Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Think I have a keylogger, please help


  • This topic is locked This topic is locked
14 replies to this topic

#1 BiggaWhat

BiggaWhat

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 30 October 2013 - 05:22 PM

Hi all,  I have been having some issues with a Steam account of mine that I have lost control of twice and I don't know why.  I have changed all of my passwords and still it was taken again, so I'm suspecting I may have a keylogger.  All of the scans that I ran didn't show anything but I'm still not convinced.  Here is a copy of my DDS fine and the attach.txt as well as a hijackthis (if thats even needed) are attached.  Let me know if you need anything and thanks!

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.25.2
Run by Andrew at 18:10:35 on 2013-10-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8078.5097 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlcccoms.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NetLimiter 3\nlsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2wizard.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskhost.exe
H:\Steam\Steam.exe
H:\Microsoft Office 2013\Office15\POWERPNT.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Users\Andrew\Downloads\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Steam] "H:\The Stanley Parable\bin\steam.exe" -silent
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [emsisoft anti-malware] "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60
StartupFolder: C:\Users\Andrew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
StartupFolder: C:\Users\Andrew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OFFICE~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - H:\MICROS~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - H:\MICROS~1\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.200.1
TCP: Interfaces\{ED842A52-E078-4BBF-969E-F98866D8A873} : DHCPNameServer = 192.168.200.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - H:\Microsoft Office 2013\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\Microsoft Office 2013\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - H:\Microsoft Office 2013\Office15\GROOVEEX.DLL
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [dlccmon.exe] "C:\Program Files (x86)\Dell Photo AIO Printer 924\dlccmon.exe"
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [DLCCCATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\DLCCtime.dll,RunDLLEntry
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - H:\Microsoft Office 2013\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - H:\Microsoft Office 2013\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - H:\Microsoft Office 2013\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - H:\Microsoft Office 2013\Office15\MSOSB.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\k0iy75pi.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.http - 87.236.209.107
FF - prefs.js: network.proxy.http_port - 443
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\k0iy75pi.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\k0iy75pi.default\extensions\cryenginebrowserplugin@crytek.com\plugins\npcry38.dll
FF - plugin: C:\Users\Andrew\AppData\Roaming\RCKR\plugins\nprcplugin.dll
FF - plugin: C:\Users\Andrew\Downloads\null\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-10-22 13:09; cryenginebrowserplugin@crytek.com; C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\k0iy75pi.default\extensions\cryenginebrowserplugin@crytek.com
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-9-21 49760]
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-22 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-22 204880]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-2-27 16152]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2013-10-30 26176]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-10-26 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-10-26 378944]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-9-17 283200]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Program Files\HWiNFO64\HWiNFO64A.SYS [2012-9-17 30592]
R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2011-3-21 88200]
R2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2013-10-30 4153784]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-2 240640]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-10-26 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-10-26 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-10-8 46808]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-17 13632]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-9-16 128280]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-9-16 161560]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-30 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-30 701512]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-10-10 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-10-10 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-10-10 171928]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-16 363800]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2013-10-30 70960]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-3-4 126952]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-3-4 390632]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2013-10-30 57024]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-2-27 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-2-27 788760]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-30 25928]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-9-16 32344]
R3 NLNdisMP;NLNdisMP;C:\Windows\System32\drivers\nlndis.sys [2011-3-21 33416]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\System32\drivers\nlndis.sys [2011-3-21 33416]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2012-7-23 10568]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-16 1255736]
.
=============== Created Last 30 ================
.
2013-10-30 20:58:23    --------    d-----w-    C:\Program Files (x86)\Emsisoft Anti-Malware
2013-10-30 20:49:02    --------    d-----w-    C:\Users\Andrew\AppData\Roaming\Malwarebytes
2013-10-30 20:48:56    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-10-30 20:48:56    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-10-30 20:48:56    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-29 15:47:14    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1C42374C-897D-4BBE-B70D-BE408EED1671}\offreg.dll
2013-10-29 15:39:18    10280728    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1C42374C-897D-4BBE-B70D-BE408EED1671}\mpengine.dll
2013-10-29 01:36:13    --------    d-----w-    C:\Users\Andrew\AppData\Roaming\Braid
2013-10-27 05:12:28    --------    d-----w-    C:\Users\Andrew\AppData\Local\EMU
2013-10-25 22:11:51    --------    d-----w-    C:\Program Files (x86)\JAM Software
2013-10-22 17:10:00    --------    d-----w-    C:\ProgramData\GFACE
2013-10-10 18:07:24    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2013-10-10 18:07:19    17272    ----a-w-    C:\Windows\System32\sdnclean64.exe
2013-10-10 18:07:16    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-10-10 17:47:51    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-10-10 17:47:51    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-10-10 17:47:51    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-10-10 17:47:51    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-10-10 17:47:51    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
.
==================== Find3M  ====================
.
2013-09-22 23:28:06    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49    2876928    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-09-22 22:54:51    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-09 20:28:18    291088    ----a-w-    C:\Windows\SysWow64\PnkBstrB.xtr
2013-09-09 20:28:18    291088    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2013-09-08 02:30:37    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14    327168    ----a-w-    C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58    231424    ----a-w-    C:\Windows\SysWow64\mswsock.dll
2013-09-04 12:12:11    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:49    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43    52736    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2013-09-03 18:35:10    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-08-30 07:48:10    72016    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2013-08-30 07:48:10    65336    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2013-08-30 07:48:10    204880    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-08-30 07:48:10    1030952    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-08-30 07:48:09    80816    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2013-08-30 07:47:40    41664    ----a-w-    C:\Windows\avastSS.scr
2013-08-29 02:17:48    5549504    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-08-29 02:16:14    859648    ----a-w-    C:\Windows\System32\tdh.dll
2013-08-29 02:13:28    878080    ----a-w-    C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45    3969472    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45    3914176    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16    619520    ----a-w-    C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17    640512    ----a-w-    C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-08-28 01:12:33    461312    ----a-w-    C:\Windows\System32\scavengeui.dll
2013-08-05 02:25:45    155584    ----a-w-    C:\Windows\System32\drivers\ataport.sys
2013-08-02 08:08:58    594024    ----a-w-    C:\Windows\System32\dsNcSmartCardProv.dll
2013-08-02 08:08:56    423528    ----a-w-    C:\Windows\System32\dsNcCredProv.dll
2013-08-02 08:08:30    357992    ----a-w-    C:\Windows\SysWow64\dsGinaLoaderX64.dll
2013-08-02 07:37:50    36816    ----a-w-    C:\Windows\System32\drivers\dsNcAdpt.sys
2013-08-02 02:14:57    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17    338432    ----a-w-    C:\Windows\System32\conhost.exe
2013-08-02 00:59:09    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-08-02 00:43:05    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 18:10:48.82 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 AM

Posted 04 November 2013 - 05:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/512418 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 BiggaWhat

BiggaWhat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 05 November 2013 - 04:27 PM

I have my original windows CD available, I've attached the requested DDS files

Attached Files


Edited by BiggaWhat, 05 November 2013 - 04:28 PM.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:18 AM

Posted 10 November 2013 - 04:00 PM

Hello, my name is Elise and I'll assist you with this issue.

 

Your logs look clean, but can you please explain what exactly the problem is with your Steam account and if you have contacted Steam already about this?

 

There are a lot of phishing sites out there that attempt to get a hold on your steam credentials (as well as other popular sites/platforms). If you left a username/password on such a site your account can be compromised without your computer being infected.   A keylogger will leave evidence in a log which I do not see.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 BiggaWhat

BiggaWhat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 11 November 2013 - 09:56 PM

I considered the phishing idea but I don't know how likely that is.  What happened was that a few weeks before this, I lost my account for the first time.  This has never happened before so I contacted Steam, gave them some info, and they restored my account.  I changed all of the passwords for all related accounts and emails.  This then happened again a few weeks later, and I lost my account for the second time.  What is confusing is that you need to access my email to even change the Steam password, so whoever took it would have had to have known both my Steam login and my email login.  They do not share a password so it isn't like they could have just guessed.  This is mostly why I thought I might have a keylogger, even though scanning programs didn't pick anything up.  I might have put my Steam login information somewhere on a phishing site, that is possible, as there are a number of sites that have you log in through steam and one of them might have been fake.  What doesn't make sense is how they got my email login info.  I know for certain I do not enter that information anywhere except for the email site itself.



#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:18 AM

Posted 12 November 2013 - 02:22 AM

Its hard to say, and phishing scams can be very, very good (as in look-alike). Just to be sure lets do a rootkit scan.

GMER
-------
Please download GMER from one of the following locations and save it to your desktop:
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 BiggaWhat

BiggaWhat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 12 November 2013 - 04:42 PM

Alright I copied the GMER scan below.  I followed the instructions above but I did however get this warning when opening the program "C:\Windows\system32\config\system: The process cannot accesse the file because it is being used by another process"  I then got that messaged again when the scan was running along with another message saying "C:\Users\Andrew\ntuser.dat: The process cannot accesse the file because it is being used by another process"  I'm not sure the significance of this

 

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-11-12 16:38:22
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.CXM0 119.24GB
Running: gmer.exe; Driver: C:\Users\Andrew\AppData\Local\Temp\uwdiqpob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                        fffff800039b2000 52 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 582                                                                                        fffff800039b2036 27 bytes [FF, FF, FF, FF, FF, FF, FF, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Windows\system32\services.exe[856] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               0000000077aaeecd 1 byte [62]
.text     C:\Windows\system32\svchost.exe[164] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                0000000077aaeecd 1 byte [62]
.text     C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[640] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                     0000000075f8a2ba 1 byte [62]
.text     C:\Windows\System32\svchost.exe[1164] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               0000000077aaeecd 1 byte [62]
.text     C:\Windows\System32\svchost.exe[1208] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               0000000077aaeecd 1 byte [62]
.text     C:\Windows\system32\svchost.exe[1256] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               0000000077aaeecd 1 byte [62]
.text     C:\Windows\Explorer.EXE[1816] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                       0000000077aaeecd 1 byte [62]
.text     C:\Windows\system32\taskhost.exe[1920] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                              0000000077aaeecd 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2056] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112  0000000075f8a2ba 1 byte [62]
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2604] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                0000000075f8a2ba 1 byte [62]
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1664] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                               0000000077e6fac0 5 bytes JMP 0000000100030600
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1664] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                   0000000077e6fb58 5 bytes JMP 0000000100030804
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1664] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                    0000000077e6fcb0 5 bytes JMP 0000000100030c0c
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1664] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                0000000077e70038 5 bytes JMP 0000000100030a08
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1664] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                    0000000077e71920 5 bytes JMP 0000000100030e10
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1664] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                            0000000077e8c4dd 5 bytes JMP 00000001000301f8
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1664] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                          0000000077e91287 5 bytes JMP 00000001000303fc
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1664] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                               0000000075f8a2ba 1 byte [62]
.text     C:\Windows\system32\svchost.exe[3124] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                               0000000077aaeecd 1 byte [62]
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                               0000000077e6fac0 5 bytes JMP 0000000100030600
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                   0000000077e6fb58 5 bytes JMP 0000000100030804
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                    0000000077e6fcb0 5 bytes JMP 0000000100030c0c
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                0000000077e70038 5 bytes JMP 0000000100030a08
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                    0000000077e71920 5 bytes JMP 0000000100030e10
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3260] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                            0000000077e8c4dd 5 bytes JMP 00000001000301f8
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3260] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                          0000000077e91287 5 bytes JMP 00000001000303fc
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3260] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                               0000000075f8a2ba 1 byte [62]
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3884] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                               0000000077e6fac0 5 bytes JMP 0000000100090600
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3884] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                   0000000077e6fb58 5 bytes JMP 0000000100090804
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3884] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                    0000000077e6fcb0 5 bytes JMP 0000000100090c0c
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3884] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                0000000077e70038 5 bytes JMP 0000000100090a08
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3884] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                    0000000077e71920 5 bytes JMP 0000000100090e10
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3884] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                            0000000077e8c4dd 5 bytes JMP 00000001000901f8
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3884] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                          0000000077e91287 5 bytes JMP 00000001000903fc
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3884] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                               0000000075f8a2ba 1 byte [62]
.text     C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                    0000000077c93b10 5 bytes JMP 00000001002e075c
.text     C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                      0000000077c97ac0 5 bytes JMP 00000001002e03a4
.text     C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                         0000000077cc1430 5 bytes JMP 00000001002e0b14
.text     C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                             0000000077cc1490 5 bytes JMP 00000001002e0ecc
.text     C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                              0000000077cc1570 5 bytes JMP 00000001002e163c
.text     C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                          0000000077cc17b0 5 bytes JMP 00000001002e1284
.text     C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                              0000000077cc27e0 5 bytes JMP 00000001002e19f4
.text     C:\Windows\system32\SearchIndexer.exe[1948] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                         0000000077aaeecd 1 byte [62]
.text     C:\Windows\system32\svchost.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                          0000000077c93b10 5 bytes JMP 000000010025075c
.text     C:\Windows\system32\svchost.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                            0000000077c97ac0 5 bytes JMP 00000001002503a4
.text     C:\Windows\system32\svchost.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                               0000000077cc1430 5 bytes JMP 0000000100250b14
.text     C:\Windows\system32\svchost.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                   0000000077cc1490 5 bytes JMP 0000000100250ecc
.text     C:\Windows\system32\svchost.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000077cc1570 5 bytes JMP 000000010025163c
.text     C:\Windows\system32\svchost.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                0000000077cc17b0 5 bytes JMP 0000000100251284
.text     C:\Windows\system32\svchost.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000077cc27e0 5 bytes JMP 00000001002519f4
.text     C:\Program Files (x86)\Dell Photo AIO Printer 924\dlccmon.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                 0000000077e6fac0 5 bytes JMP 0000000100030600
.text     C:\Program Files (x86)\Dell Photo AIO Printer 924\dlccmon.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                     0000000077e6fb58 5 bytes JMP 0000000100030804
.text     C:\Program Files (x86)\Dell Photo AIO Printer 924\dlccmon.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                      0000000077e6fcb0 5 bytes JMP 0000000100030c0c
.text     C:\Program Files (x86)\Dell Photo AIO Printer 924\dlccmon.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                  0000000077e70038 5 bytes JMP 0000000100030a08
.text     C:\Program Files (x86)\Dell Photo AIO Printer 924\dlccmon.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                      0000000077e71920 5 bytes JMP 0000000100030e10
.text     C:\Program Files (x86)\Dell Photo AIO Printer 924\dlccmon.exe[4964] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                              0000000077e8c4dd 5 bytes JMP 00000001000301f8
.text     C:\Program Files (x86)\Dell Photo AIO Printer 924\dlccmon.exe[4964] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                            0000000077e91287 5 bytes JMP 00000001000303fc
.text     C:\Program Files (x86)\Dell Photo AIO Printer 924\dlccmon.exe[4964] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                 0000000075f8a2ba 1 byte [62]
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[4584] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                            0000000077aaeecd 1 byte [62]
.text     C:\Windows\System32\svchost.exe[5036] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                          0000000077c93b10 5 bytes JMP 000000010016075c
.text     C:\Windows\System32\svchost.exe[5036] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                            0000000077c97ac0 5 bytes JMP 00000001001603a4
.text     C:\Windows\System32\svchost.exe[5036] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                               0000000077cc1430 5 bytes JMP 0000000100160b14
.text     C:\Windows\System32\svchost.exe[5036] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                   0000000077cc1490 5 bytes JMP 0000000100160ecc
.text     C:\Windows\System32\svchost.exe[5036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000077cc1570 5 bytes JMP 000000010016163c
.text     C:\Windows\System32\svchost.exe[5036] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                0000000077cc17b0 5 bytes JMP 0000000100161284
.text     C:\Windows\System32\svchost.exe[5036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    0000000077cc27e0 5 bytes JMP 00000001001619f4
.text     C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[5384] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                0000000077e6fac0 5 bytes JMP 0000000100030600
.text     C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[5384] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                    0000000077e6fb58 5 bytes JMP 0000000100030804
.text     C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[5384] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                     0000000077e6fcb0 5 bytes JMP 0000000100030c0c
.text     C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[5384] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                 0000000077e70038 5 bytes JMP 0000000100030a08
.text     C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[5384] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                     0000000077e71920 5 bytes JMP 0000000100030e10
.text     C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[5384] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                             0000000077e8c4dd 5 bytes JMP 00000001000301f8
.text     C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[5384] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                           0000000077e91287 5 bytes JMP 00000001000303fc
.text     C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[5384] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                0000000075f8a2ba 1 byte [62]
.text     C:\Program Files\AVAST Software\Avast\AvastUI.exe[5176] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                             0000000075f8a2ba 1 byte [62]
.text     C:\Program Files (x86)\iTunes\iTunesHelper.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                0000000077e6fac0 5 bytes JMP 0000000100030600
.text     C:\Program Files (x86)\iTunes\iTunesHelper.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                    0000000077e6fb58 5 bytes JMP 0000000100030804
.text     C:\Program Files (x86)\iTunes\iTunesHelper.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                     0000000077e6fcb0 5 bytes JMP 0000000100030c0c
.text     C:\Program Files (x86)\iTunes\iTunesHelper.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                 0000000077e70038 5 bytes JMP 0000000100030a08
.text     C:\Program Files (x86)\iTunes\iTunesHelper.exe[4972] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                     0000000077e71920 5 bytes JMP 0000000100030e10
.text     C:\Program Files (x86)\iTunes\iTunesHelper.exe[4972] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                             0000000077e8c4dd 5 bytes JMP 00000001000301f8
.text     C:\Program Files (x86)\iTunes\iTunesHelper.exe[4972] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                           0000000077e91287 5 bytes JMP 00000001000303fc
.text     C:\Program Files (x86)\iTunes\iTunesHelper.exe[4972] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                0000000075f8a2ba 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5788] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                              0000000077e6fac0 5 bytes JMP 0000000100030600
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5788] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                  0000000077e6fb58 5 bytes JMP 0000000100030804
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5788] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                   0000000077e6fcb0 5 bytes JMP 0000000100030c0c
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5788] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                               0000000077e70038 5 bytes JMP 0000000100030a08
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5788] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                   0000000077e71920 5 bytes JMP 0000000100030e10
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5788] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                           0000000077e8c4dd 5 bytes JMP 00000001000301f8
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5788] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                         0000000077e91287 5 bytes JMP 00000001000303fc
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5788] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                              0000000075f8a2ba 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5788] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                           0000000077455181 5 bytes JMP 0000000100251014
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5788] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                               0000000077455254 5 bytes JMP 0000000100250804
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5788] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                               00000000774553d5 5 bytes JMP 0000000100250a08
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5788] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                              00000000774554c2 5 bytes JMP 0000000100250c0c
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5788] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                              00000000774555e2 5 bytes JMP 0000000100250e10
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5788] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                     000000007745567c 5 bytes JMP 00000001002501f8
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5788] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                     000000007745589f 5 bytes JMP 00000001002503fc
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5788] C:\Windows\SysWOW64\sechost.dll!DeleteService                                      0000000077455a22 5 bytes JMP 0000000100250600
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6364] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                      0000000077c93b10 5 bytes JMP 000000010040075c
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6364] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                        0000000077c97ac0 5 bytes JMP 00000001004003a4
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6364] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                           0000000077cc1430 5 bytes JMP 0000000100400b14
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6364] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                               0000000077cc1490 5 bytes JMP 0000000100400ecc
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                0000000077cc1570 5 bytes JMP 000000010040163c
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6364] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                            0000000077cc17b0 5 bytes JMP 0000000100401284
.text     C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[6364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                0000000077cc27e0 5 bytes JMP 00000001004019f4
.text     C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[7064] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                 0000000077e6fac0 5 bytes JMP 0000000100030600
.text     C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[7064] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                     0000000077e6fb58 5 bytes JMP 0000000100030804
.text     C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[7064] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                      0000000077e6fcb0 5 bytes JMP 0000000100030c0c
.text     C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[7064] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                  0000000077e70038 5 bytes JMP 0000000100030a08
.text     C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[7064] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                      0000000077e71920 5 bytes JMP 0000000100030e10
.text     C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[7064] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                              0000000077e8c4dd 5 bytes JMP 00000001000301f8
.text     C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[7064] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                            0000000077e91287 5 bytes JMP 00000001000303fc
.text     C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[7064] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                 0000000075f8a2ba 1 byte [62]
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1144] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                0000000077e6fac0 5 bytes JMP 0000000100030600
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1144] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                    0000000077e6fb58 5 bytes JMP 0000000100030804
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1144] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                     0000000077e6fcb0 5 bytes JMP 0000000100030c0c
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1144] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                 0000000077e70038 5 bytes JMP 0000000100030a08
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1144] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                     0000000077e71920 5 bytes JMP 0000000100030e10
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1144] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                             0000000077e8c4dd 5 bytes JMP 00000001000301f8
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1144] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                           0000000077e91287 5 bytes JMP 00000001000303fc
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[1144] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                0000000075f8a2ba 1 byte [62]
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[5616] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                0000000077e6fac0 5 bytes JMP 0000000100030600
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[5616] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                    0000000077e6fb58 5 bytes JMP 0000000100030804
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[5616] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                     0000000077e6fcb0 5 bytes JMP 0000000100030c0c
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[5616] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                 0000000077e70038 5 bytes JMP 0000000100030a08
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[5616] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                     0000000077e71920 5 bytes JMP 0000000100030e10
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[5616] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                             0000000077e8c4dd 5 bytes JMP 00000001000301f8
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[5616] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                           0000000077e91287 5 bytes JMP 00000001000303fc
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[5616] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                0000000075f8a2ba 1 byte [62]
.text     C:\Windows\system32\AUDIODG.EXE[7832] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189                                                               0000000077aaeecd 1 byte [62]
.text     C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe[3256] C:\Windows\syswow64\USER32.dll!SendMessageW                             00000000778d9679 6 bytes {JMP QWORD [RIP+0x718f001e]}
.text     C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe[3256] C:\Windows\syswow64\USER32.dll!SetWinEventHook                          00000000778dee09 5 bytes JMP 00000001000b01f8
.text     C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe[3256] C:\Windows\syswow64\USER32.dll!PostMessageW                             00000000778e12a5 6 bytes JMP 718a000a
.text     C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe[3256] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                           00000000778e3982 5 bytes JMP 00000001000b03fc
.text     C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe[3256] C:\Windows\syswow64\USER32.dll!PostMessageA                             00000000778e3baa 6 bytes JMP 718d000a
.text     C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe[3256] C:\Windows\syswow64\USER32.dll!SendMessageA                             00000000778e612e 6 bytes {JMP QWORD [RIP+0x7192001e]}
.text     C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe[3256] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                        00000000778e7603 5 bytes JMP 00000001000b0804
.text     C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe[3256] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                        00000000778e835c 5 bytes JMP 00000001000b0600
.text     C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe[3256] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                      00000000778ff52b 5 bytes JMP 00000001000b0a08
.text     C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe[3256] C:\Windows\syswow64\USER32.dll!SendInput                                00000000778fff4a 3 bytes [FF, 25, 1E]
.text     C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe[3256] C:\Windows\syswow64\USER32.dll!SendInput + 4                            00000000778fff4e 2 bytes [95, 71]
.text     C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe[3256] C:\Windows\syswow64\USER32.dll!mouse_event                              000000007793027b 6 bytes {JMP QWORD [RIP+0x719b001e]}
.text     C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe[3256] C:\Windows\syswow64\USER32.dll!keybd_event                              00000000779302bf 6 bytes {JMP QWORD [RIP+0x7198001e]}
.text     C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe[9812] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                          0000000077e6fac0 5 bytes JMP 0000000100030600
.text     C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe[9812] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                              0000000077e6fb58 5 bytes JMP 0000000100030804
.text     C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe[9812] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                               0000000077e6fcb0 5 bytes JMP 0000000100030c0c
.text     C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe[9812] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                           0000000077e70038 5 bytes JMP 0000000100030a08
.text     C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe[9812] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                               0000000077e71920 5 bytes JMP 0000000100030e10
.text     C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe[9812] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                       0000000077e8c4dd 5 bytes JMP 00000001000301f8
.text     C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe[9812] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                     0000000077e91287 5 bytes JMP 00000001000303fc
.text     C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe[9812] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                          0000000075f8a2ba 1 byte [62]
.text     C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe[9812] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                 00000000778dee09 5 bytes JMP 00000001000a01f8
.text     C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe[9812] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                  00000000778e3982 5 bytes JMP 00000001000a03fc
.text     C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe[9812] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                               00000000778e7603 5 bytes JMP 00000001000a0804
.text     C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe[9812] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                               00000000778e835c 5 bytes JMP 00000001000a0600
.text     C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe[9812] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                             00000000778ff52b 5 bytes JMP 00000001000a0a08
.text     C:\Windows\system32\svchost.exe[2044] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                            000007fefedc6e00 5 bytes JMP 000007ff7ede1dac
.text     C:\Windows\system32\svchost.exe[2044] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                000007fefedc6f2c 5 bytes JMP 000007ff7ede0ecc
.text     C:\Windows\system32\svchost.exe[2044] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                000007fefedc7220 5 bytes JMP 000007ff7ede1284
.text     C:\Windows\system32\svchost.exe[2044] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                               000007fefedc739c 5 bytes JMP 000007ff7ede163c
.text     C:\Windows\system32\svchost.exe[2044] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                               000007fefedc7538 5 bytes JMP 000007ff7ede19f4
.text     C:\Windows\system32\svchost.exe[2044] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                      000007fefedc75e8 5 bytes JMP 000007ff7ede03a4
.text     C:\Windows\system32\svchost.exe[2044] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                      000007fefedc790c 5 bytes JMP 000007ff7ede075c
.text     C:\Windows\system32\svchost.exe[2044] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                       000007fefedc7ab4 5 bytes JMP 000007ff7ede0b14
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                                0000000077e6fac0 5 bytes JMP 0000000100030600
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                                    0000000077e6fb58 5 bytes JMP 0000000100030804
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                          0000000077e6fc20 3 bytes JMP 718a000a
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                                                      0000000077e6fc24 2 bytes JMP 718a000a
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                     0000000077e6fcb0 5 bytes JMP 0000000100030c0c
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                             0000000077e6fd64 3 bytes JMP 7184000a
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                                         0000000077e6fd68 2 bytes JMP 7184000a
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                 0000000077e70038 5 bytes JMP 0000000100030a08
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                           0000000077e700b4 3 bytes JMP 7187000a
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                                       0000000077e700b8 2 bytes JMP 7187000a
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                          0000000077e701c4 3 bytes JMP 7190000a
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                                                      0000000077e701c8 2 bytes JMP 7190000a
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                                                       0000000077e70a44 3 bytes JMP 718d000a
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                                                   0000000077e70a48 2 bytes JMP 718d000a
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                     0000000077e71920 5 bytes JMP 0000000100030e10
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                             0000000077e8c4dd 5 bytes JMP 00000001000301f8
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                           0000000077e91287 5 bytes JMP 00000001000303fc
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW                                                              0000000075f73b93 3 bytes JMP 7181000a
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW + 4                                                          0000000075f73b97 2 bytes JMP 7181000a
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                                0000000075f8a2ba 1 byte [62]
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                              0000000077482c91 4 bytes CALL 71af0000
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                          00000000778d9679 6 bytes JMP 719f000a
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                       00000000778dee09 5 bytes JMP 00000001000901f8
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                          00000000778e12a5 6 bytes JMP 7199000a
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                                        00000000778e3982 5 bytes JMP 00000001000903fc
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                          00000000778e3baa 6 bytes JMP 719c000a
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                          00000000778e612e 6 bytes JMP 71a2000a
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                     00000000778e7603 5 bytes JMP 0000000100090804
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                     00000000778e835c 5 bytes JMP 0000000100090600
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                   00000000778ff52b 5 bytes JMP 0000000100090a08
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\syswow64\USER32.dll!SendInput                                                                             00000000778fff4a 3 bytes JMP 71a5000a
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                                         00000000778fff4e 2 bytes JMP 71a5000a
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\syswow64\USER32.dll!mouse_event                                                                           000000007793027b 6 bytes JMP 71ab000a
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\syswow64\USER32.dll!keybd_event                                                                           00000000779302bf 6 bytes JMP 71a8000a
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                      00000000775570c4 6 bytes JMP 7193000a
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                      0000000077573264 6 bytes JMP 7196000a
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                             0000000077455181 5 bytes JMP 00000001000a1014
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                                 0000000077455254 5 bytes JMP 00000001000a0804
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                                 00000000774553d5 5 bytes JMP 00000001000a0a08
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                                00000000774554c2 5 bytes JMP 00000001000a0c0c
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                                00000000774555e2 5 bytes JMP 00000001000a0e10
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                                       000000007745567c 5 bytes JMP 00000001000a01f8
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                                       000000007745589f 5 bytes JMP 00000001000a03fc
.text     C:\Windows\SysWOW64\ctfmon.exe[3356] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                                        0000000077455a22 5 bytes JMP 00000001000a0600
.text     C:\Program Files\WinRAR\WinRAR.exe[8552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                      0000000077cc1510 6 bytes {JMP QWORD [RIP+0x847eb20]}
.text     C:\Program Files\WinRAR\WinRAR.exe[8552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                         0000000077cc15e0 6 bytes {JMP QWORD [RIP+0x84bea50]}
.text     C:\Program Files\WinRAR\WinRAR.exe[8552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                       0000000077cc1800 6 bytes {JMP QWORD [RIP+0x849e830]}
.text     C:\Program Files\WinRAR\WinRAR.exe[8552] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                      0000000077cc18b0 6 bytes {JMP QWORD [RIP+0x843e780]}
.text     C:\Program Files\WinRAR\WinRAR.exe[8552] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey                                                                   0000000077cc1e40 6 bytes {JMP QWORD [RIP+0x845e1f0]}
.text     C:\Program Files\WinRAR\WinRAR.exe[8552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                 0000000077cc27e0 6 bytes {JMP QWORD [RIP+0x84dd850]}
.text     C:\Program Files\WinRAR\WinRAR.exe[8552] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                          0000000077a6e750 6 bytes {JMP QWORD [RIP+0x87518e0]}
.text     C:\Program Files\WinRAR\WinRAR.exe[8552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                            0000000077aaeecd 1 byte [62]
.text     C:\Program Files\WinRAR\WinRAR.exe[8552] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                          000007fefde09055 3 bytes CALL 9000027
.text     C:\Program Files\WinRAR\WinRAR.exe[8552] C:\Windows\system32\msi.dll!MsiSetInternalUI                                                                     000007fef9315cd0 6 bytes JMP 37a3a0
.text     C:\Program Files\WinRAR\WinRAR.exe[8552] C:\Windows\system32\msi.dll!MsiInstallProductA                                                                   000007fef9390f20 6 bytes {JMP QWORD [RIP+0x2bf110]}
.text     C:\Program Files\WinRAR\WinRAR.exe[8552] C:\Windows\system32\msi.dll!MsiInstallProductW                                                                   000007fef939faa8 6 bytes JMP 0
.text     C:\Users\Andrew\Desktop\New folder\gmer.exe[8320] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                             0000000077e6fc20 3 bytes JMP 718a000a
.text     C:\Users\Andrew\Desktop\New folder\gmer.exe[8320] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                                         0000000077e6fc24 2 bytes JMP 718a000a
.text     C:\Users\Andrew\Desktop\New folder\gmer.exe[8320] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                0000000077e6fd64 3 bytes JMP 7184000a
.text     C:\Users\Andrew\Desktop\New folder\gmer.exe[8320] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                            0000000077e6fd68 2 bytes JMP 7184000a
.text     C:\Users\Andrew\Desktop\New folder\gmer.exe[8320] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                              0000000077e700b4 3 bytes JMP 7187000a
.text     C:\Users\Andrew\Desktop\New folder\gmer.exe[8320] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                          0000000077e700b8 2 bytes JMP 7187000a
.text     C:\Users\Andrew\Desktop\New folder\gmer.exe[8320] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                             0000000077e701c4 3 bytes JMP 7190000a
.text     C:\Users\Andrew\Desktop\New folder\gmer.exe[8320] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                                         0000000077e701c8 2 bytes JMP 7190000a
.text     C:\Users\Andrew\Desktop\New folder\gmer.exe[8320] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                                          0000000077e70a44 3 bytes JMP 718d000a
.text     C:\Users\Andrew\Desktop\New folder\gmer.exe[8320] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                                      0000000077e70a48 2 bytes JMP 718d000a
.text     C:\Users\Andrew\Desktop\New folder\gmer.exe[8320] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                        0000000077e71920 3 bytes JMP 7181000a
.text     C:\Users\Andrew\Desktop\New folder\gmer.exe[8320] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                                    0000000077e71924 2 bytes JMP 7181000a
.text     C:\Users\Andrew\Desktop\New folder\gmer.exe[8320] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                 0000000075f73b93 3 bytes JMP 717e000a
.text     C:\Users\Andrew\Desktop\New folder\gmer.exe[8320] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                                             0000000075f73b97 2 bytes JMP 717e000a
.text     C:\Users\Andrew\Desktop\New folder\gmer.exe[8320] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                   0000000075f8a2ba 1 byte [62]
.text     C:\Users\Andrew\Desktop\New folder\gmer.exe[8320] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                 0000000077482c91 4 bytes CALL 71af0000
.text     C:\Users\Andrew\Desktop\New folder\gmer.exe[8320] C:\Windows\syswow64\USER32.dll!SendMessageW                                                             00000000778d9679 6 bytes JMP 719f000a
.text     C:\Users\Andrew\Desktop\New folder\gmer.exe[8320] C:\Windows\syswow64\USER32.dll!PostMessageW                                                             00000000778e12a5 6 bytes JMP 7199000a
.text     C:\Users\Andrew\Desktop\New folder\gmer.exe[8320] C:\Windows\syswow64\USER32.dll!PostMessageA                                                             00000000778e3baa 6 bytes JMP 719c000a
.text     C:\Users\Andrew\Desktop\New folder\gmer.exe[8320] C:\Windows\syswow64\USER32.dll!SendMessageA                                                             00000000778e612e 6 bytes JMP 71a2000a
.text     C:\Users\Andrew\Desktop\New folder\gmer.exe[8320] C:\Windows\syswow64\USER32.dll!SendInput                                                                00000000778fff4a 3 bytes JMP 71a5000a
.text     C:\Users\Andrew\Desktop\New folder\gmer.exe[8320] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                            00000000778fff4e 2 bytes JMP 71a5000a
.text     C:\Users\Andrew\Desktop\New folder\gmer.exe[8320] C:\Windows\syswow64\USER32.dll!mouse_event                                                              000000007793027b 6 bytes JMP 71ab000a
.text     C:\Users\Andrew\Desktop\New folder\gmer.exe[8320] C:\Windows\syswow64\USER32.dll!keybd_event                                                              00000000779302bf 6 bytes JMP 71a8000a
.text     C:\Users\Andrew\Desktop\New folder\gmer.exe[8320] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                         00000000775570c4 6 bytes JMP 7193000a
.text     C:\Users\Andrew\Desktop\New folder\gmer.exe[8320] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                         0000000077573264 6 bytes JMP 7196000a

---- Threads - GMER 2.1 ----

Thread     [884:1000]                                                                                                                                               0000000077c8aef0
Thread     [884:1064]                                                                                                                                               0000000077c8fbf0
Thread     [884:1068]                                                                                                                                               0000000077c8fbf0
Thread     [884:1072]                                                                                                                                               0000000077c8fbf0
Thread     [884:1076]                                                                                                                                               0000000077c8fbf0
Thread     [884:1080]                                                                                                                                               0000000077c8fbf0
Thread     [884:1084]                                                                                                                                               0000000077c8fbf0
Thread     [884:6308]                                                                                                                                               0000000077c8fbf0
Thread    C:\Windows\System32\svchost.exe [1208:4464]                                                                                                               000007fef5faa2b0
Thread    C:\Windows\System32\svchost.exe [1208:4552]                                                                                                               000007fef68820c0
Thread    C:\Windows\System32\svchost.exe [1208:4588]                                                                                                               000007fef68826a8
Thread    C:\Windows\System32\svchost.exe [1208:4788]                                                                                                               000007fef7b888f8
Thread    C:\Windows\System32\svchost.exe [1208:6296]                                                                                                               000007fef10f8a4c
Thread    C:\Windows\System32\svchost.exe [1208:9328]                                                                                                               000007fef68829dc
Thread    C:\Windows\system32\svchost.exe [1256:3544]                                                                                                               000007fef6d3506c
Thread    C:\Windows\system32\svchost.exe [1256:3552]                                                                                                               000007fef6dd1c20
Thread    C:\Windows\system32\svchost.exe [1256:3548]                                                                                                               000007fef6dd1c20
Thread    C:\Windows\system32\svchost.exe [1256:3864]                                                                                                               000007fef7da5124
Thread    C:\Windows\system32\svchost.exe [1256:7096]                                                                                                               000007fef6a64164
Thread    C:\Windows\system32\svchost.exe [1256:8840]                                                                                                               000007fee94ecb70
Thread    C:\Windows\system32\svchost.exe [1256:2440]                                                                                                               000007fef4061ab0
Thread    C:\Windows\Explorer.EXE [1816:5240]                                                                                                                       000007fef0d92118
Thread    C:\Windows\Explorer.EXE [1816:6584]                                                                                                                       000007fef9f51010
Thread    C:\Windows\Explorer.EXE [1816:3316]                                                                                                                       000007fed92026b8
Thread    C:\Windows\Explorer.EXE [1816:4764]                                                                                                                       000007fef9f5a850
Thread    C:\Windows\System32\spoolsv.exe [1880:5664]                                                                                                               000007fef0ea10c8
Thread    C:\Windows\System32\spoolsv.exe [1880:5704]                                                                                                               000007fef0ce6144
Thread    C:\Windows\System32\spoolsv.exe [1880:5716]                                                                                                               000007fef7785fd0
Thread    C:\Windows\System32\spoolsv.exe [1880:5744]                                                                                                               000007fef72e3438
Thread    C:\Windows\System32\spoolsv.exe [1880:5752]                                                                                                               000007fef77863ec
Thread    C:\Windows\System32\spoolsv.exe [1880:5792]                                                                                                               000007fef3015e5c
Thread    C:\Windows\System32\spoolsv.exe [1880:5824]                                                                                                               000007fef2eb5074
Thread    C:\Windows\System32\svchost.exe [1328:2492]                                                                                                               000007fef7efbd88
Thread    C:\Windows\System32\svchost.exe [1328:4148]                                                                                                               000007fef7da5124
Thread    C:\Windows\System32\svchost.exe [1328:9280]                                                                                                               000007fef8be5170
Thread    C:\Windows\System32\svchost.exe [1328:7852]                                                                                                               000007fefed052e0
Thread    C:\Windows\system32\SearchIndexer.exe [1948:4484]                                                                                                         000007fef8be5170
Thread    C:\Windows\system32\SearchIndexer.exe [1948:4692]                                                                                                         000007fef65969ac
Thread    C:\Windows\system32\SearchIndexer.exe [1948:4700]                                                                                                         000007fef60d3dac
Thread    C:\Windows\system32\SearchIndexer.exe [1948:4704]                                                                                                         000007fef60d1700
Thread    C:\Windows\system32\SearchIndexer.exe [1948:4712]                                                                                                         000007fef60fb248
Thread    C:\Windows\system32\SearchIndexer.exe [1948:4736]                                                                                                         000007fef60fc4ac
Thread    C:\Windows\system32\SearchIndexer.exe [1948:5756]                                                                                                         000007fef65969ac
Thread    C:\Windows\system32\SearchIndexer.exe [1948:2708]                                                                                                         000007fef65969ac
Thread    C:\Windows\system32\svchost.exe [4136:5124]                                                                                                               000007fef10bf130
Thread    C:\Windows\system32\svchost.exe [4136:6808]                                                                                                               000007fef10b4734
Thread    C:\Windows\system32\svchost.exe [4136:4324]                                                                                                               000007fef10b4734
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4584:4360]                                                                                            000007feff380168
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4584:4868]                                                                                            000007fefbee2a7c
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4584:3872]                                                                                            000007fef211d618
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4584:4332]                                                                                            000007fef7da5124
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4584:9708]                                                                                            000007fef20b9730
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4584:1500]                                                                                            000007fef211d618
Thread    C:\Windows\system32\DllHost.exe [7156:6316]                                                                                                               000000006a30e320
Thread    C:\Windows\system32\taskhost.exe [6252:3832]                                                                                                              000007fefadeef24

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                                     unknown MBR code

---- EOF - GMER 2.1 ----
 



#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:18 AM

Posted 13 November 2013 - 02:52 AM

Please run the following as well. The errors you got are just regarding to the registry.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 BiggaWhat

BiggaWhat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 13 November 2013 - 02:27 PM

I just ran that and it scanned about 470 things and did not find any threats.



#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:18 AM

Posted 13 November 2013 - 03:41 PM

Could you please post the log as well? I'd like to see how it identified the MBR code.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 BiggaWhat

BiggaWhat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 13 November 2013 - 06:32 PM

Sure, I think this is the log:

 

18:29:42.0903 0x19b8  TDSS rootkit removing tool 3.0.0.17 Nov 12 2013 19:54:52
18:29:42.0903 0x19b8  UEFI system
18:29:45.0976 0x19b8  ============================================================
18:29:45.0976 0x19b8  Current date / time: 2013/11/13 18:29:45.0976
18:29:45.0976 0x19b8  SystemInfo:
18:29:45.0976 0x19b8  
18:29:45.0976 0x19b8  OS Version: 6.1.7601 ServicePack: 1.0
18:29:45.0976 0x19b8  Product type: Workstation
18:29:45.0976 0x19b8  ComputerName: ANDREW-PC
18:29:45.0976 0x19b8  UserName: Andrew
18:29:45.0976 0x19b8  Windows directory: C:\Windows
18:29:45.0976 0x19b8  System windows directory: C:\Windows
18:29:45.0976 0x19b8  Running under WOW64
18:29:45.0976 0x19b8  Processor architecture: Intel x64
18:29:45.0976 0x19b8  Number of processors: 4
18:29:45.0976 0x19b8  Page size: 0x1000
18:29:45.0976 0x19b8  Boot type: Normal boot
18:29:45.0976 0x19b8  ============================================================
18:29:46.0429 0x19b8  System UUID: {FF437AA0-4318-1CE7-7E34-86959AB8F572}
18:29:46.0772 0x19b8  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:29:46.0787 0x19b8  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:29:46.0787 0x19b8  Drive \Device\Harddisk2\DR2 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:29:46.0803 0x19b8  Drive \Device\Harddisk3\DR3 - Size: 0xE8B6F00000 (930.86 Gb), SectorSize: 0x200, Cylinders: 0x1DAAB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:29:47.0271 0x19b8  ============================================================
18:29:47.0271 0x19b8  \Device\Harddisk0\DR0:
18:29:47.0271 0x19b8  GPT partitions:
18:29:47.0271 0x19b8  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {8AB2030F-94A8-4137-9F9E-7B9A188194D7}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
18:29:47.0271 0x19b8  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {E7B40B92-148D-4413-8BF5-59B3875D3551}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
18:29:47.0271 0x19b8  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {7B8E5DFE-9D97-40F3-B409-19CCF4A25A1E}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0xEE09800
18:29:47.0271 0x19b8  MBR partitions:
18:29:47.0271 0x19b8  \Device\Harddisk1\DR1:
18:29:47.0271 0x19b8  MBR partitions:
18:29:47.0271 0x19b8  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
18:29:47.0271 0x19b8  \Device\Harddisk2\DR2:
18:29:47.0271 0x19b8  MBR partitions:
18:29:47.0271 0x19b8  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
18:29:47.0271 0x19b8  \Device\Harddisk3\DR3:
18:29:47.0271 0x19b8  MBR partitions:
18:29:47.0271 0x19b8  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x745B7000
18:29:47.0271 0x19b8  ============================================================
18:29:47.0271 0x19b8  C: <-> \Device\Harddisk0\DR0\Partition3
18:29:47.0864 0x19b8  F: <-> \Device\Harddisk2\DR2\Partition1
18:29:47.0880 0x19b8  G: <-> \Device\Harddisk3\DR3\Partition1
18:29:47.0895 0x19b8  H: <-> \Device\Harddisk1\DR1\Partition1
18:29:47.0895 0x19b8  ============================================================
18:29:47.0895 0x19b8  Initialize success
18:29:47.0895 0x19b8  ============================================================
18:29:56.0038 0x1b10  ============================================================
18:29:56.0038 0x1b10  Scan started
18:29:56.0038 0x1b10  Mode: Manual;
18:29:56.0038 0x1b10  ============================================================
18:29:56.0038 0x1b10  KSN ping started
18:29:59.0205 0x1b10  KSN ping finished: true
18:29:59.0299 0x1b10  ================ Scan system memory ========================
18:29:59.0299 0x1b10  System memory - ok
18:29:59.0299 0x1b10  ================ Scan services =============================
18:29:59.0330 0x1b10  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:29:59.0346 0x1b10  1394ohci - ok
18:29:59.0361 0x1b10  [ 797E1068EE061C5DEE668F0DC6B3C601, 10B70F8AD3B9198E8CA7297865EACA94D576B375D3C078555E98C949FF5D5C2E ] a2acc           C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
18:29:59.0361 0x1b10  a2acc - ok
18:29:59.0408 0x1b10  [ D25A01AC95B7210260793CB80CE10B38, F4122D44461F207585CC04F1B20FB723871853D27D83846FA7598E6C80615A23 ] a2AntiMalware   C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
18:29:59.0455 0x1b10  a2AntiMalware - ok
18:29:59.0455 0x1b10  [ D27A8B7BB0E15DFBFC6B4E774EE17AD9, CBAD45B3FFFD30C34AF918009F699B65F89043D0799FC25D2472381912F86F93 ] A2DDA           C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
18:29:59.0455 0x1b10  A2DDA - ok
18:29:59.0455 0x1b10  [ 05936579605018BD2BC528FF2C1AD95F, 763C2E76F9078F6A74D5BCCB4DD8A10C82AEB9C9F5A45C3706A587FA2D03E7D3 ] a2injectiondriver C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys
18:29:59.0455 0x1b10  a2injectiondriver - ok
18:29:59.0470 0x1b10  [ 0932B29AA1B9372FFE6D3AF8BA2ABA3A, 78312D140FB0383E797F715C9CFE53F25A60CB02A4466F6488B14E5558E609EC ] a2util          C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys
18:29:59.0470 0x1b10  a2util - ok
18:29:59.0470 0x1b10  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:29:59.0470 0x1b10  ACPI - ok
18:29:59.0470 0x1b10  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:29:59.0470 0x1b10  AcpiPmi - ok
18:29:59.0486 0x1b10  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:29:59.0486 0x1b10  AdobeARMservice - ok
18:29:59.0486 0x1b10  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:29:59.0502 0x1b10  adp94xx - ok
18:29:59.0502 0x1b10  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:29:59.0502 0x1b10  adpahci - ok
18:29:59.0517 0x1b10  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:29:59.0517 0x1b10  adpu320 - ok
18:29:59.0517 0x1b10  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:29:59.0517 0x1b10  AeLookupSvc - ok
18:29:59.0533 0x1b10  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
18:29:59.0533 0x1b10  AFD - ok
18:29:59.0548 0x1b10  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
18:29:59.0548 0x1b10  agp440 - ok
18:29:59.0548 0x1b10  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
18:29:59.0548 0x1b10  ALG - ok
18:29:59.0548 0x1b10  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:29:59.0548 0x1b10  aliide - ok
18:29:59.0564 0x1b10  ALSysIO - ok
18:29:59.0580 0x1b10  [ 603358D65A9ABF0DA21BB99A32D14C44, 1117DB29B3C32B15BFC75ED5288CB1A075BCF6A5EC612F674E7F44BB06EFF7A6 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:29:59.0580 0x1b10  AMD External Events Utility - ok
18:29:59.0580 0x1b10  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:29:59.0580 0x1b10  amdide - ok
18:29:59.0580 0x1b10  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:29:59.0580 0x1b10  AmdK8 - ok
18:29:59.0720 0x1b10  [ 2FE0FD18358C4F58B70BC008324A971D, BDA32321F5A06A7DEA06F620B1AED191CFA5E79205D59853E1212E14799FB1FD ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
18:29:59.0845 0x1b10  amdkmdag - ok
18:29:59.0860 0x1b10  [ A28AA0D1F6B7D5FB1932A0D72B492BFF, EF1C058878500029953613C55044EE29322FAA423DA91C80530F25ECB3431E57 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
18:29:59.0876 0x1b10  amdkmdap - ok
18:29:59.0876 0x1b10  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
18:29:59.0876 0x1b10  AmdPPM - ok
18:29:59.0876 0x1b10  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:29:59.0876 0x1b10  amdsata - ok
18:29:59.0892 0x1b10  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
18:29:59.0892 0x1b10  amdsbs - ok
18:29:59.0892 0x1b10  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:29:59.0892 0x1b10  amdxata - ok
18:29:59.0892 0x1b10  [ 4DE0D5D747A73797C95A97DCCE5018B5, 17EC669675C2E43515EFE2D8BCC9DDFFBE64F99EBFB9A6DAB429F65A2B504560 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
18:29:59.0892 0x1b10  androidusb - ok
18:29:59.0892 0x1b10  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
18:29:59.0892 0x1b10  AppID - ok
18:29:59.0907 0x1b10  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:29:59.0907 0x1b10  AppIDSvc - ok
18:29:59.0907 0x1b10  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
18:29:59.0907 0x1b10  Appinfo - ok
18:29:59.0907 0x1b10  [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:29:59.0907 0x1b10  Apple Mobile Device - ok
18:29:59.0923 0x1b10  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
18:29:59.0923 0x1b10  arc - ok
18:29:59.0923 0x1b10  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:29:59.0923 0x1b10  arcsas - ok
18:29:59.0923 0x1b10  [ 4DFF4312661F54EE87DC9A13CAEE60E0, 8821D2CA4036E764EFF71108735148FF54D3275DDCE1860EC7D67B2355E8DF82 ] asahci64        C:\Windows\system32\DRIVERS\asahci64.sys
18:29:59.0923 0x1b10  asahci64 - ok
18:29:59.0938 0x1b10  [ 6FE3237C1177E66437E7AD0E8AC1A6E5, 3223D4E57150DE8F768BC1BE0E6DCFFC6CA5B09DC7D7ADF283C90929100B0B7B ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
18:29:59.0938 0x1b10  asmthub3 - ok
18:29:59.0938 0x1b10  [ C4043E39A2ABBC56581CA25DF161E9F7, 1B53A8BEE4823EA842A00F5304428F0B4D14078045CF84ED20D8DF0FB8826040 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
18:29:59.0938 0x1b10  asmtxhci - ok
18:29:59.0954 0x1b10  [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:29:59.0954 0x1b10  aspnet_state - ok
18:29:59.0970 0x1b10  [ A83C9C15680BB9E270ACF7172068E287, 0841A2151D9FDF834F989B1FD5A319871C9069BA62077947516BB9735B99B648 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
18:29:59.0970 0x1b10  aswFsBlk - ok
18:29:59.0970 0x1b10  [ 5C40B8D77EBEE1DE0E7A8CDD0CD75773, 3D9C70795FE2C33F2561B40327EE4EB3FB0E06CB0B469668B373120C54D7C205 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
18:29:59.0970 0x1b10  aswMonFlt - ok
18:29:59.0970 0x1b10  [ 997F6977294B9ACB7F400431DF8E3A4A, E597F8096479554F0A5765E5F809DCBB8FB502BF96112F4B0E14E2034DC1FC06 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
18:29:59.0970 0x1b10  aswRdr - ok
18:29:59.0985 0x1b10  [ 286193DC28CFB4CEB8D378E20A0850A9, 60E8C8E4ABBC127B3137E7854467F69AA2352C23AA2132AF92B9BFA1C5A0130A ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
18:29:59.0985 0x1b10  aswRvrt - ok
18:30:00.0001 0x1b10  [ 58B93BA20D4693D0800D2B0A62B8059D, 0109D189FF0D42F6F97C08C459EAF94F190E9F893E0C92A08A472A9E21D5E0E5 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
18:30:00.0001 0x1b10  aswSnx - ok
18:30:00.0016 0x1b10  [ EC7148DB4D126C81426A67602822E62C, BA967D5A96813867571C1629292C1DEEB743168F2C2F21060FC3DA6354CB49B3 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
18:30:00.0016 0x1b10  aswSP - ok
18:30:00.0016 0x1b10  [ 0E422E9CB7CD9C0AA6D4DFEAFA086EAA, E3DE7AE0906AA1D83F43B7AF001F1636E33FAE82919934B6B75DF7EA128CD52E ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
18:30:00.0032 0x1b10  aswTdi - ok
18:30:00.0032 0x1b10  [ 9FE455C916C656144B004E3EB48507CE, D645135ED01914135B7FE764528F8B20A445B5658E075D14459A10AE275E4871 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
18:30:00.0032 0x1b10  aswVmm - ok
18:30:00.0048 0x1b10  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:30:00.0048 0x1b10  AsyncMac - ok
18:30:00.0048 0x1b10  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:30:00.0048 0x1b10  atapi - ok
18:30:00.0048 0x1b10  [ B0790FF0E25B7A2674296052F2162C1A, 930D1A09E93117E081C532D6EDB1E870736AE3806D13AE7F0C7748FD4EAB3D89 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
18:30:00.0063 0x1b10  AtiHDAudioService - ok
18:30:00.0063 0x1b10  [ FC0E8778C000291CAF60EB88C011E931, 09BCCA3DE01021AEF76DFB46F01D21BA6FF409E816FA7547E5C3DFBF3A615ED2 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
18:30:00.0063 0x1b10  atksgt - ok
18:30:00.0079 0x1b10  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:30:00.0094 0x1b10  AudioEndpointBuilder - ok
18:30:00.0094 0x1b10  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:30:00.0110 0x1b10  AudioSrv - ok
18:30:00.0110 0x1b10  [ 9330941C8F6DF417F6DBBE998DB6687E, 28BC051D7C74721BAF85BE2AAB97EAE44152779106C5BDA1FDA07B9C049E2FDC ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:30:00.0110 0x1b10  avast! Antivirus - ok
18:30:00.0126 0x1b10  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:30:00.0126 0x1b10  AxInstSV - ok
18:30:00.0126 0x1b10  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
18:30:00.0141 0x1b10  b06bdrv - ok
18:30:00.0141 0x1b10  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:30:00.0141 0x1b10  b57nd60a - ok
18:30:00.0157 0x1b10  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:30:00.0157 0x1b10  BDESVC - ok
18:30:00.0157 0x1b10  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:30:00.0157 0x1b10  Beep - ok
18:30:00.0172 0x1b10  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
18:30:00.0188 0x1b10  BFE - ok
18:30:00.0204 0x1b10  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
18:30:00.0204 0x1b10  BITS - ok
18:30:00.0219 0x1b10  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:30:00.0219 0x1b10  blbdrive - ok
18:30:00.0219 0x1b10  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:30:00.0235 0x1b10  Bonjour Service - ok
18:30:00.0235 0x1b10  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:30:00.0235 0x1b10  bowser - ok
18:30:00.0235 0x1b10  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
18:30:00.0235 0x1b10  BrFiltLo - ok
18:30:00.0250 0x1b10  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
18:30:00.0250 0x1b10  BrFiltUp - ok
18:30:00.0250 0x1b10  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
18:30:00.0250 0x1b10  Browser - ok
18:30:00.0266 0x1b10  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:30:00.0266 0x1b10  Brserid - ok
18:30:00.0282 0x1b10  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:30:00.0282 0x1b10  BrSerWdm - ok
18:30:00.0282 0x1b10  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:30:00.0297 0x1b10  BrUsbMdm - ok
18:30:00.0297 0x1b10  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:30:00.0297 0x1b10  BrUsbSer - ok
18:30:00.0297 0x1b10  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:30:00.0297 0x1b10  BTHMODEM - ok
18:30:00.0313 0x1b10  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
18:30:00.0313 0x1b10  bthserv - ok
18:30:00.0313 0x1b10  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:30:00.0313 0x1b10  cdfs - ok
18:30:00.0328 0x1b10  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:30:00.0328 0x1b10  cdrom - ok
18:30:00.0328 0x1b10  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:30:00.0328 0x1b10  CertPropSvc - ok
18:30:00.0328 0x1b10  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
18:30:00.0344 0x1b10  circlass - ok
18:30:00.0344 0x1b10  [ E264626EEA468F0325C244CB9ECDDEB4, 0E10A17E2BEB4C91D3D527AF1C550FDF0132ECF79737514890D79BC00AE553F1 ] cleanhlp        C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys
18:30:00.0344 0x1b10  cleanhlp - ok
18:30:00.0344 0x1b10  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
18:30:00.0360 0x1b10  CLFS - ok
18:30:00.0360 0x1b10  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:30:00.0360 0x1b10  clr_optimization_v2.0.50727_32 - ok
18:30:00.0375 0x1b10  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:30:00.0375 0x1b10  clr_optimization_v2.0.50727_64 - ok
18:30:00.0375 0x1b10  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:30:00.0391 0x1b10  clr_optimization_v4.0.30319_32 - ok
18:30:00.0391 0x1b10  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:30:00.0391 0x1b10  clr_optimization_v4.0.30319_64 - ok
18:30:00.0406 0x1b10  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
18:30:00.0406 0x1b10  CmBatt - ok
18:30:00.0406 0x1b10  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:30:00.0406 0x1b10  cmdide - ok
18:30:00.0422 0x1b10  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
18:30:00.0422 0x1b10  CNG - ok
18:30:00.0422 0x1b10  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
18:30:00.0422 0x1b10  Compbatt - ok
18:30:00.0438 0x1b10  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
18:30:00.0438 0x1b10  CompositeBus - ok
18:30:00.0438 0x1b10  COMSysApp - ok
18:30:00.0453 0x1b10  [ F08C6020E57F5E5BF2FD034DB10BEDFB, 288EA64A57057EAD135685F2C46CA53BA0319EA28B7B7A2ECBE29E50ED807FCA ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
18:30:00.0453 0x1b10  cphs - ok
18:30:00.0469 0x1b10  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:30:00.0469 0x1b10  crcdisk - ok
18:30:00.0469 0x1b10  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:30:00.0484 0x1b10  CryptSvc - ok
18:30:00.0484 0x1b10  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:30:00.0500 0x1b10  DcomLaunch - ok
18:30:00.0500 0x1b10  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
18:30:00.0516 0x1b10  defragsvc - ok
18:30:00.0516 0x1b10  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:30:00.0516 0x1b10  DfsC - ok
18:30:00.0531 0x1b10  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:30:00.0531 0x1b10  Dhcp - ok
18:30:00.0531 0x1b10  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
18:30:00.0531 0x1b10  discache - ok
18:30:00.0547 0x1b10  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
18:30:00.0547 0x1b10  Disk - ok
18:30:00.0547 0x1b10  dlcc_device - ok
18:30:00.0562 0x1b10  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:30:00.0562 0x1b10  Dnscache - ok
18:30:00.0562 0x1b10  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:30:00.0578 0x1b10  dot3svc - ok
18:30:00.0578 0x1b10  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
18:30:00.0578 0x1b10  DPS - ok
18:30:00.0578 0x1b10  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:30:00.0578 0x1b10  drmkaud - ok
18:30:00.0594 0x1b10  [ F2D97A85F4F6E0942BC17C4EECEEE6B7, 3583D00634C36B16880766F7635BFF48D04CECA4F2489E2720EBE33007CA0B9B ] dsNcAdpt        C:\Windows\system32\DRIVERS\dsNcAdpt.sys
18:30:00.0594 0x1b10  dsNcAdpt - ok
18:30:00.0609 0x1b10  [ B0CBF6A4E91309E860D242032876DA74, 67AAEC3DD03262DA068FCDC4DD278AAD1B1E2E214B0C91D859A77271CCA4771A ] dsNcService     C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
18:30:00.0609 0x1b10  dsNcService - ok
18:30:00.0625 0x1b10  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:30:00.0640 0x1b10  DXGKrnl - ok
18:30:00.0656 0x1b10  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
18:30:00.0656 0x1b10  EapHost - ok
18:30:00.0703 0x1b10  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
18:30:00.0734 0x1b10  ebdrv - ok
18:30:00.0750 0x1b10  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\Windows\System32\lsass.exe
18:30:00.0750 0x1b10  EFS - ok
18:30:00.0765 0x1b10  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:30:00.0765 0x1b10  ehRecvr - ok
18:30:00.0781 0x1b10  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
18:30:00.0781 0x1b10  ehSched - ok
18:30:00.0796 0x1b10  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:30:00.0796 0x1b10  elxstor - ok
18:30:00.0812 0x1b10  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:30:00.0812 0x1b10  ErrDev - ok
18:30:00.0828 0x1b10  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
18:30:00.0828 0x1b10  EventSystem - ok
18:30:00.0843 0x1b10  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:30:00.0843 0x1b10  exfat - ok
18:30:00.0843 0x1b10  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:30:00.0843 0x1b10  fastfat - ok
18:30:00.0859 0x1b10  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
18:30:00.0874 0x1b10  Fax - ok
18:30:00.0874 0x1b10  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
18:30:00.0874 0x1b10  fdc - ok
18:30:00.0890 0x1b10  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
18:30:00.0890 0x1b10  fdPHost - ok
18:30:00.0890 0x1b10  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:30:00.0890 0x1b10  FDResPub - ok
18:30:00.0890 0x1b10  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:30:00.0890 0x1b10  FileInfo - ok
18:30:00.0906 0x1b10  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:30:00.0906 0x1b10  Filetrace - ok
18:30:00.0906 0x1b10  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
18:30:00.0906 0x1b10  flpydisk - ok
18:30:00.0921 0x1b10  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:30:00.0921 0x1b10  FltMgr - ok
18:30:00.0937 0x1b10  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
18:30:00.0952 0x1b10  FontCache - ok
18:30:00.0968 0x1b10  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:30:00.0968 0x1b10  FontCache3.0.0.0 - ok
18:30:00.0968 0x1b10  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:30:00.0968 0x1b10  FsDepends - ok
18:30:00.0968 0x1b10  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:30:00.0968 0x1b10  Fs_Rec - ok
18:30:00.0984 0x1b10  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:30:00.0984 0x1b10  fvevol - ok
18:30:00.0984 0x1b10  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:30:00.0999 0x1b10  gagp30kx - ok
18:30:00.0999 0x1b10  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:30:00.0999 0x1b10  GEARAspiWDM - ok
18:30:01.0015 0x1b10  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:30:01.0030 0x1b10  gpsvc - ok
18:30:01.0030 0x1b10  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:30:01.0030 0x1b10  hcw85cir - ok
18:30:01.0046 0x1b10  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:30:01.0046 0x1b10  HdAudAddService - ok
18:30:01.0046 0x1b10  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:30:01.0046 0x1b10  HDAudBus - ok
18:30:01.0062 0x1b10  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
18:30:01.0062 0x1b10  HidBatt - ok
18:30:01.0062 0x1b10  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:30:01.0062 0x1b10  HidBth - ok
18:30:01.0077 0x1b10  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:30:01.0077 0x1b10  HidIr - ok
18:30:01.0077 0x1b10  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
18:30:01.0077 0x1b10  hidserv - ok
18:30:01.0093 0x1b10  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
18:30:01.0093 0x1b10  HidUsb - ok
18:30:01.0093 0x1b10  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:30:01.0093 0x1b10  hkmsvc - ok
18:30:01.0108 0x1b10  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:30:01.0108 0x1b10  HomeGroupListener - ok
18:30:01.0108 0x1b10  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:30:01.0124 0x1b10  HomeGroupProvider - ok
18:30:01.0124 0x1b10  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:30:01.0124 0x1b10  HpSAMD - ok
18:30:01.0140 0x1b10  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:30:01.0155 0x1b10  HTTP - ok
18:30:01.0155 0x1b10  [ F78FF50C486D530504B7D2BB36B1ED22, 51A0DC35947FC0AAF20E4E47EA88866CED55DC810B4C11E11626763B381225B5 ] HWiNFO32        C:\Program Files\HWiNFO64\HWiNFO64A.SYS
18:30:01.0155 0x1b10  HWiNFO32 - ok
18:30:01.0155 0x1b10  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:30:01.0171 0x1b10  hwpolicy - ok
18:30:01.0171 0x1b10  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:30:01.0171 0x1b10  i8042prt - ok
18:30:01.0186 0x1b10  [ CCFA835960E35F30D28A868E0B3B8722, 47D95E75685F9D40229902A92426FBCB358EA929202EAFBBF79C72873B8B9032 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
18:30:01.0202 0x1b10  iaStor - ok
18:30:01.0202 0x1b10  [ 1F35EFEC56CD1BF62435EAF97EABC3B3, 0246EB0295D28A33FC4C430117FFEE2B553C007040DB975EFCBB29FF881F2D4B ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
18:30:01.0202 0x1b10  IAStorDataMgrSvc - ok
18:30:01.0218 0x1b10  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:30:01.0218 0x1b10  iaStorV - ok
18:30:01.0233 0x1b10  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:30:01.0249 0x1b10  idsvc - ok
18:30:01.0420 0x1b10  [ 371D7F91C0D2314EB984A4A6CBEABC92, DD4B04308596C1E6C75B8772D4421137F3A83285DBCFD4DF54166D2B0B45A317 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
18:30:01.0592 0x1b10  igfx - ok
18:30:01.0608 0x1b10  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:30:01.0608 0x1b10  iirsp - ok
18:30:01.0623 0x1b10  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
18:30:01.0639 0x1b10  IKEEXT - ok
18:30:01.0701 0x1b10  [ F242E36CDA231701CFA702641C20FAEC, 47350EF8474F83249A9126AB6894145732CA0B68DA2EE001940C9E4AEF128B88 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:30:01.0748 0x1b10  IntcAzAudAddService - ok
18:30:01.0764 0x1b10  [ 832CE330DD987227B7DEA8C03F22AEFA, 3DE64D9519D9D865D4C1AA7483D846F0154392B6685BDC451DEC7DA5EA0E2B2E ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
18:30:01.0779 0x1b10  Intel® Capability Licensing Service Interface - ok
18:30:01.0795 0x1b10  [ 896AA2F1D79662B17D5DBBE588E24E30, 834257B3C247ECA0130A55FB8E5F906F54B94A124FBB842DB7D679C030BD439B ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
18:30:01.0795 0x1b10  Intel® ME Service - ok
18:30:01.0795 0x1b10  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:30:01.0795 0x1b10  intelide - ok
18:30:01.0795 0x1b10  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:30:01.0810 0x1b10  intelppm - ok
18:30:01.0810 0x1b10  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:30:01.0810 0x1b10  IPBusEnum - ok
18:30:01.0826 0x1b10  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:30:01.0826 0x1b10  IpFilterDriver - ok
18:30:01.0826 0x1b10  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:30:01.0842 0x1b10  iphlpsvc - ok
18:30:01.0842 0x1b10  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:30:01.0857 0x1b10  IPMIDRV - ok
18:30:01.0857 0x1b10  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:30:01.0857 0x1b10  IPNAT - ok
18:30:01.0873 0x1b10  [ 4EFFC8FF6D349E971E94B1C670C0C66A, E92DA19CE9725BB4CC34DF94873C6B441AE61679A8C615780E1A1E9404C8FA26 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:30:01.0873 0x1b10  iPod Service - ok
18:30:01.0888 0x1b10  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:30:01.0888 0x1b10  IRENUM - ok
18:30:01.0888 0x1b10  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:30:01.0888 0x1b10  isapnp - ok
18:30:01.0904 0x1b10  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:30:01.0904 0x1b10  iScsiPrt - ok
18:30:01.0920 0x1b10  [ 846354992EBB373F452EB9182D501B08, 453459133DCA875E93CAAE9852E652F3794F8C31CE53526C47A181FDBABE6849 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
18:30:01.0920 0x1b10  iusb3hcs - ok
18:30:01.0920 0x1b10  [ 1D88A23853387D34D52CC8F9DDBFC56C, D00083B61E93E7E1D247EAB332787912FCF7605AF7043F071238C50E4A15016B ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
18:30:01.0920 0x1b10  iusb3hub - ok
18:30:01.0951 0x1b10  [ FC5EFD7C797DF19DFB999F0605A7924E, C56CE3840F3B11D81BED38E5F59ABCA190DFB7127F06263193870312A83379AF ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
18:30:01.0951 0x1b10  iusb3xhc - ok
18:30:01.0966 0x1b10  [ 3C6630473DD42FFC57D9F5564F533127, 1B2BBB8CF7AD5BF3F99565DA49F51B1E15D4B35698C105C0597DDBEB2DA61A83 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
18:30:01.0966 0x1b10  jhi_service - ok
18:30:01.0982 0x1b10  [ 455B75C19BF3F1F2EE3AC10E1169826C, C8CE6DE48E0B4621F2851A994261FA787556A27F9868A8859E5E8A8354028257 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
18:30:01.0982 0x1b10  k57nd60a - ok
18:30:01.0982 0x1b10  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:30:01.0982 0x1b10  kbdclass - ok
18:30:01.0998 0x1b10  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:30:01.0998 0x1b10  kbdhid - ok
18:30:01.0998 0x1b10  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\Windows\system32\lsass.exe
18:30:01.0998 0x1b10  KeyIso - ok
18:30:02.0013 0x1b10  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:30:02.0013 0x1b10  KSecDD - ok
18:30:02.0013 0x1b10  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:30:02.0029 0x1b10  KSecPkg - ok
18:30:02.0029 0x1b10  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:30:02.0029 0x1b10  ksthunk - ok
18:30:02.0044 0x1b10  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:30:02.0044 0x1b10  KtmRm - ok
18:30:02.0060 0x1b10  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:30:02.0060 0x1b10  LanmanServer - ok
18:30:02.0076 0x1b10  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:30:02.0076 0x1b10  LanmanWorkstation - ok
18:30:02.0091 0x1b10  [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
18:30:02.0091 0x1b10  LGBusEnum - ok
18:30:02.0091 0x1b10  [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
18:30:02.0091 0x1b10  LGVirHid - ok
18:30:02.0107 0x1b10  [ 156AB2E56DC3CA0B582E3362E07CDED7, 7B03929273861690DC42E4C686E655BE5A1C60136AE5E739D7E62306AFD4AB9A ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
18:30:02.0107 0x1b10  lirsgt - ok
18:30:02.0107 0x1b10  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:30:02.0107 0x1b10  lltdio - ok
18:30:02.0122 0x1b10  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:30:02.0122 0x1b10  lltdsvc - ok
18:30:02.0138 0x1b10  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:30:02.0138 0x1b10  lmhosts - ok
18:30:02.0138 0x1b10  [ 2B23FAA39D8F949ED5EEE03ECA50BCD5, 7CEF2455D21A355542B290F4F18EDBC444F3704A31E569652D96A0A3E6799826 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
18:30:02.0154 0x1b10  LMS - ok
18:30:02.0169 0x1b10  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:30:02.0169 0x1b10  LSI_FC - ok
18:30:02.0169 0x1b10  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:30:02.0169 0x1b10  LSI_SAS - ok
18:30:02.0185 0x1b10  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
18:30:02.0185 0x1b10  LSI_SAS2 - ok
18:30:02.0185 0x1b10  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:30:02.0185 0x1b10  LSI_SCSI - ok
18:30:02.0200 0x1b10  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
18:30:02.0200 0x1b10  luafv - ok
18:30:02.0216 0x1b10  [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
18:30:02.0216 0x1b10  MBAMProtector - ok
18:30:02.0216 0x1b10  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:30:02.0232 0x1b10  MBAMScheduler - ok
18:30:02.0247 0x1b10  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:30:02.0247 0x1b10  MBAMService - ok
18:30:02.0263 0x1b10  [ 8FF2D95CBA49B405C5DE27039FF0BF35, 03BF7FC7F1C2C76EDB583BA342EA1C325DB8058517744EF2A78529D3938F4DC1 ] MBfilt          C:\Windows\system32\drivers\MBfilt64.sys
18:30:02.0263 0x1b10  MBfilt - ok
18:30:02.0263 0x1b10  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:30:02.0263 0x1b10  Mcx2Svc - ok
18:30:02.0278 0x1b10  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:30:02.0278 0x1b10  megasas - ok
18:30:02.0294 0x1b10  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
18:30:02.0294 0x1b10  MegaSR - ok
18:30:02.0294 0x1b10  [ 6B01B7414A105B9E51652089A03027CF, 9B113DC22F7D0D0B376E577C6D7083F9EDC09BBFE47726393E16D4FDAAAE21FE ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
18:30:02.0294 0x1b10  MEIx64 - ok
18:30:02.0310 0x1b10  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
18:30:02.0310 0x1b10  MMCSS - ok
18:30:02.0310 0x1b10  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
18:30:02.0325 0x1b10  Modem - ok
18:30:02.0325 0x1b10  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:30:02.0325 0x1b10  monitor - ok
18:30:02.0341 0x1b10  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:30:02.0341 0x1b10  mouclass - ok
18:30:02.0341 0x1b10  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:30:02.0341 0x1b10  mouhid - ok
18:30:02.0356 0x1b10  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:30:02.0356 0x1b10  mountmgr - ok
18:30:02.0356 0x1b10  [ 5D494509432897338AFC19DB78A76DCB, 873F61F45D4A96096E17F9E266B1A20CCD65E4678DDB21DDE3DB98E831E524D3 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:30:02.0356 0x1b10  MozillaMaintenance - ok
18:30:02.0372 0x1b10  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:30:02.0372 0x1b10  mpio - ok
18:30:02.0388 0x1b10  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:30:02.0388 0x1b10  mpsdrv - ok
18:30:02.0403 0x1b10  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:30:02.0419 0x1b10  MpsSvc - ok
18:30:02.0419 0x1b10  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:30:02.0419 0x1b10  MRxDAV - ok
18:30:02.0434 0x1b10  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:30:02.0434 0x1b10  mrxsmb - ok
18:30:02.0450 0x1b10  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:30:02.0450 0x1b10  mrxsmb10 - ok
18:30:02.0466 0x1b10  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:30:02.0466 0x1b10  mrxsmb20 - ok
18:30:02.0466 0x1b10  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:30:02.0466 0x1b10  msahci - ok
18:30:02.0481 0x1b10  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:30:02.0481 0x1b10  msdsm - ok
18:30:02.0497 0x1b10  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
18:30:02.0497 0x1b10  MSDTC - ok
18:30:02.0512 0x1b10  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:30:02.0512 0x1b10  Msfs - ok
18:30:02.0512 0x1b10  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:30:02.0512 0x1b10  mshidkmdf - ok
18:30:02.0528 0x1b10  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:30:02.0528 0x1b10  msisadrv - ok
18:30:02.0544 0x1b10  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:30:02.0544 0x1b10  MSiSCSI - ok
18:30:02.0544 0x1b10  msiserver - ok
18:30:02.0559 0x1b10  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:30:02.0559 0x1b10  MSKSSRV - ok
18:30:02.0559 0x1b10  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:30:02.0559 0x1b10  MSPCLOCK - ok
18:30:02.0575 0x1b10  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:30:02.0575 0x1b10  MSPQM - ok
18:30:02.0575 0x1b10  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:30:02.0590 0x1b10  MsRPC - ok
18:30:02.0606 0x1b10  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:30:02.0606 0x1b10  mssmbios - ok
18:30:02.0606 0x1b10  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:30:02.0606 0x1b10  MSTEE - ok
18:30:02.0622 0x1b10  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
18:30:02.0622 0x1b10  MTConfig - ok
18:30:02.0622 0x1b10  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
18:30:02.0622 0x1b10  Mup - ok
18:30:02.0637 0x1b10  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
18:30:02.0653 0x1b10  napagent - ok
18:30:02.0653 0x1b10  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:30:02.0668 0x1b10  NativeWifiP - ok
18:30:02.0684 0x1b10  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:30:02.0700 0x1b10  NDIS - ok
18:30:02.0700 0x1b10  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:30:02.0700 0x1b10  NdisCap - ok
18:30:02.0715 0x1b10  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:30:02.0715 0x1b10  NdisTapi - ok
18:30:02.0715 0x1b10  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:30:02.0731 0x1b10  Ndisuio - ok
18:30:02.0731 0x1b10  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:30:02.0731 0x1b10  NdisWan - ok
18:30:02.0746 0x1b10  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:30:02.0746 0x1b10  NDProxy - ok
18:30:02.0746 0x1b10  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:30:02.0762 0x1b10  NetBIOS - ok
18:30:02.0762 0x1b10  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:30:02.0762 0x1b10  NetBT - ok
18:30:02.0778 0x1b10  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\Windows\system32\lsass.exe
18:30:02.0778 0x1b10  Netlogon - ok
18:30:02.0793 0x1b10  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
18:30:02.0793 0x1b10  Netman - ok
18:30:02.0809 0x1b10  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:30:02.0809 0x1b10  NetMsmqActivator - ok
18:30:02.0824 0x1b10  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:30:02.0824 0x1b10  NetPipeActivator - ok
18:30:02.0840 0x1b10  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
18:30:02.0840 0x1b10  netprofm - ok
18:30:02.0856 0x1b10  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:30:02.0856 0x1b10  NetTcpActivator - ok
18:30:02.0856 0x1b10  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:30:02.0856 0x1b10  NetTcpPortSharing - ok
18:30:02.0871 0x1b10  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:30:02.0871 0x1b10  nfrd960 - ok
18:30:02.0887 0x1b10  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:30:02.0887 0x1b10  NlaSvc - ok
18:30:02.0902 0x1b10  [ AD42FB061166AF0643806800304BD76F, 79AB32B3D3E0CEF4C6E32CF31648456882AD6DC80B9162CB10B4ED4BF7A3F6C4 ] NLNdisMP        C:\Windows\system32\DRIVERS\nlndis.sys
18:30:02.0902 0x1b10  NLNdisMP - ok
18:30:02.0902 0x1b10  [ AD42FB061166AF0643806800304BD76F, 79AB32B3D3E0CEF4C6E32CF31648456882AD6DC80B9162CB10B4ED4BF7A3F6C4 ] NLNdisPT        C:\Windows\system32\DRIVERS\nlndis.sys
18:30:02.0902 0x1b10  NLNdisPT - ok
18:30:02.0934 0x1b10  [ 6988373E38223438B09F0C27D7E67393, 2D6ABF4E3983A9BA0D4EBFB53F94DA005E278E0F35E1C91834589A31E39D3882 ] nlsvc           C:\Program Files\NetLimiter 3\nlsvc.exe
18:30:02.0965 0x1b10  nlsvc - ok
18:30:02.0965 0x1b10  [ 75E6581DE9A0B155EDAB6807E668BE06, CBA28E90957BDA36FE287CBE86D2C03F07C0A5B5F0B23E25C8F30AEF7BAF6366 ] nltdi           C:\Program Files\NetLimiter 3\nltdi.sys
18:30:02.0965 0x1b10  nltdi - ok
18:30:02.0980 0x1b10  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:30:02.0980 0x1b10  Npfs - ok
18:30:02.0980 0x1b10  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
18:30:02.0996 0x1b10  nsi - ok
18:30:02.0996 0x1b10  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:30:02.0996 0x1b10  nsiproxy - ok
18:30:03.0027 0x1b10  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:30:03.0058 0x1b10  Ntfs - ok
18:30:03.0058 0x1b10  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
18:30:03.0058 0x1b10  Null - ok
18:30:03.0074 0x1b10  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:30:03.0074 0x1b10  nvraid - ok
18:30:03.0090 0x1b10  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:30:03.0090 0x1b10  nvstor - ok
18:30:03.0090 0x1b10  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:30:03.0090 0x1b10  nv_agp - ok
18:30:03.0105 0x1b10  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:30:03.0105 0x1b10  ohci1394 - ok
18:30:03.0121 0x1b10  [ B9C125314A025127FE562C116D614AA3, 79C46C0BACEBBB5B8E1C162766B21587365A100BBAD01171C77B995C514BC7D6 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:30:03.0121 0x1b10  ose64 - ok
18:30:03.0183 0x1b10  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:30:03.0246 0x1b10  osppsvc - ok
18:30:03.0277 0x1b10  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:30:03.0277 0x1b10  p2pimsvc - ok
18:30:03.0292 0x1b10  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
18:30:03.0292 0x1b10  p2psvc - ok
18:30:03.0308 0x1b10  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
18:30:03.0308 0x1b10  Parport - ok
18:30:03.0324 0x1b10  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:30:03.0324 0x1b10  partmgr - ok
18:30:03.0324 0x1b10  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:30:03.0339 0x1b10  PcaSvc - ok
18:30:03.0339 0x1b10  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
18:30:03.0339 0x1b10  pci - ok
18:30:03.0355 0x1b10  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
18:30:03.0355 0x1b10  pciide - ok
18:30:03.0370 0x1b10  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:30:03.0370 0x1b10  pcmcia - ok
18:30:03.0386 0x1b10  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:30:03.0386 0x1b10  pcw - ok
18:30:03.0402 0x1b10  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:30:03.0402 0x1b10  PEAUTH - ok
18:30:03.0433 0x1b10  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:30:03.0433 0x1b10  PerfHost - ok
18:30:03.0480 0x1b10  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
18:30:03.0495 0x1b10  pla - ok
18:30:03.0511 0x1b10  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:30:03.0526 0x1b10  PlugPlay - ok
18:30:03.0526 0x1b10  PnkBstrA - ok
18:30:03.0542 0x1b10  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:30:03.0542 0x1b10  PNRPAutoReg - ok
18:30:03.0558 0x1b10  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:30:03.0558 0x1b10  PNRPsvc - ok
18:30:03.0573 0x1b10  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:30:03.0589 0x1b10  PolicyAgent - ok
18:30:03.0604 0x1b10  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
18:30:03.0604 0x1b10  Power - ok
18:30:03.0620 0x1b10  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:30:03.0620 0x1b10  PptpMiniport - ok
18:30:03.0620 0x1b10  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
18:30:03.0636 0x1b10  Processor - ok
18:30:03.0636 0x1b10  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:30:03.0651 0x1b10  ProfSvc - ok
18:30:03.0651 0x1b10  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:30:03.0651 0x1b10  ProtectedStorage - ok
18:30:03.0667 0x1b10  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:30:03.0667 0x1b10  Psched - ok
18:30:03.0698 0x1b10  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:30:03.0714 0x1b10  ql2300 - ok
18:30:03.0729 0x1b10  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:30:03.0729 0x1b10  ql40xx - ok
18:30:03.0745 0x1b10  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
18:30:03.0745 0x1b10  QWAVE - ok
18:30:03.0745 0x1b10  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:30:03.0760 0x1b10  QWAVEdrv - ok
18:30:03.0760 0x1b10  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:30:03.0760 0x1b10  RasAcd - ok
18:30:03.0776 0x1b10  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:30:03.0776 0x1b10  RasAgileVpn - ok
18:30:03.0792 0x1b10  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
18:30:03.0792 0x1b10  RasAuto - ok
18:30:03.0792 0x1b10  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:30:03.0792 0x1b10  Rasl2tp - ok
18:30:03.0807 0x1b10  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
18:30:03.0823 0x1b10  RasMan - ok
18:30:03.0823 0x1b10  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:30:03.0823 0x1b10  RasPppoe - ok
18:30:03.0838 0x1b10  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:30:03.0838 0x1b10  RasSstp - ok
18:30:03.0854 0x1b10  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:30:03.0854 0x1b10  rdbss - ok
18:30:03.0870 0x1b10  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
18:30:03.0870 0x1b10  rdpbus - ok
18:30:03.0870 0x1b10  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:30:03.0870 0x1b10  RDPCDD - ok
18:30:03.0901 0x1b10  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:30:03.0901 0x1b10  RDPENCDD - ok
18:30:03.0916 0x1b10  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:30:03.0916 0x1b10  RDPREFMP - ok
18:30:03.0916 0x1b10  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:30:03.0932 0x1b10  RDPWD - ok
18:30:03.0932 0x1b10  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:30:03.0948 0x1b10  rdyboost - ok
18:30:03.0948 0x1b10  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:30:03.0948 0x1b10  RemoteAccess - ok
18:30:03.0963 0x1b10  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:30:03.0963 0x1b10  RemoteRegistry - ok
18:30:03.0979 0x1b10  [ A10B40CF9EB57D24E44717A2D38A00F4, 6964D1C49C032757E656436556470C5B8446E9DC6456D77D1A9303224AD90021 ] RivaTuner64     C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
18:30:03.0979 0x1b10  RivaTuner64 - ok
18:30:03.0994 0x1b10  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:30:03.0994 0x1b10  RpcEptMapper - ok
18:30:04.0010 0x1b10  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
18:30:04.0010 0x1b10  RpcLocator - ok
18:30:04.0026 0x1b10  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
18:30:04.0026 0x1b10  RpcSs - ok
18:30:04.0041 0x1b10  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:30:04.0041 0x1b10  rspndr - ok
18:30:04.0057 0x1b10  [ 4B60EF388071E0BAF299496E3D6590AE, B61869B7945BE062630F1DD4BAE919AECEE8927F7E1BC3954A21FF763F4C0867 ] RTCore64        C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
18:30:04.0057 0x1b10  RTCore64 - ok
18:30:04.0057 0x1b10  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\Windows\system32\lsass.exe
18:30:04.0057 0x1b10  SamSs - ok
18:30:04.0072 0x1b10  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:30:04.0072 0x1b10  sbp2port - ok
18:30:04.0088 0x1b10  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:30:04.0088 0x1b10  SCardSvr - ok
18:30:04.0104 0x1b10  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:30:04.0104 0x1b10  scfilter - ok
18:30:04.0119 0x1b10  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
18:30:04.0135 0x1b10  Schedule - ok
18:30:04.0150 0x1b10  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:30:04.0150 0x1b10  SCPolicySvc - ok
18:30:04.0166 0x1b10  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:30:04.0166 0x1b10  SDRSVC - ok
18:30:04.0197 0x1b10  [ 95AA9E165C7DE1B64A11E8B18E91E499, 505BB51F358EAE5835071A89069530DFDA99E9C5220EA6A648842C15E74E4907 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
18:30:04.0213 0x1b10  SDScannerService - ok
18:30:04.0244 0x1b10  [ D31398D4BB4907B517B6E784C2100C4A, 36BDB2BFAC2C0ADF8C6DF6D1511ECF43C8F6ED7D4D76244DC5232AD97BA5E9C9 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
18:30:04.0260 0x1b10  SDUpdateService - ok
18:30:04.0275 0x1b10  [ 6AE8E702D1027A9627DDE2B77BB9992B, 5EA68E2A487D252A68DB0861E7FAFA69956D266CBAA5A1D77751F7E6BD4169B7 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
18:30:04.0275 0x1b10  SDWSCService - ok
18:30:04.0275 0x1b10  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:30:04.0291 0x1b10  secdrv - ok
18:30:04.0291 0x1b10  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
18:30:04.0291 0x1b10  seclogon - ok
18:30:04.0306 0x1b10  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
18:30:04.0306 0x1b10  SENS - ok
18:30:04.0322 0x1b10  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:30:04.0322 0x1b10  SensrSvc - ok
18:30:04.0322 0x1b10  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:30:04.0338 0x1b10  Serenum - ok
18:30:04.0338 0x1b10  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:30:04.0338 0x1b10  Serial - ok
18:30:04.0353 0x1b10  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:30:04.0353 0x1b10  sermouse - ok
18:30:04.0384 0x1b10  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
18:30:04.0400 0x1b10  SessionEnv - ok
18:30:04.0400 0x1b10  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:30:04.0400 0x1b10  sffdisk - ok
18:30:04.0416 0x1b10  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:30:04.0416 0x1b10  sffp_mmc - ok
18:30:04.0431 0x1b10  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:30:04.0431 0x1b10  sffp_sd - ok
18:30:04.0431 0x1b10  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:30:04.0431 0x1b10  sfloppy - ok
18:30:04.0447 0x1b10  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:30:04.0462 0x1b10  SharedAccess - ok
18:30:04.0478 0x1b10  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:30:04.0478 0x1b10  ShellHWDetection - ok
18:30:04.0494 0x1b10  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
18:30:04.0494 0x1b10  SiSRaid2 - ok
18:30:04.0494 0x1b10  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:30:04.0509 0x1b10  SiSRaid4 - ok
18:30:04.0556 0x1b10  [ 9F712B26EE3B0242DE997A42FD302E2C, 12663EB108F158282A965EE70980627C2F2332BA7944D7DE03B78E18BEB87D26 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:30:04.0587 0x1b10  Skype C2C Service - ok
18:30:04.0603 0x1b10  [ 8C4F0DCC6A5100D48F9B2F950CDD220F, 7B66C259BEBFEA527BFEC2B69E8224EE2277CB736EF9E0F5A92C932657EC8351 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
18:30:04.0603 0x1b10  SkypeUpdate - ok
18:30:04.0618 0x1b10  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:30:04.0618 0x1b10  Smb - ok
18:30:04.0634 0x1b10  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:30:04.0650 0x1b10  SNMPTRAP - ok
18:30:04.0650 0x1b10  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:30:04.0650 0x1b10  spldr - ok
18:30:04.0665 0x1b10  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
18:30:04.0681 0x1b10  Spooler - ok
18:30:04.0728 0x1b10  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
18:30:04.0774 0x1b10  sppsvc - ok
18:30:04.0790 0x1b10  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:30:04.0790 0x1b10  sppuinotify - ok
18:30:04.0806 0x1b10  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:30:04.0806 0x1b10  srv - ok
18:30:04.0821 0x1b10  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:30:04.0837 0x1b10  srv2 - ok
18:30:04.0852 0x1b10  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:30:04.0852 0x1b10  srvnet - ok
18:30:04.0868 0x1b10  [ 8F8324ED1DE63FFC7B1A02CD2D963C72, E58603F81DEAFF1D45CB83FB6E625E6A13868741B833B1C9E60D672179D18EE0 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
18:30:04.0868 0x1b10  ssadbus - ok
18:30:04.0868 0x1b10  [ 58221EFCB74167B73667F0024C661CE0, D9B67A8897B4DC3E4729187F17ABEB4710CF57440D718E17ED828439198D34DB ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
18:30:04.0868 0x1b10  ssadmdfl - ok
18:30:04.0884 0x1b10  [ 4DA7C71BFAC5AD71255B7E4CAB980163, 4CC0F9C8E96ECEF36EEB021E448A9734B63512D030516DC38B1A2EEAA1043AEC ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
18:30:04.0884 0x1b10  ssadmdm - ok
18:30:04.0899 0x1b10  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:30:04.0899 0x1b10  SSDPSRV - ok
18:30:04.0915 0x1b10  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:30:04.0915 0x1b10  SstpSvc - ok
18:30:04.0946 0x1b10  [ BC76D75A372BC02831A6A6AEA66510F8, 98EABF22D16E5326CE4FD4B7092E7A6BD52118698792D98A25C477ACCFDE7FF6 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
18:30:04.0946 0x1b10  Steam Client Service - ok
18:30:04.0962 0x1b10  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
18:30:04.0962 0x1b10  stexstor - ok
18:30:04.0977 0x1b10  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
18:30:04.0993 0x1b10  stisvc - ok
18:30:04.0993 0x1b10  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:30:04.0993 0x1b10  swenum - ok
18:30:05.0008 0x1b10  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
18:30:05.0024 0x1b10  swprv - ok
18:30:05.0055 0x1b10  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
18:30:05.0071 0x1b10  SysMain - ok
18:30:05.0086 0x1b10  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:30:05.0086 0x1b10  TabletInputService - ok
18:30:05.0102 0x1b10  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:30:05.0118 0x1b10  TapiSrv - ok
18:30:05.0118 0x1b10  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
18:30:05.0133 0x1b10  TBS - ok
18:30:05.0164 0x1b10  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:30:05.0180 0x1b10  Tcpip - ok
18:30:05.0211 0x1b10  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:30:05.0242 0x1b10  TCPIP6 - ok
18:30:05.0258 0x1b10  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:30:05.0258 0x1b10  tcpipreg - ok
18:30:05.0274 0x1b10  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:30:05.0274 0x1b10  TDPIPE - ok
18:30:05.0289 0x1b10  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:30:05.0289 0x1b10  TDTCP - ok
18:30:05.0305 0x1b10  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:30:05.0305 0x1b10  tdx - ok
18:30:05.0320 0x1b10  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:30:05.0320 0x1b10  TermDD - ok
18:30:05.0336 0x1b10  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
18:30:05.0352 0x1b10  TermService - ok
18:30:05.0367 0x1b10  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
18:30:05.0367 0x1b10  Themes - ok
18:30:05.0367 0x1b10  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
18:30:05.0383 0x1b10  THREADORDER - ok
18:30:05.0383 0x1b10  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
18:30:05.0398 0x1b10  TrkWks - ok
18:30:05.0398 0x1b10  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:30:05.0414 0x1b10  TrustedInstaller - ok
18:30:05.0430 0x1b10  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:30:05.0430 0x1b10  tssecsrv - ok
18:30:05.0445 0x1b10  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:30:05.0445 0x1b10  TsUsbFlt - ok
18:30:05.0445 0x1b10  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
18:30:05.0461 0x1b10  TsUsbGD - ok
18:30:05.0461 0x1b10  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:30:05.0461 0x1b10  tunnel - ok
18:30:05.0476 0x1b10  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:30:05.0476 0x1b10  uagp35 - ok
18:30:05.0492 0x1b10  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:30:05.0508 0x1b10  udfs - ok
18:30:05.0523 0x1b10  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:30:05.0539 0x1b10  UI0Detect - ok
18:30:05.0539 0x1b10  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:30:05.0539 0x1b10  uliagpkx - ok
18:30:05.0554 0x1b10  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:30:05.0554 0x1b10  umbus - ok
18:30:05.0570 0x1b10  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
18:30:05.0570 0x1b10  UmPass - ok
18:30:05.0586 0x1b10  [ 3C5405EF78576E8E4D791EB18F6856A8, 18FD6A5C0ACD045B324F46C7C596D537D52F43B7F2896F0D54CEBEFF4886CAEC ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
18:30:05.0586 0x1b10  UNS - ok
18:30:05.0601 0x1b10  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
18:30:05.0617 0x1b10  upnphost - ok
18:30:05.0632 0x1b10  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
18:30:05.0632 0x1b10  usbaudio - ok
18:30:05.0648 0x1b10  [ ACCEA6BC68D0C9A78EB97EE159028B4E, 132F7A543C1DA9456FBABA50552B37E3162ACA612A8567BB3FF0F7DA84231419 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:30:05.0648 0x1b10  usbccgp - ok
18:30:05.0648 0x1b10  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:30:05.0664 0x1b10  usbcir - ok
18:30:05.0664 0x1b10  [ 311C1DD1088E55BEAE15954D17F50646, A663344ABD1414D570617F59CC00020640F31DB34265142EFCA8817328DB842A ] usbehci         C:\Windows\system32\drivers\usbehci.sys
18:30:05.0664 0x1b10  usbehci - ok
18:30:05.0679 0x1b10  [ 280E90CBF4B2DDD169F0728CB44D726F, 2B39666C022A4F7338BDDB4CB0D7B4D0CC6B398298D29E38826F27FADF4C29DD ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:30:05.0695 0x1b10  usbhub - ok
18:30:05.0695 0x1b10  [ 9406D801042FAF859CF81B2C886413DC, D16536EC05260D7A2902314E1AA5E5F73533483B9967739C381FD41B6192B92F ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:30:05.0710 0x1b10  usbohci - ok
18:30:05.0710 0x1b10  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:30:05.0710 0x1b10  usbprint - ok
18:30:05.0726 0x1b10  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
18:30:05.0726 0x1b10  usbscan - ok
18:30:05.0742 0x1b10  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:30:05.0742 0x1b10  USBSTOR - ok
18:30:05.0757 0x1b10  [ A83D0EC9AE4C31704442099D40BA2471, A29D714FCDF10DF7A2A17D54B131AEFDA61AED988CF8B99C7B30728C50130DCE ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:30:05.0757 0x1b10  usbuhci - ok
18:30:05.0773 0x1b10  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
18:30:05.0773 0x1b10  UxSms - ok
18:30:05.0773 0x1b10  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\Windows\system32\lsass.exe
18:30:05.0788 0x1b10  VaultSvc - ok
18:30:05.0788 0x1b10  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:30:05.0788 0x1b10  vdrvroot - ok
18:30:05.0820 0x1b10  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
18:30:05.0820 0x1b10  vds - ok
18:30:05.0835 0x1b10  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:30:05.0835 0x1b10  vga - ok
18:30:05.0851 0x1b10  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:30:05.0851 0x1b10  VgaSave - ok
18:30:05.0866 0x1b10  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:30:05.0866 0x1b10  vhdmp - ok
18:30:05.0882 0x1b10  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:30:05.0882 0x1b10  viaide - ok
18:30:05.0898 0x1b10  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:30:05.0898 0x1b10  volmgr - ok
18:30:05.0913 0x1b10  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:30:05.0913 0x1b10  volmgrx - ok
18:30:05.0929 0x1b10  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:30:05.0929 0x1b10  volsnap - ok
18:30:05.0944 0x1b10  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:30:05.0944 0x1b10  vsmraid - ok
18:30:05.0976 0x1b10  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
18:30:06.0007 0x1b10  VSS - ok
18:30:06.0022 0x1b10  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
18:30:06.0022 0x1b10  vwifibus - ok
18:30:06.0038 0x1b10  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
18:30:06.0038 0x1b10  W32Time - ok
18:30:06.0054 0x1b10  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:30:06.0069 0x1b10  WacomPen - ok
18:30:06.0069 0x1b10  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:30:06.0069 0x1b10  WANARP - ok
18:30:06.0085 0x1b10  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:30:06.0085 0x1b10  Wanarpv6 - ok
18:30:06.0116 0x1b10  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:30:06.0132 0x1b10  WatAdminSvc - ok
18:30:06.0163 0x1b10  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
18:30:06.0178 0x1b10  wbengine - ok
18:30:06.0194 0x1b10  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:30:06.0210 0x1b10  WbioSrvc - ok
18:30:06.0225 0x1b10  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:30:06.0225 0x1b10  wcncsvc - ok
18:30:06.0241 0x1b10  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:30:06.0241 0x1b10  WcsPlugInService - ok
18:30:06.0256 0x1b10  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
18:30:06.0256 0x1b10  Wd - ok
18:30:06.0272 0x1b10  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
18:30:06.0272 0x1b10  WDC_SAM - ok
18:30:06.0288 0x1b10  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:30:06.0303 0x1b10  Wdf01000 - ok
18:30:06.0319 0x1b10  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:30:06.0319 0x1b10  WdiServiceHost - ok
18:30:06.0334 0x1b10  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:30:06.0334 0x1b10  WdiSystemHost - ok
18:30:06.0350 0x1b10  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
18:30:06.0350 0x1b10  WebClient - ok
18:30:06.0366 0x1b10  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:30:06.0366 0x1b10  Wecsvc - ok
18:30:06.0381 0x1b10  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:30:06.0381 0x1b10  wercplsupport - ok
18:30:06.0397 0x1b10  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:30:06.0397 0x1b10  WerSvc - ok
18:30:06.0412 0x1b10  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:30:06.0412 0x1b10  WfpLwf - ok
18:30:06.0428 0x1b10  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:30:06.0428 0x1b10  WIMMount - ok
18:30:06.0444 0x1b10  WinDefend - ok
18:30:06.0475 0x1b10  WinHttpAutoProxySvc - ok
18:30:06.0490 0x1b10  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:30:06.0506 0x1b10  Winmgmt - ok
18:30:06.0553 0x1b10  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
18:30:06.0568 0x1b10  WinRM - ok
18:30:06.0615 0x1b10  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:30:06.0615 0x1b10  WinUsb - ok
18:30:06.0631 0x1b10  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:30:06.0646 0x1b10  Wlansvc - ok
18:30:06.0693 0x1b10  [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:30:06.0709 0x1b10  wlidsvc - ok
18:30:06.0724 0x1b10  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
18:30:06.0724 0x1b10  WmiAcpi - ok
18:30:06.0756 0x1b10  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:30:06.0756 0x1b10  wmiApSrv - ok
18:30:06.0771 0x1b10  WMPNetworkSvc - ok
18:30:06.0787 0x1b10  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:30:06.0787 0x1b10  WPCSvc - ok
18:30:06.0802 0x1b10  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:30:06.0802 0x1b10  WPDBusEnum - ok
18:30:06.0818 0x1b10  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:30:06.0818 0x1b10  ws2ifsl - ok
18:30:06.0834 0x1b10  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
18:30:06.0834 0x1b10  wscsvc - ok
18:30:06.0849 0x1b10  WSearch - ok
18:30:06.0896 0x1b10  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:30:06.0927 0x1b10  wuauserv - ok
18:30:06.0943 0x1b10  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:30:06.0943 0x1b10  WudfPf - ok
18:30:06.0958 0x1b10  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:30:06.0958 0x1b10  WUDFRd - ok
18:30:06.0974 0x1b10  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:30:06.0974 0x1b10  wudfsvc - ok
18:30:06.0990 0x1b10  [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:30:07.0005 0x1b10  WwanSvc - ok
18:30:07.0021 0x1b10  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B, 2C324592F3F2D50BABA7123B6F9FC922667CC132777E019FF615F2D6F273A45E ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
18:30:07.0021 0x1b10  xusb21 - ok
18:30:07.0052 0x1b10  ================ Scan global ===============================
18:30:07.0052 0x1b10  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
18:30:07.0052 0x1b10  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
18:30:07.0068 0x1b10  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
18:30:07.0068 0x1b10  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
18:30:07.0083 0x1b10  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
18:30:07.0083 0x1b10  [ Global ] - ok
18:30:07.0083 0x1b10  ================ Scan MBR ==================================
18:30:07.0083 0x1b10  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
18:30:07.0083 0x1b10  \Device\Harddisk0\DR0 - ok
18:30:07.0083 0x1b10  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
18:30:07.0099 0x1b10  \Device\Harddisk1\DR1 - ok
18:30:07.0099 0x1b10  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
18:30:07.0099 0x1b10  \Device\Harddisk2\DR2 - ok
18:30:07.0099 0x1b10  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
18:30:07.0099 0x1b10  \Device\Harddisk3\DR3 - ok
18:30:07.0099 0x1b10  ================ Scan VBR ==================================
18:30:07.0099 0x1b10  [ D330F39F8205384EE09E41A355150BAC ] \Device\Harddisk0\DR0\Partition1
18:30:07.0114 0x1b10  \Device\Harddisk0\DR0\Partition1 - ok
18:30:07.0114 0x1b10  [ A1A1CC4BA4AE1C51FC0245E9B1587FFB ] \Device\Harddisk0\DR0\Partition2
18:30:07.0114 0x1b10  \Device\Harddisk0\DR0\Partition2 - ok
18:30:07.0114 0x1b10  [ CF1AD3268ED48429B21824260F03251C ] \Device\Harddisk0\DR0\Partition3
18:30:07.0114 0x1b10  \Device\Harddisk0\DR0\Partition3 - ok
18:30:07.0114 0x1b10  [ 74FF41B952F584ABA8230ED612F80BB1 ] \Device\Harddisk1\DR1\Partition1
18:30:07.0114 0x1b10  \Device\Harddisk1\DR1\Partition1 - ok
18:30:07.0114 0x1b10  [ 8BA3EE59718B561ADAA39B64E329AAD6 ] \Device\Harddisk2\DR2\Partition1
18:30:07.0114 0x1b10  \Device\Harddisk2\DR2\Partition1 - ok
18:30:07.0114 0x1b10  [ EE3DC49BBC7BDFB67117D318E9B51AA1 ] \Device\Harddisk3\DR3\Partition1
18:30:07.0114 0x1b10  \Device\Harddisk3\DR3\Partition1 - ok
18:30:07.0114 0x1b10  Waiting for KSN requests completion. In queue: 221
18:30:08.0128 0x1b10  Waiting for KSN requests completion. In queue: 221
18:30:09.0142 0x1b10  Waiting for KSN requests completion. In queue: 221
18:30:10.0156 0x1b10  Waiting for KSN requests completion. In queue: 221
18:30:11.0248 0x1b10  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 8.0.1497.376 ), 0x41000 ( enabled : updated )
18:30:11.0248 0x1b10  AV detected via SS2: Emsisoft Anti-Malware, C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe ( 8.1.0.19 ), 0x41000 ( enabled : updated )
18:30:11.0264 0x1b10  Win FW state via NFP2: enabled
18:30:14.0212 0x1b10  ============================================================
18:30:14.0212 0x1b10  Scan finished
18:30:14.0212 0x1b10  ============================================================
18:30:14.0212 0x1bbc  Detected object count: 0
18:30:14.0212 0x1bbc  Actual detected object count: 0
 



#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:18 AM

Posted 14 November 2013 - 02:50 AM

That looks completely clean, the MBR checks out as well. At this point I'd recommend you to run a full scan with your installed Avast and Emsisoft scanners, just to be sure. Do you have any issue left with your computer?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 BiggaWhat

BiggaWhat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 15 November 2013 - 07:33 PM

I ran full scans and it didn't find anything.  No other issues with my computer



#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:18 AM

Posted 16 November 2013 - 04:24 AM

Thats good news. :)

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please read the following advice on how to prevent reinfecting your PC:
  • Install and update the following programs regularly:
  • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
    A comprehensive tutorial and a list of possible firewalls can be found here.
  • an AntiVirus Software
    It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
    Some more links you might find of interest:Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:18 AM

Posted 19 January 2014 - 04:40 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users