Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan creates users / rootkits / drivers / Manifest might be the name


  • This topic is locked This topic is locked
21 replies to this topic

#1 alexandrex

alexandrex

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 PM

Posted 04 October 2013 - 02:35 PM

Hi everyone,

 

I have gotten this bizare trojan that will not got away, I have formated windows completaly 3 times but I notice that the folder X: Boot is always in the options if I try to load drivers to the Hard drive before installing windows. There are SVhosts running ate over 100,000 K and all my processes are high. I see changes in the screen sometimes, like flashes and the mouse moves a little. I have a multiple TCP connections listening, and other ports which I have closed, like Interface toredo and InaSat.. Before I formated the first time, the program or person created users to block my files but I managed to recover them and also some logs that were left there, I will post just one now unless I get asked to post others.. I am aware that I have been recorded since there was a program called Recorded TV which was saving to a temp root folder and I believe the output site is the one in the log. I really dont know what else to do, I have formated 3 times, used adaware, avg, spybot, tried deleting manually, but so many services and processes come up and suddenly when I almost done it shuts off my laptop. All files are saved under windows names. Help! Well I dont know how but he has deleted the best log I had which said the name of it was Manifest something, I researched it but it says it was created in 2002, this is way more advance.. and the website it was rooting to.

 

Follows DDS Log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.16385
Run by ALEXANDREX at 16:23:20 on 2013-10-04
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.6092.3859 [GMT -3:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\ManageEngine\OpUtils\bin\wrapper.exe
C:\Program Files\ManageEngine\OpUtils\jre\bin\java.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ManageEngine\OpUtils\OpUtils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\CMD.exe
C:\Program Files\ManageEngine\OpUtils\pgsql\bin\postgres.exe
C:\Program Files\ManageEngine\OpUtils\pgsql\bin\postgres.exe
C:\Program Files\ManageEngine\OpUtils\pgsql\bin\postgres.exe
C:\Program Files\ManageEngine\OpUtils\pgsql\bin\postgres.exe
C:\Program Files\ManageEngine\OpUtils\pgsql\bin\postgres.exe
C:\Program Files\ManageEngine\OpUtils\pgsql\bin\postgres.exe
C:\Program Files\ManageEngine\OpUtils\pgsql\bin\postgres.exe
C:\Program Files\ManageEngine\OpUtils\pgsql\bin\postgres.exe
C:\Program Files\ManageEngine\OpUtils\pgsql\bin\postgres.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\ManageEngine\OpUtils\pgsql\bin\postgres.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\MyLanViewer\MyLanViewer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\ManageEngine\OpUtils\pgsql\bin\postgres.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbengine.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit = userinit.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
StartupFolder: C:\Users\ALEXAN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MANAGE~1.LNK - C:\Program Files\ManageEngine\OpUtils\OpUtils.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{233959A6-EB3E-47F5-9873-DD6290595E13} : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level 
 
--multi-install --chrome
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-30 204288]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 OpUtils Service;ManageEngine OpUtils;C:\Program Files\ManageEngine\OpUtils\bin\wrapper.exe [2013-10-4 511256]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-8-9 12289472]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
.
=============== Created Last 30 ================
.
2013-10-04 19:46:45 -------- d-----w- C:\Windows\Panther
2013-10-04 19:08:07 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{71FBA87C-009E-4523-A908-B258269B40B7}\offreg.dll
2013-10-04 18:58:18 -------- d-----w- C:\Program Files (x86)\MyLanViewer
2013-10-04 18:58:09 -------- d-----w- C:\Users\ALEXANDREX\AppData\Local\Programs
2013-10-04 17:52:04 -------- d-----w- C:\Users\ALEXANDREX\AppData\Local\ATI
2013-10-04 17:50:14 0 ----a-w- C:\Windows\ativpsrm.bin
2013-10-04 17:48:07 -------- d-----w- C:\HP
2013-10-04 17:41:14 -------- d-----w- C:\Program Files\Common Files\Intel
2013-10-04 17:41:14 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2013-10-04 17:41:00 -------- d-----w- C:\Program Files (x86)\AMD APP
2013-10-04 17:39:33 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2013-10-04 17:39:24 -------- d-----w- C:\Program Files\ATI Technologies
2013-10-04 17:39:21 -------- d-----w- C:\Program Files\ATI
2013-10-04 17:27:23 -------- d-----w- C:\Users\ALEXANDREX\MegaJogos
2013-10-04 17:21:19 -------- d-----w- C:\Intel
2013-10-04 17:14:41 -------- d-----w- C:\Users\ALEXANDREX\AppData\Local\Microsoft Games
2013-10-04 17:00:25 -------- d-----w- C:\Program Files (x86)\HP
2013-10-04 16:49:18 -------- d-----w- C:\Users\ALEXANDREX\AppData\Local\Google
2013-10-04 16:48:58 -------- d-----w- C:\Users\ALEXANDREX\AppData\Local\Apps
2013-10-04 16:48:57 -------- d-----w- C:\Users\ALEXANDREX\AppData\Local\Deployment
2013-10-04 16:38:55 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-04 16:38:55 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-04 16:07:49 -------- d-----w- C:\Program Files\WinPcap
2013-10-04 16:04:59 -------- d-----w- C:\Program Files\ManageEngine
2013-10-04 16:04:30 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-10-04 16:04:30 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-10-04 16:04:30 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-10-04 16:04:30 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-10-04 16:04:29 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-10-04 15:51:13 -------- d-----w- C:\Users\ALEXANDREX\AppData\Local\ElevatedDiagnostics
2013-10-04 15:33:41 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{71FBA87C-009E-4523-A908-B258269B40B7}\mpengine.dll
2013-10-04 15:33:41 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-10-04 15:28:19 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-10-04 15:28:12 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-10-04 15:28:04 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-10-04 15:28:04 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-10-04 15:23:21 -------- d-sh--w- C:\Windows\Installer
2013-10-04 15:22:43 -------- d-----w- C:\SWSetup
2013-10-04 15:11:18 -------- d-----w- C:\Program Files (x86)\SP55068
2013-10-04 14:56:01 -------- d-----w- C:\Users\ALEXANDREX\AppData\Local\VirtualStore
2013-10-04 14:54:13 -------- d-sh--w- C:\Recovery
.
==================== Find3M  ====================
.
.
============= FINISH: 16:23:36.85 ===============


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:59 PM

Posted 07 October 2013 - 06:46 AM

Hello and welcome to BleepingComputer! 
 
 
 
I am Elle and I will be helping you out with your problem. Firstly, you should know that we are working with specific tools which are used to identify the possible threats present on your system so I will analyze the results they produce. 
 
 
As a start we need to have some more up-to-date logs than the ones you have already provided. The current state of the files on your system might have changed so we need to get a clear look on that aspect. DO NOT bring any changes to the system except the ones I tell you to as that may produce more damage than helping us. 
 
If you will encounter a delay of over 2 days from me, please don't hesitate and private message me (link in the signature). 
Do not forget to check your topic periodically and subscribe to it so that you can receive notifications regarding my replies.
 
 
 
Please generate other DDS logs (download it from here if you haven't already) and post them in your next reply along with other changes that may have occured since you last posted.
Also download and run GMER from this link: GMER download link.
 
 
 
Thank you very much for your patience. 
 
 
 
 
Regards,
 
Elle

Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 alexandrex

alexandrex
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 PM

Posted 07 October 2013 - 05:10 PM

Thank you for your reply Elle, here follows the logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16506  BrowserJavaVersion: 10.40.2
Run by ALEXANDREX at 19:02:30 on 2013-10-07
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.6092.3532 [GMT -3:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall *Enabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\vcsFPService.exe
C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: EgisPBIE Sign-in Helper: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
uRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
uRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
dRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{233959A6-EB3E-47F5-9873-DD6290595E13} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{233959A6-EB3E-47F5-9873-DD6290595E13}\7414C46514F4 : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli EgisPwdFilter EgisDSPwdFilter EgisPwdFilter EgisDSPwdFilter EgisPwdFilter EgisDSPwdFilter
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll
x64-BHO: EgisPBIE Sign-in Helper: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\x64\EgisPBIE.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender\bdagent.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2013-10-4 727592]
R0 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2013-10-4 150256]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2013-10-4 93600]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2013-10-4 103504]
R1 BDVEDISK;BDVEDISK;C:\Windows\System32\drivers\bdvedisk.sys [2013-10-4 76944]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-10-5 283064]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-10-4 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-30 204288]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [2011-9-15 704048]
R2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-9-15 646704]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-10-4 2413056]
R2 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2013-10-4 94624]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [2013-10-4 67320]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 2192176]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
R3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2013-10-4 261056]
R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2013-10-4 601360]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-7-1 342528]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-8-9 12289472]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-6-10 91648]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-6-10 208896]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-1-12 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-10-5 648808]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 bdfwfpf_pc;bdfwfpf_pc;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [2013-10-4 121928]
S3 BDSandBox;BDSandBox;C:\Windows\System32\drivers\bdsandbox.sys [2013-10-4 82824]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-10-4 17480]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-10-4 9800]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-10-5 169752]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-4 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-6 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-5 1255736]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [2013-10-4 75584]
.
=============== Created Last 30 ================
.
2013-10-07 21:20:59 72200 ----a-w- C:\Windows\System32\XAPOFX1_1.dll
2013-10-07 21:13:03 -------- d-----w- C:\Program Files (x86)\Shadow Warrior
2013-10-07 21:10:27 -------- d-----w- C:\Users\ALEXANDREX\AppData\Local\inKline Global
2013-10-07 21:10:21 -------- d-----w- C:\Program Files (x86)\inKline Global
2013-10-07 02:50:21 -------- d-----w- C:\Windows\System32\SPReview
2013-10-07 02:49:52 -------- d-----w- C:\Windows\System32\EventProviders
2013-10-07 02:27:56 -------- d-----w- C:\Program Files (x86)\NovaLogic
2013-10-07 02:26:53 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2013-10-07 02:26:53 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2013-10-07 02:26:52 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2013-10-07 02:26:52 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2013-10-07 02:26:52 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2013-10-07 02:26:52 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2013-10-07 02:26:51 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2013-10-07 02:26:50 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2013-10-06 09:28:02 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2013-10-06 09:28:02 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2013-10-06 09:26:59 762880 ----a-w- C:\Windows\SysWow64\azroles.dll
2013-10-06 09:25:59 90112 ----a-w- C:\Windows\SysWow64\olepro32.dll
2013-10-06 09:23:56 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2013-10-06 09:23:56 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2013-10-06 09:23:52 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2013-10-05 07:41:03 -------- d-----w- C:\Windows\System32\MRT
2013-10-05 07:34:14 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-10-05 07:34:14 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-10-05 07:34:14 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-10-05 07:34:14 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-10-05 07:24:11 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-10-05 07:24:11 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-10-05 07:24:11 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-10-05 07:24:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-10-05 07:24:11 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-10-05 07:24:11 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-10-05 07:23:36 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-10-05 07:23:36 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-10-05 07:23:36 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-10-05 07:23:36 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-10-05 07:23:36 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-10-05 07:23:35 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-10-05 07:23:35 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-10-05 07:20:24 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-05 07:20:24 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-10-05 07:20:24 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-10-05 07:20:24 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-10-05 07:20:24 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-05 07:18:44 -------- d-----w- C:\Program Files\EgisTec IPS
2013-10-05 06:50:32 -------- d-----w- C:\Users\ALEXANDREX\AppData\Local\EgisTec
2013-10-05 06:50:11 -------- d-----w- C:\Users\ALEXANDREX\AppData\Local\EgisTec IPS
2013-10-05 06:45:49 -------- d-----w- C:\Windows\SysWow64\Wat
2013-10-05 06:45:49 -------- d-----w- C:\Windows\System32\Wat
2013-10-05 06:41:11 144896 ----a-w- C:\Windows\System32\IntelOpenCL64.dll
2013-10-05 06:41:10 104448 ----a-w- C:\Windows\SysWow64\IntelOpenCL32.dll
2013-10-05 06:34:47 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2013-10-05 06:33:48 -------- d-----w- C:\ProgramData\Oracle
2013-10-05 06:33:40 868264 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-10-05 06:33:40 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-10-05 06:33:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 06:21:12 -------- d-----w- C:\ProgramData\EgisTec
2013-10-05 06:20:39 -------- d-----w- C:\Program Files (x86)\Common Files\EgisTec
2013-10-05 06:20:29 -------- d-----w- C:\ProgramData\EgisTec IPS
2013-10-05 06:20:29 -------- d-----w- C:\Program Files (x86)\EgisTec IPS
2013-10-05 06:19:46 -------- d-----w- C:\Users\ALEXANDREX\AppData\Local\Downloaded Installations
2013-10-05 06:11:06 -------- d-----w- C:\Users\ALEXANDREX\AppData\Roaming\hpqLog
2013-10-05 06:02:11 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2013-10-05 06:02:11 648808 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2013-10-05 06:02:11 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2013-10-05 06:01:54 -------- d-----w- C:\DRIVERS
2013-10-05 05:27:45 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-10-05 05:27:42 -------- d-----w- C:\Users\ALEXANDREX\AppData\Roaming\DAEMON Tools Lite
2013-10-05 05:27:40 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2013-10-05 05:26:48 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2013-10-05 02:26:58 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-10-05 02:26:30 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-10-05 02:26:29 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-10-05 02:26:28 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-10-05 02:26:28 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-10-05 02:26:28 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-10-05 02:26:28 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-10-05 02:25:49 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-10-05 02:25:32 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-10-05 02:25:31 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-10-05 02:25:31 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-10-05 02:25:30 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-10-05 02:25:30 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-10-05 02:25:30 112640 ----a-w- C:\Windows\System32\smss.exe
2013-10-05 02:25:09 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-10-05 02:23:22 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-10-05 02:22:51 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-10-05 02:22:51 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-10-05 02:22:50 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-10-05 02:22:33 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-10-05 02:22:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-10-05 02:22:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-10-05 02:22:33 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-10-05 02:22:33 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-10-05 02:22:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-10-05 02:20:14 800768 ----a-w- C:\Windows\System32\usp10.dll
2013-10-05 02:19:08 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-10-05 02:19:08 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-10-05 02:18:38 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-10-05 02:18:38 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-10-05 02:17:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-10-05 02:17:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-10-05 02:17:41 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-10-05 02:17:41 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-10-05 02:17:41 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-10-05 02:17:41 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-10-05 02:17:20 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-05 02:17:20 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-10-05 02:03:15 478208 ----a-w- C:\Windows\System32\dpnet.dll
2013-10-05 02:03:15 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2013-10-05 02:03:15 3072 ----a-w- C:\Windows\System32\dpnaddr.dll
2013-10-05 02:03:15 2560 ----a-w- C:\Windows\SysWow64\dpnaddr.dll
2013-10-05 02:02:09 95744 ----a-w- C:\Windows\System32\synceng.dll
2013-10-05 02:02:09 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2013-10-05 02:00:39 715776 ----a-w- C:\Windows\System32\kerberos.dll
2013-10-05 02:00:39 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2013-10-05 02:00:21 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 02:00:21 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-05 02:00:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-10-05 02:00:20 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-10-05 02:00:20 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2013-10-05 02:00:20 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-10-05 01:59:13 503808 ----a-w- C:\Windows\System32\srcore.dll
2013-10-05 01:59:12 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2013-10-05 01:59:12 296960 ----a-w- C:\Windows\System32\rstrui.exe
2013-10-05 01:58:56 67072 ----a-w- C:\Windows\splwow64.exe
2013-10-05 01:58:56 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-10-05 01:58:24 59392 ----a-w- C:\Windows\System32\browcli.dll
2013-10-05 01:58:24 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2013-10-05 01:58:24 136704 ----a-w- C:\Windows\System32\browser.dll
2013-10-05 01:58:03 220160 ----a-w- C:\Windows\System32\wintrust.dll
2013-10-05 01:58:03 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-10-05 01:55:37 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2013-10-05 01:55:37 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2013-10-05 01:55:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2013-10-05 01:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2013-10-05 01:55:21 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2013-10-05 01:55:01 33792 ----a-w- C:\Windows\System32\profprov.dll
2013-10-05 01:55:01 209920 ----a-w- C:\Windows\System32\profsvc.dll
2013-10-05 01:54:50 3216384 ----a-w- C:\Windows\System32\msi.dll
2013-10-05 01:54:49 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2013-10-05 01:54:28 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2013-10-05 01:53:06 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-10-05 01:53:06 2164224 ----a-w- C:\Program Files\Windows Journal\Journal.exe
2013-10-05 01:53:06 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-10-05 01:53:06 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-10-05 01:53:06 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-10-05 01:53:05 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-10-05 01:50:17 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2013-10-05 01:50:17 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-10-05 01:49:11 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2013-10-05 01:49:11 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2013-10-05 01:48:50 515584 ----a-w- C:\Windows\System32\timedate.cpl
2013-10-05 01:48:50 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2013-10-05 01:48:41 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-10-05 01:48:31 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2013-10-05 01:48:31 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2013-10-05 01:48:19 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2013-10-05 01:48:19 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-10-05 01:48:05 395776 ----a-w- C:\Windows\System32\webio.dll
2013-10-05 01:48:05 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2013-10-05 01:47:45 1572864 ----a-w- C:\Windows\System32\quartz.dll
2013-10-05 01:47:45 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2013-10-05 01:47:44 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-10-05 01:47:44 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-10-05 01:47:31 77312 ----a-w- C:\Windows\System32\packager.dll
2013-10-05 01:47:31 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-10-05 01:46:05 723456 ----a-w- C:\Windows\System32\EncDec.dll
2013-10-05 01:46:04 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2013-10-05 01:42:42 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2013-10-05 01:41:46 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-10-05 01:41:46 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-10-05 01:41:46 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-10-05 01:41:46 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-10-05 01:41:36 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2013-10-05 01:41:36 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2013-10-05 01:41:36 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2013-10-05 01:41:20 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2013-10-05 01:41:20 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2013-10-05 01:41:12 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2013-10-05 01:41:03 142336 ----a-w- C:\Windows\System32\poqexec.exe
2013-10-05 01:41:03 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2013-10-05 01:39:47 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2013-10-05 01:38:59 902656 ----a-w- C:\Windows\System32\d2d1.dll
2013-10-05 01:38:59 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-10-05 01:38:59 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2013-10-05 01:38:27 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2013-10-05 01:38:27 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2013-10-05 01:38:27 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2013-10-05 01:38:27 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2013-10-05 01:38:27 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2013-10-05 01:38:27 1118720 ----a-w- C:\Windows\System32\sbe.dll
2013-10-05 01:35:43 16256 ----a-w- C:\Windows\System32\EuEpmGdi.dll
2013-10-05 01:35:42 9800 ----a-w- C:\Windows\System32\EuGdiDrv.sys
2013-10-05 01:35:42 9160 ----a-w- C:\Windows\SysWow64\EuGdiDrv.sys
2013-10-05 01:35:42 87112 ----a-w- C:\Windows\SysWow64\setupempdrv03.exe
2013-10-05 01:35:42 3376640 ----a-w- C:\Windows\System32\BootMan.exe
2013-10-05 01:35:42 2498216 ----a-w- C:\Windows\SysWow64\BootMan.exe
2013-10-05 01:35:42 19840 ----a-w- C:\Windows\SysWow64\EuEpmGdi.dll
2013-10-05 01:35:42 17480 ----a-w- C:\Windows\System32\epmntdrv.sys
2013-10-05 01:35:42 13896 ----a-w- C:\Windows\SysWow64\epmntdrv.sys
2013-10-05 01:35:42 100936 ----a-w- C:\Windows\System32\setupempdrvx64.exe
2013-10-05 01:35:34 -------- d-----w- C:\Program Files (x86)\EaseUS
2013-10-05 01:34:00 -------- d-----w- C:\Users\ALEXANDREX\.swt
2013-10-05 01:30:45 -------- d-----w- C:\Users\ALEXANDREX\AppData\Roaming\Azureus
2013-10-05 01:30:25 -------- d-----w- C:\Program Files\Vuze
2013-10-05 01:28:29 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-10-05 01:12:51 625047 ----a-w- C:\ProgramData\1380934890.bdinstall.bin
2013-10-05 01:08:18 -------- d-----w- C:\ProgramData\BDLogging
2013-10-05 01:08:07 76944 ----a-w- C:\Windows\System32\drivers\bdvedisk.sys
2013-10-05 01:07:54 93600 ----a-w- C:\Windows\System32\drivers\BdfNdisf6.sys
2013-10-05 01:07:54 82824 ----a-w- C:\Windows\System32\drivers\bdsandbox.sys
2013-10-05 01:07:54 511328 ----a-w- C:\Windows\capicom.dll
2013-10-05 01:07:53 727592 ----a-w- C:\Windows\System32\drivers\avc3.sys
2013-10-05 01:07:53 601360 ----a-w- C:\Windows\System32\drivers\avckf.sys
2013-10-05 01:07:53 261056 ----a-w- C:\Windows\System32\drivers\avchv.sys
2013-10-05 01:05:16 -------- d-----w- C:\Users\ALEXANDREX\AppData\Roaming\Bitdefender
2013-10-05 01:05:13 3271472 ---ha-w- C:\bdr-bz01
2013-10-05 01:01:59 150256 ----a-w- C:\Windows\System32\drivers\gzflt.sys
2013-10-05 01:01:59 -------- d-----w- C:\ProgramData\Bitdefender
2013-10-05 01:01:58 389240 ----a-w- C:\Windows\System32\drivers\trufos.sys
2013-10-05 01:01:58 -------- d-----w- C:\Program Files\Bitdefender
2013-10-05 01:01:30 -------- d-----w- C:\Users\ALEXANDREX\AppData\Roaming\QuickScan
2013-10-05 01:01:09 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2013-10-05 01:01:06 -------- d-----w- C:\Program Files (x86)\Common Files\Bitdefender
2013-10-05 00:52:35 -------- d-----w- C:\Users\ALEXANDREX\AppData\Roaming\IDT
2013-10-05 00:43:59 -------- d-----w- C:\Windows\SysWow64\sda
2013-10-05 00:43:32 9888360 ----a-w- C:\Windows\SysWow64\RtsPStorIcon.dll
2013-10-05 00:43:32 -------- d-----w- C:\Program Files (x86)\Realtek
2013-10-05 00:41:43 224256 ----a-w- C:\Windows\System32\staco64.dll
2013-10-05 00:41:41 654336 ------w- C:\Windows\System32\stapi64.dll
2013-10-05 00:41:41 528384 ----a-w- C:\Windows\System32\drivers\stwrt64.sys
2013-10-05 00:41:41 431616 ----a-w- C:\Windows\System32\stcplx64.dll
2013-10-05 00:41:41 1965056 ----a-w- C:\Windows\System32\stapo64.dll
2013-10-05 00:41:39 -------- d-----w- C:\Program Files\IDT
2013-10-05 00:39:45 -------- d-----w- C:\Users\ALEXANDREX\AppData\Roaming\Synaptics
2013-10-05 00:39:45 -------- d-----w- C:\ProgramData\Synaptics
2013-10-05 00:37:57 -------- d-----w- C:\Program Files\Synaptics
2013-10-05 00:35:55 -------- d-----w- C:\Program Files\Validity Sensors
2013-10-04 22:38:30 -------- d-----w- C:\Users\ALEXANDREX\AppData\Local\Spotify
2013-10-04 22:37:49 -------- d-----w- C:\Users\ALEXANDREX\AppData\Roaming\Spotify
2013-10-04 20:33:32 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-10-04 20:33:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-10-04 20:33:32 20992 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2013-10-04 20:33:32 162816 ----a-w- C:\Windows\System32\rdpudd.dll
2013-10-04 20:33:32 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-10-04 19:46:45 -------- d-----w- C:\Windows\Panther
2013-10-04 18:58:18 -------- d-----w- C:\Program Files (x86)\MyLanViewer
2013-10-04 18:58:09 -------- d-----w- C:\Users\ALEXANDREX\AppData\Local\Programs
2013-10-04 17:52:04 -------- d-----w- C:\Users\ALEXANDREX\AppData\Local\ATI
2013-10-04 17:50:14 0 ----a-w- C:\Windows\ativpsrm.bin
2013-10-04 17:48:07 -------- d-----w- C:\HP
2013-10-04 17:41:00 -------- d-----w- C:\Program Files (x86)\AMD APP
2013-10-04 17:39:33 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2013-10-04 17:39:24 -------- d-----w- C:\Program Files\ATI Technologies
2013-10-04 17:39:21 -------- d-----w- C:\Program Files\ATI
2013-10-04 17:27:23 -------- d-----w- C:\Users\ALEXANDREX\MegaJogos
2013-10-04 17:21:19 -------- d-----w- C:\Intel
2013-10-04 17:14:41 -------- d-----w- C:\Users\ALEXANDREX\AppData\Local\Microsoft Games
2013-10-04 17:00:25 -------- d-----w- C:\Program Files (x86)\HP
2013-10-04 16:49:18 -------- d-----w- C:\Users\ALEXANDREX\AppData\Local\Google
2013-10-04 16:48:58 -------- d-----w- C:\Users\ALEXANDREX\AppData\Local\Apps
2013-10-04 16:48:57 -------- d-----w- C:\Users\ALEXANDREX\AppData\Local\Deployment
2013-10-04 16:38:55 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-04 16:38:55 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-04 16:07:49 -------- d-----w- C:\Program Files\WinPcap
2013-10-04 15:51:13 -------- d-----w- C:\Users\ALEXANDREX\AppData\Local\ElevatedDiagnostics
2013-10-04 15:33:41 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{71FBA87C-009E-4523-A908-B258269B40B7}\mpengine.dll
2013-10-04 15:33:41 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-10-04 15:28:19 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-10-04 15:28:12 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-10-04 15:28:04 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-10-04 15:28:04 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-10-04 15:23:21 -------- d-sh--w- C:\Windows\Installer
2013-10-04 15:22:43 -------- d-----w- C:\SWSetup
2013-10-04 15:11:18 -------- d-----w- C:\Program Files (x86)\SP55068
2013-10-04 14:56:01 -------- d-----w- C:\Users\ALEXANDREX\AppData\Local\VirtualStore
2013-10-04 14:54:13 -------- d-sh--w- C:\Recovery
.
==================== Find3M  ====================
.
2013-10-07 02:58:45 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-10-07 02:58:44 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-08-09 19:26:10 279024 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe
.
============= FINISH: 19:04:26.21 ===============


#4 alexandrex

alexandrex
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 PM

Posted 07 October 2013 - 09:20 PM

Elle since the last log I updated windows, installed Bitefinder, and a couple of other programs. The Gmer log is very big and not succesfully posting.. should I attach it?



#5 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:59 PM

Posted 08 October 2013 - 08:39 AM

Yes, please attach it. Did BitDefender detect anything?

 

 

 

Elle 


Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#6 alexandrex

alexandrex
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 PM

Posted 08 October 2013 - 11:49 AM

Hi Elle, I had to format once again, it seems the more I fight this the more harm it does.. Here follows new DDS and GMER logs. Bitedefender did not detect it.

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.7600.16385
Run by alex at 13:45:10 on 2013-10-08
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.2510.331 [GMT -3:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{CC5B918D-D295-4983-9E81-4B34F4AFE479} : DHCPNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-9-30 176128]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\intel\bluetoothhs\BTHSAmpPalService.exe [2011-8-31 948736]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\intel\bluetoothhs\BTHSSecurityMgr.exe [2011-6-3 102672]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2011-5-13 26168]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-10-8 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-10-8 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-10-8 171928]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\drivers\AmpPal.sys [2011-8-8 243712]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-10-15 269824]
R3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2011-8-9 10843136]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-8-3 7517696]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2011-1-12 250984]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\drivers\AmpPal.sys [2011-8-8 243712]
.
=============== Created Last 30 ================
.
2013-10-08 19:44:43 -------- d-sh--w- C:\Boot
2013-10-08 16:14:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-10-08 16:13:40 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-10-08 16:13:36 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-10-08 16:13:25 -------- d-----w- c:\users\alex\appdata\local\Programs
2013-10-08 16:08:10 -------- d-----w- c:\users\alex\appdata\local\Google
2013-10-08 16:08:00 -------- d-----w- c:\users\alex\appdata\local\Apps
2013-10-08 16:07:59 -------- d-----w- c:\users\alex\appdata\local\Deployment
2013-10-08 16:04:58 -------- d-----w- c:\users\alex\appdata\local\ATI
2013-10-08 16:03:29 0 ----a-w- c:\windows\ativpsrm.bin
2013-10-08 16:01:09 -------- d-----w- c:\program files\common files\Intel
2013-10-08 16:00:57 -------- d-----w- C:\Intel
2013-10-08 16:00:56 -------- d-----w- c:\program files\AMD APP
2013-10-08 15:59:13 -------- d-----w- c:\program files\ATI Technologies
2013-10-08 15:59:12 -------- d-----w- c:\program files\ATI
2013-10-08 15:36:47 7328304 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5bd353fd-9815-4d77-a10f-07a3b7b3a395}\mpengine.dll
2013-10-08 15:36:46 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-10-08 15:34:07 826368 ----a-w- c:\windows\system32\rdpcore.dll
2013-10-08 15:34:07 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-10-08 15:34:07 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2013-10-08 15:33:58 132608 ----a-w- c:\windows\system32\cabview.dll
2013-10-08 15:30:06 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-10-08 15:29:55 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-10-08 15:29:46 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-10-08 15:29:46 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-10-08 15:28:49 -------- d-sh--w- c:\windows\Installer
2013-10-08 15:28:05 -------- d-----w- C:\SWSetup
2013-10-08 14:56:26 -------- d-----w- c:\windows\system32\wbem\Performance
2013-10-08 14:52:28 -------- d-----w- c:\users\alex\appdata\local\VirtualStore
.
==================== Find3M  ====================
.
.
============= FINISH: 13:45:31.85 ===============


#7 alexandrex

alexandrex
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 PM

Posted 08 October 2013 - 11:54 AM

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-10-08 13:54:24
Windows 6.1.7600  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BPVT-75HXZT3 rev.03.01A03 465.76GB
Running: gmer.exe; Driver: C:\Windows\TEMP\kxldrpog.sys
 
 
---- Kernel code sections - GMER 2.1 ----
 
.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                      82897579 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                               828BBF52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                             section is writeable [0x92834000, 0x39CC55, 0xE8000020]
?               C:\Windows\TEMP\mbr.sys                                                                              The system cannot find the file specified. !
 
---- User code sections - GMER 2.1 ----
 
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtCreateFile + 6               77BD4A16 4 Bytes  [28, 9C, 4A, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtCreateFile + B               77BD4A1B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtMapViewOfSection + 6         77BD5076 4 Bytes  [28, 9F, 4A, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtMapViewOfSection + B         77BD507B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenFile + 6                 77BD5126 4 Bytes  [68, 9C, 4A, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenFile + B                 77BD512B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenProcess + 6              77BD51D6 4 Bytes  [A8, 9D, 4A, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenProcess + B              77BD51DB 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenProcessToken + B         77BD51EB 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenProcessTokenEx + 6       77BD51F6 4 Bytes  [A8, 9E, 4A, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenProcessTokenEx + B       77BD51FB 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenThread + 6               77BD5256 4 Bytes  [68, 9D, 4A, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenThread + B               77BD525B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenThreadToken + 6          77BD5266 4 Bytes  [68, 9E, 4A, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenThreadToken + B          77BD526B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtOpenThreadTokenEx + B        77BD527B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtQueryAttributesFile + 6      77BD5386 4 Bytes  [A8, 9C, 4A, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtQueryAttributesFile + B      77BD538B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtQueryFullAttributesFile + B  77BD543B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtSetInformationFile + 6       77BD5A86 4 Bytes  [28, 9D, 4A, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtSetInformationFile + B       77BD5A8B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtSetInformationThread + 6     77BD5AE6 4 Bytes  [28, 9E, 4A, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtSetInformationThread + B     77BD5AEB 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtUnmapViewOfSection + 6       77BD5E06 4 Bytes  [68, 9F, 4A, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[2004] ntdll.dll!NtUnmapViewOfSection + B       77BD5E0B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtCreateFile + 6               77BD4A16 4 Bytes  [28, 2C, F6, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtCreateFile + B               77BD4A1B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtMapViewOfSection + 6         77BD5076 4 Bytes  [28, 2F, F6, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtMapViewOfSection + B         77BD507B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenFile + 6                 77BD5126 4 Bytes  [68, 2C, F6, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenFile + B                 77BD512B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenProcess + 6              77BD51D6 4 Bytes  [A8, 2D, F6, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenProcess + B              77BD51DB 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenProcessToken + B         77BD51EB 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenProcessTokenEx + 6       77BD51F6 4 Bytes  [A8, 2E, F6, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenProcessTokenEx + B       77BD51FB 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenThread + 6               77BD5256 4 Bytes  [68, 2D, F6, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenThread + B               77BD525B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenThreadToken + 6          77BD5266 4 Bytes  [68, 2E, F6, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenThreadToken + B          77BD526B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenThreadTokenEx + B        77BD527B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtQueryAttributesFile + 6      77BD5386 4 Bytes  [A8, 2C, F6, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtQueryAttributesFile + B      77BD538B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtQueryFullAttributesFile + B  77BD543B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtSetInformationFile + 6       77BD5A86 4 Bytes  [28, 2D, F6, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtSetInformationFile + B       77BD5A8B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtSetInformationThread + 6     77BD5AE6 4 Bytes  [28, 2E, F6, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtSetInformationThread + B     77BD5AEB 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtUnmapViewOfSection + 6       77BD5E06 4 Bytes  [68, 2F, F6, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtUnmapViewOfSection + B       77BD5E0B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtCreateFile + 6               77BD4A16 4 Bytes  [28, EC, 47, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtCreateFile + B               77BD4A1B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtMapViewOfSection + 6         77BD5076 4 Bytes  [28, EF, 47, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtMapViewOfSection + B         77BD507B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenFile + 6                 77BD5126 4 Bytes  [68, EC, 47, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenFile + B                 77BD512B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenProcess + 6              77BD51D6 4 Bytes  [A8, ED, 47, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenProcess + B              77BD51DB 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenProcessToken + B         77BD51EB 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenProcessTokenEx + 6       77BD51F6 4 Bytes  [A8, EE, 47, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenProcessTokenEx + B       77BD51FB 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenThread + 6               77BD5256 4 Bytes  [68, ED, 47, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenThread + B               77BD525B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenThreadToken + 6          77BD5266 4 Bytes  [68, EE, 47, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenThreadToken + B          77BD526B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenThreadTokenEx + B        77BD527B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtQueryAttributesFile + 6      77BD5386 4 Bytes  [A8, EC, 47, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtQueryAttributesFile + B      77BD538B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtQueryFullAttributesFile + B  77BD543B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtSetInformationFile + 6       77BD5A86 4 Bytes  [28, ED, 47, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtSetInformationFile + B       77BD5A8B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtSetInformationThread + 6     77BD5AE6 4 Bytes  [28, EE, 47, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtSetInformationThread + B     77BD5AEB 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtUnmapViewOfSection + 6       77BD5E06 4 Bytes  [68, EF, 47, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtUnmapViewOfSection + B       77BD5E0B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4804] ntdll.dll!NtCreateFile + 6               77BD4A16 4 Bytes  [28, B0, 36, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4804] ntdll.dll!NtCreateFile + B               77BD4A1B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4804] ntdll.dll!NtMapViewOfSection + 6         77BD5076 4 Bytes  [28, B3, 36, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4804] ntdll.dll!NtMapViewOfSection + B         77BD507B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4804] ntdll.dll!NtOpenFile + 6                 77BD5126 4 Bytes  [68, B0, 36, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4804] ntdll.dll!NtOpenFile + B                 77BD512B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4804] ntdll.dll!NtOpenProcess + 6              77BD51D6 4 Bytes  [A8, B1, 36, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4804] ntdll.dll!NtOpenProcess + B              77BD51DB 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4804] ntdll.dll!NtOpenProcessToken + B         77BD51EB 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4804] ntdll.dll!NtOpenProcessTokenEx + 6       77BD51F6 4 Bytes  [A8, B2, 36, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4804] ntdll.dll!NtOpenProcessTokenEx + B       77BD51FB 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4804] ntdll.dll!NtOpenThread + 6               77BD5256 4 Bytes  [68, B1, 36, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4804] ntdll.dll!NtOpenThread + B               77BD525B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4804] ntdll.dll!NtOpenThreadToken + 6          77BD5266 4 Bytes  [68, B2, 36, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4804] ntdll.dll!NtOpenThreadToken + B          77BD526B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4804] ntdll.dll!NtOpenThreadTokenEx + B        77BD527B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4804] ntdll.dll!NtQueryAttributesFile + 6      77BD5386 4 Bytes  [A8, B0, 36, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4804] ntdll.dll!NtQueryAttributesFile + B      77BD538B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4804] ntdll.dll!NtQueryFullAttributesFile + B  77BD543B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4804] ntdll.dll!NtSetInformationFile + 6       77BD5A86 4 Bytes  [28, B1, 36, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4804] ntdll.dll!NtSetInformationFile + B       77BD5A8B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4804] ntdll.dll!NtSetInformationThread + 6     77BD5AE6 4 Bytes  [28, B2, 36, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4804] ntdll.dll!NtSetInformationThread + B     77BD5AEB 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4804] ntdll.dll!NtUnmapViewOfSection + 6       77BD5E06 4 Bytes  [68, B3, 36, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4804] ntdll.dll!NtUnmapViewOfSection + B       77BD5E0B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5340] ntdll.dll!NtCreateFile + 6               77BD4A16 4 Bytes  [28, 84, A8, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5340] ntdll.dll!NtCreateFile + B               77BD4A1B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5340] ntdll.dll!NtMapViewOfSection + 6         77BD5076 4 Bytes  [28, 87, A8, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5340] ntdll.dll!NtMapViewOfSection + B         77BD507B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5340] ntdll.dll!NtOpenFile + 6                 77BD5126 4 Bytes  [68, 84, A8, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5340] ntdll.dll!NtOpenFile + B                 77BD512B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5340] ntdll.dll!NtOpenProcess + 6              77BD51D6 4 Bytes  [A8, 85, A8, 00] {TEST AL, 0x85; TEST AL, 0x0}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5340] ntdll.dll!NtOpenProcess + B              77BD51DB 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5340] ntdll.dll!NtOpenProcessToken + B         77BD51EB 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5340] ntdll.dll!NtOpenProcessTokenEx + 6       77BD51F6 4 Bytes  [A8, 86, A8, 00] {TEST AL, 0x86; TEST AL, 0x0}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5340] ntdll.dll!NtOpenProcessTokenEx + B       77BD51FB 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5340] ntdll.dll!NtOpenThread + 6               77BD5256 4 Bytes  [68, 85, A8, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5340] ntdll.dll!NtOpenThread + B               77BD525B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5340] ntdll.dll!NtOpenThreadToken + 6          77BD5266 4 Bytes  [68, 86, A8, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5340] ntdll.dll!NtOpenThreadToken + B          77BD526B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5340] ntdll.dll!NtOpenThreadTokenEx + B        77BD527B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5340] ntdll.dll!NtQueryAttributesFile + 6      77BD5386 4 Bytes  [A8, 84, A8, 00] {TEST AL, 0x84; TEST AL, 0x0}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5340] ntdll.dll!NtQueryAttributesFile + B      77BD538B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5340] ntdll.dll!NtQueryFullAttributesFile + B  77BD543B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5340] ntdll.dll!NtSetInformationFile + 6       77BD5A86 4 Bytes  [28, 85, A8, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5340] ntdll.dll!NtSetInformationFile + B       77BD5A8B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5340] ntdll.dll!NtSetInformationThread + 6     77BD5AE6 4 Bytes  [28, 86, A8, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5340] ntdll.dll!NtSetInformationThread + B     77BD5AEB 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5340] ntdll.dll!NtUnmapViewOfSection + 6       77BD5E06 4 Bytes  [68, 87, A8, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5340] ntdll.dll!NtUnmapViewOfSection + B       77BD5E0B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtCreateFile + 6               77BD4A16 4 Bytes  [28, E4, 89, 00] {SUB AH, AH; MOV [EAX], EAX}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtCreateFile + B               77BD4A1B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtMapViewOfSection + 6         77BD5076 4 Bytes  [28, E7, 89, 00] {SUB BH, AH; MOV [EAX], EAX}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtMapViewOfSection + B         77BD507B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtOpenFile + 6                 77BD5126 4 Bytes  [68, E4, 89, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtOpenFile + B                 77BD512B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtOpenProcess + 6              77BD51D6 4 Bytes  [A8, E5, 89, 00] {TEST AL, 0xe5; MOV [EAX], EAX}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtOpenProcess + B              77BD51DB 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtOpenProcessToken + B         77BD51EB 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtOpenProcessTokenEx + 6       77BD51F6 4 Bytes  [A8, E6, 89, 00] {TEST AL, 0xe6; MOV [EAX], EAX}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtOpenProcessTokenEx + B       77BD51FB 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtOpenThread + 6               77BD5256 4 Bytes  [68, E5, 89, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtOpenThread + B               77BD525B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtOpenThreadToken + 6          77BD5266 4 Bytes  [68, E6, 89, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtOpenThreadToken + B          77BD526B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtOpenThreadTokenEx + B        77BD527B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtQueryAttributesFile + 6      77BD5386 4 Bytes  [A8, E4, 89, 00] {TEST AL, 0xe4; MOV [EAX], EAX}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtQueryAttributesFile + B      77BD538B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtQueryFullAttributesFile + B  77BD543B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtSetInformationFile + 6       77BD5A86 4 Bytes  [28, E5, 89, 00] {SUB CH, AH; MOV [EAX], EAX}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtSetInformationFile + B       77BD5A8B 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtSetInformationThread + 6     77BD5AE6 4 Bytes  [28, E6, 89, 00] {SUB DH, AH; MOV [EAX], EAX}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtSetInformationThread + B     77BD5AEB 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtUnmapViewOfSection + 6       77BD5E06 4 Bytes  [68, E7, 89, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[6140] ntdll.dll!NtUnmapViewOfSection + B       77BD5E0B 1 Byte  [E2]
 
---- Devices - GMER 2.1 ----
 
AttachedDevice  \FileSystem\fastfat \Fat                                                                             fltmgr.sys
 
---- EOF - GMER 2.1 ----


#8 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:59 PM

Posted 09 October 2013 - 07:28 AM

Hi there,

 

 

Are you still having the issues you've been encountering or did anything change? :)

 

 

 

Elle 


Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#9 alexandrex

alexandrex
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 PM

Posted 09 October 2013 - 01:59 PM

Hi Elle, I am still having the issue. I think it has made a locked partition and altered boot settings.. 



#10 alexandrex

alexandrex
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 PM

Posted 09 October 2013 - 04:34 PM

Hi Elle, I really need to fix this ASAP as I work from home and am not being able to access my email or anything because I fear it might be being tracked. Please help me o\ut



#11 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:59 PM

Posted 10 October 2013 - 04:22 AM

Hi there,

 

 

 

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  • Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it. 
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
  •  
     
     
     
    We will try to fix this asap then. :)
     
     
     
    Elle 

    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #12 alexandrex

    alexandrex
    • Topic Starter

    • Members
    • 13 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:59 PM

    Posted 10 October 2013 - 04:11 PM

    HI Elle, here is the log

     

    18:06:31.0725 0x14fc  TDSS rootkit removing tool 3.0.0.12 Oct  9 2013 14:59:22
    18:06:32.0389 0x14fc  ============================================================
    18:06:32.0389 0x14fc  Current date / time: 2013/10/10 18:06:32.0389
    18:06:32.0389 0x14fc  SystemInfo:
    18:06:32.0389 0x14fc  
    18:06:32.0389 0x14fc  OS Version: 6.1.7600 ServicePack: 0.0
    18:06:32.0389 0x14fc  Product type: Workstation
    18:06:32.0389 0x14fc  ComputerName: ALEXANDRE-PC
    18:06:32.0390 0x14fc  UserName: Alexandre
    18:06:32.0390 0x14fc  Windows directory: C:\Windows
    18:06:32.0390 0x14fc  System windows directory: C:\Windows
    18:06:32.0390 0x14fc  Running under WOW64
    18:06:32.0390 0x14fc  Processor architecture: Intel x64
    18:06:32.0391 0x14fc  Number of processors: 8
    18:06:32.0391 0x14fc  Page size: 0x1000
    18:06:32.0391 0x14fc  Boot type: Normal boot
    18:06:32.0391 0x14fc  ============================================================
    18:06:34.0462 0x14fc  System UUID: {B762E0D8-EC30-B8FA-5B16-6A4E81457705}
    18:06:34.0857 0x14fc  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:06:34.0861 0x14fc  ============================================================
    18:06:34.0861 0x14fc  \Device\Harddisk0\DR0:
    18:06:34.0861 0x14fc  MBR partitions:
    18:06:34.0861 0x14fc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    18:06:34.0861 0x14fc  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x30EDC000
    18:06:34.0861 0x14fc  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x6, StartLBA 0x30F0E800, BlocksNum 0x9477000
    18:06:34.0861 0x14fc  ============================================================
    18:06:34.0900 0x14fc  C: <-> \Device\Harddisk0\DR0\Partition2
    18:06:34.0927 0x14fc  ============================================================
    18:06:34.0927 0x14fc  Initialize success
    18:06:34.0927 0x14fc  ============================================================
    18:07:23.0977 0x15a8  ============================================================
    18:07:23.0977 0x15a8  Scan started
    18:07:23.0977 0x15a8  Mode: Manual; 
    18:07:23.0977 0x15a8  ============================================================
    18:07:23.0977 0x15a8  KSN ping started
    18:07:26.0800 0x15a8  KSN ping finished: true
    18:07:27.0462 0x15a8  ================ Scan system memory ========================
    18:07:27.0462 0x15a8  System memory - ok
    18:07:27.0464 0x15a8  ================ Scan services =============================
    18:07:27.0618 0x15a8  [ 1B00662092F9F9568B995902F0CC40D5, D345014CF146FA57B2682C189D5E7F27D4C78F321F2723D912D623E777C2BB70 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
    18:07:27.0633 0x15a8  1394ohci - ok
    18:07:27.0692 0x15a8  [ 5C368F4B04ED2A923E6AFCA2D37BAFF5, C3CC58D636B18DF77C4C4B384AD1DE78418716A0606E564DBC63782D5EA02905 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
    18:07:27.0696 0x15a8  Accelerometer - ok
    18:07:27.0721 0x15a8  [ 6F11E88748CDEFD2F76AA215F97DDFE5, BD0B3561EDCDE5EFD89372793CFD09DF879709BF469542F4A049705CBA9FD060 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
    18:07:27.0731 0x15a8  ACPI - ok
    18:07:27.0735 0x15a8  [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
    18:07:27.0736 0x15a8  AcpiPmi - ok
    18:07:27.0780 0x15a8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
    18:07:27.0792 0x15a8  adp94xx - ok
    18:07:27.0806 0x15a8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
    18:07:27.0815 0x15a8  adpahci - ok
    18:07:27.0824 0x15a8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
    18:07:27.0829 0x15a8  adpu320 - ok
    18:07:27.0858 0x15a8  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
    18:07:27.0861 0x15a8  AeLookupSvc - ok
    18:07:27.0950 0x15a8  [ A6FB9DB8F1A86861D955FD6975977AE0, 788C6EE50719227D7A9B7F08C8D5E1289FCD0E8AC23A1021A5093D2E8368F696 ] AESTFilters     C:\Program Files\IDT\WDM\AESTSr64.exe
    18:07:27.0960 0x15a8  AESTFilters - ok
    18:07:28.0029 0x15a8  [ B9384E03479D2506BC924C16A3DB87BC, AB5FD2BC1F005E7D664F5DE3D5CB54499024A83B716DD52C56582DB7EFB4F01B ] AFD             C:\Windows\system32\drivers\afd.sys
    18:07:28.0049 0x15a8  AFD - ok
    18:07:28.0060 0x15a8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
    18:07:28.0063 0x15a8  agp440 - ok
    18:07:28.0089 0x15a8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
    18:07:28.0093 0x15a8  ALG - ok
    18:07:28.0109 0x15a8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
    18:07:28.0110 0x15a8  aliide - ok
    18:07:28.0153 0x15a8  [ C53D784D7303C463D004C0D5782917B4, 004918DC540E81B0034ECDBB525C4108D6D4EA896033323651FAB2490A0B7E11 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    18:07:28.0166 0x15a8  AMD External Events Utility - ok
    18:07:28.0176 0x15a8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
    18:07:28.0177 0x15a8  amdide - ok
    18:07:28.0184 0x15a8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
    18:07:28.0187 0x15a8  AmdK8 - ok
    18:07:28.0516 0x15a8  [ 06778049A44C316E8D016039B9D14667, 78C7CA39107B4EEEBF96A0C7C0470BD2A63A3FDF5CA1E1FEC3F058F61BF16569 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
    18:07:28.0689 0x15a8  amdkmdag - ok
    18:07:28.0739 0x15a8  [ 94B4028F0EEA1F166D78186A254676B5, 4004ADCC91B4D6F3C516A514DA7840789D4ED14E081AD123C735495B2074EC79 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
    18:07:28.0744 0x15a8  amdkmdap - ok
    18:07:28.0749 0x15a8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
    18:07:28.0750 0x15a8  AmdPPM - ok
    18:07:28.0755 0x15a8  [ 7A4B413614C055935567CF88A9734D38, A3BB7CDF3EE0EEF67F89263E81145E73C7142EF5F0AF265375C2ECCE74F932C4 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
    18:07:28.0757 0x15a8  amdsata - ok
    18:07:28.0765 0x15a8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
    18:07:28.0769 0x15a8  amdsbs - ok
    18:07:28.0772 0x15a8  [ B4AD0CACBAB298671DD6F6EF7E20679D, FB566C892D0A3DC0A523AE20F35011996958D670937DD5C1A1FCCD36AAC714D7 ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
    18:07:28.0773 0x15a8  amdxata - ok
    18:07:28.0825 0x15a8  [ 7D9E301AB3247765702D0B65E2E47E50, 110F1D9A01F1DB36815B4CBF04E540958B760AC46955F7712D03F958F78734D0 ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
    18:07:28.0859 0x15a8  AMPPAL - ok
    18:07:28.0878 0x15a8  [ 7D9E301AB3247765702D0B65E2E47E50, 110F1D9A01F1DB36815B4CBF04E540958B760AC46955F7712D03F958F78734D0 ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys
    18:07:28.0890 0x15a8  AMPPALP - ok
    18:07:28.0989 0x15a8  [ 576134E43169810B560F0BB6FDEE13F5, 8B6CC94AAACA7C1074A6A20FEBA13D653E1550B2C471A5A383AC97DDC3A0213B ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    18:07:29.0009 0x15a8  AMPPALR3 - ok
    18:07:29.0084 0x15a8  [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID           C:\Windows\system32\drivers\appid.sys
    18:07:29.0090 0x15a8  AppID - ok
    18:07:29.0110 0x15a8  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
    18:07:29.0113 0x15a8  AppIDSvc - ok
    18:07:29.0124 0x15a8  [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo         C:\Windows\System32\appinfo.dll
    18:07:29.0148 0x15a8  Appinfo - ok
    18:07:29.0185 0x15a8  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
    18:07:29.0196 0x15a8  AppMgmt - ok
    18:07:29.0212 0x15a8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
    18:07:29.0230 0x15a8  arc - ok
    18:07:29.0237 0x15a8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
    18:07:29.0254 0x15a8  arcsas - ok
    18:07:29.0262 0x15a8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
    18:07:29.0274 0x15a8  AsyncMac - ok
    18:07:29.0280 0x15a8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
    18:07:29.0281 0x15a8  atapi - ok
    18:07:29.0348 0x15a8  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    18:07:29.0383 0x15a8  AudioEndpointBuilder - ok
    18:07:29.0410 0x15a8  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
    18:07:29.0422 0x15a8  AudioSrv - ok
    18:07:29.0503 0x15a8  [ E058520EEE9DAC4613D846596FF82D92, 0291075CA16ACB79F4989DE44D381F5742A2A3601F22C3600AE236D864E3370E ] avc3            C:\Windows\system32\DRIVERS\avc3.sys
    18:07:29.0523 0x15a8  avc3 - ok
    18:07:29.0547 0x15a8  [ 3B9549FEF98AB1768A1D6A919F355B70, 0014914051CB54CD7CC25561D29099A19DCFB2E1810FF635F9B6AD3D9C6FBC4B ] avchv           C:\Windows\system32\DRIVERS\avchv.sys
    18:07:29.0552 0x15a8  avchv - ok
    18:07:29.0579 0x15a8  [ 62C4DB41DAEA0FC1F5CB103B023D1068, 8C04FDF08CB487A775C8970527AE8115D9CE538781C607F703EE49674C63BA56 ] avckf           C:\Windows\system32\DRIVERS\avckf.sys
    18:07:29.0590 0x15a8  avckf - ok
    18:07:29.0640 0x15a8  [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
    18:07:29.0644 0x15a8  AxInstSV - ok
    18:07:29.0707 0x15a8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
    18:07:29.0731 0x15a8  b06bdrv - ok
    18:07:29.0757 0x15a8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
    18:07:29.0767 0x15a8  b57nd60a - ok
    18:07:29.0853 0x15a8  [ 0D4A66F015A63EC28355805C9703ABBC, A127016F77038E2FCF870CC7C34E4AEEF51634F08BDB9C72DB07EF265530A567 ] BdDesktopParental C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe
    18:07:29.0859 0x15a8  BdDesktopParental - ok
    18:07:29.0916 0x15a8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
    18:07:29.0925 0x15a8  BDESVC - ok
    18:07:29.0994 0x15a8  [ 3FAFE12C5D1D4D5F3567E7A0A2F15A7C, B77455872683563C12963E1D8FC349FB33B048D615FD299571A2DCF1598C0A9F ] BdfNdisf        c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
    18:07:30.0000 0x15a8  BdfNdisf - ok
    18:07:30.0041 0x15a8  [ 4CE4B0098FC315C237FA8867F07886C4, 475B2D86EE7658372D868ABC9ACA965FDD8212D3AE2C6E4749DC53DBA3DC19D6 ] bdfwfpf         C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
    18:07:30.0046 0x15a8  bdfwfpf - ok
    18:07:30.0068 0x15a8  [ C0247341C1BCD7FF2742821D0AD7AFBC, EC2B246F3233302DB540394AC0F11F294CA16FB9E44110126CC9807BAC20EA35 ] bdfwfpf_pc      C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys
    18:07:30.0074 0x15a8  bdfwfpf_pc - ok
    18:07:30.0096 0x15a8  [ 5B9DECBB17E58AB7C3A41EEF6B216768, EBBEB7E48308F7C6D52DC232345C4C52DA079F0441B3F7139080BA28A7F5AE0D ] BDSandBox       C:\Windows\system32\drivers\bdsandbox.sys
    18:07:30.0100 0x15a8  BDSandBox - ok
    18:07:30.0138 0x15a8  [ 50F796CB1E8C80F3D19435CB50C3DAB5, 20CE5C1242F8D0DFEE13C8D07EF1A67F670A078BA44E810A3A042C6A060FACC9 ] BDVEDISK        C:\Windows\system32\DRIVERS\bdvedisk.sys
    18:07:30.0142 0x15a8  BDVEDISK - ok
    18:07:30.0173 0x15a8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
    18:07:30.0175 0x15a8  Beep - ok
    18:07:30.0244 0x15a8  [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE             C:\Windows\System32\bfe.dll
    18:07:30.0273 0x15a8  BFE - ok
    18:07:30.0340 0x15a8  [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS            C:\Windows\System32\qmgr.dll
    18:07:30.0355 0x15a8  BITS - ok
    18:07:30.0380 0x15a8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
    18:07:30.0383 0x15a8  blbdrive - ok
    18:07:30.0387 0x15a8  [ 91CE0D3DC57DD377E690A2D324022B08, 61874463956C0BCA5139522F34E974E5F638A092E0FD5C59DD30DE61D9AB8B0E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
    18:07:30.0390 0x15a8  bowser - ok
    18:07:30.0401 0x15a8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
    18:07:30.0403 0x15a8  BrFiltLo - ok
    18:07:30.0405 0x15a8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
    18:07:30.0406 0x15a8  BrFiltUp - ok
    18:07:30.0436 0x15a8  [ 94FBC06F294D58D02361918418F996E3, 62C7CC2AF8F5A0BB0C262DACDE3F72C6AC318C3840CE60E46EE2064B32BDA5EF ] Browser         C:\Windows\System32\browser.dll
    18:07:30.0440 0x15a8  Browser - ok
    18:07:30.0466 0x15a8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
    18:07:30.0473 0x15a8  Brserid - ok
    18:07:30.0477 0x15a8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
    18:07:30.0479 0x15a8  BrSerWdm - ok
    18:07:30.0483 0x15a8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
    18:07:30.0484 0x15a8  BrUsbMdm - ok
    18:07:30.0487 0x15a8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
    18:07:30.0488 0x15a8  BrUsbSer - ok
    18:07:30.0492 0x15a8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
    18:07:30.0494 0x15a8  BTHMODEM - ok
    18:07:30.0507 0x15a8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
    18:07:30.0510 0x15a8  bthserv - ok
    18:07:30.0529 0x15a8  [ 9E2AF97302B9F4BF97E952A865EB31AE, 2DE38CF8A24CC1E31604EF870704DE342D800762A2ECCF3E4AF0B183C1408456 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    18:07:30.0532 0x15a8  BTHSSecurityMgr - ok
    18:07:30.0555 0x15a8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
    18:07:30.0558 0x15a8  cdfs - ok
    18:07:30.0588 0x15a8  [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
    18:07:30.0598 0x15a8  cdrom - ok
    18:07:30.0629 0x15a8  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc     C:\Windows\System32\certprop.dll
    18:07:30.0635 0x15a8  CertPropSvc - ok
    18:07:30.0646 0x15a8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
    18:07:30.0650 0x15a8  circlass - ok
    18:07:30.0677 0x15a8  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
    18:07:30.0697 0x15a8  CLFS - ok
    18:07:30.0769 0x15a8  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:07:30.0775 0x15a8  clr_optimization_v2.0.50727_32 - ok
    18:07:30.0829 0x15a8  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    18:07:30.0836 0x15a8  clr_optimization_v2.0.50727_64 - ok
    18:07:30.0871 0x15a8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
    18:07:30.0873 0x15a8  CmBatt - ok
    18:07:30.0881 0x15a8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
    18:07:30.0885 0x15a8  cmdide - ok
    18:07:30.0917 0x15a8  [ F95FD4CB7DA00BA2A63CE9F6B5C053E1, D1FBCA0416D38B9CA510FB01CF251E60B244D38080E6668948ED927D2350ED49 ] CNG             C:\Windows\system32\Drivers\cng.sys
    18:07:30.0935 0x15a8  CNG - ok
    18:07:30.0944 0x15a8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
    18:07:30.0946 0x15a8  Compbatt - ok
    18:07:30.0954 0x15a8  [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
    18:07:30.0956 0x15a8  CompositeBus - ok
    18:07:30.0968 0x15a8  COMSysApp - ok
    18:07:30.0972 0x15a8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
    18:07:30.0974 0x15a8  crcdisk - ok
    18:07:31.0042 0x15a8  [ 8C57411B66282C01533CB776F98AD384, 65BCF1B0BA521CBE39E974C7ACAEA9C9E3F89D86754275C6B2616E7691876AEE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
    18:07:31.0055 0x15a8  CryptSvc - ok
    18:07:31.0128 0x15a8  [ 4A6173C2279B498CD8F57CAE504564CB, FF3CD404FD91EDE38C21780362CE892BFBBC2526B146BEBD139C7413EB29A216 ] CSC             C:\Windows\system32\drivers\csc.sys
    18:07:31.0153 0x15a8  CSC - ok
    18:07:31.0209 0x15a8  [ 873FBF927C06E5CEE04DEC617502F8FD, 8B452ED5D003337E66634EEC3D5C9FBA4D05FF5AE776239F3B769FAA505E729C ] CscService      C:\Windows\System32\cscsvc.dll
    18:07:31.0242 0x15a8  CscService - ok
    18:07:31.0300 0x15a8  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch      C:\Windows\system32\rpcss.dll
    18:07:31.0313 0x15a8  DcomLaunch - ok
    18:07:31.0352 0x15a8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
    18:07:31.0362 0x15a8  defragsvc - ok
    18:07:31.0397 0x15a8  [ 3F1DC527070ACB87E40AFE46EF6DA749, 5CB9CB94854AF06BEA02AF3E0562B8ECF72B2B23ED657A3F5E17CD3552F3EF84 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
    18:07:31.0401 0x15a8  DfsC - ok
    18:07:31.0428 0x15a8  [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
    18:07:31.0439 0x15a8  Dhcp - ok
    18:07:31.0443 0x15a8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
    18:07:31.0445 0x15a8  discache - ok
    18:07:31.0463 0x15a8  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
    18:07:31.0465 0x15a8  Disk - ok
    18:07:31.0493 0x15a8  [ 676108C4E3AA6F6B34633748BD0BEBD9, 953286126E482EF3A9A1833680EFF86D657BD6C5411B9AEC2D7828ADE63D25AD ] Dnscache        C:\Windows\System32\dnsrslvr.dll
    18:07:31.0498 0x15a8  Dnscache - ok
    18:07:31.0507 0x15a8  [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc         C:\Windows\System32\dot3svc.dll
    18:07:31.0514 0x15a8  dot3svc - ok
    18:07:31.0521 0x15a8  [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS             C:\Windows\system32\dps.dll
    18:07:31.0525 0x15a8  DPS - ok
    18:07:31.0554 0x15a8  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
    18:07:31.0555 0x15a8  drmkaud - ok
    18:07:31.0612 0x15a8  [ 7CB7D2B73813CE05C7BC0F5F95D27CEC, F80AD7E946B8C8C27A0EB8A99B3A61C3F09E5442372D64EB4886D86B8D0AFCFD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
    18:07:31.0649 0x15a8  DXGKrnl - ok
    18:07:31.0665 0x15a8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
    18:07:31.0668 0x15a8  EapHost - ok
    18:07:31.0785 0x15a8  [ D6B0013E03F3AEFBD272622FDECF01D1, 61765A5E8FFB4F0DA4CC33DD40C4D80C14748DE257D3B03C8AABF3065127140B ] EaseUS Agent    C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
    18:07:31.0786 0x15a8  EaseUS Agent - ok
    18:07:31.0927 0x15a8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
    18:07:31.0985 0x15a8  ebdrv - ok
    18:07:32.0125 0x15a8  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] EFS             C:\Windows\System32\lsass.exe
    18:07:32.0167 0x15a8  EFS - ok
    18:07:32.0262 0x15a8  [ B91D81B3B54A54CCAFC03733DBC2E29E, B08CFD3136F678CF902722B32CA55C4983EEE5AEBDCEE036BEB746914742141C ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
    18:07:32.0295 0x15a8  ehRecvr - ok
    18:07:32.0307 0x15a8  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
    18:07:32.0312 0x15a8  ehSched - ok
    18:07:32.0348 0x15a8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
    18:07:32.0369 0x15a8  elxstor - ok
    18:07:32.0409 0x15a8  [ 6106653B08F4F72EEAA7F099E7C408A4, 96B77284744F8761C4F2558388E0AEE2140618B484FF53FA8B222B340D2A9C84 ] epmntdrv        C:\Windows\system32\epmntdrv.sys
    18:07:32.0412 0x15a8  epmntdrv - ok
    18:07:32.0419 0x15a8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
    18:07:32.0421 0x15a8  ErrDev - ok
    18:07:32.0488 0x15a8  [ 719A58254E395D36D2FF1FCE0A1405F7, 994BB844CDFBE7832B64B3D65D9F43029DD27020106411E5F6350E4B31A2B035 ] EUBAKUP         C:\Windows\system32\drivers\eubakup.sys
    18:07:32.0492 0x15a8  EUBAKUP - ok
    18:07:32.0510 0x15a8  [ E8E8AEF41F72C5D97E44FF3BAF59A521, 6A0B93E91C0E886BB33C67764618B011AA4CF7B63D098B7A00A2A91BF8C89155 ] EUBKMON         C:\Windows\system32\drivers\EUBKMON.sys
    18:07:32.0514 0x15a8  EUBKMON - ok
    18:07:32.0541 0x15a8  [ 2CB95E7500E5DA37CA51A86D9CCDBF1C, D2D74EA2E894E84594CED36870D5BC96D0B1A1B661F31692A68801F1CF64AD36 ] EUDSKACS        C:\Windows\system32\drivers\eudskacs.sys
    18:07:32.0543 0x15a8  EUDSKACS - ok
    18:07:32.0568 0x15a8  [ FB1C5B5C0B0AB7FB04A457AAE7496771, A99DDD00F06641C98ABF0A723E6A7F26371CBA4E8C5AB442DD3A2F820768014A ] EUFDDISK        C:\Windows\system32\drivers\EuFdDisk.sys
    18:07:32.0576 0x15a8  EUFDDISK - ok
    18:07:32.0619 0x15a8  [ 991C04A31777ED77CB92A4F96F14C2E2, 6CC2A311D8E67032D0847D70B20DCA87B52B2B7FB3C380B3A5AB6C233E955DD2 ] EuGdiDrv        C:\Windows\system32\EuGdiDrv.sys
    18:07:32.0622 0x15a8  EuGdiDrv - ok
    18:07:32.0706 0x15a8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
    18:07:32.0731 0x15a8  EventSystem - ok
    18:07:32.0758 0x15a8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
    18:07:32.0765 0x15a8  exfat - ok
    18:07:32.0777 0x15a8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
    18:07:32.0786 0x15a8  fastfat - ok
    18:07:32.0821 0x15a8  [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax             C:\Windows\system32\fxssvc.exe
    18:07:32.0854 0x15a8  Fax - ok
    18:07:32.0870 0x15a8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
    18:07:32.0871 0x15a8  fdc - ok
    18:07:32.0887 0x15a8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
    18:07:32.0889 0x15a8  fdPHost - ok
    18:07:32.0892 0x15a8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
    18:07:32.0894 0x15a8  FDResPub - ok
    18:07:32.0898 0x15a8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
    18:07:32.0901 0x15a8  FileInfo - ok
    18:07:32.0904 0x15a8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
    18:07:32.0906 0x15a8  Filetrace - ok
    18:07:32.0909 0x15a8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
    18:07:32.0911 0x15a8  flpydisk - ok
    18:07:32.0920 0x15a8  [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
    18:07:32.0927 0x15a8  FltMgr - ok
    18:07:32.0965 0x15a8  [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A, 6587B22ED91F98D3E3614967F62D7A58F42C12F45F8E1D47835D195CD350BC54 ] FontCache       C:\Windows\system32\FntCache.dll
    18:07:33.0010 0x15a8  FontCache - ok
    18:07:33.0114 0x15a8  [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    18:07:33.0118 0x15a8  FontCache3.0.0.0 - ok
    18:07:33.0127 0x15a8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
    18:07:33.0131 0x15a8  FsDepends - ok
    18:07:33.0144 0x15a8  [ E95EF8547DE20CF0603557C0CF7A9462, 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
    18:07:33.0147 0x15a8  Fs_Rec - ok
    18:07:33.0176 0x15a8  [ B8B2A6E1558F8F5DE5CE431C5B2C7B09, 24A9F04A0622681A4E4B6BCC47C45016787C6036EAD828920812D9FAD49A71E3 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
    18:07:33.0187 0x15a8  fvevol - ok
    18:07:33.0195 0x15a8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
    18:07:33.0200 0x15a8  gagp30kx - ok
    18:07:33.0266 0x15a8  [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc           C:\Windows\System32\gpsvc.dll
    18:07:33.0296 0x15a8  gpsvc - ok
    18:07:33.0317 0x15a8  [ 694D18AD32B4EEE53D2BCA1D1EE7DFBC, 4D348BA19CE12B928D7D49C562AED0A45905EA31A70D4FF55E634334DDED20C3 ] Guard Agent     C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
    18:07:33.0318 0x15a8  Guard Agent - ok
    18:07:33.0375 0x15a8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    18:07:33.0383 0x15a8  gupdate - ok
    18:07:33.0395 0x15a8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    18:07:33.0400 0x15a8  gupdatem - ok
    18:07:33.0444 0x15a8  [ 0A9D58AABD01DA97B1D101473EFA7659, C18EA4F5BF569C230AD682A418F69B6E4209AD467BCCBDABD0515DBB582BF04B ] gzflt           C:\Windows\system32\DRIVERS\gzflt.sys
    18:07:33.0450 0x15a8  gzflt - ok
    18:07:33.0466 0x15a8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
    18:07:33.0468 0x15a8  hcw85cir - ok
    18:07:33.0537 0x15a8  [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    18:07:33.0572 0x15a8  HdAudAddService - ok
    18:07:33.0621 0x15a8  [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
    18:07:33.0630 0x15a8  HDAudBus - ok
    18:07:33.0638 0x15a8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
    18:07:33.0640 0x15a8  HidBatt - ok
    18:07:33.0652 0x15a8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
    18:07:33.0660 0x15a8  HidBth - ok
    18:07:33.0674 0x15a8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
    18:07:33.0677 0x15a8  HidIr - ok
    18:07:33.0697 0x15a8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
    18:07:33.0700 0x15a8  hidserv - ok
    18:07:33.0732 0x15a8  [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
    18:07:33.0736 0x15a8  HidUsb - ok
    18:07:33.0768 0x15a8  [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc          C:\Windows\system32\kmsvc.dll
    18:07:33.0774 0x15a8  hkmsvc - ok
    18:07:33.0817 0x15a8  [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    18:07:33.0830 0x15a8  HomeGroupListener - ok
    18:07:33.0866 0x15a8  [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    18:07:33.0877 0x15a8  HomeGroupProvider - ok
    18:07:33.0896 0x15a8  [ 4E0BEC0F78096FFD6D3314B497FC49D3, 15B545815D0C80102963FFF13B6643CC9A74717137C1CBA45345B18912E72DB6 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
    18:07:33.0899 0x15a8  hpdskflt - ok
    18:07:33.0907 0x15a8  [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
    18:07:33.0912 0x15a8  HpSAMD - ok
    18:07:33.0928 0x15a8  [ FC7C13B5A9E9BE23B7AE72BBC7FDB278, E85A7BF1CFE52BA7D663A1ED48A4F8874EFBDDF48979138F7E3E24817705B6A1 ] hpsrv           C:\Windows\system32\Hpservice.exe
    18:07:33.0931 0x15a8  hpsrv - ok
    18:07:33.0992 0x15a8  [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
    18:07:34.0010 0x15a8  HTTP - ok
    18:07:34.0020 0x15a8  [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
    18:07:34.0021 0x15a8  hwpolicy - ok
    18:07:34.0038 0x15a8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
    18:07:34.0040 0x15a8  i8042prt - ok
    18:07:34.0067 0x15a8  [ D83EFB6FD45DF9D55E9A1AFC63640D50, 0494F8F7CB3ED11FD8D0B838CB71271AF7A3CBFCB7F2CB043A9392B5106A3C7B ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
    18:07:34.0077 0x15a8  iaStorV - ok
    18:07:34.0176 0x15a8  [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    18:07:34.0207 0x15a8  idsvc - ok
    18:07:34.0212 0x15a8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
    18:07:34.0214 0x15a8  iirsp - ok
    18:07:34.0255 0x15a8  [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT          C:\Windows\System32\ikeext.dll
    18:07:34.0288 0x15a8  IKEEXT - ok
    18:07:34.0346 0x15a8  [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
    18:07:34.0384 0x15a8  IntcDAud - ok
    18:07:34.0390 0x15a8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
    18:07:34.0392 0x15a8  intelide - ok
    18:07:34.0781 0x15a8  [ 33FAA40B288002C89529DBD14F3AB72C, 670BA536796322122EBD93F256331899DD2E1834471B017A58F74132EE8DFDB7 ] intelkmd        C:\Windows\system32\DRIVERS\igdpmd64.sys
    18:07:35.0160 0x15a8  intelkmd - ok
    18:07:35.0204 0x15a8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
    18:07:35.0205 0x15a8  intelppm - ok
    18:07:35.0241 0x15a8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
    18:07:35.0251 0x15a8  IPBusEnum - ok
    18:07:35.0259 0x15a8  [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
    18:07:35.0263 0x15a8  IpFilterDriver - ok
    18:07:35.0310 0x15a8  [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
    18:07:35.0344 0x15a8  iphlpsvc - ok
    18:07:35.0350 0x15a8  [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
    18:07:35.0353 0x15a8  IPMIDRV - ok
    18:07:35.0360 0x15a8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
    18:07:35.0365 0x15a8  IPNAT - ok
    18:07:35.0383 0x15a8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
    18:07:35.0385 0x15a8  IRENUM - ok
    18:07:35.0414 0x15a8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
    18:07:35.0415 0x15a8  isapnp - ok
    18:07:35.0431 0x15a8  [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
    18:07:35.0440 0x15a8  iScsiPrt - ok
    18:07:35.0453 0x15a8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
    18:07:35.0456 0x15a8  kbdclass - ok
    18:07:35.0469 0x15a8  [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
    18:07:35.0472 0x15a8  kbdhid - ok
    18:07:35.0491 0x15a8  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] KeyIso          C:\Windows\system32\lsass.exe
    18:07:35.0493 0x15a8  KeyIso - ok
    18:07:35.0512 0x15a8  [ E8B6FCC9C83535C67F835D407620BD27, 74B63F3BFB756FF0B0AD6A6C1535C0A1A0630295ECCBC078B00F2449718B0870 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
    18:07:35.0517 0x15a8  KSecDD - ok
    18:07:35.0525 0x15a8  [ BBE1BF6D9B661C354D4857D5FADB943B, D2F6E52CCD0DF07B3D92669B941CEB9A59E16D3518226F11028A70DBDEFABBCF ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
    18:07:35.0532 0x15a8  KSecPkg - ok
    18:07:35.0537 0x15a8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
    18:07:35.0539 0x15a8  ksthunk - ok
    18:07:35.0582 0x15a8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
    18:07:35.0601 0x15a8  KtmRm - ok
    18:07:35.0632 0x15a8  [ C926920B8978DE6ACFE9E15C709E9B57, 33B8002ABC30372B1CA8B6EC046757794CD7C9DA3CA4715B515B6894DC7E45CA ] LanmanServer    C:\Windows\system32\srvsvc.dll
    18:07:35.0642 0x15a8  LanmanServer - ok
    18:07:35.0674 0x15a8  [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    18:07:35.0687 0x15a8  LanmanWorkstation - ok
    18:07:35.0717 0x15a8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
    18:07:35.0722 0x15a8  lltdio - ok
    18:07:35.0757 0x15a8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
    18:07:35.0791 0x15a8  lltdsvc - ok
    18:07:35.0807 0x15a8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
    18:07:35.0811 0x15a8  lmhosts - ok
    18:07:35.0824 0x15a8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
    18:07:35.0831 0x15a8  LSI_FC - ok
    18:07:35.0852 0x15a8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
    18:07:35.0859 0x15a8  LSI_SAS - ok
    18:07:35.0867 0x15a8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
    18:07:35.0872 0x15a8  LSI_SAS2 - ok
    18:07:35.0883 0x15a8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
    18:07:35.0887 0x15a8  LSI_SCSI - ok
    18:07:35.0897 0x15a8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
    18:07:35.0900 0x15a8  luafv - ok
    18:07:35.0909 0x15a8  [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
    18:07:35.0913 0x15a8  Mcx2Svc - ok
    18:07:35.0916 0x15a8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
    18:07:35.0918 0x15a8  megasas - ok
    18:07:35.0936 0x15a8  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
    18:07:35.0944 0x15a8  MegaSR - ok
    18:07:35.0971 0x15a8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
    18:07:35.0974 0x15a8  MMCSS - ok
    18:07:35.0978 0x15a8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
    18:07:35.0980 0x15a8  Modem - ok
    18:07:35.0991 0x15a8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
    18:07:35.0992 0x15a8  monitor - ok
    18:07:36.0009 0x15a8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
    18:07:36.0011 0x15a8  mouclass - ok
    18:07:36.0014 0x15a8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
    18:07:36.0017 0x15a8  mouhid - ok
    18:07:36.0039 0x15a8  [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
    18:07:36.0042 0x15a8  mountmgr - ok
    18:07:36.0054 0x15a8  [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
    18:07:36.0057 0x15a8  mpio - ok
    18:07:36.0067 0x15a8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
    18:07:36.0070 0x15a8  mpsdrv - ok
    18:07:36.0110 0x15a8  [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc          C:\Windows\system32\mpssvc.dll
    18:07:36.0144 0x15a8  MpsSvc - ok
    18:07:36.0150 0x15a8  [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
    18:07:36.0154 0x15a8  MRxDAV - ok
    18:07:36.0161 0x15a8  [ CFDCD8CA87C2A657DEBC150AC35B5E08, 8870DCC8CF4E452E25BFE38113ADBDBC4014036B25E567FC262178DAA808049A ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
    18:07:36.0165 0x15a8  mrxsmb - ok
    18:07:36.0188 0x15a8  [ 1BEE517B220B7F024F411AEC1571DD5A, 6DC7638D056DFDE36803BCD691BF73A4AAFD59DE63C0ACD7EA860997FFA3C6E7 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
    18:07:36.0195 0x15a8  mrxsmb10 - ok
    18:07:36.0200 0x15a8  [ 6B2D5FEF385828B6E485C1C90AFB8195, A960CC0351F200FA56FAC0534C0F9D7F79AAC9CF18A4390CDCA7EA4EE22ED6B6 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
    18:07:36.0204 0x15a8  mrxsmb20 - ok
    18:07:36.0207 0x15a8  [ 5C37497276E3B3A5488B23A326A754B7, 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
    18:07:36.0208 0x15a8  msahci - ok
    18:07:36.0214 0x15a8  [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
    18:07:36.0218 0x15a8  msdsm - ok
    18:07:36.0237 0x15a8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
    18:07:36.0242 0x15a8  MSDTC - ok
    18:07:36.0246 0x15a8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
    18:07:36.0247 0x15a8  Msfs - ok
    18:07:36.0250 0x15a8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
    18:07:36.0251 0x15a8  mshidkmdf - ok
    18:07:36.0254 0x15a8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
    18:07:36.0255 0x15a8  msisadrv - ok
    18:07:36.0285 0x15a8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
    18:07:36.0290 0x15a8  MSiSCSI - ok
    18:07:36.0292 0x15a8  msiserver - ok
    18:07:36.0315 0x15a8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
    18:07:36.0316 0x15a8  MSKSSRV - ok
    18:07:36.0319 0x15a8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
    18:07:36.0320 0x15a8  MSPCLOCK - ok
    18:07:36.0323 0x15a8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
    18:07:36.0324 0x15a8  MSPQM - ok
    18:07:36.0335 0x15a8  [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
    18:07:36.0343 0x15a8  MsRPC - ok
    18:07:36.0348 0x15a8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
    18:07:36.0349 0x15a8  mssmbios - ok
    18:07:36.0353 0x15a8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
    18:07:36.0353 0x15a8  MSTEE - ok
    18:07:36.0356 0x15a8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
    18:07:36.0358 0x15a8  MTConfig - ok
    18:07:36.0361 0x15a8  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
    18:07:36.0363 0x15a8  Mup - ok
    18:07:36.0398 0x15a8  [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent        C:\Windows\system32\qagentRT.dll
    18:07:36.0409 0x15a8  napagent - ok
    18:07:36.0474 0x15a8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
    18:07:36.0511 0x15a8  NativeWifiP - ok
    18:07:36.0564 0x15a8  [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS            C:\Windows\system32\drivers\ndis.sys
    18:07:36.0595 0x15a8  NDIS - ok
    18:07:36.0604 0x15a8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
    18:07:36.0605 0x15a8  NdisCap - ok
    18:07:36.0619 0x15a8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
    18:07:36.0621 0x15a8  NdisTapi - ok
    18:07:36.0630 0x15a8  [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
    18:07:36.0632 0x15a8  Ndisuio - ok
    18:07:36.0638 0x15a8  [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
    18:07:36.0643 0x15a8  NdisWan - ok
    18:07:36.0647 0x15a8  [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
    18:07:36.0650 0x15a8  NDProxy - ok
    18:07:36.0653 0x15a8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
    18:07:36.0655 0x15a8  NetBIOS - ok
    18:07:36.0664 0x15a8  [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
    18:07:36.0670 0x15a8  NetBT - ok
    18:07:36.0691 0x15a8  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] Netlogon        C:\Windows\system32\lsass.exe
    18:07:36.0692 0x15a8  Netlogon - ok
    18:07:36.0749 0x15a8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
    18:07:36.0769 0x15a8  Netman - ok
    18:07:36.0782 0x15a8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
    18:07:36.0794 0x15a8  netprofm - ok
    18:07:36.0827 0x15a8  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    18:07:36.0831 0x15a8  NetTcpPortSharing - ok
    18:07:37.0320 0x15a8  [ 50AD7F7040C22BB7CAA59A0880875A21, 34A3BE5C708F3498F6350EF041CE33847C1D041D610DFDA41AA877F87DD26050 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
    18:07:37.0589 0x15a8  NETwNs64 - ok
    18:07:37.0633 0x15a8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
    18:07:37.0638 0x15a8  nfrd960 - ok
    18:07:37.0691 0x15a8  [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc          C:\Windows\System32\nlasvc.dll
    18:07:37.0736 0x15a8  NlaSvc - ok
    18:07:37.0746 0x15a8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
    18:07:37.0749 0x15a8  Npfs - ok
    18:07:37.0758 0x15a8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
    18:07:37.0761 0x15a8  nsi - ok
    18:07:37.0767 0x15a8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
    18:07:37.0769 0x15a8  nsiproxy - ok
    18:07:37.0827 0x15a8  [ 356698A13C4630D5B31C37378D469196, BF5704AADE5C3DA370501747F12ED6E9C3349E342CCF89005AAE132B570BB42B ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
    18:07:37.0884 0x15a8  Ntfs - ok
    18:07:37.0888 0x15a8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
    18:07:37.0889 0x15a8  Null - ok
    18:07:37.0918 0x15a8  [ 158AD24745BD85BA9BE3C51C38F48C32, B053A3B5A5CAE2CBC47E2C19E636AD70F376334EFFBB391A76562E67CBF3AC86 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
    18:07:37.0921 0x15a8  nusb3hub - ok
    18:07:37.0937 0x15a8  [ D40A13B2C0891E218F9523B376955DB6, 9A2AAAF960868B860A65579EAD507B35C64CFD6C3581F8D731ADF975F778D10E ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
    18:07:37.0942 0x15a8  nusb3xhc - ok
    18:07:37.0965 0x15a8  [ 3E38712941E9BB4DDBEE00AFFE3FED3D, 03F27CC0EF0A86D0B2DAAB6F72838CB2AB57FE5D40074828D5B7F118CD5CBEE7 ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
    18:07:37.0970 0x15a8  nvraid - ok
    18:07:37.0987 0x15a8  [ 477DC4D6DEB99BE37084C9AC6D013DA1, E58C4D621CAAB1C68FB4A056576F48BC87913A5EBF0B511EFFB8F38C7D3E516E ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
    18:07:37.0992 0x15a8  nvstor - ok
    18:07:38.0005 0x15a8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
    18:07:38.0009 0x15a8  nv_agp - ok
    18:07:38.0013 0x15a8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
    18:07:38.0016 0x15a8  ohci1394 - ok
    18:07:38.0066 0x15a8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
    18:07:38.0091 0x15a8  p2pimsvc - ok
    18:07:38.0139 0x15a8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
    18:07:38.0163 0x15a8  p2psvc - ok
    18:07:38.0174 0x15a8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
    18:07:38.0177 0x15a8  Parport - ok
    18:07:38.0181 0x15a8  [ 7DAA117143316C4A1537E074A5A9EAF0, D4F31F67BE09B6904C1B9702DC042BC0DAB628055B956C79FF760A9027679E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
    18:07:38.0184 0x15a8  partmgr - ok
    18:07:38.0191 0x15a8  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
    18:07:38.0196 0x15a8  PcaSvc - ok
    18:07:38.0203 0x15a8  [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci             C:\Windows\system32\DRIVERS\pci.sys
    18:07:38.0208 0x15a8  pci - ok
    18:07:38.0211 0x15a8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
    18:07:38.0211 0x15a8  pciide - ok
    18:07:38.0219 0x15a8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
    18:07:38.0223 0x15a8  pcmcia - ok
    18:07:38.0227 0x15a8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
    18:07:38.0229 0x15a8  pcw - ok
    18:07:38.0246 0x15a8  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
    18:07:38.0260 0x15a8  PEAUTH - ok
    18:07:38.0306 0x15a8  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
    18:07:38.0350 0x15a8  PeerDistSvc - ok
    18:07:38.0454 0x15a8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
    18:07:38.0458 0x15a8  PerfHost - ok
    18:07:38.0520 0x15a8  [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla             C:\Windows\system32\pla.dll
    18:07:38.0565 0x15a8  pla - ok
    18:07:38.0604 0x15a8  [ 23157D583244400E1D7FBAEE2E4B31B7, 4E8D93F746C727CE1A89B53FEFFCFB080AC3CC8F3CF2F8613E692E989794C52F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
    18:07:38.0615 0x15a8  PlugPlay - ok
    18:07:38.0632 0x15a8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
    18:07:38.0634 0x15a8  PNRPAutoReg - ok
    18:07:38.0644 0x15a8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
    18:07:38.0651 0x15a8  PNRPsvc - ok
    18:07:38.0698 0x15a8  [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
    18:07:38.0717 0x15a8  PolicyAgent - ok
    18:07:38.0725 0x15a8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
    18:07:38.0730 0x15a8  Power - ok
    18:07:38.0757 0x15a8  [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
    18:07:38.0760 0x15a8  PptpMiniport - ok
    18:07:38.0782 0x15a8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
    18:07:38.0784 0x15a8  Processor - ok
    18:07:38.0816 0x15a8  [ F381975E1F4346DE875CB07339CE8D3A, 867BFC2E9A08E026289794019B8DE651A8604D06DD6A9BF166C29AFC24B6D26E ] ProfSvc         C:\Windows\system32\profsvc.dll
    18:07:38.0830 0x15a8  ProfSvc - ok
    18:07:38.0847 0x15a8  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] ProtectedStorage C:\Windows\system32\lsass.exe
    18:07:38.0850 0x15a8  ProtectedStorage - ok
    18:07:38.0875 0x15a8  [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
    18:07:38.0882 0x15a8  Psched - ok
    18:07:38.0960 0x15a8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
    18:07:39.0012 0x15a8  ql2300 - ok
    18:07:39.0019 0x15a8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
    18:07:39.0023 0x15a8  ql40xx - ok
    18:07:39.0075 0x15a8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
    18:07:39.0111 0x15a8  QWAVE - ok
    18:07:39.0121 0x15a8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
    18:07:39.0125 0x15a8  QWAVEdrv - ok
    18:07:39.0129 0x15a8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
    18:07:39.0131 0x15a8  RasAcd - ok
    18:07:39.0169 0x15a8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
    18:07:39.0172 0x15a8  RasAgileVpn - ok
    18:07:39.0194 0x15a8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
    18:07:39.0205 0x15a8  RasAuto - ok
    18:07:39.0218 0x15a8  [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
    18:07:39.0224 0x15a8  Rasl2tp - ok
    18:07:39.0263 0x15a8  [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan          C:\Windows\System32\rasmans.dll
    18:07:39.0286 0x15a8  RasMan - ok
    18:07:39.0294 0x15a8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
    18:07:39.0299 0x15a8  RasPppoe - ok
    18:07:39.0313 0x15a8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
    18:07:39.0315 0x15a8  RasSstp - ok
    18:07:39.0333 0x15a8  [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
    18:07:39.0341 0x15a8  rdbss - ok
    18:07:39.0344 0x15a8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
    18:07:39.0346 0x15a8  rdpbus - ok
    18:07:39.0349 0x15a8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
    18:07:39.0350 0x15a8  RDPCDD - ok
    18:07:39.0357 0x15a8  [ 9706B84DBABFC4B4CA46C5A82B14DFA3, AFDC07C257BCB768861483A1842FFB647523946B16DA2812EFAE4FD3252BA303 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
    18:07:39.0362 0x15a8  RDPDR - ok
    18:07:39.0374 0x15a8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
    18:07:39.0375 0x15a8  RDPENCDD - ok
    18:07:39.0379 0x15a8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
    18:07:39.0380 0x15a8  RDPREFMP - ok
    18:07:39.0392 0x15a8  [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7, 02179089E0816AD544F370A8A3557498D09981F60CC94E497DC4A5A2BBBE1E48 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
    18:07:39.0398 0x15a8  RDPWD - ok
    18:07:39.0406 0x15a8  [ 634B9A2181D98F15941236886164EC8B, 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
    18:07:39.0412 0x15a8  rdyboost - ok
    18:07:39.0433 0x15a8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
    18:07:39.0437 0x15a8  RemoteAccess - ok
    18:07:39.0476 0x15a8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
    18:07:39.0488 0x15a8  RemoteRegistry - ok
    18:07:39.0507 0x15a8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
    18:07:39.0515 0x15a8  RpcEptMapper - ok
    18:07:39.0545 0x15a8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
    18:07:39.0549 0x15a8  RpcLocator - ok
    18:07:39.0589 0x15a8  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] RpcSs           C:\Windows\system32\rpcss.dll
    18:07:39.0608 0x15a8  RpcSs - ok
    18:07:39.0660 0x15a8  [ D5C3E1629A3F7F0857D27949252B94CE, E6DC44D9A1325D61CEE9E76AE442988ED6EB29DE322844CF8689A1F5184C1E05 ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
    18:07:39.0668 0x15a8  RSPCIESTOR - ok
    18:07:39.0708 0x15a8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
    18:07:39.0711 0x15a8  rspndr - ok
    18:07:39.0719 0x15a8  [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6, C890DCCC875F957CAAD4655EBFF384E3C5998040CA2BA360E92C96A647D1C399 ] s3cap           C:\Windows\system32\DRIVERS\vms3cap.sys
    18:07:39.0720 0x15a8  s3cap - ok
    18:07:39.0816 0x15a8  [ E228C336F195FA629D00B02F9FFC5667, 114F562882EF2A439EC4783029A977A53588F3870AED158B46F8DA51B4CB2715 ] SafeBox         C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
    18:07:39.0823 0x15a8  SafeBox - ok
    18:07:39.0847 0x15a8  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] SamSs           C:\Windows\system32\lsass.exe
    18:07:39.0852 0x15a8  SamSs - ok
    18:07:39.0865 0x15a8  [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
    18:07:39.0874 0x15a8  sbp2port - ok
    18:07:39.0927 0x15a8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
    18:07:39.0961 0x15a8  SCardSvr - ok
    18:07:39.0969 0x15a8  [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
    18:07:39.0973 0x15a8  scfilter - ok
    18:07:40.0026 0x15a8  [ EC56B171F85C7E855E7B0588AC503EEA, EDBC0E52DF00D73356F4B886D6CA2397B571A9D2245FEDC347A6D52A5467EA5D ] Schedule        C:\Windows\system32\schedsvc.dll
    18:07:40.0069 0x15a8  Schedule - ok
    18:07:40.0092 0x15a8  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc     C:\Windows\System32\certprop.dll
    18:07:40.0094 0x15a8  SCPolicySvc - ok
    18:07:40.0133 0x15a8  [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
    18:07:40.0147 0x15a8  SDRSVC - ok
    18:07:40.0180 0x15a8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
    18:07:40.0183 0x15a8  secdrv - ok
    18:07:40.0203 0x15a8  [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon        C:\Windows\system32\seclogon.dll
    18:07:40.0207 0x15a8  seclogon - ok
    18:07:40.0233 0x15a8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
    18:07:40.0238 0x15a8  SENS - ok
    18:07:40.0258 0x15a8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
    18:07:40.0262 0x15a8  SensrSvc - ok
    18:07:40.0268 0x15a8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
    18:07:40.0270 0x15a8  Serenum - ok
    18:07:40.0288 0x15a8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
    18:07:40.0293 0x15a8  Serial - ok
    18:07:40.0308 0x15a8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
    18:07:40.0310 0x15a8  sermouse - ok
    18:07:40.0324 0x15a8  [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE0 ] SessionEnv      C:\Windows\system32\sessenv.dll
    18:07:40.0331 0x15a8  SessionEnv - ok
    18:07:40.0336 0x15a8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
    18:07:40.0338 0x15a8  sffdisk - ok
    18:07:40.0344 0x15a8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
    18:07:40.0346 0x15a8  sffp_mmc - ok
    18:07:40.0350 0x15a8  [ 5588B8C6193EB1522490C122EB94DFFA, 53AE3597D3305F2839130A2F3567F1690564B922035503EB418B9DE1586AEA43 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
    18:07:40.0352 0x15a8  sffp_sd - ok
    18:07:40.0356 0x15a8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
    18:07:40.0357 0x15a8  sfloppy - ok
    18:07:40.0383 0x15a8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
    18:07:40.0392 0x15a8  SharedAccess - ok
    18:07:40.0414 0x15a8  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    18:07:40.0424 0x15a8  ShellHWDetection - ok
    18:07:40.0427 0x15a8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
    18:07:40.0429 0x15a8  SiSRaid2 - ok
    18:07:40.0433 0x15a8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
    18:07:40.0436 0x15a8  SiSRaid4 - ok
    18:07:40.0440 0x15a8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
    18:07:40.0443 0x15a8  Smb - ok
    18:07:40.0465 0x15a8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
    18:07:40.0467 0x15a8  SNMPTRAP - ok
    18:07:40.0470 0x15a8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
    18:07:40.0472 0x15a8  spldr - ok
    18:07:40.0498 0x15a8  [ 89E8550C5862999FCF482EA562B0E98E, 11BC94FD879DCD22E80DB8FA73CEBD0F072917C546AD9C8B92CCFBF4E0B83056 ] Spooler         C:\Windows\System32\spoolsv.exe
    18:07:40.0510 0x15a8  Spooler - ok
    18:07:40.0614 0x15a8  [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc          C:\Windows\system32\sppsvc.exe
    18:07:40.0743 0x15a8  sppsvc - ok
    18:07:40.0751 0x15a8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
    18:07:40.0754 0x15a8  sppuinotify - ok
    18:07:40.0776 0x15a8  [ EC8F67289105BF270498095F14963464, 454031C8AE06511DD13DBAA613B983516AF937590FB2B8C6ADC273D018D30858 ] srv             C:\Windows\system32\DRIVERS\srv.sys
    18:07:40.0787 0x15a8  srv - ok
    18:07:40.0799 0x15a8  [ F773D2ED090B7BAA1C1A034F3CA476C8, C8DD8BE37CFEA0DB1B7FC94946381B60553848002E6170E0BEC3FEE40295DF1F ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
    18:07:40.0809 0x15a8  srv2 - ok
    18:07:40.0815 0x15a8  [ 26E84D3649019C3244622E654DFCD75B, 49BD7345AF744298698629E0D7C0C373AB2F75F542281268BCF91A6D2B278AA8 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
    18:07:40.0820 0x15a8  srvnet - ok
    18:07:40.0844 0x15a8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
    18:07:40.0850 0x15a8  SSDPSRV - ok
    18:07:40.0869 0x15a8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
    18:07:40.0872 0x15a8  SstpSvc - ok
    18:07:40.0957 0x15a8  [ 20E27AA5BCC01C2149830C05FE22F675, F4A8154229B5EB07B379064047EEDDA54A9396421E1FEEFA2FF3077091D3870F ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
    18:07:40.0968 0x15a8  STacSV - ok
    18:07:40.0974 0x15a8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
    18:07:40.0976 0x15a8  stexstor - ok
    18:07:41.0065 0x15a8  [ BEB37CE4E7456F5EFA52D783D1E06D8C, A6E202412FB904CCA86A1D9EDD600EC247460B1A31243325FC8747D39A456B79 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
    18:07:41.0080 0x15a8  STHDA - ok
    18:07:41.0123 0x15a8  [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc          C:\Windows\System32\wiaservc.dll
    18:07:41.0145 0x15a8  stisvc - ok
    18:07:41.0167 0x15a8  [ FFD7A6F15B14234B5B0E5D49E7961895, 9553BDB65D021DA621BDFF1C180B9F4C6355FC748BAE854CE114D4B3EFF307B7 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
    18:07:41.0169 0x15a8  storflt - ok
    18:07:41.0179 0x15a8  [ 8FCCBEFC5C440B3C23454656E551B09A, 392A38D0B18B7FD08ACBE3E56ADCB235FA49BDB99F81E0820434D57332FA8FF7 ] storvsc         C:\Windows\system32\DRIVERS\storvsc.sys
    18:07:41.0181 0x15a8  storvsc - ok
    18:07:41.0184 0x15a8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
    18:07:41.0185 0x15a8  swenum - ok
    18:07:41.0215 0x15a8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
    18:07:41.0234 0x15a8  swprv - ok
    18:07:41.0345 0x15a8  [ C447977ED2A4AE9346FE3A0579A34D7C, 35A8F13AAB57549BBC1457AD86F44FEF2394E55841A1D6D6C5E029310E02F377 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
    18:07:41.0394 0x15a8  SynTP - ok
    18:07:41.0456 0x15a8  [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain         C:\Windows\system32\sysmain.dll
    18:07:41.0513 0x15a8  SysMain - ok
    18:07:41.0529 0x15a8  [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\Windows\System32\TabSvc.dll
    18:07:41.0533 0x15a8  TabletInputService - ok
    18:07:41.0550 0x15a8  [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv         C:\Windows\System32\tapisrv.dll
    18:07:41.0559 0x15a8  TapiSrv - ok
    18:07:41.0567 0x15a8  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
    18:07:41.0570 0x15a8  TBS - ok
    18:07:41.0678 0x15a8  [ 912107716BAB424C7870E8E6AF5E07E1, BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
    18:07:41.0758 0x15a8  Tcpip - ok
    18:07:41.0814 0x15a8  [ 912107716BAB424C7870E8E6AF5E07E1, BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
    18:07:41.0848 0x15a8  TCPIP6 - ok
    18:07:41.0854 0x15a8  [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
    18:07:41.0856 0x15a8  tcpipreg - ok
    18:07:41.0860 0x15a8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
    18:07:41.0862 0x15a8  TDPIPE - ok
    18:07:41.0865 0x15a8  [ E4245BDA3190A582D55ED09E137401A9, F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
    18:07:41.0866 0x15a8  TDTCP - ok
    18:07:41.0884 0x15a8  [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
    18:07:41.0887 0x15a8  tdx - ok
    18:07:41.0892 0x15a8  [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
    18:07:41.0894 0x15a8  TermDD - ok
    18:07:41.0930 0x15a8  [ 0F05EC2887BFE197AD82A13287D2F404, 78C8A8FE9B1101430CA79875DA34413C35B6D7A5EE1932E454C50731335437A6 ] TermService     C:\Windows\System32\termsrv.dll
    18:07:41.0964 0x15a8  TermService - ok
    18:07:42.0023 0x15a8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
    18:07:42.0067 0x15a8  Themes - ok
    18:07:42.0118 0x15a8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
    18:07:42.0125 0x15a8  THREADORDER - ok
    18:07:42.0186 0x15a8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
    18:07:42.0198 0x15a8  TrkWks - ok
    18:07:42.0270 0x15a8  [ 325A512F98BEB97B1FFBE88927B8090D, 2A0C10516E3506D63290345DFAC98D5A623584767E034EBF652B9DBE6CF70547 ] trufos          C:\Windows\system32\DRIVERS\trufos.sys
    18:07:42.0283 0x15a8  trufos - ok
    18:07:42.0331 0x15a8  [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    18:07:42.0337 0x15a8  TrustedInstaller - ok
    18:07:42.0356 0x15a8  [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
    18:07:42.0359 0x15a8  tssecsrv - ok
    18:07:42.0382 0x15a8  [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
    18:07:42.0386 0x15a8  tunnel - ok
    18:07:42.0406 0x15a8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
    18:07:42.0409 0x15a8  uagp35 - ok
    18:07:42.0430 0x15a8  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB, DBAEA010F11A5EFD961B1841308EA3F220A9FFB01F364BA9B8F72200DA2BBCD8 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
    18:07:42.0439 0x15a8  udfs - ok
    18:07:42.0467 0x15a8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
    18:07:42.0470 0x15a8  UI0Detect - ok
    18:07:42.0482 0x15a8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
    18:07:42.0485 0x15a8  uliagpkx - ok
    18:07:42.0498 0x15a8  [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
    18:07:42.0499 0x15a8  umbus - ok
    18:07:42.0511 0x15a8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
    18:07:42.0512 0x15a8  UmPass - ok
    18:07:42.0529 0x15a8  [ AF0AC98EE5077EB844413EB54287FDE3, 1586326510DE94E2735EFAD94A68D06DB5B7347B68055A9EA8B95E19D91A2E69 ] UmRdpService    C:\Windows\System32\umrdp.dll
    18:07:42.0535 0x15a8  UmRdpService - ok
    18:07:42.0581 0x15a8  [ BBAA762626782F1C9AE9ABB1D404E312, 0D9C5F8C33A601FA5F6B03BC21456DF57CEDC4E7B68672D665EA9043B67CD90F ] UPDATESRV       C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
    18:07:42.0586 0x15a8  UPDATESRV - ok
    18:07:42.0632 0x15a8  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
    18:07:42.0668 0x15a8  upnphost - ok
    18:07:42.0697 0x15a8  [ B26AFB54A534D634523C4FB66765B026, A219C9AE32D040BEA4DD69C2C826B1C52BACE26BEBFEE799BD56DFD442C5E0D8 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
    18:07:42.0701 0x15a8  usbccgp - ok
    18:07:42.0709 0x15a8  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
    18:07:42.0714 0x15a8  usbcir - ok
    18:07:42.0720 0x15a8  [ 2EA4AFF7BE7EB4632E3AA8595B0803B5, CBECE7CEC0EFA4B283C63E9B6A270D595F5F3D006306DA5E5121BBFDCAB16376 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
    18:07:42.0723 0x15a8  usbehci - ok
    18:07:42.0742 0x15a8  [ 4C9042B8DF86C1E8E6240C218B99B39B, D286633311C047B9C4FB1AA89D7B02B9F943FDDCE473255DC8E14DD07CC9B292 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
    18:07:42.0751 0x15a8  usbhub - ok
    18:07:42.0754 0x15a8  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
    18:07:42.0756 0x15a8  usbohci - ok
    18:07:42.0759 0x15a8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
    18:07:42.0761 0x15a8  usbprint - ok
    18:07:42.0766 0x15a8  [ 080D3820DA6C046BE82FC8B45A893E83, EF4829A2D5B8D47AA7E06093EC85244042ED1CCFF43CC80DC44EF018B434197A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
    18:07:42.0768 0x15a8  USBSTOR - ok
    18:07:42.0772 0x15a8  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
    18:07:42.0773 0x15a8  usbuhci - ok
    18:07:42.0810 0x15a8  [ D501E12614B00A3252073101D6A1A74B, DFA3A83978125B3CE45C71DD9069E8A7938366D0F4B4B2401CDD07251253FA8C ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
    18:07:42.0815 0x15a8  usbvideo - ok
    18:07:42.0832 0x15a8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
    18:07:42.0836 0x15a8  UxSms - ok
    18:07:42.0857 0x15a8  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] VaultSvc        C:\Windows\system32\lsass.exe
    18:07:42.0858 0x15a8  VaultSvc - ok
    18:07:42.0876 0x15a8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
    18:07:42.0878 0x15a8  vdrvroot - ok
    18:07:42.0901 0x15a8  [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds             C:\Windows\System32\vds.exe
    18:07:42.0921 0x15a8  vds - ok
    18:07:42.0939 0x15a8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
    18:07:42.0940 0x15a8  vga - ok
    18:07:42.0944 0x15a8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
    18:07:42.0946 0x15a8  VgaSave - ok
    18:07:42.0969 0x15a8  [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
    18:07:42.0974 0x15a8  vhdmp - ok
    18:07:42.0977 0x15a8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
    18:07:42.0978 0x15a8  viaide - ok
    18:07:42.0986 0x15a8  [ 1501699D7EDA984ABC4155A7DA5738D1, 448DFEFF565F1467F387E4EC9782DDD48B8FFDDF6B1EA46A790C2782C20BD952 ] vmbus           C:\Windows\system32\DRIVERS\vmbus.sys
    18:07:42.0992 0x15a8  vmbus - ok
    18:07:42.0996 0x15a8  [ AE10C35761889E65A6F7176937C5592C, 9DC27647B6149C9B2523799F85B18122CCE749264624FE2E5FE843FE00642BBE ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
    18:07:42.0997 0x15a8  VMBusHID - ok
    18:07:43.0013 0x15a8  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
    18:07:43.0015 0x15a8  volmgr - ok
    18:07:43.0026 0x15a8  [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
    18:07:43.0035 0x15a8  volmgrx - ok
    18:07:43.0045 0x15a8  [ 58F82EED8CA24B461441F9C3E4F0BF5C, 40B8C9C9D1BEDD1507138273A3C000C753C8765E1873F2170DE63555A042928C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
    18:07:43.0051 0x15a8  volsnap - ok
    18:07:43.0060 0x15a8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
    18:07:43.0065 0x15a8  vsmraid - ok
    18:07:43.0192 0x15a8  [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS             C:\Windows\system32\vssvc.exe
    18:07:43.0222 0x15a8  VSS - ok
    18:07:43.0282 0x15a8  [ B32A00B1DE77F3FE4E4989BC80051E59, 3802E6BA4EEDACA5F4A2497136009D8CCDF375452690A239683C249A840E3D2D ] VSSERV          C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
    18:07:43.0309 0x15a8  VSSERV - ok
    18:07:43.0314 0x15a8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
    18:07:43.0315 0x15a8  vwifibus - ok
    18:07:43.0330 0x15a8  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
    18:07:43.0332 0x15a8  vwififlt - ok
    18:07:43.0356 0x15a8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
    18:07:43.0364 0x15a8  W32Time - ok
    18:07:43.0383 0x15a8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
    18:07:43.0385 0x15a8  WacomPen - ok
    18:07:43.0436 0x15a8  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
    18:07:43.0444 0x15a8  WANARP - ok
    18:07:43.0456 0x15a8  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
    18:07:43.0462 0x15a8  Wanarpv6 - ok
    18:07:43.0569 0x15a8  [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine        C:\Windows\system32\wbengine.exe
    18:07:43.0619 0x15a8  wbengine - ok
    18:07:43.0628 0x15a8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
    18:07:43.0634 0x15a8  WbioSrvc - ok
    18:07:43.0645 0x15a8  [ 8321C2CA3B62B61B293CDA3451984468, 856A079C2CCC75D633EA23E410D7F3ECDF368EAAAFF634CB82DDA545FD3A2F9C ] wcncsvc         C:\Windows\System32\wcncsvc.dll
    18:07:43.0655 0x15a8  wcncsvc - ok
    18:07:43.0669 0x15a8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    18:07:43.0671 0x15a8  WcsPlugInService - ok
    18:07:43.0683 0x15a8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
    18:07:43.0684 0x15a8  Wd - ok
    18:07:43.0703 0x15a8  [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
    18:07:43.0718 0x15a8  Wdf01000 - ok
    18:07:43.0739 0x15a8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
    18:07:43.0743 0x15a8  WdiServiceHost - ok
    18:07:43.0747 0x15a8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
    18:07:43.0750 0x15a8  WdiSystemHost - ok
    18:07:43.0770 0x15a8  [ 8A438CBB8C032A0C798B0C642FFBE572, 3200B9B6A7B87C1C47295FA416C99DE1FBB2DBBA3DA78D5CC88C26DCC4189D45 ] WebClient       C:\Windows\System32\webclnt.dll
    18:07:43.0777 0x15a8  WebClient - ok
    18:07:43.0790 0x15a8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
    18:07:43.0798 0x15a8  Wecsvc - ok
    18:07:43.0812 0x15a8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
    18:07:43.0815 0x15a8  wercplsupport - ok
    18:07:43.0840 0x15a8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
    18:07:43.0844 0x15a8  WerSvc - ok
    18:07:43.0862 0x15a8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
    18:07:43.0864 0x15a8  WfpLwf - ok
    18:07:43.0867 0x15a8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
    18:07:43.0868 0x15a8  WIMMount - ok
    18:07:43.0926 0x15a8  WinDefend - ok
    18:07:43.0935 0x15a8  WinHttpAutoProxySvc - ok
    18:07:44.0006 0x15a8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
    18:07:44.0013 0x15a8  Winmgmt - ok
    18:07:44.0130 0x15a8  [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM           C:\Windows\system32\WsmSvc.dll
    18:07:44.0192 0x15a8  WinRM - ok
    18:07:44.0262 0x15a8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
    18:07:44.0279 0x15a8  Wlansvc - ok
    18:07:44.0286 0x15a8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
    18:07:44.0287 0x15a8  WmiAcpi - ok
    18:07:44.0333 0x15a8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
    18:07:44.0351 0x15a8  wmiApSrv - ok
    18:07:44.0377 0x15a8  WMPNetworkSvc - ok
    18:07:44.0408 0x15a8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
    18:07:44.0412 0x15a8  WPCSvc - ok
    18:07:44.0421 0x15a8  [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
    18:07:44.0448 0x15a8  WPDBusEnum - ok
    18:07:44.0461 0x15a8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
    18:07:44.0464 0x15a8  ws2ifsl - ok
    18:07:44.0498 0x15a8  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
    18:07:44.0504 0x15a8  wscsvc - ok
    18:07:44.0508 0x15a8  WSearch - ok
    18:07:44.0639 0x15a8  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
    18:07:44.0732 0x15a8  wuauserv - ok
    18:07:44.0740 0x15a8  [ 7CADC74271DD6461C452C271B30BD378, D58C2094C36FC665C03A6A269EED80DC71F330C3DCF40A27A3C8F56AB7A96861 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
    18:07:44.0743 0x15a8  WudfPf - ok
    18:07:44.0778 0x15a8  [ 3B197AF0FFF08AA66B6B2241CA538D64, BC94E5EFF38B9C6A37717B2A6CA56679781A4872A0C4298056E074033571BE79 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
    18:07:44.0782 0x15a8  WUDFRd - ok
    18:07:44.0835 0x15a8  [ B551D6637AA0E132C18AC6E504F7B79B, FA6495533A14E01ABB0F6689AB7503B1B439D3ADA7457DFCB7D81714A9817327 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
    18:07:44.0844 0x15a8  wudfsvc - ok
    18:07:44.0871 0x15a8  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
    18:07:44.0915 0x15a8  WwanSvc - ok
    18:07:44.0922 0x15a8  ================ Scan global ===============================
    18:07:44.0950 0x15a8  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
    18:07:44.0998 0x15a8  [ 457B44AB6D502E55F64A867D4F35C76C, 95FEC45E28DF394E778DA37719F7D579920531AD568E1C290B7F42CB03BEAA2C ] C:\Windows\system32\winsrv.dll
    18:07:45.0033 0x15a8  [ 457B44AB6D502E55F64A867D4F35C76C, 95FEC45E28DF394E778DA37719F7D579920531AD568E1C290B7F42CB03BEAA2C ] C:\Windows\system32\winsrv.dll
    18:07:45.0083 0x15a8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
    18:07:45.0138 0x15a8  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
    18:07:45.0165 0x15a8  [ Global ] - ok
    18:07:45.0165 0x15a8  ================ Scan MBR ==================================
    18:07:45.0178 0x15a8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    18:07:45.0383 0x15a8  \Device\Harddisk0\DR0 - ok
    18:07:45.0384 0x15a8  ================ Scan VBR ==================================
    18:07:45.0389 0x15a8  [ BDB845EAE484770A38925D24DB18E240 ] \Device\Harddisk0\DR0\Partition1
    18:07:45.0392 0x15a8  \Device\Harddisk0\DR0\Partition1 - ok
    18:07:45.0405 0x15a8  [ 6FC7AF9362BAF2F3436361D943256E01 ] \Device\Harddisk0\DR0\Partition2
    18:07:45.0408 0x15a8  \Device\Harddisk0\DR0\Partition2 - ok
    18:07:45.0438 0x15a8  [ 6BBB5581B84002C0B32B9C783199A714 ] \Device\Harddisk0\DR0\Partition3
    18:07:45.0438 0x15a8  \Device\Harddisk0\DR0\Partition3 - ok
    18:07:45.0439 0x15a8  Waiting for KSN requests completion. In queue: 331
    18:07:46.0439 0x15a8  Waiting for KSN requests completion. In queue: 331
    18:07:47.0439 0x15a8  Waiting for KSN requests completion. In queue: 331
    18:07:48.0457 0x15a8  Win FW state via NFP2: enabled
    18:07:51.0383 0x15a8  ============================================================
    18:07:51.0383 0x15a8  Scan finished
    18:07:51.0383 0x15a8  ============================================================
    18:07:51.0400 0x1a0c  Detected object count: 0
    18:07:51.0400 0x1a0c  Actual detected object count: 0
    18:08:28.0975 0x15b8  Deinitialize success


    #13 Blind Faith

    Blind Faith

    • Malware Response Team
    • 4,101 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:11:59 PM

    Posted 12 October 2013 - 07:19 AM

    Hi there,

     

     

    We need to run some check up scans but I mostly think you are clean: 

     

    I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png 
  •  icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  •  
     
    ==================================================================
     
     

    Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.
    • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
    Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
     
    • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
    • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
  • Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    -- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
     
     
     
     
    Elle 

    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #14 Blind Faith

    Blind Faith

    • Malware Response Team
    • 4,101 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:11:59 PM

    Posted 14 October 2013 - 11:04 AM

    Hi there,

     

     

    Do you still need help? Please let us know. 


    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #15 alexandrex

    alexandrex
    • Topic Starter

    • Members
    • 13 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:59 PM

    Posted 15 October 2013 - 12:11 AM

    Hi Elle, sorry for the delay, here are the logs

     

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org
     
    Database version: v2013.10.15.01
     
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Alexandre :: ALEXANDRE-PC [administrator]
     
    Protection: Enabled
     
    15/10/2013 02:03:34
    mbam-log-2013-10-15 (02-03-34).txt
     
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 201752
    Time elapsed: 2 minute(s), 18 second(s)
     
    Memory Processes Detected: 0
    (No malicious items detected)
     
    Memory Modules Detected: 0
    (No malicious items detected)
     
    Registry Keys Detected: 9
    HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0043822.BHO (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0043822.Sandbox (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0043822.Sandbox.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
    HKLM\Software\LyricsFan-21 (PUP.Optional.LyricsFan.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411381122} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
    HKCR\CLSID\{11111111-1111-1111-1111-110411381122} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411381122} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
     
    Registry Values Detected: 1
    HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 2O1R1G2Z1F1G1M -> Quarantined and deleted successfully.
     
    Registry Data Items Detected: 0
    (No malicious items detected)
     
    Folders Detected: 0
    (No malicious items detected)
     
    Files Detected: 0
    (No malicious items detected)
     
    (end)
     
     
    and
     
    C:\Program Files (x86)\EaseUS\Todo Backup\bin\PxeServer.dll a variant of Win32/TFTPD32.A application cleaned by deleting - quarantined
    C:\Users\Alexandre\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005e Win32/InstalleRex.K application cleaned by deleting - quarantined
    C:\Users\Alexandre\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 Win32/InstalleRex.K application cleaned by deleting - quarantined
    C:\Users\Alexandre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LLKRMS8V\BiTool[1].dll Win32/Somoto.C application cleaned by deleting - quarantined
    C:\Users\Alexandre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LLKRMS8V\bi_downloader[1].exe Win32/Somoto.A application cleaned by deleting - quarantined
    C:\Users\Alexandre\AppData\Local\Temp\bitool.dll Win32/Somoto.C application cleaned by deleting - quarantined
    C:\Users\Alexandre\AppData\Local\Temp\nsoF6A4.tmp Win32/Somoto.A application cleaned by deleting - quarantined
    C:\Users\Alexandre\Downloads\ativador2.1.7.rar Win32/HackTool.WinActivator.I application deleted - quarantined
    C:\Users\Alexandre\Downloads\DAEMONToolsUltra200-0159.exe Win32/OpenCandy application cleaned by deleting - quarantined
    C:\Users\Alexandre\Downloads\epm.exe Win32/OpenCandy application cleaned by deleting - quarantined
    C:\Users\Alexandre\Downloads\SkypeSetup.exe Win32/InstallCore.DP application cleaned by deleting - quarantined





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users