Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Out of My League:: Win32/small.ca, Lockups, FF Only in Safemode, Misery...


  • Please log in to reply
12 replies to this topic

#1 whack-a-opp

whack-a-opp

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 05 December 2013 - 10:46 PM

Not really sure how I got infected or which programs exactly are infected but computer is having frequent lockups.  Firefox crashes on startup and can only run in safemode regardless of what I do with plugins, fresh install.  IE doesn't fair any better (no surprise).  Virus scans coming up clean.  Just recently got a message in Win7 notification center saying I have win32/small.ca virus.  Did a couple of preliminary google searches about how to track this thing down and terminate it but not having much luck.  Was hoping to do a reformat but unfortunately I'm traveling with no disks at the moment so my fate is in your hands.  Logs are as follows...

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16736  BrowserJavaVersion: 10.45.2
Run by Sean at 22:37:31 on 2013-12-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8170.6032 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Sean\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hotkey\Hotkey.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Users\Sean\Downloads\HijackThis(1).exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [F.lux] "C:\Users\Sean\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{359908B0-6A9B-45EC-9951-9DD08A9DA866} : DHCPNameServer = 155.33.16.90 155.33.16.70
TCP: Interfaces\{4E893474-F058-4469-8023-9CBFACC286EE} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{4E893474-F058-4469-8023-9CBFACC286EE}\14D6472716B634F6E6E65636473547164796F6E6 : DHCPNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{4E893474-F058-4469-8023-9CBFACC286EE}\2656C6B696E6E2131646 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{4E893474-F058-4469-8023-9CBFACC286EE}\34963736F68343631343 : DHCPNameServer = 208.59.247.45 208.59.247.46 192.168.1.1
TCP: Interfaces\{4E893474-F058-4469-8023-9CBFACC286EE}\355707168635568797759666963295F4C4F4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4E893474-F058-4469-8023-9CBFACC286EE}\C45637C6569713131343 : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\gqjf2pwd.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-10-17 01:33; {fe272bd1-5f76-4ea4-8501-a05d35d823fc}; C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\gqjf2pwd.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? sxuptp;SXUPTP Driver
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? USBAAPL64;Apple Mobile USB Driver
R? WatAdminSvc;Windows Activation Technologies Service
S? JMCR;JMCR
S? JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits)
S? MpFilter;Microsoft Malware Protection Driver
S? NisDrv;Microsoft Network Inspection System
S? NisSrv;Microsoft Network Inspection
S? nusb3hub;Renesas Electronics USB 3.0 Hub Driver
S? nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver
S? PowerBiosServer;PowerBiosServer
S? RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver
S? Stereo Service;NVIDIA Stereoscopic 3D Driver Service
S? UNS;Intel® Management and Security Application User Notification Service
.
=============== Created Last 30 ================
.
2013-12-05 12:49:53    10285968    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{01D2FC59-E875-4B66-A2B6-94E4F75E4665}\mpengine.dll
2013-12-04 07:11:18    10285968    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-19 16:35:25    872392    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2013-11-19 16:35:25    274032    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\updater.exe
2013-11-19 16:35:25    22031984    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\xul.dll
2013-11-19 16:35:25    170960    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-11-19 16:35:25    15672645    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\ProTeXt\TexMakerX\texmakerx21_win32-install.exe
2013-11-19 16:35:25    153712    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
2013-11-19 16:35:25    108144    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-11-19 16:35:23    2149888    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\ProTeXt\python26.dll
2013-11-19 16:35:23    131584    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\ProTeXt\Setup.exe
2013-11-19 16:35:03    5779456    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\ProTeXt\MiKTeX\tm\packages\setup-2.9.3959.exe
2013-11-18 08:19:35    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-18 02:44:41    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2013-11-10 00:24:19    965000    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AA57E66A-7D63-42BE-9E73-6977FBA679AB}\gapaengine.dll
2013-11-10 00:15:57    --------    d-----w-    C:\Program Files\iPod
2013-11-10 00:15:56    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-10 00:15:56    --------    d-----w-    C:\Program Files\iTunes
2013-11-10 00:15:56    --------    d-----w-    C:\Program Files (x86)\iTunes
.
==================== Find3M  ====================
.
2013-11-19 10:21:41    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-10-15 18:28:04    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-15 18:28:04    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-12 08:45:20    2241536    ----a-w-    C:\Windows\System32\wininet.dll
2013-10-12 08:43:37    3959808    ----a-w-    C:\Windows\System32\jscript9.dll
2013-10-12 08:43:32    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-10-12 08:43:32    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-10-12 07:03:50    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:33    2877952    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-10-12 07:02:29    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-10-12 07:02:29    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-10-12 06:35:26    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-10-12 05:44:38    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:39    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-12 02:30:42    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-08 11:50:37    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 19:57:25    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-10-03 02:23:48    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-27 14:53:06    248240    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2013-09-27 14:53:06    134944    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2013-09-25 02:26:40    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40    154560    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33    28672    ----a-w-    C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33    135680    ----a-w-    C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01    28160    ----a-w-    C:\Windows\System32\secur32.dll
2013-09-25 02:22:59    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-09-25 02:21:50    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07    1447936    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24    30720    ----a-w-    C:\Windows\System32\lsass.exe
.
============= FINISH: 22:39:43.70 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 PM

Posted 06 December 2013 - 12:04 PM


Hello whack-a-opp

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 whack-a-opp

whack-a-opp
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 06 December 2013 - 01:20 PM

Hi Gringo,

 

Appreciate the fast response.  I ran the tools as instructed and will post the logs below.  That being said, it appears we still have some work to do as FF still crashed and requested to be started in safemode, when I opened it to respond to this topic.  The system still appears to be locking up however, I can't say with any certainty whether it has improved at all in this respeect since I don't have much time to test.  Thank you again for your help.

 

# AdwCleaner v3.014 - Report created 06/12/2013 at 12:50:52
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sean - DASEIN
# Running from : C:\Users\Sean\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\gqjf2pwd.default\prefs.js ]


[ File : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\jtbqn0fv.default-1385612954249\prefs.js ]


[ File : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\s2r5g2o6.default-1383099009364\prefs.js ]


*************************

AdwCleaner[R0].txt - [1115 octets] - [06/12/2013 12:48:31]
AdwCleaner[S0].txt - [1041 octets] - [06/12/2013 12:50:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1101 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Sean on Fri 12/06/2013 at 13:05:11.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Sean\AppData\Roaming\mozilla\firefox\profiles\gqjf2pwd.default\minidumps [126 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/06/2013 at 13:16:10.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Best,

WOP
 


Edited by whack-a-opp, 06 December 2013 - 01:21 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 PM

Posted 06 December 2013 - 02:16 PM


Hello whack-a-opp

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 whack-a-opp

whack-a-opp
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 07 December 2013 - 12:55 AM

Hello Gringo,

 

I was able to install and run combofix without a hitch.  So far (in what I must admit has been a limited sample size) I haven't experienced any lockups as before.  That said, FF still crashed on startup and requested to be started in safemode.  I also noted that combofix warned that it would restart my computer and possibly even multiple times but, it in fact, didn't restart it at all.  It finished and put the log up on the screen and closed itself (unless I jumped the gun? didn't think I did though).  From there I was unable to open keypass saying something to the tune that the selected program could not be identified.  However, I did my own reset and everything aside from FF, at least at first glance appears to be working fine.  I'm not sure if this is a matter of Resting FF to default, a fresh install, a move to Crome or still yet more problems.  I have copied the combofix log below.

 

ComboFix 13-12-07.01 - Sean 12/07/2013   0:20.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8170.6744 [GMT -5:00]
Running from: c:\users\Sean\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-07 to 2013-12-07  )))))))))))))))))))))))))))))))
.
.
2013-12-07 05:26 . 2013-12-07 05:26    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-12-06 18:05 . 2013-12-06 18:05    --------    d-----w-    c:\windows\ERUNT
2013-12-06 17:48 . 2013-12-06 17:50    --------    d-----w-    C:\AdwCleaner
2013-12-06 14:24 . 2013-10-18 05:59    965000    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92F1B41F-6BAD-4D5C-9F48-588AEDA2AB12}\gapaengine.dll
2013-12-06 14:24 . 2013-11-08 03:12    10285968    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{81A041FF-882E-4A49-A184-3E3C9AA2B58B}\mpengine.dll
2013-12-05 12:49 . 2013-11-08 03:12    10285968    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-18 02:44 . 2013-10-05 20:25    1474048    ----a-w-    c:\windows\system32\crypt32.dll
2013-11-10 00:15 . 2013-11-10 00:15    --------    d-----w-    c:\program files\iPod
2013-11-10 00:15 . 2013-11-10 00:16    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-10 00:15 . 2013-11-10 00:16    --------    d-----w-    c:\program files\iTunes
2013-11-10 00:15 . 2013-11-10 00:16    --------    d-----w-    c:\program files (x86)\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 10:21 . 2010-11-21 03:27    267936    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-18 08:14 . 2012-09-21 17:02    82896128    ----a-w-    c:\windows\system32\MRT.exe
2013-10-18 05:59 . 2012-06-12 21:00    965000    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-15 18:28 . 2012-04-08 03:26    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-15 18:28 . 2012-03-26 02:55    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 11:50 . 2013-10-22 04:06    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-27 14:53 . 2013-09-27 14:53    248240    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2013-09-27 14:53 . 2011-04-27 19:25    134944    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-12-04 1823656]
"F.lux"="c:\users\Sean\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2013-07-20 2010624]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2011-1-17 2946560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys;c:\windows\SYSNATIVE\DRIVERS\sxuptp.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe;c:\program files (x86)\Hotkey\PowerBiosServer.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 18:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\gqjf2pwd.default\
FF - ExtSQL: 2013-10-17 01:33; {fe272bd1-5f76-4ea4-8501-a05d35d823fc}; c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\gqjf2pwd.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-07  00:30:25
ComboFix-quarantined-files.txt  2013-12-07 05:30
.
Pre-Run: 270,472,048,640 bytes free
Post-Run: 270,348,898,304 bytes free
.
- - End Of File - - 93E9727C86CE3A54F126674258805E24
A36C5E4F47E84449FF07ED3517B43A31
 

I must admit now that I'm copying the log I forgot to run Combofix as adminstrator, hopefully that doesn't hinder the results.  Looking forward to your response.

 

Best,

WOP



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 PM

Posted 07 December 2013 - 03:51 AM


Hello whack-a-opp

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 whack-a-opp

whack-a-opp
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 07 December 2013 - 01:24 PM

Hi Gringo,

 

Did as instructed.  No new updates from the last post, FF still crashing on startup/only runs in safemode but the lockups, at least to my knowledge, have decreased or possibly even ceased.  Log posted below.

 

ComboFix 13-12-07.01 - Sean 12/07/2013  12:58:08.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8170.6644 [GMT -5:00]
Running from: c:\users\Sean\Desktop\ComboFix.exe
Command switches used :: c:\users\Sean\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-07 to 2013-12-07  )))))))))))))))))))))))))))))))
.
.
2013-12-07 18:04 . 2013-12-07 18:04    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-12-06 18:05 . 2013-12-06 18:05    --------    d-----w-    c:\windows\ERUNT
2013-12-06 17:48 . 2013-12-06 17:50    --------    d-----w-    C:\AdwCleaner
2013-12-06 14:24 . 2013-10-18 05:59    965000    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92F1B41F-6BAD-4D5C-9F48-588AEDA2AB12}\gapaengine.dll
2013-11-18 02:44 . 2013-10-05 20:25    1474048    ----a-w-    c:\windows\system32\crypt32.dll
2013-11-10 00:15 . 2013-11-10 00:15    --------    d-----w-    c:\program files\iPod
2013-11-10 00:15 . 2013-11-10 00:16    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-10 00:15 . 2013-11-10 00:16    --------    d-----w-    c:\program files\iTunes
2013-11-10 00:15 . 2013-11-10 00:16    --------    d-----w-    c:\program files (x86)\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 10:21 . 2010-11-21 03:27    267936    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-18 08:14 . 2012-09-21 17:02    82896128    ----a-w-    c:\windows\system32\MRT.exe
2013-10-18 05:59 . 2012-06-12 21:00    965000    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-15 18:28 . 2012-04-08 03:26    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-15 18:28 . 2012-03-26 02:55    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 11:50 . 2013-10-22 04:06    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-27 14:53 . 2013-09-27 14:53    248240    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2013-09-27 14:53 . 2011-04-27 19:25    134944    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-12-04 1823656]
"F.lux"="c:\users\Sean\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2013-07-20 2010624]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2011-1-17 2946560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys;c:\windows\SYSNATIVE\DRIVERS\sxuptp.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe;c:\program files (x86)\Hotkey\PowerBiosServer.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 18:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\gqjf2pwd.default\
FF - ExtSQL: 2013-10-17 01:33; {fe272bd1-5f76-4ea4-8501-a05d35d823fc}; c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\gqjf2pwd.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-07  13:07:39
ComboFix-quarantined-files.txt  2013-12-07 18:07
ComboFix2.txt  2013-12-07 05:30
.
Pre-Run: 269,307,142,144 bytes free
Post-Run: 269,112,999,936 bytes free
.
- - End Of File - - 8ED38985F3DDBE573EE7F1C13BB0BC5D
A36C5E4F47E84449FF07ED3517B43A31
 

 

Best,

WOP



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 PM

Posted 07 December 2013 - 02:22 PM


Hello whack-a-opp

I want you to reset firefox back to defaults, this will remove everything from Firefox

I will let you keep your bookmarks so to do that you can go here - Export BookMarks

Now to reset firefox do the following.
  • At the top of the Firefox window, click the "Firefox" button,
  • go over to the "Help" sub-menu
    • (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".
  • Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
  • click "Reset Firefox" in the confirmation window that opens.
  • Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.
restart the computer and check firefox for me now

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 whack-a-opp

whack-a-opp
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 08 December 2013 - 01:04 AM

Greetings Gringo,

 

A couple of updates.  Upon starting my computer it took an abnormally long time for the desktop to come up (only a black screen).  When it finally came up I had a couple of error messages...

Desktop background has stopped responding

Realtek Audio has stopped responding (Although it appears to be working in spite of crashing)

Please restart computer again with all drivers (the icon of this message was for the hotkeys on my keyboard such as volume, brightness etc) however, they appear to be working.

 

I reset FF to default but it still crashes on startup and will only boot in safemode.

 

Quite a devil on our hands, anxiously awaiting more of your expertise.

 

Thank you again for your valuable timetime,

WOP



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 PM

Posted 08 December 2013 - 01:07 AM





Hello whack-a-opp

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.


--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from MBAR and Roguekiller and also let me know how the computer is doing at this time.

Gringo






When you are complete please send me both reports

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 whack-a-opp

whack-a-opp
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 08 December 2013 - 11:50 AM

Hello Gringo,

 

Thank you again for your continued support through this mess!  I have followed your instructions.

 

Malaware's Rootkit was run and found 0 infections and, as such, prompted me to skip to the cleanup section.  Regardless the report is copied below.

 

I moved on to Rogue Killer who's report I will post below.  However, I'm unsure if I messed something up because it had found 3 registry key all started with HKEY_LOCAL however I couldn't read the rest of the entries since they were truncated in favor of the next column but as you will see they don't (at least to my knowledge) appear to be the report.

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2013.12.08.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Sean :: DASEIN [administrator]

12/8/2013 10:44:53 AM
mbar-log-2013-12-08 (10-44-53).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 234717
Time elapsed: 17 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Sean [Admin rights]
Mode : DNSFix -- Date : 12/08/2013 11:40:56
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

Finished : << RKreport[0]_DN_12082013_114056.txt >>
RKreport[0]_D_12082013_114041.txt;RKreport[0]_H_12082013_114050.txt;RKreport[0]_S_12082013_114017.txt

That said, I'm still facing these persistent issues.

 

My sincere gratitude for your working with me,

WOP

 

Small Update: As I was using my computer I suddenly got a message that it experienced a critical error and would restart in 1 minute.  When I checked the Shut Down menu all the options were greyed out.  After 1 minute it indeed restarted itself.  Upon restarting I did not experience the same errors I did last time (as in the black screen, realtek crashing etc.) however, it did not restart at full speed.  Also strangely, there were shortcuts for Computer as well as my account folder 'Sean' on the desktop in addition to the other programs placed there at your instruction (normally I keep no shortcuts on my desktop but the recycle bin).  In addition there was a folder for Rogue Killer RK_Quarantine which contains the following entries who's names didn't seem to appear in the original log but whom I alluded to earlier:

HKEY_LOCAL_MACHINE_Software_Microsoft_Windows_CurrentVersion_Explorer_HideDesktopIcons_NewStartPanel_{20D04FE0-0

HKEY_LOCAL_MACHINE_Software_Microsoft_Windows_CurrentVersion_Explorer_HideDesktopIcons_NewStartPanel_{59031a47-0

HKEY_LOCAL_MACHINE_Software_Microsoft_Windows_CurrentVersion_Policies_System_DisableReg0

HKEY_LOCAL_MACHINE_Software_Microsoft_Windows_CurrentVersion_Policies_System_DisableReg1

PhysicalDrive0_User.dat

RogueKiller (no file extension visible but is a configuration settings file so possibly .ini??)

 

RogueKiller did not request any reboots on its own following running it, so perhaps it was necessary that I reboot it.  And this was merely finishing the process.

 

That said,

I'm still experiencing lockups (although decreased, at least in my opinon) in nearly every program I've used since we've began our cleanse.  FF still will only start itself in safemode. 

 

My continued appreciate,

WOP
 


Edited by whack-a-opp, 08 December 2013 - 04:40 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 PM

Posted 08 December 2013 - 08:53 PM


Hello whack-a-opp,

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 whack-a-opp

whack-a-opp
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 08 December 2013 - 09:37 PM

Regards Ringo,

 

I have followed your instructions.  After the first two reboots after checking 'Loaded Modules'  I was greeted with a BSOD.  However, the third time seemed to be the charm and I was able to run TDSKiller with all checkboxes checked.  It appears that no suspicious objects were found however, my problems still persist.  The TDS log is as follows:

 

21:28:11.0106 0x05e4  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
21:28:24.0257 0x05e4  ============================================================
21:28:24.0257 0x05e4  Current date / time: 2013/12/08 21:28:24.0257
21:28:24.0257 0x05e4  SystemInfo:
21:28:24.0257 0x05e4  
21:28:24.0257 0x05e4  OS Version: 6.1.7601 ServicePack: 1.0
21:28:24.0257 0x05e4  Product type: Workstation
21:28:24.0257 0x05e4  ComputerName: DASEIN
21:28:24.0257 0x05e4  UserName: Sean
21:28:24.0257 0x05e4  Windows directory: C:\Windows
21:28:24.0257 0x05e4  System windows directory: C:\Windows
21:28:24.0257 0x05e4  Running under WOW64
21:28:24.0257 0x05e4  Processor architecture: Intel x64
21:28:24.0257 0x05e4  Number of processors: 8
21:28:24.0257 0x05e4  Page size: 0x1000
21:28:24.0257 0x05e4  Boot type: Normal boot
21:28:24.0257 0x05e4  ============================================================
21:29:17.0656 0x05e4  KLMD registered as C:\Windows\system32\drivers\65689852.sys
21:29:17.0921 0x05e4  System UUID: {D3DF2961-4254-0900-203D-362B62C690E7}
21:29:18.0514 0x05e4  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:29:18.0530 0x05e4  ============================================================
21:29:18.0530 0x05e4  \Device\Harddisk0\DR0:
21:29:18.0530 0x05e4  MBR partitions:
21:29:18.0530 0x05e4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:29:18.0530 0x05e4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
21:29:18.0530 0x05e4  ============================================================
21:29:18.0576 0x05e4  C: <-> \Device\Harddisk0\DR0\Partition2
21:29:18.0576 0x05e4  ============================================================
21:29:18.0576 0x05e4  Initialize success
21:29:18.0576 0x05e4  ============================================================
21:29:29.0686 0x0d30  ============================================================
21:29:29.0686 0x0d30  Scan started
21:29:29.0686 0x0d30  Mode: Manual; SigCheck; TDLFS;
21:29:29.0686 0x0d30  ============================================================
21:29:29.0686 0x0d30  KSN ping started
21:29:47.0813 0x0d30  KSN ping finished: true
21:29:50.0543 0x0d30  ================ Scan system memory ========================
21:29:50.0543 0x0d30  System memory - ok
21:29:50.0543 0x0d30  ================ Scan services =============================
21:29:51.0136 0x0d30  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
21:29:51.0511 0x0d30  1394ohci - ok
21:29:51.0573 0x0d30  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:29:51.0604 0x0d30  ACPI - ok
21:29:51.0651 0x0d30  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:29:51.0760 0x0d30  AcpiPmi - ok
21:29:51.0901 0x0d30  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:29:51.0932 0x0d30  AdobeARMservice - ok
21:29:52.0213 0x0d30  [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:29:52.0337 0x0d30  AdobeFlashPlayerUpdateSvc - ok
21:29:52.0431 0x0d30  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:29:52.0462 0x0d30  adp94xx - ok
21:29:52.0493 0x0d30  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:29:52.0525 0x0d30  adpahci - ok
21:29:52.0525 0x0d30  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:29:52.0540 0x0d30  adpu320 - ok
21:29:52.0571 0x0d30  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:29:52.0743 0x0d30  AeLookupSvc - ok
21:29:52.0821 0x0d30  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
21:29:52.0915 0x0d30  AFD - ok
21:29:52.0946 0x0d30  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
21:29:52.0961 0x0d30  agp440 - ok
21:29:52.0977 0x0d30  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
21:29:53.0039 0x0d30  ALG - ok
21:29:53.0055 0x0d30  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:29:53.0086 0x0d30  aliide - ok
21:29:53.0102 0x0d30  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:29:53.0102 0x0d30  amdide - ok
21:29:53.0133 0x0d30  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:29:53.0180 0x0d30  AmdK8 - ok
21:29:53.0211 0x0d30  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
21:29:53.0242 0x0d30  AmdPPM - ok
21:29:53.0289 0x0d30  [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:29:53.0320 0x0d30  amdsata - ok
21:29:53.0351 0x0d30  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:29:53.0429 0x0d30  amdsbs - ok
21:29:53.0492 0x0d30  [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:29:53.0507 0x0d30  amdxata - ok
21:29:53.0554 0x0d30  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
21:29:53.0773 0x0d30  AppID - ok
21:29:53.0804 0x0d30  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:29:53.0913 0x0d30  AppIDSvc - ok
21:29:53.0960 0x0d30  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
21:29:54.0053 0x0d30  Appinfo - ok
21:29:54.0662 0x0d30  [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:29:54.0677 0x0d30  Apple Mobile Device - ok
21:29:54.0724 0x0d30  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
21:29:54.0740 0x0d30  arc - ok
21:29:54.0787 0x0d30  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:29:54.0818 0x0d30  arcsas - ok
21:29:55.0317 0x0d30  [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:29:55.0395 0x0d30  aspnet_state - ok
21:29:55.0411 0x0d30  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:29:55.0504 0x0d30  AsyncMac - ok
21:29:55.0520 0x0d30  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:29:55.0535 0x0d30  atapi - ok
21:29:55.0629 0x0d30  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:29:55.0801 0x0d30  AudioEndpointBuilder - ok
21:29:55.0847 0x0d30  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:29:55.0894 0x0d30  AudioSrv - ok
21:29:55.0957 0x0d30  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:29:56.0128 0x0d30  AxInstSV - ok
21:29:56.0175 0x0d30  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
21:29:56.0237 0x0d30  b06bdrv - ok
21:29:56.0300 0x0d30  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:29:56.0393 0x0d30  b57nd60a - ok
21:29:56.0440 0x0d30  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:29:56.0612 0x0d30  BDESVC - ok
21:29:56.0643 0x0d30  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:29:56.0737 0x0d30  Beep - ok
21:29:56.0846 0x0d30  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
21:29:56.0924 0x0d30  BFE - ok
21:29:57.0095 0x0d30  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
21:29:57.0189 0x0d30  BITS - ok
21:29:57.0220 0x0d30  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:29:57.0251 0x0d30  blbdrive - ok
21:29:57.0376 0x0d30  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:29:57.0485 0x0d30  Bonjour Service - ok
21:29:57.0532 0x0d30  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:29:57.0610 0x0d30  bowser - ok
21:29:57.0704 0x0d30  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:29:57.0751 0x0d30  BrFiltLo - ok
21:29:57.0782 0x0d30  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:29:57.0813 0x0d30  BrFiltUp - ok
21:29:57.0875 0x0d30  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
21:29:57.0938 0x0d30  BridgeMP - ok
21:29:58.0000 0x0d30  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
21:29:58.0109 0x0d30  Browser - ok
21:29:58.0156 0x0d30  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:29:58.0219 0x0d30  Brserid - ok
21:29:58.0250 0x0d30  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:29:58.0297 0x0d30  BrSerWdm - ok
21:29:58.0312 0x0d30  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:29:58.0390 0x0d30  BrUsbMdm - ok
21:29:58.0671 0x0d30  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:29:58.0718 0x0d30  BrUsbSer - ok
21:29:58.0780 0x0d30  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
21:29:58.0843 0x0d30  BthEnum - ok
21:29:58.0858 0x0d30  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:29:58.0936 0x0d30  BTHMODEM - ok
21:29:58.0967 0x0d30  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
21:29:59.0045 0x0d30  BthPan - ok
21:29:59.0092 0x0d30  [ 64C198198501F7560EE41D8D1EFA7952, 53CE5FDD1866FC8A0B91C7A620F7555D197488C4C8F3DEFD4398D8E3ED2AEBD0 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
21:29:59.0233 0x0d30  BTHPORT - ok
21:29:59.0279 0x0d30  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
21:29:59.0357 0x0d30  bthserv - ok
21:29:59.0607 0x0d30  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
21:29:59.0685 0x0d30  BTHUSB - ok
21:29:59.0779 0x0d30  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:29:59.0841 0x0d30  cdfs - ok
21:29:59.0903 0x0d30  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:29:59.0919 0x0d30  cdrom - ok
21:29:59.0950 0x0d30  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:29:59.0997 0x0d30  CertPropSvc - ok
21:30:00.0028 0x0d30  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
21:30:00.0059 0x0d30  circlass - ok
21:30:00.0091 0x0d30  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
21:30:00.0122 0x0d30  CLFS - ok
21:30:00.0200 0x0d30  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:30:00.0231 0x0d30  clr_optimization_v2.0.50727_32 - ok
21:30:00.0278 0x0d30  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:30:00.0309 0x0d30  clr_optimization_v2.0.50727_64 - ok
21:30:00.0652 0x0d30  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:30:00.0777 0x0d30  clr_optimization_v4.0.30319_32 - ok
21:30:00.0824 0x0d30  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:30:00.0886 0x0d30  clr_optimization_v4.0.30319_64 - ok
21:30:00.0917 0x0d30  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:30:00.0980 0x0d30  CmBatt - ok
21:30:00.0995 0x0d30  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:30:01.0011 0x0d30  cmdide - ok
21:30:01.0089 0x0d30  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
21:30:01.0261 0x0d30  CNG - ok
21:30:01.0292 0x0d30  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:30:01.0323 0x0d30  Compbatt - ok
21:30:01.0339 0x0d30  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
21:30:01.0417 0x0d30  CompositeBus - ok
21:30:01.0417 0x0d30  COMSysApp - ok
21:30:01.0432 0x0d30  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:30:01.0448 0x0d30  crcdisk - ok
21:30:01.0495 0x0d30  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:30:01.0541 0x0d30  CryptSvc - ok
21:30:01.0635 0x0d30  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:30:01.0744 0x0d30  DcomLaunch - ok
21:30:01.0807 0x0d30  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:30:01.0885 0x0d30  defragsvc - ok
21:30:01.0900 0x0d30  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:30:01.0947 0x0d30  DfsC - ok
21:30:01.0978 0x0d30  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:30:02.0103 0x0d30  Dhcp - ok
21:30:02.0150 0x0d30  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
21:30:02.0228 0x0d30  discache - ok
21:30:02.0275 0x0d30  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
21:30:02.0290 0x0d30  Disk - ok
21:30:02.0337 0x0d30  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:30:02.0399 0x0d30  Dnscache - ok
21:30:02.0462 0x0d30  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:30:02.0555 0x0d30  dot3svc - ok
21:30:02.0571 0x0d30  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
21:30:02.0618 0x0d30  DPS - ok
21:30:02.0665 0x0d30  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:30:02.0711 0x0d30  drmkaud - ok
21:30:02.0821 0x0d30  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:30:02.0852 0x0d30  DXGKrnl - ok
21:30:02.0930 0x0d30  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
21:30:03.0023 0x0d30  EapHost - ok
21:30:03.0289 0x0d30  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
21:30:03.0460 0x0d30  ebdrv - ok
21:30:03.0523 0x0d30  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\Windows\System32\lsass.exe
21:30:03.0585 0x0d30  EFS - ok
21:30:03.0772 0x0d30  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:30:03.0913 0x0d30  ehRecvr - ok
21:30:03.0944 0x0d30  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
21:30:03.0991 0x0d30  ehSched - ok
21:30:04.0053 0x0d30  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:30:04.0115 0x0d30  elxstor - ok
21:30:04.0131 0x0d30  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:30:04.0178 0x0d30  ErrDev - ok
21:30:04.0256 0x0d30  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
21:30:04.0318 0x0d30  EventSystem - ok
21:30:04.0349 0x0d30  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
21:30:04.0381 0x0d30  exfat - ok
21:30:04.0396 0x0d30  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:30:04.0459 0x0d30  fastfat - ok
21:30:04.0505 0x0d30  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
21:30:04.0552 0x0d30  Fax - ok
21:30:04.0568 0x0d30  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
21:30:04.0630 0x0d30  fdc - ok
21:30:04.0646 0x0d30  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
21:30:04.0708 0x0d30  fdPHost - ok
21:30:04.0724 0x0d30  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:30:04.0786 0x0d30  FDResPub - ok
21:30:04.0802 0x0d30  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:30:04.0817 0x0d30  FileInfo - ok
21:30:04.0817 0x0d30  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:30:04.0864 0x0d30  Filetrace - ok
21:30:05.0005 0x0d30  [ D778107D7C2A19D7E7A884A9F0D79581, CCEA3D779BEBF1CA4DB0AC4F02C84AD605C508DD071BA5265EB9740BDD67AEDD ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:30:05.0192 0x0d30  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
21:30:08.0374 0x0d30  Detect skipped due to KSN trusted
21:30:08.0374 0x0d30  FLEXnet Licensing Service - ok
21:30:08.0546 0x0d30  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
21:30:08.0577 0x0d30  flpydisk - ok
21:30:08.0593 0x0d30  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:30:08.0639 0x0d30  FltMgr - ok
21:30:08.0749 0x0d30  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
21:30:08.0827 0x0d30  FontCache - ok
21:30:08.0889 0x0d30  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:30:08.0920 0x0d30  FontCache3.0.0.0 - ok
21:30:08.0920 0x0d30  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:30:08.0936 0x0d30  FsDepends - ok
21:30:08.0967 0x0d30  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:30:08.0967 0x0d30  Fs_Rec - ok
21:30:08.0998 0x0d30  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:30:09.0029 0x0d30  fvevol - ok
21:30:09.0045 0x0d30  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:30:09.0061 0x0d30  gagp30kx - ok
21:30:09.0107 0x0d30  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:30:09.0123 0x0d30  GEARAspiWDM - ok
21:30:09.0201 0x0d30  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:30:09.0310 0x0d30  gpsvc - ok
21:30:09.0341 0x0d30  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:30:09.0404 0x0d30  hcw85cir - ok
21:30:09.0466 0x0d30  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:30:09.0544 0x0d30  HdAudAddService - ok
21:30:09.0575 0x0d30  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:30:09.0622 0x0d30  HDAudBus - ok
21:30:09.0638 0x0d30  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
21:30:09.0685 0x0d30  HidBatt - ok
21:30:09.0700 0x0d30  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:30:09.0763 0x0d30  HidBth - ok
21:30:09.0794 0x0d30  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:30:09.0825 0x0d30  HidIr - ok
21:30:09.0856 0x0d30  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
21:30:09.0934 0x0d30  hidserv - ok
21:30:09.0981 0x0d30  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
21:30:09.0981 0x0d30  HidUsb - ok
21:30:10.0028 0x0d30  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:30:10.0121 0x0d30  hkmsvc - ok
21:30:10.0168 0x0d30  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:30:10.0231 0x0d30  HomeGroupListener - ok
21:30:10.0277 0x0d30  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:30:10.0324 0x0d30  HomeGroupProvider - ok
21:30:10.0371 0x0d30  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:30:10.0387 0x0d30  HpSAMD - ok
21:30:10.0480 0x0d30  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:30:10.0605 0x0d30  HTTP - ok
21:30:10.0636 0x0d30  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:30:10.0636 0x0d30  hwpolicy - ok
21:30:10.0667 0x0d30  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:30:10.0683 0x0d30  i8042prt - ok
21:30:10.0699 0x0d30  [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:30:10.0730 0x0d30  iaStorV - ok
21:30:10.0839 0x0d30  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:30:10.0901 0x0d30  idsvc - ok
21:30:10.0933 0x0d30  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:30:10.0948 0x0d30  iirsp - ok
21:30:11.0042 0x0d30  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
21:30:11.0104 0x0d30  IKEEXT - ok
21:30:11.0229 0x0d30  [ 2CC2F7C5990BB76767038F4B16D17A56, 78D12EFC0AB81B87706D3F7ADFF3FA9C5AD05C7F02169DDBE7E2D2A67B47D9DE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:30:11.0369 0x0d30  IntcAzAudAddService - ok
21:30:11.0401 0x0d30  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:30:11.0416 0x0d30  intelide - ok
21:30:11.0447 0x0d30  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:30:11.0494 0x0d30  intelppm - ok
21:30:11.0541 0x0d30  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:30:11.0650 0x0d30  IPBusEnum - ok
21:30:11.0666 0x0d30  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:30:11.0697 0x0d30  IpFilterDriver - ok
21:30:11.0822 0x0d30  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:30:11.0884 0x0d30  iphlpsvc - ok
21:30:11.0915 0x0d30  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:30:11.0962 0x0d30  IPMIDRV - ok
21:30:12.0025 0x0d30  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:30:12.0118 0x0d30  IPNAT - ok
21:30:12.0212 0x0d30  [ 33B286326BD2B1A7748C43391058FB19, C6240C9ED5B7C227595E953E3D1AB5F2D45CCD86FDBDF985836A970B4B6467FE ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:30:12.0259 0x0d30  iPod Service - ok
21:30:12.0290 0x0d30  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:30:12.0305 0x0d30  IRENUM - ok
21:30:12.0337 0x0d30  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:30:12.0352 0x0d30  isapnp - ok
21:30:12.0368 0x0d30  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:30:12.0383 0x0d30  iScsiPrt - ok
21:30:12.0446 0x0d30  [ E5F9A5AC854529EFBE37E475149615C1, 47BAA2DD75DC048258326E86A046899580263D1802101734DD6646A48EDADFFD ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
21:30:12.0477 0x0d30  JMCR - ok
21:30:12.0508 0x0d30  [ A4F45625CCD360DE35DA5051FDA0B47F, CE30568DAB53D129A4099C4E5EAAE5BFCDBB8DD08166ECA73ED3A9BD0FE6C0EF ] JME             C:\Windows\system32\DRIVERS\JME.sys
21:30:12.0524 0x0d30  JME - ok
21:30:12.0539 0x0d30  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:30:12.0539 0x0d30  kbdclass - ok
21:30:12.0555 0x0d30  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
21:30:12.0586 0x0d30  kbdhid - ok
21:30:12.0617 0x0d30  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\Windows\system32\lsass.exe
21:30:12.0617 0x0d30  KeyIso - ok
21:30:12.0664 0x0d30  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:30:12.0695 0x0d30  KSecDD - ok
21:30:12.0711 0x0d30  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:30:12.0727 0x0d30  KSecPkg - ok
21:30:12.0742 0x0d30  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:30:12.0789 0x0d30  ksthunk - ok
21:30:12.0820 0x0d30  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:30:12.0945 0x0d30  KtmRm - ok
21:30:13.0023 0x0d30  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
21:30:13.0101 0x0d30  LanmanServer - ok
21:30:13.0132 0x0d30  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:30:13.0179 0x0d30  LanmanWorkstation - ok
21:30:13.0226 0x0d30  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:30:13.0304 0x0d30  lltdio - ok
21:30:13.0319 0x0d30  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:30:13.0366 0x0d30  lltdsvc - ok
21:30:13.0382 0x0d30  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:30:13.0413 0x0d30  lmhosts - ok
21:30:13.0491 0x0d30  [ 50C7CE53EF461870410355F1F2E7D515, D6E84C63D74E4603D37FD7CC88BF51DE23CD17DB1D1AD4ADBED62F949F3C470C ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
21:30:13.0538 0x0d30  LMS - ok
21:30:13.0553 0x0d30  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:30:13.0600 0x0d30  LSI_FC - ok
21:30:13.0600 0x0d30  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:30:13.0616 0x0d30  LSI_SAS - ok
21:30:13.0616 0x0d30  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:30:13.0631 0x0d30  LSI_SAS2 - ok
21:30:13.0647 0x0d30  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:30:13.0663 0x0d30  LSI_SCSI - ok
21:30:13.0678 0x0d30  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
21:30:13.0709 0x0d30  luafv - ok
21:30:13.0772 0x0d30  [ 79D51E7F5926E8CE1B3EBECEBAE28CFF, 2722E217AF11F928E58F694E5C1CC5776283A56C54E7F84401FECFBD73E91EBA ] mcdbus          C:\Windows\system32\DRIVERS\mcdbus.sys
21:30:13.0881 0x0d30  mcdbus - ok
21:30:13.0912 0x0d30  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:30:13.0928 0x0d30  Mcx2Svc - ok
21:30:13.0928 0x0d30  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:30:13.0943 0x0d30  megasas - ok
21:30:13.0975 0x0d30  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:30:13.0990 0x0d30  MegaSR - ok
21:30:14.0037 0x0d30  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
21:30:14.0037 0x0d30  MEIx64 - ok
21:30:14.0131 0x0d30  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
21:30:14.0162 0x0d30  Microsoft Office Groove Audit Service - ok
21:30:14.0177 0x0d30  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
21:30:14.0255 0x0d30  MMCSS - ok
21:30:14.0271 0x0d30  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
21:30:14.0302 0x0d30  Modem - ok
21:30:14.0318 0x0d30  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:30:14.0349 0x0d30  monitor - ok
21:30:14.0380 0x0d30  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:30:14.0380 0x0d30  mouclass - ok
21:30:14.0411 0x0d30  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:30:14.0443 0x0d30  mouhid - ok
21:30:14.0458 0x0d30  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:30:14.0474 0x0d30  mountmgr - ok
21:30:14.0552 0x0d30  [ 5E0686615A80A6279B2314E13CD23F6E, 659931AB2DD395FAA2E5036D02BC6AAE8A7E4C9FF1A902B1FF9C15E878C89E77 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:30:14.0583 0x0d30  MozillaMaintenance - ok
21:30:14.0661 0x0d30  [ C6B88D62F20AC646C6BD5C032EC2FAF9, 111A07939F3C5A46F0C51B9D6F5C1D8478099E32EFD88BC260467109ADD975F8 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
21:30:14.0708 0x0d30  MpFilter - ok
21:30:14.0739 0x0d30  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:30:14.0770 0x0d30  mpio - ok
21:30:14.0770 0x0d30  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:30:14.0801 0x0d30  mpsdrv - ok
21:30:14.0848 0x0d30  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:30:14.0926 0x0d30  MpsSvc - ok
21:30:14.0957 0x0d30  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:30:14.0989 0x0d30  MRxDAV - ok
21:30:15.0020 0x0d30  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:30:15.0113 0x0d30  mrxsmb - ok
21:30:15.0145 0x0d30  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:30:15.0176 0x0d30  mrxsmb10 - ok
21:30:15.0191 0x0d30  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:30:15.0207 0x0d30  mrxsmb20 - ok
21:30:15.0238 0x0d30  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:30:15.0269 0x0d30  msahci - ok
21:30:15.0301 0x0d30  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:30:15.0332 0x0d30  msdsm - ok
21:30:15.0347 0x0d30  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
21:30:15.0394 0x0d30  MSDTC - ok
21:30:15.0425 0x0d30  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:30:15.0457 0x0d30  Msfs - ok
21:30:15.0472 0x0d30  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:30:15.0519 0x0d30  mshidkmdf - ok
21:30:15.0519 0x0d30  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:30:15.0519 0x0d30  msisadrv - ok
21:30:15.0566 0x0d30  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:30:15.0613 0x0d30  MSiSCSI - ok
21:30:15.0613 0x0d30  msiserver - ok
21:30:15.0644 0x0d30  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:30:15.0706 0x0d30  MSKSSRV - ok
21:30:15.0800 0x0d30  [ 7675E15D1B2180745E4DA4D26AAD7385, 729AA6C610F67028CFFFF64B772FFA1CAE7581D37F8909BDA423D52AF85C92C8 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:30:15.0831 0x0d30  MsMpSvc - ok
21:30:15.0847 0x0d30  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:30:15.0878 0x0d30  MSPCLOCK - ok
21:30:15.0893 0x0d30  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:30:15.0940 0x0d30  MSPQM - ok
21:30:15.0971 0x0d30  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:30:15.0987 0x0d30  MsRPC - ok
21:30:16.0003 0x0d30  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:30:16.0003 0x0d30  mssmbios - ok
21:30:16.0018 0x0d30  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:30:16.0096 0x0d30  MSTEE - ok
21:30:16.0127 0x0d30  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:30:16.0127 0x0d30  MTConfig - ok
21:30:16.0159 0x0d30  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
21:30:16.0174 0x0d30  Mup - ok
21:30:16.0221 0x0d30  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
21:30:16.0299 0x0d30  napagent - ok
21:30:16.0361 0x0d30  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:30:16.0471 0x0d30  NativeWifiP - ok
21:30:16.0533 0x0d30  [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:30:16.0595 0x0d30  NDIS - ok
21:30:16.0611 0x0d30  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:30:16.0642 0x0d30  NdisCap - ok
21:30:16.0673 0x0d30  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:30:16.0705 0x0d30  NdisTapi - ok
21:30:16.0720 0x0d30  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:30:16.0783 0x0d30  Ndisuio - ok
21:30:16.0814 0x0d30  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:30:16.0861 0x0d30  NdisWan - ok
21:30:16.0876 0x0d30  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:30:16.0907 0x0d30  NDProxy - ok
21:30:16.0954 0x0d30  [ B6CBA9A0403E2C1A9EA03C33A4932E89, E4A8E9EE0FA5BFD2E83D5796A285D4D6BF12C0A263F27EE2948BC7F1A740C41B ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:30:17.0017 0x0d30  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
21:30:19.0918 0x0d30  Detect skipped due to KSN trusted
21:30:19.0918 0x0d30  Net Driver HPZ12 - ok
21:30:19.0949 0x0d30  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:30:20.0043 0x0d30  NetBIOS - ok
21:30:20.0059 0x0d30  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:30:20.0090 0x0d30  NetBT - ok
21:30:20.0105 0x0d30  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\Windows\system32\lsass.exe
21:30:20.0121 0x0d30  Netlogon - ok
21:30:20.0168 0x0d30  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
21:30:20.0230 0x0d30  Netman - ok
21:30:20.0277 0x0d30  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:30:20.0339 0x0d30  NetMsmqActivator - ok
21:30:20.0371 0x0d30  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:30:20.0386 0x0d30  NetPipeActivator - ok
21:30:20.0417 0x0d30  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
21:30:20.0480 0x0d30  netprofm - ok
21:30:20.0495 0x0d30  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:30:20.0511 0x0d30  NetTcpActivator - ok
21:30:20.0511 0x0d30  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:30:20.0527 0x0d30  NetTcpPortSharing - ok
21:30:20.0542 0x0d30  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:30:20.0573 0x0d30  nfrd960 - ok
21:30:20.0636 0x0d30  [ ACE8C64C57E4A711473C8BC10ADF692B, 53D8083CE78DB5527080B4570AC28ABAA262667744A319707AE0C46E46B297F9 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:30:20.0667 0x0d30  NisDrv - ok
21:30:20.0761 0x0d30  [ 6247E8B31ED0A9D6BC5A26276E49BEB3, 230C0C560492C454B9EB14B50EB4A78DC74FAB6B662449A0EA3114B3E671BFF3 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
21:30:20.0807 0x0d30  NisSrv - ok
21:30:20.0839 0x0d30  [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:30:20.0901 0x0d30  NlaSvc - ok
21:30:20.0917 0x0d30  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:30:20.0948 0x0d30  Npfs - ok
21:30:20.0963 0x0d30  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
21:30:21.0010 0x0d30  nsi - ok
21:30:21.0041 0x0d30  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:30:21.0057 0x0d30  nsiproxy - ok
21:30:21.0291 0x0d30  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:30:21.0353 0x0d30  Ntfs - ok
21:30:21.0369 0x0d30  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
21:30:21.0400 0x0d30  Null - ok
21:30:21.0431 0x0d30  [ A7127E86F9FFE2A53E271B56B2C4CEDF, 9C8D60290B66976BBC6E6FE0C2B8EBBCF65B019C95116565CA75098E9F66C05D ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
21:30:21.0447 0x0d30  nusb3hub - ok
21:30:21.0478 0x0d30  [ 49BBEC6F48D5F9284B03ABF3A959B19B, 688AFDFA9E2F0AB3BDE22EC55C70FD592AA0236557DA9310E1557C083307CEC5 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:30:21.0525 0x0d30  nusb3xhc - ok
21:30:21.0572 0x0d30  [ F2662FDC20518EE8A8EED4F61BA42349, 4E8810345AA7D878DC21AE0A2E6ED201FC90EE112D6D13961A8D697A98716B3F ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
21:30:21.0603 0x0d30  NVHDA - ok
21:30:22.0835 0x0d30  [ DC7A50D81301092642F5EABA701198B7, 5D29302F1CF165176E1D54057A6E334214D04B2A59F61CD0FE0B133E1DB18DCB ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:30:23.0116 0x0d30  nvlddmkm - ok
21:30:23.0147 0x0d30  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:30:23.0163 0x0d30  nvraid - ok
21:30:23.0179 0x0d30  [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:30:23.0194 0x0d30  nvstor - ok
21:30:23.0257 0x0d30  [ 418BA372DD07601A9F238BE8B85AE412, 106FFD804FB2742DA74B1B8EE56015556A22722A835CE85C283F32DB41A2B689 ] NVSvc           C:\Windows\system32\nvvsvc.exe
21:30:23.0303 0x0d30  NVSvc - ok
21:30:23.0319 0x0d30  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:30:23.0335 0x0d30  nv_agp - ok
21:30:23.0506 0x0d30  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:30:23.0553 0x0d30  odserv - ok
21:30:23.0584 0x0d30  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:30:23.0600 0x0d30  ohci1394 - ok
21:30:23.0631 0x0d30  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:30:23.0678 0x0d30  ose - ok
21:30:23.0709 0x0d30  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:30:23.0740 0x0d30  p2pimsvc - ok
21:30:23.0771 0x0d30  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
21:30:23.0803 0x0d30  p2psvc - ok
21:30:23.0818 0x0d30  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
21:30:23.0834 0x0d30  Parport - ok
21:30:23.0865 0x0d30  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:30:23.0896 0x0d30  partmgr - ok
21:30:23.0927 0x0d30  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:30:23.0959 0x0d30  PcaSvc - ok
21:30:23.0990 0x0d30  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
21:30:24.0005 0x0d30  pci - ok
21:30:24.0037 0x0d30  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
21:30:24.0052 0x0d30  pciide - ok
21:30:24.0068 0x0d30  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:30:24.0099 0x0d30  pcmcia - ok
21:30:24.0115 0x0d30  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:30:24.0115 0x0d30  pcw - ok
21:30:24.0208 0x0d30  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:30:24.0286 0x0d30  PEAUTH - ok
21:30:24.0395 0x0d30  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:30:24.0442 0x0d30  PerfHost - ok
21:30:24.0567 0x0d30  [ BD24E98E6546ADF6A31A41485483EB6C, 5D2684CDE93019DADF208D16AB56E19A5442A0445E433B195E8E9B4ED30EBA56 ] Pharos Systems ComTaskMaster C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
21:30:24.0661 0x0d30  Pharos Systems ComTaskMaster - detected UnsignedFile.Multi.Generic ( 1 )
21:30:27.0625 0x0d30  Detect skipped due to KSN trusted
21:30:27.0625 0x0d30  Pharos Systems ComTaskMaster - ok
21:30:27.0859 0x0d30  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
21:30:27.0983 0x0d30  pla - ok
21:30:28.0046 0x0d30  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:30:28.0124 0x0d30  PlugPlay - ok
21:30:28.0186 0x0d30  [ 35CCB20B0D730B7764D049463E4B2AC5, 43AF12A695523A67CDB94011EA72E136A5E10C77C0F772DEFF0430019A1C60CB ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:30:28.0249 0x0d30  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
21:30:30.0994 0x0d30  Detect skipped due to KSN trusted
21:30:30.0994 0x0d30  Pml Driver HPZ12 - ok
21:30:31.0119 0x0d30  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:30:31.0166 0x0d30  PNRPAutoReg - ok
21:30:31.0213 0x0d30  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:30:31.0228 0x0d30  PNRPsvc - ok
21:30:31.0322 0x0d30  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:30:31.0415 0x0d30  PolicyAgent - ok
21:30:31.0447 0x0d30  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
21:30:31.0509 0x0d30  Power - ok
21:30:31.0556 0x0d30  [ CB20BF725AB8A5782EB239E98110618F, 7C87A54BABE8031F13E091E250E47078F237F2B011848A5BAE77950F01AA0867 ] PowerBiosServer C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
21:30:31.0618 0x0d30  PowerBiosServer - detected UnsignedFile.Multi.Generic ( 1 )
21:30:34.0582 0x0d30  Detect skipped due to KSN trusted
21:30:34.0582 0x0d30  PowerBiosServer - ok
21:30:34.0676 0x0d30  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:30:34.0738 0x0d30  PptpMiniport - ok
21:30:34.0769 0x0d30  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
21:30:34.0816 0x0d30  Processor - ok
21:30:34.0847 0x0d30  [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc         C:\Windows\system32\profsvc.dll
21:30:34.0925 0x0d30  ProfSvc - ok
21:30:34.0941 0x0d30  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
21:30:34.0957 0x0d30  ProtectedStorage - ok
21:30:34.0972 0x0d30  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:30:35.0003 0x0d30  Psched - ok
21:30:35.0097 0x0d30  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:30:35.0159 0x0d30  ql2300 - ok
21:30:35.0191 0x0d30  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:30:35.0191 0x0d30  ql40xx - ok
21:30:35.0222 0x0d30  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
21:30:35.0237 0x0d30  QWAVE - ok
21:30:35.0253 0x0d30  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:30:35.0269 0x0d30  QWAVEdrv - ok
21:30:35.0284 0x0d30  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:30:35.0300 0x0d30  RasAcd - ok
21:30:35.0331 0x0d30  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:30:35.0362 0x0d30  RasAgileVpn - ok
21:30:35.0378 0x0d30  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
21:30:35.0440 0x0d30  RasAuto - ok
21:30:35.0471 0x0d30  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:30:35.0518 0x0d30  Rasl2tp - ok
21:30:35.0549 0x0d30  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
21:30:35.0596 0x0d30  RasMan - ok
21:30:35.0596 0x0d30  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:30:35.0659 0x0d30  RasPppoe - ok
21:30:35.0674 0x0d30  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:30:35.0721 0x0d30  RasSstp - ok
21:30:35.0783 0x0d30  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:30:35.0908 0x0d30  rdbss - ok
21:30:35.0924 0x0d30  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
21:30:35.0939 0x0d30  rdpbus - ok
21:30:35.0971 0x0d30  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:30:36.0049 0x0d30  RDPCDD - ok
21:30:36.0064 0x0d30  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:30:36.0127 0x0d30  RDPENCDD - ok
21:30:36.0158 0x0d30  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:30:36.0173 0x0d30  RDPREFMP - ok
21:30:36.0236 0x0d30  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:30:36.0283 0x0d30  RDPWD - ok
21:30:36.0298 0x0d30  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:30:36.0314 0x0d30  rdyboost - ok
21:30:36.0329 0x0d30  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:30:36.0376 0x0d30  RemoteAccess - ok
21:30:36.0423 0x0d30  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:30:36.0470 0x0d30  RemoteRegistry - ok
21:30:36.0548 0x0d30  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
21:30:36.0595 0x0d30  RFCOMM - ok
21:30:36.0626 0x0d30  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:30:36.0673 0x0d30  RpcEptMapper - ok
21:30:36.0704 0x0d30  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
21:30:36.0704 0x0d30  RpcLocator - ok
21:30:36.0766 0x0d30  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
21:30:36.0797 0x0d30  RpcSs - ok
21:30:36.0829 0x0d30  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:30:36.0891 0x0d30  rspndr - ok
21:30:37.0000 0x0d30  [ 09A8BA290DB61D2D5C419A06A2E54D20, CE2C7FD288055526F708E751E9A837B04CE6213DD2294C4D9D535A2A8A94639A ] RTL8192Ce       C:\Windows\system32\DRIVERS\rtl8192Ce.sys
21:30:37.0047 0x0d30  RTL8192Ce - ok
21:30:37.0063 0x0d30  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\Windows\system32\lsass.exe
21:30:37.0063 0x0d30  SamSs - ok
21:30:37.0094 0x0d30  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:30:37.0109 0x0d30  sbp2port - ok
21:30:37.0125 0x0d30  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:30:37.0172 0x0d30  SCardSvr - ok
21:30:37.0172 0x0d30  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:30:37.0234 0x0d30  scfilter - ok
21:30:37.0375 0x0d30  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
21:30:37.0468 0x0d30  Schedule - ok
21:30:37.0499 0x0d30  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:30:37.0531 0x0d30  SCPolicySvc - ok
21:30:37.0577 0x0d30  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
21:30:37.0640 0x0d30  sdbus - ok
21:30:37.0671 0x0d30  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:30:37.0702 0x0d30  SDRSVC - ok
21:30:37.0733 0x0d30  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:30:37.0796 0x0d30  secdrv - ok
21:30:37.0827 0x0d30  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
21:30:37.0858 0x0d30  seclogon - ok
21:30:37.0874 0x0d30  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
21:30:37.0921 0x0d30  SENS - ok
21:30:37.0952 0x0d30  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:30:37.0999 0x0d30  SensrSvc - ok
21:30:38.0014 0x0d30  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
21:30:38.0045 0x0d30  Serenum - ok
21:30:38.0092 0x0d30  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
21:30:38.0123 0x0d30  Serial - ok
21:30:38.0170 0x0d30  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:30:38.0201 0x0d30  sermouse - ok
21:30:38.0233 0x0d30  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
21:30:38.0279 0x0d30  SessionEnv - ok
21:30:38.0311 0x0d30  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:30:38.0311 0x0d30  sffdisk - ok
21:30:38.0342 0x0d30  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:30:38.0342 0x0d30  sffp_mmc - ok
21:30:38.0373 0x0d30  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:30:38.0420 0x0d30  sffp_sd - ok
21:30:38.0435 0x0d30  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:30:38.0451 0x0d30  sfloppy - ok
21:30:38.0482 0x0d30  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:30:38.0545 0x0d30  SharedAccess - ok
21:30:38.0576 0x0d30  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:30:38.0623 0x0d30  ShellHWDetection - ok
21:30:38.0654 0x0d30  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:30:38.0669 0x0d30  SiSRaid2 - ok
21:30:38.0685 0x0d30  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:30:38.0685 0x0d30  SiSRaid4 - ok
21:30:38.0716 0x0d30  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:30:38.0763 0x0d30  Smb - ok
21:30:38.0794 0x0d30  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:30:38.0825 0x0d30  SNMPTRAP - ok
21:30:38.0841 0x0d30  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:30:38.0841 0x0d30  spldr - ok
21:30:38.0935 0x0d30  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
21:30:38.0997 0x0d30  Spooler - ok
21:30:39.0137 0x0d30  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
21:30:39.0356 0x0d30  sppsvc - ok
21:30:39.0387 0x0d30  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:30:39.0434 0x0d30  sppuinotify - ok
21:30:39.0465 0x0d30  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:30:39.0559 0x0d30  srv - ok
21:30:39.0590 0x0d30  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:30:39.0652 0x0d30  srv2 - ok
21:30:39.0683 0x0d30  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:30:39.0699 0x0d30  srvnet - ok
21:30:39.0730 0x0d30  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:30:39.0777 0x0d30  SSDPSRV - ok
21:30:39.0808 0x0d30  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:30:39.0871 0x0d30  SstpSvc - ok
21:30:39.0964 0x0d30  [ 7DE35FB26617D9AEF44CEFE9FAC5C51A, ADAFD4690D61070DEEC7D04CBE565C73EF92A17F9C16B7FDD1375D38CD54395A ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
21:30:39.0995 0x0d30  Steam Client Service - ok
21:30:40.0105 0x0d30  [ B6D30B1AD7F3BF6DD121793DFDFF2C6F, 5B750B517B87A26B7A241D6B1D445DAE718C6D4F7F6B4B7A94BA40A4034D0E88 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:30:40.0167 0x0d30  Stereo Service - ok
21:30:40.0214 0x0d30  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:30:40.0245 0x0d30  stexstor - ok
21:30:40.0323 0x0d30  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
21:30:40.0354 0x0d30  stisvc - ok
21:30:40.0370 0x0d30  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:30:40.0370 0x0d30  swenum - ok
21:30:40.0495 0x0d30  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
21:30:40.0573 0x0d30  swprv - ok
21:30:40.0573 0x0d30  sxuptp - ok
21:30:40.0697 0x0d30  [ F4DB1D9E6A42D491F0F8E21854301C0B, 7B038121D85D7C147C2FA8D5D34BF44B8792E7CD6E468C9884A109A0B6C9E84A ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
21:30:40.0729 0x0d30  SynTP - ok
21:30:40.0916 0x0d30  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
21:30:41.0025 0x0d30  SysMain - ok
21:30:41.0041 0x0d30  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:30:41.0056 0x0d30  TabletInputService - ok
21:30:41.0087 0x0d30  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:30:41.0150 0x0d30  TapiSrv - ok
21:30:41.0181 0x0d30  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
21:30:41.0212 0x0d30  TBS - ok
21:30:41.0337 0x0d30  [ DB74544B75566C974815E79A62433F29, 035EBF70FDA28CF2B6C1FD7EE0ED703DB4B647064B5DBA6E258878A19B1BCCA4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:30:41.0446 0x0d30  Tcpip - ok
21:30:41.0555 0x0d30  [ DB74544B75566C974815E79A62433F29, 035EBF70FDA28CF2B6C1FD7EE0ED703DB4B647064B5DBA6E258878A19B1BCCA4 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:30:41.0602 0x0d30  TCPIP6 - ok
21:30:41.0649 0x0d30  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:30:41.0727 0x0d30  tcpipreg - ok
21:30:41.0743 0x0d30  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:30:41.0774 0x0d30  TDPIPE - ok
21:30:41.0789 0x0d30  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:30:41.0821 0x0d30  TDTCP - ok
21:30:41.0852 0x0d30  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:30:41.0899 0x0d30  tdx - ok
21:30:41.0914 0x0d30  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:30:41.0930 0x0d30  TermDD - ok
21:30:41.0961 0x0d30  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
21:30:42.0039 0x0d30  TermService - ok
21:30:42.0055 0x0d30  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
21:30:42.0070 0x0d30  Themes - ok
21:30:42.0101 0x0d30  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
21:30:42.0117 0x0d30  THREADORDER - ok
21:30:42.0164 0x0d30  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
21:30:42.0273 0x0d30  TrkWks - ok
21:30:42.0320 0x0d30  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:30:42.0398 0x0d30  TrustedInstaller - ok
21:30:42.0460 0x0d30  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:30:42.0507 0x0d30  tssecsrv - ok
21:30:42.0616 0x0d30  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:30:42.0647 0x0d30  TsUsbFlt - ok
21:30:42.0725 0x0d30  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
21:30:42.0772 0x0d30  TsUsbGD - ok
21:30:42.0850 0x0d30  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:30:42.0944 0x0d30  tunnel - ok
21:30:42.0991 0x0d30  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:30:43.0022 0x0d30  uagp35 - ok
21:30:43.0084 0x0d30  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:30:43.0209 0x0d30  udfs - ok
21:30:43.0396 0x0d30  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:30:43.0459 0x0d30  UI0Detect - ok
21:30:43.0552 0x0d30  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:30:43.0583 0x0d30  uliagpkx - ok
21:30:43.0615 0x0d30  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:30:43.0677 0x0d30  umbus - ok
21:30:43.0708 0x0d30  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
21:30:43.0786 0x0d30  UmPass - ok
21:30:44.0317 0x0d30  [ 374EBDA379A8F38E0CFC2211611E7167, 0D6C3002B28E27C052227488CEE69FA99399421FF777EB48031E6080A759F532 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
21:30:44.0457 0x0d30  UNS - ok
21:30:44.0613 0x0d30  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
21:30:44.0707 0x0d30  upnphost - ok
21:30:44.0831 0x0d30  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
21:30:44.0863 0x0d30  USBAAPL64 - ok
21:30:44.0909 0x0d30  [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829, 5D6E404FE0AB875202CA1A3E8E9D2F4368DF6ACCFA1C872ECFAF8399CBA3A485 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:30:44.0941 0x0d30  usbccgp - ok
21:30:45.0034 0x0d30  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:30:45.0128 0x0d30  usbcir - ok
21:30:45.0143 0x0d30  [ 74EE782B1D9C241EFE425565854C661C, E8258EA65B0FCAD4E077B176E9D9324646B652D6E651241E397346A39770D065 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:30:45.0190 0x0d30  usbehci - ok
21:30:45.0253 0x0d30  [ DC96BD9CCB8403251BCF25047573558E, 66EBF8A6B3BC0634F32DDCC8BA31F1EB5987E8C6853E1DC26005E3EED0945565 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:30:45.0284 0x0d30  usbhub - ok
21:30:45.0315 0x0d30  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:30:45.0331 0x0d30  usbohci - ok
21:30:45.0377 0x0d30  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:30:45.0424 0x0d30  usbprint - ok
21:30:45.0455 0x0d30  [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:30:45.0487 0x0d30  USBSTOR - ok
21:30:45.0518 0x0d30  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:30:45.0549 0x0d30  usbuhci - ok
21:30:45.0611 0x0d30  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
21:30:45.0643 0x0d30  usbvideo - ok
21:30:45.0689 0x0d30  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
21:30:45.0783 0x0d30  UxSms - ok
21:30:45.0799 0x0d30  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\Windows\system32\lsass.exe
21:30:45.0799 0x0d30  VaultSvc - ok
21:30:45.0830 0x0d30  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:30:45.0830 0x0d30  vdrvroot - ok
21:30:45.0861 0x0d30  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
21:30:45.0939 0x0d30  vds - ok
21:30:45.0955 0x0d30  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:30:45.0970 0x0d30  vga - ok
21:30:45.0986 0x0d30  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:30:46.0033 0x0d30  VgaSave - ok
21:30:46.0048 0x0d30  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:30:46.0079 0x0d30  vhdmp - ok
21:30:46.0095 0x0d30  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:30:46.0095 0x0d30  viaide - ok
21:30:46.0126 0x0d30  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:30:46.0126 0x0d30  volmgr - ok
21:30:46.0157 0x0d30  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:30:46.0173 0x0d30  volmgrx - ok
21:30:46.0189 0x0d30  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:30:46.0220 0x0d30  volsnap - ok
21:30:46.0251 0x0d30  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:30:46.0267 0x0d30  vsmraid - ok
21:30:46.0329 0x0d30  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
21:30:46.0423 0x0d30  VSS - ok
21:30:46.0438 0x0d30  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:30:46.0485 0x0d30  vwifibus - ok
21:30:46.0516 0x0d30  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:30:46.0563 0x0d30  vwififlt - ok
21:30:46.0594 0x0d30  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
21:30:46.0657 0x0d30  W32Time - ok
21:30:46.0657 0x0d30  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:30:46.0703 0x0d30  WacomPen - ok
21:30:46.0735 0x0d30  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:30:46.0813 0x0d30  WANARP - ok
21:30:46.0813 0x0d30  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:30:46.0844 0x0d30  Wanarpv6 - ok
21:30:46.0984 0x0d30  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
21:30:47.0047 0x0d30  WatAdminSvc - ok
21:30:47.0156 0x0d30  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
21:30:47.0265 0x0d30  wbengine - ok
21:30:47.0296 0x0d30  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:30:47.0312 0x0d30  WbioSrvc - ok
21:30:47.0343 0x0d30  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:30:47.0374 0x0d30  wcncsvc - ok
21:30:47.0405 0x0d30  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:30:47.0421 0x0d30  WcsPlugInService - ok
21:30:47.0452 0x0d30  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
21:30:47.0452 0x0d30  Wd - ok
21:30:47.0530 0x0d30  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:30:47.0593 0x0d30  Wdf01000 - ok
21:30:47.0608 0x0d30  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:30:47.0639 0x0d30  WdiServiceHost - ok
21:30:47.0655 0x0d30  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:30:47.0671 0x0d30  WdiSystemHost - ok
21:30:47.0702 0x0d30  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll
21:30:47.0733 0x0d30  WebClient - ok
21:30:47.0749 0x0d30  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:30:47.0873 0x0d30  Wecsvc - ok
21:30:47.0889 0x0d30  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:30:47.0920 0x0d30  wercplsupport - ok
21:30:47.0936 0x0d30  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:30:47.0998 0x0d30  WerSvc - ok
21:30:48.0029 0x0d30  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:30:48.0092 0x0d30  WfpLwf - ok
21:30:48.0107 0x0d30  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:30:48.0107 0x0d30  WIMMount - ok
21:30:48.0123 0x0d30  WinDefend - ok
21:30:48.0139 0x0d30  WinHttpAutoProxySvc - ok
21:30:48.0201 0x0d30  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:30:48.0248 0x0d30  Winmgmt - ok
21:30:48.0357 0x0d30  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
21:30:48.0544 0x0d30  WinRM - ok
21:30:48.0607 0x0d30  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:30:48.0638 0x0d30  WinUsb - ok
21:30:48.0700 0x0d30  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:30:48.0763 0x0d30  Wlansvc - ok
21:30:48.0794 0x0d30  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
21:30:48.0856 0x0d30  WmiAcpi - ok
21:30:48.0887 0x0d30  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:30:48.0934 0x0d30  wmiApSrv - ok
21:30:48.0965 0x0d30  WMPNetworkSvc - ok
21:30:48.0981 0x0d30  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:30:48.0997 0x0d30  WPCSvc - ok
21:30:48.0997 0x0d30  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:30:49.0043 0x0d30  WPDBusEnum - ok
21:30:49.0059 0x0d30  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:30:49.0090 0x0d30  ws2ifsl - ok
21:30:49.0106 0x0d30  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
21:30:49.0153 0x0d30  wscsvc - ok
21:30:49.0153 0x0d30  WSearch - ok
21:30:49.0293 0x0d30  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:30:49.0433 0x0d30  wuauserv - ok
21:30:49.0449 0x0d30  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:30:49.0496 0x0d30  WudfPf - ok
21:30:49.0543 0x0d30  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:30:49.0621 0x0d30  WUDFRd - ok
21:30:49.0667 0x0d30  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:30:49.0699 0x0d30  wudfsvc - ok
21:30:49.0714 0x0d30  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:30:49.0745 0x0d30  WwanSvc - ok
21:30:49.0761 0x0d30  ================ Scan global ===============================
21:30:49.0792 0x0d30  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
21:30:49.0870 0x0d30  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
21:30:49.0901 0x0d30  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
21:30:49.0948 0x0d30  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
21:30:49.0995 0x0d30  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
21:30:50.0026 0x0d30  [ Global ] - ok
21:30:50.0026 0x0d30  ================ Scan MBR ==================================
21:30:50.0042 0x0d30  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:30:54.0145 0x0d30  \Device\Harddisk0\DR0 - ok
21:30:54.0145 0x0d30  ================ Scan VBR ==================================
21:30:54.0176 0x0d30  [ 3FE2D736E2B70F4221AACC984984C498 ] \Device\Harddisk0\DR0\Partition1
21:30:54.0176 0x0d30  \Device\Harddisk0\DR0\Partition1 - ok
21:30:54.0223 0x0d30  [ 7CF90BD4D185A11A27E3B0007907383A ] \Device\Harddisk0\DR0\Partition2
21:30:54.0223 0x0d30  \Device\Harddisk0\DR0\Partition2 - ok
21:30:54.0223 0x0d30  ================ Scan active images ========================
21:30:54.0223 0x0d30  Waiting for KSN requests completion. In queue: 154
21:30:55.0237 0x0d30  Waiting for KSN requests completion. In queue: 154
21:30:56.0251 0x0d30  Waiting for KSN requests completion. In queue: 154
21:30:57.0265 0x0d30  Waiting for KSN requests completion. In queue: 154
21:30:58.0279 0x0d30  Waiting for KSN requests completion. In queue: 154
21:30:59.0293 0x0d30  Waiting for KSN requests completion. In queue: 154
21:31:00.0307 0x0d30  Waiting for KSN requests completion. In queue: 154
21:31:01.0336 0x0d30  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x61000 ( enabled : updated )
21:31:01.0633 0x0d30  Win FW state via NFP2: enabled
21:31:04.0472 0x0d30  ============================================================
21:31:04.0472 0x0d30  Scan finished
21:31:04.0472 0x0d30  ============================================================
21:31:04.0487 0x0d28  Detected object count: 0
21:31:04.0487 0x0d28  Actual detected object count: 0
21:31:17.0248 0x0850  Deinitialize success
 

 

Thank you for working with me through these problems.

 

Best,

WOP






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users