Author Topic: [Inactive] strange symptoms and errors with recent registry restoration  (Read 7577 times)

Offline whatiswrong

  • Bronze Member
  • Posts: 27
Re: [In Progress] strange symptoms and errors with recent registry restoration
« Reply #15 on: December 12, 2013, 06:59:25 PM »
PART II OF THE TDSSKiller log:

AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:41:35.0453 0x15f4  mssmbios - ok
18:41:35.0484 0x15f4  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
18:41:35.0593 0x15f4  MSTEE - ok
18:41:35.0625 0x15f4  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
18:41:35.0640 0x15f4  Mup - ok
18:41:35.0656 0x15f4  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:41:35.0781 0x15f4  NABTSFEC - ok
18:41:35.0859 0x15f4  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
18:41:35.0984 0x15f4  napagent - ok
18:41:36.0000 0x15f4  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
18:41:36.0093 0x15f4  NDIS - ok
18:41:36.0109 0x15f4  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:41:36.0234 0x15f4  NdisIP - ok
18:41:36.0250 0x15f4  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:41:36.0296 0x15f4  NdisTapi - ok
18:41:36.0343 0x15f4  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:41:36.0453 0x15f4  Ndisuio - ok
18:41:36.0468 0x15f4  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:41:36.0546 0x15f4  NdisWan - ok
18:41:36.0593 0x15f4  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
18:41:36.0656 0x15f4  NDProxy - ok
18:41:36.0671 0x15f4  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
18:41:36.0781 0x15f4  NetBIOS - ok
18:41:36.0812 0x15f4  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
18:41:36.0921 0x15f4  NetBT - ok
18:41:36.0953 0x15f4  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
18:41:37.0062 0x15f4  NetDDE - ok
18:41:37.0062 0x15f4  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
18:41:37.0156 0x15f4  NetDDEdsdm - ok
18:41:37.0187 0x15f4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
18:41:37.0265 0x15f4  Netlogon - ok
18:41:37.0312 0x15f4  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
18:41:37.0406 0x15f4  Netman - ok
18:41:37.0437 0x15f4  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:41:37.0468 0x15f4  NetTcpPortSharing - ok
18:41:37.0484 0x15f4  [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:41:37.0593 0x15f4  NIC1394 - ok
18:41:37.0625 0x15f4  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
18:41:37.0656 0x15f4  Nla - ok
18:41:37.0687 0x15f4  [ 241C985DE3AB9F73568FE3B181DC70F4, D97BE521C03244B2A90CD3EFE3AF870F8B1027673255F4732C1C41BA56496A4C ] NmPar           C:\WINDOWS\system32\DRIVERS\NmPar.sys
18:41:37.0796 0x15f4  NmPar - ok
18:41:37.0796 0x15f4  [ 6489DD8E27D70BEE2897681B46B76BD1, 85938B9FE52DF97D16792D7CF8B619417369ECA9A9D0E587177D5AE4689A2010 ] nmserial        C:\WINDOWS\system32\DRIVERS\nmserial.sys
18:41:37.0812 0x15f4  nmserial - ok
18:41:37.0843 0x15f4  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
18:41:37.0953 0x15f4  Npfs - ok
18:41:37.0968 0x15f4  npggsvc - ok
18:41:38.0031 0x15f4  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
18:41:38.0156 0x15f4  Ntfs - ok
18:41:38.0187 0x15f4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
18:41:38.0265 0x15f4  NtLmSsp - ok
18:41:38.0328 0x15f4  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
18:41:38.0437 0x15f4  NtmsSvc - ok
18:41:38.0437 0x15f4  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
18:41:38.0546 0x15f4  Null - ok
18:41:39.0015 0x15f4  [ 4B54DCD6ADEE535DF80F07C59DDD8F14, 6E425F8881547A4C96B36B4D99FFD7EE9330F1C1AD34276F039218A4C2613521 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:41:39.0765 0x15f4  nv - ok
18:41:39.0812 0x15f4  [ EF9941593B2E9B436F64A87DDB570D1A, 4AE749488CAAE76200D880B2DC010FCD3145DFB8A722EEB5F71CBDB5AA1FCE9F ] nvatabus        C:\WINDOWS\system32\DRIVERS\nvatabus.sys
18:41:39.0843 0x15f4  nvatabus - ok
18:41:39.0890 0x15f4  [ D314FE034D68C09D412727886E24F5FB, 90D45CBAFF93963950190B975D9622CEAA73CAB1F7E8CFE98B47B88DE77B609A ] NVENETFD        C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
18:41:39.0968 0x15f4  NVENETFD - ok
18:41:40.0000 0x15f4  [ F99FBB623ED78367574EE461B5B32C2C, 83A8E9D9F8D396B767BA013A448CED2ED46143A582A2606C83E8A67A1690B73C ] nvnetbus        C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
18:41:40.0031 0x15f4  nvnetbus - ok
18:41:40.0031 0x15f4  [ EA4017441889A7E66D8A77BD41AC11C0, A8A75E8BBFB0B6BADCB031A90F7920BFB4E1328639CE375A7294CCC4EB100BCC ] nvraid          C:\WINDOWS\system32\DRIVERS\nvraid.sys
18:41:40.0078 0x15f4  nvraid - ok
18:41:40.0125 0x15f4  [ 0573C75A2895D973EA6EF2495620BA49, 0C1A1C23B735B91E3026A64AE7A0CBB8828BC2888B50FEBA574BA10D92D92BEE ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
18:41:40.0140 0x15f4  NVSvc - ok
18:41:40.0281 0x15f4  [ 9C84945FEEE40EA42D3BCA5C22250D47, F7403C038753DD8AC35558014085AAA8473726B7D1FAC5B3D95B461A313815ED ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
18:41:40.0390 0x15f4  nvUpdatusService - ok
18:41:40.0421 0x15f4  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:41:40.0531 0x15f4  NwlnkFlt - ok
18:41:40.0531 0x15f4  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:41:40.0625 0x15f4  NwlnkFwd - ok
18:41:40.0750 0x15f4  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:41:40.0781 0x15f4  odserv - ok
18:41:40.0828 0x15f4  [ 58F478FD0115012CEEC75FB73628901C, C481A98EB651E5FF060982AED4E8C52836244B36159432469A9F6E183B48ACD2 ] OEM03Afx        C:\WINDOWS\system32\Drivers\OEM03Afx.sys
18:41:40.0859 0x15f4  OEM03Afx - ok
18:41:40.0921 0x15f4  [ 86326062A90494BDD79CE383511D7D69, 43D5682CA8ECB4BA7CC1A5C4C2BF966EE4802E8C3AA84CDEB634CA3C410DAB89 ] OEM03Vfx        C:\WINDOWS\system32\DRIVERS\OEM03Vfx.sys
18:41:40.0968 0x15f4  OEM03Vfx - ok
18:41:41.0015 0x15f4  [ D9ED95C6752CC59368E35927F7FC39F0, 2432A2B07A71A08611E1651257949EB2AD19F3D6397C542CFBA35B6B35FB9FCE ] OEM03Vid        C:\WINDOWS\system32\DRIVERS\OEM03Vid.sys
18:41:41.0062 0x15f4  OEM03Vid - ok
18:41:41.0078 0x15f4  [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:41:41.0171 0x15f4  ohci1394 - ok
18:41:41.0171 0x15f4  OMCI - ok
18:41:41.0203 0x15f4  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:41:41.0234 0x15f4  ose - ok
18:41:41.0265 0x15f4  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
18:41:41.0390 0x15f4  Parport - ok
18:41:41.0390 0x15f4  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
18:41:41.0468 0x15f4  PartMgr - ok
18:41:41.0515 0x15f4  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
18:41:41.0625 0x15f4  ParVdm - ok
18:41:41.0640 0x15f4  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
18:41:41.0750 0x15f4  PCI - ok
18:41:41.0750 0x15f4  PCIDump - ok
18:41:41.0750 0x15f4  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
18:41:41.0843 0x15f4  PCIIde - ok
18:41:41.0875 0x15f4  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
18:41:42.0000 0x15f4  Pcmcia - ok
18:41:42.0000 0x15f4  PDCOMP - ok
18:41:42.0000 0x15f4  PDFRAME - ok
18:41:42.0000 0x15f4  PDRELI - ok
18:41:42.0015 0x15f4  PDRFRAME - ok
18:41:42.0015 0x15f4  perc2 - ok
18:41:42.0015 0x15f4  perc2hib - ok
18:41:42.0046 0x15f4  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
18:41:42.0062 0x15f4  PlugPlay - ok
18:41:42.0093 0x15f4  [ 205E1B699FD3F2F9B036EEA2EC30C620, 9D5C8009BC3F6F76438FC82C3DAAA3E9CC87F74CDE841A0ADD9EF00E98DB6890 ] PnkBstrA        C:\WINDOWS\system32\PnkBstrA.exe
18:41:42.0140 0x15f4  PnkBstrA - ok
18:41:42.0203 0x15f4  [ E24106A5EAECDDFF00B25497049DD65F, B1BA1AEBC15A0EF04DA95E5ED2E4E6C5B9FBE8B0D80E7582A1A1B59C5724BD64 ] PnkBstrB        C:\WINDOWS\system32\PnkBstrB.exe
18:41:42.0250 0x15f4  PnkBstrB - ok
18:41:42.0250 0x15f4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
18:41:42.0343 0x15f4  PolicyAgent - ok
18:41:42.0375 0x15f4  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:41:42.0484 0x15f4  PptpMiniport - ok
18:41:42.0500 0x15f4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:41:42.0578 0x15f4  ProtectedStorage - ok
18:41:42.0593 0x15f4  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
18:41:42.0687 0x15f4  PSched - ok
18:41:42.0687 0x15f4  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:41:42.0765 0x15f4  Ptilink - ok
18:41:42.0796 0x15f4  [ 86724469CD077901706854974CD13C3E, 23C6B45928E43AC2893033DFC4265C2C87B3D185CB20553B9EAB818A46FB8C18 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:41:42.0828 0x15f4  PxHelp20 - detected UnsignedFile.Multi.Generic ( 1 )
18:41:45.0593 0x15f4  Detect skipped due to KSN trusted
18:41:45.0593 0x15f4  PxHelp20 - ok
18:41:45.0593 0x15f4  ql1080 - ok
18:41:45.0593 0x15f4  Ql10wnt - ok
18:41:45.0593 0x15f4  ql12160 - ok
18:41:45.0609 0x15f4  ql1240 - ok
18:41:45.0609 0x15f4  ql1280 - ok
18:41:45.0640 0x15f4  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:41:45.0734 0x15f4  RasAcd - ok
18:41:45.0781 0x15f4  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
18:41:45.0890 0x15f4  RasAuto - ok
18:41:45.0921 0x15f4  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:41:46.0031 0x15f4  Rasl2tp - ok
18:41:46.0062 0x15f4  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
18:41:46.0171 0x15f4  RasMan - ok
18:41:46.0171 0x15f4  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:41:46.0281 0x15f4  RasPppoe - ok
18:41:46.0296 0x15f4  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
18:41:46.0390 0x15f4  Raspti - ok
18:41:46.0406 0x15f4  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:41:46.0500 0x15f4  Rdbss - ok
18:41:46.0515 0x15f4  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:41:46.0609 0x15f4  RDPCDD - ok
18:41:46.0640 0x15f4  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:41:46.0734 0x15f4  rdpdr - ok
18:41:46.0765 0x15f4  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
18:41:46.0828 0x15f4  RDPWD - ok
18:41:46.0859 0x15f4  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
18:41:46.0953 0x15f4  RDSessMgr - ok
18:41:46.0968 0x15f4  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
18:41:47.0078 0x15f4  redbook - ok
18:41:47.0125 0x15f4  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
18:41:47.0234 0x15f4  RemoteAccess - ok
18:41:47.0250 0x15f4  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
18:41:47.0359 0x15f4  RemoteRegistry - ok
18:41:47.0390 0x15f4  [ F5CD7457FA2F0D1078992CCB77A546C4, 3D980228CEF5FED5FBE753C53332AFEE66F768C594D957C392C72761EE83D4FB ] RLDesignVirtualAudioCableWdm C:\WINDOWS\system32\DRIVERS\livecamv.sys
18:41:47.0453 0x15f4  RLDesignVirtualAudioCableWdm - ok
18:41:47.0468 0x15f4  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
18:41:47.0578 0x15f4  RpcLocator - ok
18:41:47.0625 0x15f4  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
18:41:47.0656 0x15f4  RpcSs - ok
18:41:47.0687 0x15f4  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
18:41:47.0781 0x15f4  RSVP - ok
18:41:47.0812 0x15f4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
18:41:47.0890 0x15f4  SamSs - ok
18:41:47.0921 0x15f4  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
18:41:48.0031 0x15f4  SCardSvr - ok
18:41:48.0078 0x15f4  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
18:41:48.0187 0x15f4  Schedule - ok
18:41:48.0234 0x15f4  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:41:48.0343 0x15f4  Secdrv - ok
18:41:48.0359 0x15f4  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
18:41:48.0468 0x15f4  seclogon - ok
18:41:48.0484 0x15f4  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
18:41:48.0625 0x15f4  SENS - ok
18:41:48.0640 0x15f4  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] Serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
18:41:48.0750 0x15f4  Serenum - ok
18:41:48.0781 0x15f4  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
18:41:48.0906 0x15f4  Serial - ok
18:41:48.0921 0x15f4  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\DRIVERS\sfloppy.sys
18:41:49.0046 0x15f4  Sfloppy - ok
18:41:49.0093 0x15f4  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
18:41:49.0234 0x15f4  SharedAccess - ok
18:41:49.0265 0x15f4  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:41:49.0281 0x15f4  ShellHWDetection - ok
18:41:49.0281 0x15f4  Simbad - ok
18:41:49.0375 0x15f4  [ 7C15061CD0372487903B07B9BB03AFAD, FB96CDA29C7C1E8A315BA89E8B150918E59F32CE749D3EF43FCBEB3FB57BF1C6 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
18:41:49.0390 0x15f4  SkypeUpdate - ok
18:41:49.0390 0x15f4  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:41:49.0500 0x15f4  SLIP - ok
18:41:49.0500 0x15f4  Sparrow - ok
18:41:49.0531 0x15f4  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
18:41:49.0640 0x15f4  splitter - ok
18:41:49.0656 0x15f4  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
18:41:49.0671 0x15f4  Spooler - ok
18:41:49.0687 0x15f4  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
18:41:49.0796 0x15f4  sr - ok
18:41:49.0828 0x15f4  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
18:41:49.0921 0x15f4  srservice - ok
18:41:49.0953 0x15f4  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
18:41:50.0031 0x15f4  Srv - ok
18:41:50.0062 0x15f4  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
18:41:50.0171 0x15f4  SSDPSRV - ok
18:41:50.0218 0x15f4  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
18:41:50.0343 0x15f4  stisvc - ok
18:41:50.0375 0x15f4  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:41:50.0484 0x15f4  streamip - ok
18:41:50.0500 0x15f4  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
18:41:50.0609 0x15f4  swenum - ok
18:41:50.0734 0x15f4  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:41:50.0859 0x15f4  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
18:41:53.0468 0x15f4  Detect skipped due to KSN trusted
18:41:53.0468 0x15f4  SwitchBoard - ok
18:41:53.0500 0x15f4  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
18:41:53.0625 0x15f4  swmidi - ok
18:41:53.0625 0x15f4  SwPrv - ok
18:41:53.0640 0x15f4  symc810 - ok
18:41:53.0640 0x15f4  symc8xx - ok
18:41:53.0640 0x15f4  sym_hi - ok
18:41:53.0656 0x15f4  sym_u3 - ok
18:41:53.0656 0x15f4  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
18:41:53.0781 0x15f4  sysaudio - ok
18:41:53.0812 0x15f4  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
18:41:53.0937 0x15f4  SysmonLog - ok
18:41:53.0968 0x15f4  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
18:41:54.0078 0x15f4  TapiSrv - ok
18:41:54.0125 0x15f4  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:41:54.0140 0x15f4  Tcpip - ok
18:41:54.0187 0x15f4  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
18:41:54.0296 0x15f4  TDPIPE - ok
18:41:54.0312 0x15f4  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
18:41:54.0421 0x15f4  TDTCP - ok
18:41:54.0453 0x15f4  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
18:41:54.0546 0x15f4  TermDD - ok
18:41:54.0578 0x15f4  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
18:41:54.0687 0x15f4  TermService - ok
18:41:54.0703 0x15f4  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
18:41:54.0718 0x15f4  Themes - ok
18:41:54.0750 0x15f4  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
18:41:54.0875 0x15f4  TlntSvr - ok
18:41:54.0906 0x15f4  [ F57F7075C588D427269FBBE115F740AF, 5EBC8FC7EA0A5BC15399F444023744A7237BDE523A4569DDB697B2A2A41CC434 ] tmactmon        C:\WINDOWS\system32\DRIVERS\tmactmon.sys
18:41:54.0953 0x15f4  tmactmon - ok
18:41:55.0031 0x15f4  [ 507D2A51B28035DF6D0C925F48707583, D78FCD4525C19FFF7BCAE5596D393151A28D809D14279C53549AEBD9A14EB5F7 ] tmcomm          C:\WINDOWS\system32\DRIVERS\tmcomm.sys
18:41:55.0062 0x15f4  tmcomm - ok
18:41:55.0109 0x15f4  [ 44FC17B50799BE6DC562FBD1682AC8A3, D41D6676C64CB166F07CA78456AEFFCA7929FF26FAA896A2A685ABCBE34FB308 ] tmevtmgr        C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
18:41:55.0140 0x15f4  tmevtmgr - ok
18:41:55.0156 0x15f4  [ 71B409ED6B46EE213FC22B2D440234B8, 105CA09EF3CFF1444A7FD17985F38B2F617FAEA1953B2C7BD41987BE154E60C3 ] tmtdi           C:\WINDOWS\system32\DRIVERS\tmtdi.sys
18:41:55.0171 0x15f4  tmtdi - ok
18:41:55.0187 0x15f4  TosIde - ok
18:41:55.0218 0x15f4  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
18:41:55.0328 0x15f4  TrkWks - ok
18:41:55.0359 0x15f4  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
18:41:55.0484 0x15f4  Udfs - ok
18:41:55.0484 0x15f4  ultra - ok
18:41:55.0546 0x15f4  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
18:41:55.0687 0x15f4  Update - ok
18:41:55.0718 0x15f4  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
18:41:55.0812 0x15f4  upnphost - ok
18:41:55.0859 0x15f4  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
18:41:55.0984 0x15f4  UPS - ok
18:41:56.0000 0x15f4  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
18:41:56.0031 0x15f4  USBAAPL - ok
18:41:56.0046 0x15f4  [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
18:41:56.0125 0x15f4  usbaudio - ok
18:41:56.0171 0x15f4  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:41:56.0218 0x15f4  usbccgp - ok
18:41:56.0234 0x15f4  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:41:56.0281 0x15f4  usbehci - ok
18:41:56.0312 0x15f4  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:41:56.0421 0x15f4  usbhub - ok
18:41:56.0437 0x15f4  [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:41:56.0531 0x15f4  usbohci - ok
18:41:56.0546 0x15f4  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:41:56.0656 0x15f4  usbprint - ok
18:41:56.0687 0x15f4  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:41:56.0750 0x15f4  usbscan - ok
18:41:56.0765 0x15f4  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:41:56.0875 0x15f4  USBSTOR - ok
18:41:56.0921 0x15f4  [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
18:41:56.0984 0x15f4  usbvideo - ok
18:41:57.0000 0x15f4  [ 2A7A8AD9D39A2FAF9D9293B5DAFF3A4B, 38C6F6A440B718C75F7A1361297ACE671FC258B75BDCE9E0C27D497E3DF03C61 ] USB_RNDIS       C:\WINDOWS\system32\DRIVERS\usb8023.sys
18:41:57.0046 0x15f4  USB_RNDIS - ok
18:41:57.0093 0x15f4  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
18:41:57.0218 0x15f4  VgaSave - ok
18:41:57.0218 0x15f4  ViaIde - ok
18:41:57.0234 0x15f4  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
18:41:57.0312 0x15f4  VolSnap - ok
18:41:57.0359 0x15f4  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
18:41:57.0484 0x15f4  VSS - ok
18:41:57.0515 0x15f4  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
18:41:57.0625 0x15f4  W32Time - ok
18:41:57.0640 0x15f4  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:41:57.0734 0x15f4  Wanarp - ok
18:41:57.0812 0x15f4  [ FD47474BD21794508AF449D9D91AF6E6, 2AD586390824F673B5DC5D86FC2423ED9252413D221E1C7EC3A760782DB6436A ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:41:57.0843 0x15f4  Wdf01000 - ok
18:41:57.0843 0x15f4  WDICA - ok
18:41:57.0890 0x15f4  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
18:41:58.0015 0x15f4  wdmaud - ok
18:41:58.0062 0x15f4  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
18:41:58.0171 0x15f4  WebClient - ok
18:41:58.0265 0x15f4  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
18:41:58.0375 0x15f4  winmgmt - ok
18:41:58.0484 0x15f4  [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:41:58.0562 0x15f4  wlidsvc - ok
18:41:58.0609 0x15f4  [ 051B1BDECD6DEE18C771B5D5EC7F044D, E9D4870C7E4E6119B274CF788D564BE9C48EA63790F5D6A2E987EB6DF7C93200 ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
18:41:58.0656 0x15f4  WmdmPmSN - ok
18:41:58.0703 0x15f4  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
18:41:58.0781 0x15f4  Wmi - ok
18:41:58.0828 0x15f4  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:41:58.0953 0x15f4  WmiApSrv - ok
18:41:59.0046 0x15f4  [ 6BAB4DC65515A098505F8B3D01FB6FE5, 52AA14777920753A8AF76072216A266F5D0036F112F671E7104E1F4C04AE499E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
18:41:59.0140 0x15f4  WMPNetworkSvc - ok
18:41:59.0312 0x15f4  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:41:59.0390 0x15f4  WPFFontCache_v0400 - ok
18:41:59.0437 0x15f4  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:41:59.0546 0x15f4  WS2IFSL - ok
18:41:59.0578 0x15f4  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
18:41:59.0687 0x15f4  wscsvc - ok
18:41:59.0718 0x15f4  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:41:59.0828 0x15f4  WSTCODEC - ok
18:41:59.0843 0x15f4  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
18:41:59.0937 0x15f4  wuauserv - ok
18:41:59.0953 0x15f4  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:42:00.0015 0x15f4  WudfPf - ok
18:42:00.0031 0x15f4  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:42:00.0078 0x15f4  WudfRd - ok
18:42:00.0125 0x15f4  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
18:42:00.0171 0x15f4  WudfSvc - ok
18:42:00.0218 0x15f4  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
18:42:00.0359 0x15f4  WZCSVC - ok
18:42:00.0406 0x15f4  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
18:42:00.0515 0x15f4  xmlprov - ok
18:42:00.0515 0x15f4  ================ Scan global ===============================
18:42:00.0546 0x15f4  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
18:42:00.0593 0x15f4  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
18:42:00.0609 0x15f4  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
18:42:00.0640 0x15f4  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
18:42:00.0640 0x15f4  [ Global ] - ok
18:42:00.0640 0x15f4  ================ Scan MBR ==================================
18:42:00.0656 0x15f4  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:42:01.0031 0x15f4  \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )
18:42:01.0031 0x15f4  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:42:03.0500 0x15f4  [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR2
18:42:03.0765 0x15f4  \Device\Harddisk1\DR2 - ok
18:42:03.0765 0x15f4  ================ Scan VBR ==================================
18:42:03.0765 0x15f4  [ 6CC97CE0F6D5A80640A99FBCF58BAC6A ] \Device\Harddisk0\DR0\Partition1
18:42:03.0765 0x15f4  \Device\Harddisk0\DR0\Partition1 - ok
18:42:03.0781 0x15f4  [ 8E6600006BBAA173936B874B7A0A6CA9 ] \Device\Harddisk1\DR2\Partition1
18:42:03.0796 0x15f4  \Device\Harddisk1\DR2\Partition1 - ok
18:42:03.0796 0x15f4  Waiting for KSN requests completion. In queue: 54
18:42:04.0796 0x15f4  Waiting for KSN requests completion. In queue: 54
18:42:05.0828 0x15f4  AV detected via SS1: Trend Micro Titanium Internet Security, 3.1, enabled, updated
18:42:05.0828 0x15f4  Win FW state via NFM: enabled
18:42:08.0296 0x15f4  ============================================================
18:42:08.0296 0x15f4  Scan finished
18:42:08.0296 0x15f4  ============================================================
18:42:08.0296 0x0e0c  Detected object count: 1
18:42:08.0296 0x0e0c  Actual detected object count: 1
18:42:42.0796 0x0e0c  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:42:42.0796 0x0e0c  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27138
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] strange symptoms and errors with recent registry restoration
« Reply #16 on: December 12, 2013, 07:16:17 PM »
When TDSSKiller showed the list of problems, you need to set skip to delete. Then continue.

WINWORD.EXE is Microsoft Word.

Once you have run TDSSKiller and got rid of the one problem, run your computer for 12 hrs or so, and see what is still a problem. Let me know how it goes.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline whatiswrong

  • Bronze Member
  • Posts: 27
Re: [In Progress] strange symptoms and errors with recent registry restoration
« Reply #17 on: December 12, 2013, 09:06:28 PM »
okay...

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27138
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] strange symptoms and errors with recent registry restoration
« Reply #18 on: December 13, 2013, 12:50:33 PM »
How is the computer running?

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline whatiswrong

  • Bronze Member
  • Posts: 27
Re: [In Progress] strange symptoms and errors with recent registry restoration
« Reply #19 on: December 13, 2013, 02:37:29 PM »
Hoov, it seems to be running well. 
Many thanks.  Still can't run a defrag because of chkdsk /f.
Is that something you are able to helpme with?

Thanks for all of your help.

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27138
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] strange symptoms and errors with recent registry restoration
« Reply #20 on: December 13, 2013, 02:43:27 PM »
Yep, we will get it all fixed up before we call it done. When you run a chkdsk what happens?

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline whatiswrong

  • Bronze Member
  • Posts: 27
Re: [In Progress] strange symptoms and errors with recent registry restoration
« Reply #21 on: December 14, 2013, 10:28:24 AM »
Hi Hoov.
Sorry for the delay.  Snow storm here.
When chkdsk is finished, it reboots the computer but I still can't run a defrag.  Can't make it stop doing this either.

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27138
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] strange symptoms and errors with recent registry restoration
« Reply #22 on: December 14, 2013, 03:16:54 PM »
What happens when you try running the defrag? Does it just tell you that you need to run a chkdsk?

Click the start button then go to all programs and then accessories and select command prompt. Type in fsutil dirty query C: and hit enter. Tell me what it says.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline whatiswrong

  • Bronze Member
  • Posts: 27
Re: [In Progress] strange symptoms and errors with recent registry restoration
« Reply #23 on: December 14, 2013, 05:25:27 PM »
Yes, when I try to run a defrag it tells me  that I cannot run one because chkdsk is scheduled.

When I typed   fsutil dirty query C:   into the command prompt, it told me

Volume - C: is Dirty

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27138
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] strange symptoms and errors with recent registry restoration
« Reply #24 on: December 14, 2013, 05:44:39 PM »
Try running chkdsk using the instructions below, then run the fsutil instructions again and let me know the results.

1. Double-click My Computer, and then right-click the hard disk that you want to check.
   2. Click Properties, and then click Tools.
   3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
   4. Use one of the following procedures:
          *  select the Automatically fix file system errors check box
          *  select the Scan for and attempt recovery of bad sectors check box
   5. Click Start
 
      Note If one or more of the files on the hard disk are open, you will receive the following message:
      The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
      Click Yes to schedule the disk check, and then restart your computer to start the disk check.


Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline whatiswrong

  • Bronze Member
  • Posts: 27
Re: [In Progress] strange symptoms and errors with recent registry restoration
« Reply #25 on: December 14, 2013, 06:34:12 PM »
Line #4 states to use one of the following procedures.  Is there a preference, or do you want me to check both?

I have tried the "automatically fix the file system errors" in the WAY past, but it was fruitless.

Should I try "Scan for and attempt recovery...." or does it not matter?

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27138
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] strange symptoms and errors with recent registry restoration
« Reply #26 on: December 14, 2013, 07:08:51 PM »
Check both of them. Sorry, I should have changed that when I posted it.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline whatiswrong

  • Bronze Member
  • Posts: 27
Re: [In Progress] strange symptoms and errors with recent registry restoration
« Reply #27 on: December 14, 2013, 09:58:39 PM »
upon reboot, got a notice from Apple Sync Notifier.exe - Entry Point Not Found: The procedure entry point sqlite3_wal_checkpoint could not be located in the dynamic link library SQLite3.dll

Tried to run a defrag and it said it can't and that I have to run chkdsk /f
bad news, huh?

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27138
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] strange symptoms and errors with recent registry restoration
« Reply #28 on: December 14, 2013, 10:01:32 PM »
Please download and install Speccy. Once that is done, then start it up. Once it is done analyzing, click on File and then on Save Snapshot. Save the snapshot to your desktop and then right click on it and select Send To and then Compressed (Zipped) Folder. Now attach that zipped file to a reply.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline whatiswrong

  • Bronze Member
  • Posts: 27
Re: [In Progress] strange symptoms and errors with recent registry restoration
« Reply #29 on: December 14, 2013, 11:18:05 PM »
Is this right?
« Last Edit: March 13, 2014, 06:54:19 PM by Hoov »