605A75ACC2E8AA4EE ] C:\DOCUME~1\JW\LOCALS~1\Temp\{B6F7E562-55C8-49DB-8A83-A76D45140BEC}\{67A9DD2D-1A6C-4E14-B134-F354572FFD84}.tmp
11:03:46.0671 0x0d40 C:\DOCUME~1\JW\LOCALS~1\Temp\{B6F7E562-55C8-49DB-8A83-A76D45140BEC}\{67A9DD2D-1A6C-4E14-B134-F354572FFD84}.tmp - ok
11:03:46.0718 0x0d40 [ C8DFF085326DC2D20FB4EA6AFFF8536D, A4346989B810B3A9431D613EB8E356FF66730DAA79732F26EB367E4E75AFED95 ] C:\WINDOWS\system32\ANIWZCS2.dll
11:03:46.0718 0x0d40 C:\WINDOWS\system32\ANIWZCS2.dll - ok
11:03:46.0750 0x0d40 [ 54023DF1A9A7D481B4762B09ECCA330F, 271B46804B2E944B7ABF707939CB498AE78B0EE6DDCE318E26BE0C7BA826DFA3 ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt49.dll
11:03:46.0750 0x0d40 C:\Program Files\Common Files\Apple\Apple Application Support\icudt49.dll - ok
11:03:46.0781 0x0d40 [ 886CC0E3DC1636ED5F2DB157F3ED790B, A6A09EC3FE110887026D937E1919286518474B63B930C968EB1C645CE10E272D ] C:\WINDOWS\system32\ANIOApi.dll
11:03:46.0781 0x0d40 C:\WINDOWS\system32\ANIOApi.dll - ok
11:03:46.0828 0x0d40 [ 22358578CB321F3325496A3723029409, 44535E0EFC20714CEF8FFAE51294CFC6AC53F12E464E048ECD92CDC2CA54A312 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
11:03:46.0828 0x0d40 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
11:03:46.0875 0x0d40 [ DD88BBF87A43331A4E99E37F7BF59FDB, 872190F559FA0DD1F711E9FA101BA1AB6E6DE5ED0CCCE1AB7AFE45BC3B78A0F1 ] C:\DOCUME~1\JW\LOCALS~1\Temp\{B6F7E562-55C8-49DB-8A83-A76D45140BEC}\{E835EC23-0126-4F0C-ADFD-A14B761CA1FC}.tmp
11:03:46.0875 0x0d40 C:\DOCUME~1\JW\LOCALS~1\Temp\{B6F7E562-55C8-49DB-8A83-A76D45140BEC}\{E835EC23-0126-4F0C-ADFD-A14B761CA1FC}.tmp - ok
11:03:46.0968 0x0d40 [ 7FBE43046EFDF24FC9375024E4D02AC9, DE041A464BA8FA7155F4F0781F29540D144D95CABC5713A71F2792C3369801D5 ] C:\Program Files\QuickTime\qttask.exe
11:03:46.0968 0x0d40 C:\Program Files\QuickTime\qttask.exe - ok
11:03:47.0015 0x0d40 [ 9D45B2201D0ECF9F42136C7B99DEB8B2, 0251BE4C23EAACE2A9725243936C5E5AC4C0BCEE10EDE85017D91936FEE8CB31 ] C:\WINDOWS\system32\PortableDeviceApi.dll
11:03:47.0015 0x0d40 C:\WINDOWS\system32\PortableDeviceApi.dll - ok
11:03:47.0125 0x0d40 [ 585992D78B671AAA075C02241309795D, 0EE3E35534899C41CFED686BDBA80B5AEC1BDB0173222D8BC7E69CFA277CBE32 ] C:\WINDOWS\system32\msvcirt.dll
11:03:47.0125 0x0d40 C:\WINDOWS\system32\msvcirt.dll - ok
11:03:47.0281 0x0d40 [ C730F70351D950DDA7388C9A9763CF54, 7A9D265E4D2F76EF131D01C2EE1CDC19A8E5FDCAF97649CC562E8114B92D411F ] C:\WINDOWS\system32\wbem\wmipcima.dll
11:03:47.0281 0x0d40 C:\WINDOWS\system32\wbem\wmipcima.dll - ok
11:03:47.0312 0x0d40 [ 4261449C1CADA6B007E5C27522946D2B, 11E79D1C529E816CCCAC9266089C77A4DB44676CAEEE25C66D6DB420B18D3ACB ] C:\DOCUME~1\JW\LOCALS~1\Temp\{B6F7E562-55C8-49DB-8A83-A76D45140BEC}\{6CE172F4-7AA1-4B89-92DE-5FCDE21DD8D7}.tmp
11:03:47.0312 0x0d40 C:\DOCUME~1\JW\LOCALS~1\Temp\{B6F7E562-55C8-49DB-8A83-A76D45140BEC}\{6CE172F4-7AA1-4B89-92DE-5FCDE21DD8D7}.tmp - ok
11:03:47.0359 0x0d40 [ 6627AA675A5C1B0330487A02E23F0560, 256AE9BA4273D4247FFAD6099D5A4FC8E98EDB27293AC8CAF7A571EB3890FAA7 ] C:\DOCUME~1\JW\LOCALS~1\Temp\{B6F7E562-55C8-49DB-8A83-A76D45140BEC}\{B379D207-D8B8-4AFC-A680-54801D6655AF}.tmp
11:03:47.0359 0x0d40 C:\DOCUME~1\JW\LOCALS~1\Temp\{B6F7E562-55C8-49DB-8A83-A76D45140BEC}\{B379D207-D8B8-4AFC-A680-54801D6655AF}.tmp - ok
11:03:47.0406 0x0d40 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
11:03:47.0406 0x0d40 C:\WINDOWS\system32\ctfmon.exe - ok
11:03:47.0421 0x0d40 [ E1946CF6A39ACDE3A62AB2053FBE3EB7, F9C9A7EB63C8E740A43198E7863D42BA80B9CEF5AC5CFCCC38EDC684864C3F46 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
11:03:47.0421 0x0d40 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
11:03:47.0468 0x0d40 [ 6BDF91038CB78269B8063617597A6D4F, 737C43E4208B3C1ACD56951B0A24F2F762158B2344405099779F8F1DF69B2548 ] C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
11:03:47.0468 0x0d40 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
11:03:47.0515 0x0d40 [ F6FAEC07446A78A9C5AF4558FF5BD118, 9291106F6666913DB6D18943D255D60F77CCDB5A46BD4C100A5E80D40D6927D9 ] C:\WINDOWS\ime\SPTIP.dll
11:03:47.0515 0x0d40 C:\WINDOWS\ime\SPTIP.dll - ok
11:03:47.0578 0x0d40 [ 723B834A07F7DF7DE4CEB637D57ACEA3, B42867045DD3FB7682CDBD133970421010F0F14125E4992C73657CABA4659250 ] C:\DOCUME~1\JW\LOCALS~1\Temp\{B6F7E562-55C8-49DB-8A83-A76D45140BEC}\{0FB446F2-4670-4552-8972-677A706F11E3}.tmp
11:03:47.0578 0x0d40 C:\DOCUME~1\JW\LOCALS~1\Temp\{B6F7E562-55C8-49DB-8A83-A76D45140BEC}\{0FB446F2-4670-4552-8972-677A706F11E3}.tmp - ok
11:03:47.0640 0x0d40 [ 2EC5693E2EE393F3A97BBB6C46D67779, 68CCECB20B55247B0DC2EF720FA8905CD039D91002D7450293BE585DF926462B ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
11:03:47.0640 0x0d40 C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
11:03:47.0687 0x0d40 [ 4EDB186C455CDEADA24A708AAB884AE3, 836B3176A4A1B57F89D5B950BDA2F6C6F785899ED54632D8CF35DF55B364DB81 ] C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
11:03:47.0687 0x0d40 C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll - ok
11:03:47.0781 0x0d40 [ 57A6362D71B5003C48EE21F2DBB624B1, E6480D1F219BF3F8E7AC8347A8C50E48632B7BBC9618EEB36DAEA1079AA770B5 ] C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
11:03:47.0781 0x0d40 C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
11:03:47.0859 0x0d40 [ C1DE893FAF6D7F6CFB479A1F61835482, AD5FA3CE73777704C67C933691F1F068E1A7FF545F728B97574F9C33AC4BBC01 ] C:\DOCUME~1\JW\LOCALS~1\Temp\{B6F7E562-55C8-49DB-8A83-A76D45140BEC}\{517CB306-EC79-410A-B001-6F0FBBD03D75}.tmp
11:03:47.0859 0x0d40 C:\DOCUME~1\JW\LOCALS~1\Temp\{B6F7E562-55C8-49DB-8A83-A76D45140BEC}\{517CB306-EC79-410A-B001-6F0FBBD03D75}.tmp - ok
11:03:47.0875 0x0d40 [ 9B9F1C38D559047B8AC0DBA2D5FEBDE9, F64DEF5213CC6E96DD62125A3D44522200F66FF6A2CBA198096484F61D1C088B ] C:\WINDOWS\system32\ksuser.dll
11:03:47.0875 0x0d40 C:\WINDOWS\system32\ksuser.dll - ok
11:03:47.0906 0x0d40 [ 401A8C0BE0BAA7D7A470F0942244152D, EC21ED13E526617697CD8E6D79FC706CBDA0AF36C02C05B39E8603B217E406BC ] C:\WINDOWS\system32\rasdlg.dll
11:03:47.0906 0x0d40 C:\WINDOWS\system32\rasdlg.dll - ok
11:03:47.0937 0x0d40 [ 940DF3F813B798D3C1F612983A7E50EA, 3351CF883E5C419AB427E440EC0E9187CDB319B3064336ECA19F0F56778728A6 ] C:\WINDOWS\system32\odSupp_M.dll
11:03:47.0937 0x0d40 C:\WINDOWS\system32\odSupp_M.dll - ok
11:03:48.0015 0x0d40 [ 90A9B542C9300E540864D9FE1C42A130, ED37C93384E8E589DEC6517F28981ED3D045B56EEE31F992B2C2661FEE8DEFBA ] C:\WINDOWS\system32\fxsst.dll
11:03:48.0015 0x0d40 C:\WINDOWS\system32\fxsst.dll - ok
11:03:48.0078 0x0d40 [ B48E7B4C95CCE0C6C0C3F7B1A97FBC8F, E3B0CEBA4408D1F4DC26ED63F746C330A6D42D057EB6AF12E1C88C956C37412A ] C:\WINDOWS\system32\wzcdlg.dll
11:03:48.0078 0x0d40 C:\WINDOWS\system32\wzcdlg.dll - ok
11:03:48.0093 0x0d40 ================ Scan generic autorun ======================
11:03:48.0156 0x0d40 WZCSLDR2 - ok
11:03:53.0562 0x0d40 [ 013A269E7AF8B01FF20B384FEEBFFDA5, 9815034A03EB20CD87F0007DE701CE85215DDA450AFE67AE9EAFFF71F7B4D4DD ] C:\WINDOWS\RTHDCPL.EXE
11:03:57.0843 0x0d40 RTHDCPL - ok
11:03:58.0109 0x0d40 [ 024DC0F68DF5FD6AE9DD82DFBAF479D6, FDBF0FD05CFB757C704B22703DF23E05207F14877A4EF52E3032012B6FD0C4E0 ] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
11:03:58.0125 0x0d40 PHIME2002ASync - ok
11:03:58.0234 0x0d40 [ 024DC0F68DF5FD6AE9DD82DFBAF479D6, FDBF0FD05CFB757C704B22703DF23E05207F14877A4EF52E3032012B6FD0C4E0 ] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
11:03:58.0250 0x0d40 PHIME2002A - ok
11:03:58.0312 0x0d40 [ 1B17E09C1223F6D17336D2DD7A1AF4F4, 06DFAD95007532CCF46D593EEDC2474936614AEDCEA7BF983E36DAD22F850B08 ] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
11:03:58.0312 0x0d40 MSPY2002 - ok
11:03:58.0421 0x0d40 [ 7BBE4CF421AECC7F0226EDD75F12079F, 8E78FC5E0657DB066F9EBAADEA9AFECB1AAA570DD9C08C7ED42116704D2E379D ] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
11:03:58.0437 0x0d40 IMJPMIG8.1 - ok
11:03:58.0843 0x0d40 [ 6E1CF6B65639884BBDA7991D394F980E, 8C0EAC38ACF4F64CD77C9AD52D8E9DA94B5D8ED5C711611B47D5D3A46EA9AE94 ] C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe
11:03:58.0937 0x0d40 D-Link D-Link RangeBooster N DWA-140 - ok
11:03:59.0046 0x0d40 [ 94A4D6915D4F572309DF6137E1846528, E46BDF83CAA6683AA655DBA3D2C8DC7AC06251E952466A20CFDA3A16B1840455 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
11:03:59.0046 0x0d40 APSDaemon - ok
11:03:59.0140 0x0d40 [ F25BDB64996625C4B014F26572DEB647, 955E8D51E1F2B0B02790B07C0BAAE719A5FF457A745069E125F0B942E4479E63 ] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
11:03:59.0140 0x0d40 ANIWZCS2Service - ok
11:03:59.0203 0x0d40 [ 8B4CBBA1EA526830C7F97E7822E2493A, 1DFD05B1C0050DB44F5B4293E5574BFC292AF804A63FC0A70131BB498C326977 ] C:\WINDOWS\ALCMTR.EXE
11:03:59.0203 0x0d40 Alcmtr - ok
11:03:59.0265 0x0d40 [ 69B16C7B7746BA5C642FC05B3561FC73, 0DECEB6B1B7A2DD1F13133AC7328FF420DAD4610CEE1FA7466E8E0F6BAA39116 ] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
11:03:59.0265 0x0d40 Adobe Reader Speed Launcher - ok
11:03:59.0421 0x0d40 [ 7FBE43046EFDF24FC9375024E4D02AC9, DE041A464BA8FA7155F4F0781F29540D144D95CABC5713A71F2792C3369801D5 ] C:\Program Files\QuickTime\qttask.exe
11:03:59.0421 0x0d40 QuickTime Task - ok
11:03:59.0500 0x0d40 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
11:03:59.0500 0x0d40 ctfmon.exe - ok
11:03:59.0500 0x0d40 Waiting for KSN requests completion. In queue: 12
11:04:00.0656 0x0d40 Win FW state via NFM: disabled
11:04:00.0968 0x0d40 ============================================================
11:04:00.0968 0x0d40 Scan finished
11:04:00.0968 0x0d40 ============================================================
11:04:00.0984 0x0d38 Detected object count: 1
11:04:00.0984 0x0d38 Actual detected object count: 1
11:05:26.0281 0x0d38 \Device\Harddisk0\DR0\Partition1 - copied to quarantine
11:05:26.0375 0x0d38 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
11:05:26.0406 0x0d38 \Device\Harddisk0\DR0\Partition1 - ok
11:05:26.0406 0x0d38 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure
11:05:28.0609 0x0d38 KLMD registered as C:\WINDOWS\system32\drivers\02460740.sys
11:05:36.0640 0x0228 Deinitialize success

and here is the FRST scan.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-12-2014 01
Ran by JW (administrator) on JUSTIN on 21-12-2014 11:09:19
Running from C:\Documents and Settings\JW\Desktop
Loaded Profile: JW (Available profiles: JW)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(D-Link Corp.) C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe
(Wireless Service) C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WZCSLDR2] => C:\Program Files\D-Link\DWA-140 revB\WZCSLDR2.exe
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16862720 2008-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-14] ()
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [D-Link D-Link RangeBooster N DWA-140] => C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe [1708032 2009-09-18] (D-Link Corp.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [ANIWZCS2Service] => C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [98304 2009-08-21] (Wireless Service)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [282624 2007-04-27] (Apple Inc.)
HKU\S-1-5-21-3723271197-3957454863-557728558-1005\...\MountPoints2: {905bd734-a42b-11e1-8f14-001d72b8b401} - I:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0112&m=el1300g
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-3723271197-3957454863-557728558-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-3723271197-3957454863-557728558-1005\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-3723271197-3957454863-557728558-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0112&m=el1300g
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKU\S-1-5-21-3723271197-3957454863-557728558-1005 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\JW\Application Data\Mozilla\Firefox\Profiles\xwkj47g7.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-01-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-02-03]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-06]
FF HKU\S-1-5-21-3723271197-3957454863-557728558-1005\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - {23fcfd51-4958-4f00-80a3-ae97e717ed8b} [Not Found]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-06]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ANIWConnService; C:\WINDOWS\system32\ANIWConnService.exe [151552 2009-07-07] () [File not signed]
S4 ANIWZCSdService; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [102400 2009-08-21] (Wireless Service) [File not signed]
S4 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-07-16] () [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-01-18] (Hewlett-Packard) [File not signed]
S2 PEVSystemStart; C:\ComboFix\SWREG.3XE [518144 2000-08-30] (SteelWerX) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-01-18] (Hewlett-Packard) [File not signed]
S4 Norton Internet Security; "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1
S4 SophosVirusRemovalTool; C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\BIN\a2ddax86.sys [22056 2014-12-18] (Emsisoft GmbH)
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2008-04-14] (Microsoft Corporation)
R2 ANIO; C:\WINDOWS\system32\ANIO.SYS [29411 2009-02-09] () [File not signed]
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2014-12-18] (Emsisoft GmbH)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [35992 2014-12-19] ()
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-08-05] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-08-05] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-08-05] (HP)
S3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54016 2008-01-28] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-01-28] (NVIDIA Corporation)
R3 rt2870; C:\WINDOWS\System32\DRIVERS\Drt2870.sys [724736 2009-08-03] (Ralink Technology, Corp.)
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [35064 2014-12-19] ()
S3 int15.sys; \??\c:\acernb\int15.sys [X]
S3 NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S1 SRTSP; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X]
S1 SRTSPX; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X]
U3 TlntSvr; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-21 11:09 - 2014-12-21 11:09 - 00000000 ____D () C:\Documents and Settings\JW\Desktop\FRST-OlderVersion
2014-12-21 11:05 - 2014-12-21 11:05 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-12-21 10:52 - 2014-12-21 10:53 - 04187592 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\JW\Desktop\tdsskiller.exe
2014-12-20 14:32 - 2014-12-20 14:32 - 00022574 _____ () C:\Documents and Settings\JW\Desktop\Addition.txt
2014-12-20 14:31 - 2014-12-21 11:10 - 00011470 _____ () C:\Documents and Settings\JW\Desktop\FRST.txt
2014-12-20 14:15 - 2014-12-21 11:09 - 01113600 _____ (Farbar) C:\Documents and Settings\JW\Desktop\FRST.exe
2014-12-19 12:27 - 2014-12-19 12:29 - 00000000 ___SD () C:\ComboFix
2014-12-19 12:03 - 2014-12-19 12:03 - 00035992 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-12-19 01:05 - 2014-12-19 01:05 - 00000639 _____ () C:\Documents and Settings\JW\Desktop\Start Emsisoft Emergency Kit.lnk
2014-12-19 01:04 - 2014-12-19 01:06 - 00000000 ____D () C:\EEK
2014-12-19 00:53 - 2014-12-19 00:53 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-12-19 00:53 - 2014-12-19 00:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-12-18 23:40 - 2014-12-20 11:00 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-18 23:40 - 2014-12-18 23:40 - 00000779 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-18 23:40 - 2014-12-18 23:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-18 23:39 - 2014-12-20 11:00 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-18 23:39 - 2014-12-18 23:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-18 23:39 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-18 12:36 - 2014-12-18 22:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-12-18 12:22 - 2014-12-19 12:13 - 00002404 _____ () C:\Documents and Settings\JW\Desktop\Rkill.txt
2014-12-18 12:18 - 2014-08-29 14:11 - 00000211 _____ () C:\Boot.bak
2014-12-18 12:18 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-12-18 12:17 - 2014-12-18 12:18 - 00000000 ____D () C:\cmdcons
2014-12-18 12:11 - 2014-12-18 12:11 - 00000000 ____D () C:\Qoobox
2014-12-18 12:11 - 2011-06-26 00:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-12-18 12:11 - 2010-11-07 11:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-12-18 12:11 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-12-18 12:11 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-12-18 12:11 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-12-18 12:11 - 2000-08-30 18:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-12-18 12:11 - 2000-08-30 18:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-12-18 12:11 - 2000-08-30 18:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-12-18 12:11 - 2000-08-30 18:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-12-18 12:10 - 2014-12-18 12:10 - 00000000 ____D () C:\WINDOWS\erdnt
2014-12-18 12:04 - 2014-12-18 12:05 - 162702208 _____ () C:\Documents and Settings\JW\Desktop\EmsisoftEmergencyKit.exe
2014-12-18 11:58 - 2014-12-18 11:59 - 10284408 _____ (SurfRight B.V.) C:\Documents and Settings\JW\Desktop\HitmanPro.exe
2014-12-18 11:54 - 2014-12-18 11:54 - 15201368 _____ () C:\Documents and Settings\JW\Desktop\RogueKiller.exe
2014-12-18 11:51 - 2014-12-18 11:51 - 20447072 _____ (Malwarebytes Corporation ) C:\Documents and Settings\JW\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-18 11:47 - 2014-12-18 11:47 - 01940728 _____ (Bleeping Computer, LLC) C:\Documents and Settings\JW\Desktop\iExplore.exe
2014-12-18 11:46 - 2014-12-18 11:46 - 05601641 ____R (Swearware) C:\Documents and Settings\JW\Desktop\ComboFix.exe
2014-12-16 09:56 - 2014-12-16 09:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-21 11:10 - 2012-01-31 18:38 - 00000000 ____D () C:\Documents and Settings\JW\Local Settings\Temp
2014-12-21 11:10 - 2009-04-05 00:31 - 01529377 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-21 11:09 - 2014-08-28 16:00 - 00000000 ____D () C:\FRST
2014-12-21 11:08 - 2014-04-01 09:27 - 00003284 _____ () C:\WINDOWS\system32\ANIWZCS{CDC36A6F-EAFC-428B-8888-3A9296B22B5F}
2014-12-21 11:08 - 2014-04-01 09:26 - 00000003 _____ () C:\WINDOWS\system32\ANIWZCSUSERNAME{CDC36A6F-EAFC-428B-8888-3A9296B22B5F}
2014-12-21 11:07 - 2014-03-20 08:23 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-12-21 11:07 - 2009-04-05 00:34 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-21 11:07 - 2009-04-04 16:29 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-12-21 11:07 - 2009-04-04 16:29 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-12-21 11:06 - 2009-04-05 00:34 - 00032608 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-21 11:05 - 2012-01-31 18:38 - 00000178 ___SH () C:\Documents and Settings\JW\ntuser.ini
2014-12-21 11:05 - 2009-04-04 16:26 - 00511902 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-21 10:31 - 2012-03-31 22:38 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-20 16:41 - 2012-01-31 19:21 - 00529856 _____ () C:\WINDOWS\setupapi.log
2014-12-20 14:16 - 2014-08-28 20:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-12-20 14:05 - 2014-08-28 20:03 - 00000000 ____D () C:\Documents and Settings\JW\Desktop\mbar
2014-12-18 22:53 - 2012-01-31 19:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2014-12-18 22:53 - 2012-01-31 19:26 - 00001712 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2014-12-18 12:18 - 2009-04-05 00:20 - 00000327 __RSH () C:\boot.ini
2014-12-18 11:41 - 2014-09-23 12:55 - 00054156 ____H () C:\WINDOWS\QTFont.qfn
2014-12-17 23:04 - 2009-04-05 00:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-12-17 22:52 - 2013-07-20 08:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-17 22:10 - 2012-02-03 13:28 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-16 09:58 - 2012-01-31 18:38 - 00000000 ____D () C:\Documents and Settings\JW
2014-12-16 09:58 - 2009-04-05 00:34 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-12-16 09:58 - 2009-04-05 00:34 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-12-16 09:58 - 2009-04-05 00:30 - 00000000 ____D () C:\WINDOWS\Registration
2014-12-16 09:56 - 2012-05-01 22:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-16 09:40 - 2009-04-05 00:18 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-09 10:53 - 2012-12-16 11:46 - 00000000 ____D () C:\Documents and Settings\JW\Desktop\Credentials
2014-12-08 17:11 - 2014-03-20 08:23 - 00000210 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-12-06 11:33 - 2012-01-31 19:53 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-11-25 21:28 - 2014-08-07 10:26 - 00000000 ____D () C:\Documents and Settings\JW\Desktop\Scrambler

Some content of TEMP:
====================
C:\Documents and Settings\JW\Local Settings\Temp\dllnt_dump.dll
C:\Documents and Settings\JW\Local Settings\Temp\hpzmsi01.exe
C:\Documents and Settings\JW\Local Settings\Temp\hpzscr01.EXE
C:\Documents and Settings\JW\Local Settings\Temp\{5C17079D-8C30-4ED2-8FD7-812598FEC987}.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

I'm not sure if you wanted the Addition.txt, but here it is too.

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-12-2014
Ran by JW at 2014-12-20 14:32:49
Running from C:\Documents and Settings\JW\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.4 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Agere Systems PCI-SV92EX Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
ANIO Service (HKLM\...\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}) (Version: - )
ANIWZCS2 Service (HKLM\...\{4C590030-7469-453E-8589-D15DA9D03F52}) (Version: - )
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D110 (Version: 140.0.283.000 - Hewlett-Packard) Hidden
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)
D-Link RangeBooster N DWA-140 (HKLM\...\{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}) (Version: - D-Link)
eMachines Recovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3005 - Acer Incorporated)
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPAppStudio (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java(TM) 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PS_AIO_07_D110_SW_Min (Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{08094E03-AFE4-4853-9D31-6D0743DF5328}) (Version: 7.1.6.200 - Apple Computer, Inc.)
QuickTransfer (Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5628 - Realtek Semiconductor Corp.)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (Version: 140.0.256.000 - Hewlett-Packard) Hidden
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

19-09-2014 14:52:01 System Checkpoint
21-09-2014 11:11:32 System Checkpoint
22-09-2014 11:46:44 System Checkpoint
23-09-2014 13:50:01 System Checkpoint
24-09-2014 14:45:17 System Checkpoint
25-09-2014 15:45:19 System Checkpoint
27-09-2014 11:47:36 System Checkpoint
28-09-2014 12:39:52 System Checkpoint
29-09-2014 13:39:40 System Checkpoint
01-10-2014 09:35:19 System Checkpoint
02-10-2014 11:05:52 System Checkpoint
03-10-2014 13:49:37 System Checkpoint
06-10-2014 10:05:05 System Checkpoint
07-10-2014 19:54:53 System Checkpoint
09-10-2014 10:27:18 System Checkpoint
10-10-2014 11:36:19 System Checkpoint
11-10-2014 11:43:04 System Checkpoint
12-10-2014 12:43:04 System Checkpoint
13-10-2014 13:26:05 System Checkpoint
15-10-2014 11:31:18 System Checkpoint
16-10-2014 02:01:01 Software Distribution Service 3.0
17-10-2014 02:55:48 System Checkpoint
23-10-2014 09:54:28 Restore Operation
27-10-2014 10:50:28 Software Distribution Service 3.0
27-10-2014 11:08:52 Software Distribution Service 3.0
27-10-2014 16:38:21 Restore Operation
28-10-2014 09:15:37 Software Distribution Service 3.0
29-10-2014 09:59:30 System Checkpoint
30-10-2014 13:53:05 System Checkpoint
01-11-2014 12:53:30 System Checkpoint
02-11-2014 13:27:26 System Checkpoint
03-11-2014 14:28:38 System Checkpoint
05-11-2014 12:42:14 System Checkpoint
06-11-2014 13:08:34 System Checkpoint
07-11-2014 14:25:20 System Checkpoint
09-11-2014 14:07:10 System Checkpoint
10-11-2014 15:13:51 System Checkpoint
11-11-2014 16:10:42 System Checkpoint
12-11-2014 03:01:33 Software Distribution Service 3.0
13-11-2014 03:08:21 System Checkpoint
14-11-2014 11:25:01 System Checkpoint
15-11-2014 12:04:03 System Checkpoint
16-11-2014 20:49:45 System Checkpoint
18-11-2014 11:00:22 System Checkpoint
19-11-2014 11:50:56 System Checkpoint
20-11-2014 12:19:24 System Checkpoint
21-11-2014 13:07:36 System Checkpoint
22-11-2014 12:13:52 Restore Operation
24-11-2014 07:31:09 System Checkpoint
25-11-2014 10:18:17 System Checkpoint
26-11-2014 10:21:10 System Checkpoint
27-11-2014 11:21:05 System Checkpoint
28-11-2014 12:36:25 System Checkpoint
29-11-2014 13:21:08 System Checkpoint
30-11-2014 14:21:05 System Checkpoint
01-12-2014 15:25:32 System Checkpoint
02-12-2014 16:21:06 System Checkpoint
03-12-2014 17:21:22 System Checkpoint
05-12-2014 16:40:28 System Checkpoint
08-12-2014 09:59:17 System Checkpoint
09-12-2014 10:17:24 System Checkpoint
10-12-2014 12:42:54 Restore Operation
16-12-2014 09:42:52 Software Distribution Service 3.0
16-12-2014 09:50:41 Restore Operation
17-12-2014 21:03:05 Malwarebytes Anti-Rootkit Restore Point
17-12-2014 22:07:16 Software Distribution Service 3.0
17-12-2014 23:23:43 Malwarebytes Anti-Rootkit Restore Point
18-12-2014 22:52:27 Removed HiJackThis

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-04-05 00:18 - 2014-12-19 01:00 - 00000768 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:0B4227B4

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^JW^Start Menu^Programs^Startup^ZooskMessenger.lnk => C:\WINDOWS\pss\ZooskMessenger.lnkStartup
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime

========================= Accounts: ==========================

Administrator (S-1-5-21-3723271197-3957454863-557728558-500 - Administrator - Enabled)
Guest (S-1-5-21-3723271197-3957454863-557728558-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-3723271197-3957454863-557728558-1004 - Limited - Disabled)
JW (S-1-5-21-3723271197-3957454863-557728558-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\JW
SUPPORT_388945a0 (S-1-5-21-3723271197-3957454863-557728558-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/18/2014 05:05:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application wzcsldr2.exe, version 1.0.14.9283, faulting module wlanapp.dll, version 1.1.10.707, fault address 0x00013c4b.
Processing media-specific event for [wzcsldr2.exe!ws!]

Error: (11/17/2014 00:57:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application wzcsldr2.exe, version 1.0.14.9283, faulting module wlanapp.dll, version 1.1.10.707, fault address 0x000170c6.
Processing media-specific event for [wzcsldr2.exe!ws!]

Error: (11/15/2014 00:52:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application wzcsldr2.exe, version 1.0.14.9283, faulting module wlanapp.dll, version 1.1.10.707, fault address 0x00013e3b.
Processing media-specific event for [wzcsldr2.exe!ws!]

Error: (11/13/2014 01:36:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application wzcsldr2.exe, version 1.0.14.9283, faulting module wlanapp.dll, version 1.1.10.707, fault address 0x000170c6.
Processing media-specific event for [wzcsldr2.exe!ws!]

Error: (10/13/2014 01:35:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application wzcsldr2.exe, version 1.0.14.9283, faulting module wlanapp.dll, version 1.1.10.707, fault address 0x000117b5.
Processing media-specific event for [wzcsldr2.exe!ws!]

Error: (10/03/2014 04:49:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application wzcsldr2.exe, version 1.0.14.9283, faulting module wlanapp.dll, version 1.1.10.707, fault address 0x000178e8.
Processing media-specific event for [wzcsldr2.exe!ws!]

Error: (09/13/2014 10:17:33 AM) (Source: ESENT) (EventID: 455) (User: )
Description: wuaueng.dll (1756) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error: (09/13/2014 10:17:33 AM) (Source: ESENT) (EventID: 489) (User: )
Description: wuauclt (1756) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (09/13/2014 10:17:23 AM) (Source: ESENT) (EventID: 455) (User: )
Description: wuaueng.dll (1756) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error: (09/13/2014 10:17:22 AM) (Source: ESENT) (EventID: 489) (User: )
Description: wuauclt (1756) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

System errors:
=============
Error: (12/20/2014 02:31:22 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/20/2014 02:18:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
Processor
SRTSP
SRTSPX

Error: (12/20/2014 02:07:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SRTSP
SRTSPX

Error: (12/20/2014 02:05:52 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/20/2014 10:57:31 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/19/2014 06:40:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
Processor
SRTSP
SRTSPX

Error: (12/19/2014 00:18:59 PM) (Source: DCOM) (EventID: 10010) (User: JUSTIN)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (12/19/2014 00:03:39 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort4

Error: (12/19/2014 00:03:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SRTSP
SRTSPX

Error: (12/19/2014 00:01:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD Athlon(tm) Processor 2650e
Percentage of memory in use: 22%
Total physical RAM: 894.32 MB
Available physical RAM: 694.72 MB
Total Pagefile: 2171.47 MB
Available Pagefile: 2079.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1939.78 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:139.04 GB) (Free:100.82 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 43A90CE8)
Partition 1: (Not Active) - (Size=10 GB) - (Type=12)
Partition 2: (Active) - (Size=139 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 MB) - (Type=17) ATTENTION ===> Suspicious partition bootkit on partition 3

==================== End Of Log ============================

TwinHeadedEagle · Dec 21, 2014

PC seems clean now. Can you reinstall Firefox?

Jwill1919 · Dec 21, 2014

So, I tried to go to the Add/Remove programs in my control panel to uninstall/delete Firefox and it won't do anything at all. Now I'm just trying to redownload Firefox and it's basically just upgrading my Firefox.

A few issues, there are a few Processes that are running in my task manager that don't look friendly:

hpswp_clipbook.exe
iexplore.exe
svchost.exe(6)

but it is finished with Firefox and it is allowing me access now!

TwinHeadedEagle · Dec 21, 2014

These processes are okay. How is your PC now?

Search

Iexplore problem

Jwill1919

New Member

TwinHeadedEagle

Level 41

Jwill1919

New Member

TwinHeadedEagle

Level 41

Jwill1919

New Member

TwinHeadedEagle

Level 41

Jwill1919

New Member

TwinHeadedEagle

Level 41

Similar threads