Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue.Agent Gen-Nullo - Have I missed anything?


  • This topic is locked This topic is locked
2 replies to this topic

#1 MoonDarter

MoonDarter

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 23 December 2013 - 12:12 AM

I was having problem with PC freezes, mainly in my browsers but also using (file) Explorer in Win7. I decided to run SAS to see what it could find. Aside from a gazillion tracking cookies, it found Rogue.Agent Gen-Nullo.

 

I followed removal instructions from an earlier post on this site. Subsequent checks with SAS, Malwarebytes and NOD32 found no traces of the malware files, and so far I've not had any problems. But I do wonder if there is more to do to really finish the job. So I'm posting my MiniToolBox and TDSSKiller logs in the hope that someone with far more expertise than me will look at them and tell me if there are files I should consider removing.

 

Please note that if there is anything in the Windows.old folder in the logs, they are gone now as I have already deleted the folder. (I upgraded to Win7 from Vista and then forgot Windows.old was there.)

 

So, on with it....

 

--------------------------------------------------------------------------------------------------------

 

MiniToolBox Log

 

MiniToolBox by Farbar  Version: 18-12-2013
Ran by Mark (administrator) on 22-12-2013 at 15:44:08
Running from "C:\Users\Mark\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Maingear
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : wowway.com

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : wowway.com
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 00-24-8C-03-8D-09
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e9c6:d7da:2357:10e3%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, December 22, 2013 3:03:30 PM
   Lease Expires . . . . . . . . . . : Monday, December 23, 2013 3:03:29 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 234890380
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-9A-7E-85-00-24-8C-03-8D-09
   DNS Servers . . . . . . . . . . . : 64.233.217.2
                                       64.233.217.3
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.wowway.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : wowway.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:2cb9:236a:e73f:8da(Preferred)
   Link-local IPv6 Address . . . . . : fe80::2cb9:236a:e73f:8da%11(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  try11-dns1.try.wideopenwest.com
Address:  64.233.217.2

Name:    google.com
Addresses:  2607:f8b0:4006:801::1003
   74.125.226.230
   74.125.226.233
   74.125.226.231
   74.125.226.227
   74.125.226.232
   74.125.226.229
   74.125.226.228
   74.125.226.224
   74.125.226.225
   74.125.226.226
   74.125.226.238

Pinging google.com [74.125.226.232] with 32 bytes of data:
Reply from 74.125.226.232: bytes=32 time=26ms TTL=57
Reply from 74.125.226.232: bytes=32 time=26ms TTL=57

Ping statistics for 74.125.226.232:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 26ms, Maximum = 26ms, Average = 26ms
Server:  try11-dns1.try.wideopenwest.com
Address:  64.233.217.2

Name:    yahoo.com
Addresses:  98.139.183.24
   206.190.36.45
   98.138.253.109

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=117ms TTL=49
Reply from 206.190.36.45: bytes=32 time=160ms TTL=49

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 117ms, Maximum = 160ms, Average = 138ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...00 24 8c 03 8d 09 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.100     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.100    266
    192.168.1.100  255.255.255.255         On-link     192.168.1.100    266
    192.168.1.255  255.255.255.255         On-link     192.168.1.100    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.100    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.100    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 11     58 2001::/32                On-link
 11    306 2001:0:5ef5:79fb:2cb9:236a:e73f:8da/128
                                    On-link
 10    266 fe80::/64                On-link
 11    306 fe80::/64                On-link
 11    306 fe80::2cb9:236a:e73f:8da/128
                                    On-link
 10    266 fe80::e9c6:d7da:2357:10e3/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    306 ff00::/8                 On-link
 10    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/22/2013 03:41:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000005650fd8
Faulting process id: 0x640
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (12/14/2013 00:00:44 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (12/14/2013 00:00:43 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (12/12/2013 06:01:43 PM) (Source: TabletServiceWacom) (User: )
Description: Could not init tablet driver

Error: (12/12/2013 06:01:23 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (12/12/2013 06:01:23 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (12/08/2013 09:45:51 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.   0xc0041801 (0xc0041801)

Error: (12/08/2013 09:45:51 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=2350}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
 The content index catalog is corrupt.   0xc0041801 (0xc0041801)

Error: (12/08/2013 09:38:38 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Illegal operation attempted on a registry key that has been marked for deletion.

Error: (12/07/2013 06:03:53 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.   0xc0041801 (0xc0041801)

System errors:
=============
Error: (12/22/2013 03:04:54 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/22/2013 00:59:01 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (12/22/2013 00:41:59 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/21/2013 10:04:44 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/21/2013 10:03:28 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:01:15 PM on ?12/?21/?2013 was unexpected.

Error: (12/21/2013 01:18:18 PM) (Source: nvlddmkm) (User: )
Description: \Device\Video5!051d(1a78)

Error: (12/21/2013 08:07:42 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/20/2013 10:18:38 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1053

Error: (12/20/2013 10:18:38 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

Error: (12/20/2013 10:18:08 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1053

Microsoft Office Sessions:
=========================
Error: (12/22/2013 03:41:30 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c00000050000000005650fd864001ceff511b958cecC:\Windows\Explorer.EXEunknown6f19913e-6b49-11e3-b657-00248c038d09

Error: (12/14/2013 00:00:44 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (12/14/2013 00:00:43 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (12/12/2013 06:01:43 PM) (Source: TabletServiceWacom)(User: )
Description: Could not init tablet driver

Error: (12/12/2013 06:01:23 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (12/12/2013 06:01:23 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (12/08/2013 09:45:51 PM) (Source: Windows Search Service)(User: )
Description:
Details:
 The content index catalog is corrupt.   0xc0041801 (0xc0041801)
The catalog is corrupt

Error: (12/08/2013 09:45:51 PM) (Source: Windows Search Service)(User: )
Description:
Details:
 The content index catalog is corrupt.   0xc0041801 (0xc0041801)
2350

Error: (12/08/2013 09:38:38 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Illegal operation attempted on a registry key that has been marked for deletion.

Error: (12/07/2013 06:03:53 PM) (Source: Windows Search Service)(User: )
Description:
Details:
 The content index catalog is corrupt.   0xc0041801 (0xc0041801)
The catalog is corrupt

CodeIntegrity Errors:
===================================
  Date: 2013-12-07 13:47:30.925
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-07 13:47:30.675
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-07 13:47:30.426
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-07 13:46:46.074
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_56eb524ed945a70c\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-07 13:46:45.821
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_56eb524ed945a70c\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-07 13:46:45.570
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_56eb524ed945a70c\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-07 13:46:45.228
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-07 13:46:44.978
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-07 13:46:44.728
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-07 13:42:53.759
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\Backup\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_56eb524ed945a70c_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

Adobe Acrobat XI Pro (Version: 11.0)
Adobe Acrobat XI Pro (Version: 11.0.05)
Adobe AIR (Version: 3.9.0.1210)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe Community Help (Version: 3.5.23)
Adobe Creative Cloud (Version: 2.3.0.322)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CC (Version: 14.0)
Adobe Photoshop CS6 (Version: 13.0)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Adobe Shockwave Player 11.5 (Version: 11.5.2.602)
AdobeColorCommonSetRGB (Version: 2.0)
Alien Skin Eye Candy 7
Amazon MP3 Downloader 1.0.17 (Version: 1.0.17)
Angry Birds Rio (Version: 1.7.1)
Angry Birds Seasons (Version: 4.0.1)
Angry Birds Space (Version: 1.6.0)
Angry Birds Star Wars (Version: 1.4.0)
Angry Birds Star Wars II (Version: 1.0.1)
ASUS Xonar DSX Audio Driver
Better File Series
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EPSON Scan
ESET NOD32 Antivirus (Version: 6.0.308.0)
FTL: Faster Than Light
Galactic Civilizations II: Ultimate Edition
Garmin Communicator Plugin with myGarmin Agent (Version: 2.9.2)
Garmin USB Drivers (Version: 2.3.0.0)
GeForce Experience NvStream Client Components (Version: 1.6.28)
Google Chrome (Version: 31.0.1650.63)
Intel® Matrix Storage Manager
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Java™ 6 Update 43 (64-bit) (Version: 6.0.430)
Java™ SE Development Kit 6 Update 43 (64-bit) (Version: 1.6.0.430)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mastering Effects Bundle for Sound Forge (Version: 1.00)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft ASP.NET MVC 2 (Version: 2.0.50217.0)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Professional 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Silverlight 3 SDK (Version: 3.0.40818.0)
Microsoft Silverlight 4 SDK (Version: 4.0.50826.0)
Microsoft SkyDrive (Version: 17.0.2015.0811)
Microsoft Store Download Manager (Version: 2.5.2219.1)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 (Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.30319)
Microsoft Visual C++  Compilers 2010 Standard - enu - x64 (Version: 10.0.40219)
Microsoft Visual C++  Compilers 2010 Standard - enu - x86 (Version: 10.0.40219)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual F# 2.0 Runtime (Version: 10.0.40219)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.40219)
Microsoft Visual Studio Macro Tools (Version: 9.0.30729)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MSVCRT Redists (Version: 1.0)
Noise Reduction Plug-In 2.0 (Version: 2.0.596)
NVIDIA 3D Vision Controller Driver 331.65 (Version: 331.65)
NVIDIA 3D Vision Driver 331.65 (Version: 331.65)
NVIDIA Control Panel 331.65 (Version: 331.65)
NVIDIA GeForce Experience 1.7 (Version: 1.7)
NVIDIA Graphics Driver 331.65 (Version: 331.65)
NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4)
NVIDIA Install Application (Version: 2.1002.140.952)
NVIDIA LED Visualizer 1.0 (Version: 1.0)
NVIDIA PhysX (Version: 9.13.0725)
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725)
NVIDIA ShadowPlay 9.3.16 (Version: 9.3.16)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3165)
NVIDIA Update 9.3.16 (Version: 9.3.16)
NVIDIA Update Components (Version: 9.3.16)
NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9)
OpenAL
PatchBeam (Version: 1.20)
PatchBeam v1.10 (Version: 1.10)
PDF Settings CC (Version: 12.0)
PDF Settings CS6 (Version: 11.0)
Portal
Portal 2
Portal 2 Publishing Tool
PowerArchiver 2013 (Version: 14.00.16)
PVSonyDll (Version: 1.00.0001)
Rapport (Version: 3.5.1205.20)
Rapport (Version: 3.5.1304.29)
Recuva (Version: 1.47)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SHIELD Streaming (Version: 1.6.34)
Sid Meier's Civilization V
Sid Meier's Civilization V SDK
SketchUp Pro 8 (Version: 3.0.16846)
Sound Forge Pro 11.0 (Version: 11.0.272)
Speccy (Version: 1.22)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.7.1014)
System Requirements Lab
Trusteer Endpoint Protection (Version: 3.5.1304.29)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
VueScan
VueScan x64
Wacom Tablet
WCF RIA Services V1.0 SP1 (Version: 4.1.60114.0)
Web Deployment Tool (Version: 1.1.0618)
WebTablet IE Plugin (Version: 1.1.0.4)
WebTablet Netscape Plugin (Version: 1.1.0.3)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)

========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 12278.08 MB
Available physical RAM: 8958.43 MB
Total Pagefile: 24554.34 MB
Available Pagefile: 21168.46 MB
Total Virtual: 4095.88 MB
Available Virtual: 3957.51 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:698.63 GB) (Free:537.8 GB) NTFS
2 Drive d: () (Fixed) (Total:931.51 GB) (Free:449.72 GB) NTFS

========================= Users: ========================================

User accounts for \\MAINGEAR

Administrator            Guest                    Mark                    
UpdatusUser             

**** End of log ****

 

--------------------------------------------------------------------------------------------------------

 

TDSSKiller Log

 

15:49:14.0160 0x1704  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
15:49:24.0153 0x1704  ============================================================
15:49:24.0153 0x1704  Current date / time: 2013/12/22 15:49:24.0153
15:49:24.0153 0x1704  SystemInfo:
15:49:24.0153 0x1704 
15:49:24.0153 0x1704  OS Version: 6.1.7601 ServicePack: 1.0
15:49:24.0153 0x1704  Product type: Workstation
15:49:24.0153 0x1704  ComputerName: MAINGEAR
15:49:24.0153 0x1704  UserName: Mark
15:49:24.0153 0x1704  Windows directory: C:\Windows
15:49:24.0153 0x1704  System windows directory: C:\Windows
15:49:24.0153 0x1704  Running under WOW64
15:49:24.0153 0x1704  Processor architecture: Intel x64
15:49:24.0153 0x1704  Number of processors: 8
15:49:24.0153 0x1704  Page size: 0x1000
15:49:24.0153 0x1704  Boot type: Normal boot
15:49:24.0153 0x1704  ============================================================
15:49:24.0293 0x1704  KLMD registered as C:\Windows\system32\drivers\83404636.sys
15:49:24.0506 0x1704  System UUID: {FC9571FA-DB41-6244-8CC7-CCC20C37DABB}
15:49:25.0070 0x1704  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:49:25.0074 0x1704  Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:49:25.0163 0x1704  ============================================================
15:49:25.0163 0x1704  \Device\Harddisk0\DR0:
15:49:25.0163 0x1704  MBR partitions:
15:49:25.0163 0x1704  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74704800
15:49:25.0163 0x1704  \Device\Harddisk1\DR1:
15:49:25.0163 0x1704  MBR partitions:
15:49:25.0163 0x1704  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57545000
15:49:25.0163 0x1704  ============================================================
15:49:25.0172 0x1704  C: <-> \Device\Harddisk1\DR1\Partition1
15:49:25.0201 0x1704  D: <-> \Device\Harddisk0\DR0\Partition1
15:49:25.0201 0x1704  ============================================================
15:49:25.0201 0x1704  Initialize success
15:49:25.0201 0x1704  ============================================================
15:49:43.0458 0x1344  ============================================================
15:49:43.0458 0x1344  Scan started
15:49:43.0458 0x1344  Mode: Manual;
15:49:43.0458 0x1344  ============================================================
15:49:43.0458 0x1344  KSN ping started
15:49:46.0242 0x1344  KSN ping finished: true
15:49:46.0404 0x1344  ================ Scan system memory ========================
15:49:46.0404 0x1344  System memory - ok
15:49:46.0404 0x1344  ================ Scan services =============================
15:49:46.0501 0x1344  [ 620C92D6EEFA9853A3EAD41B5EB9B5FD, 72DD7297179AC6629B816DD9656D5EC3F02BE677EA01A05A5EB808180F0D775F ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:49:46.0504 0x1344  !SASCORE - ok
15:49:46.0627 0x1344  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:49:46.0632 0x1344  1394ohci - ok
15:49:46.0665 0x1344  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:49:46.0671 0x1344  ACPI - ok
15:49:46.0700 0x1344  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:49:46.0714 0x1344  AcpiPmi - ok
15:49:46.0752 0x1344  [ D44BCAF639E4E45307C2BC80715273D5, 1E1CDE13C39D835447096CBEC104A2EDDCE15D94288DB3FBB02421B8B8307989 ] adfs            C:\Windows\system32\drivers\adfs.sys
15:49:46.0766 0x1344  adfs - ok
15:49:46.0872 0x1344  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:49:46.0874 0x1344  AdobeARMservice - ok
15:49:46.0986 0x1344  [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:49:46.0990 0x1344  AdobeFlashPlayerUpdateSvc - ok
15:49:47.0041 0x1344  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:49:47.0051 0x1344  adp94xx - ok
15:49:47.0089 0x1344  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:49:47.0096 0x1344  adpahci - ok
15:49:47.0110 0x1344  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:49:47.0114 0x1344  adpu320 - ok
15:49:47.0142 0x1344  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:49:47.0144 0x1344  AeLookupSvc - ok
15:49:47.0186 0x1344  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
15:49:47.0195 0x1344  AFD - ok
15:49:47.0240 0x1344  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
15:49:47.0242 0x1344  agp440 - ok
15:49:47.0252 0x1344  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
15:49:47.0254 0x1344  ALG - ok
15:49:47.0284 0x1344  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:49:47.0285 0x1344  aliide - ok
15:49:47.0306 0x1344  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:49:47.0307 0x1344  amdide - ok
15:49:47.0327 0x1344  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:49:47.0329 0x1344  AmdK8 - ok
15:49:47.0342 0x1344  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:49:47.0344 0x1344  AmdPPM - ok
15:49:47.0364 0x1344  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:49:47.0367 0x1344  amdsata - ok
15:49:47.0398 0x1344  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:49:47.0402 0x1344  amdsbs - ok
15:49:47.0410 0x1344  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:49:47.0410 0x1344  amdxata - ok
15:49:47.0433 0x1344  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
15:49:47.0434 0x1344  AppID - ok
15:49:47.0457 0x1344  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:49:47.0459 0x1344  AppIDSvc - ok
15:49:47.0502 0x1344  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
15:49:47.0504 0x1344  Appinfo - ok
15:49:47.0512 0x1344  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:49:47.0515 0x1344  arc - ok
15:49:47.0528 0x1344  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:49:47.0531 0x1344  arcsas - ok
15:49:47.0607 0x1344  [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:49:47.0617 0x1344  aspnet_state - ok
15:49:47.0630 0x1344  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:49:47.0631 0x1344  AsyncMac - ok
15:49:47.0665 0x1344  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:49:47.0666 0x1344  atapi - ok
15:49:47.0702 0x1344  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:49:47.0712 0x1344  AudioEndpointBuilder - ok
15:49:47.0735 0x1344  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:49:47.0745 0x1344  AudioSrv - ok
15:49:47.0785 0x1344  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:49:47.0788 0x1344  AxInstSV - ok
15:49:47.0824 0x1344  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:49:47.0833 0x1344  b06bdrv - ok
15:49:47.0857 0x1344  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:49:47.0862 0x1344  b57nd60a - ok
15:49:47.0902 0x1344  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:49:47.0905 0x1344  BDESVC - ok
15:49:47.0917 0x1344  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:49:47.0918 0x1344  Beep - ok
15:49:47.0963 0x1344  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
15:49:47.0974 0x1344  BFE - ok
15:49:48.0014 0x1344  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
15:49:48.0029 0x1344  BITS - ok
15:49:48.0059 0x1344  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:49:48.0061 0x1344  blbdrive - ok
15:49:48.0093 0x1344  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:49:48.0095 0x1344  bowser - ok
15:49:48.0107 0x1344  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:49:48.0109 0x1344  BrFiltLo - ok
15:49:48.0113 0x1344  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:49:48.0114 0x1344  BrFiltUp - ok
15:49:48.0142 0x1344  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
15:49:48.0144 0x1344  Browser - ok
15:49:48.0159 0x1344  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:49:48.0165 0x1344  Brserid - ok
15:49:48.0187 0x1344  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:49:48.0188 0x1344  BrSerWdm - ok
15:49:48.0190 0x1344  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:49:48.0191 0x1344  BrUsbMdm - ok
15:49:48.0198 0x1344  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:49:48.0199 0x1344  BrUsbSer - ok
15:49:48.0207 0x1344  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:49:48.0209 0x1344  BTHMODEM - ok
15:49:48.0235 0x1344  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
15:49:48.0237 0x1344  bthserv - ok
15:49:48.0258 0x1344  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:49:48.0260 0x1344  cdfs - ok
15:49:48.0284 0x1344  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:49:48.0287 0x1344  cdrom - ok
15:49:48.0327 0x1344  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:49:48.0329 0x1344  CertPropSvc - ok
15:49:48.0341 0x1344  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:49:48.0342 0x1344  circlass - ok
15:49:48.0371 0x1344  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
15:49:48.0378 0x1344  CLFS - ok
15:49:48.0439 0x1344  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:49:48.0447 0x1344  clr_optimization_v2.0.50727_32 - ok
15:49:48.0481 0x1344  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:49:48.0484 0x1344  clr_optimization_v2.0.50727_64 - ok
15:49:48.0541 0x1344  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:49:48.0563 0x1344  clr_optimization_v4.0.30319_32 - ok
15:49:48.0579 0x1344  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:49:48.0583 0x1344  clr_optimization_v4.0.30319_64 - ok
15:49:48.0592 0x1344  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:49:48.0593 0x1344  CmBatt - ok
15:49:48.0617 0x1344  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:49:48.0618 0x1344  cmdide - ok
15:49:48.0704 0x1344  [ 6B56A1437913C1DEA2EE1F8B5DB1ED74, 9DAD4084BECAED81F9646960A971496810CCAD2A129743E24A9AA4D63A991BFB ] cmudaxp         C:\Windows\system32\drivers\cmudaxp.sys
15:49:48.0790 0x1344  cmudaxp - ok
15:49:48.0831 0x1344  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
15:49:48.0839 0x1344  CNG - ok
15:49:48.0877 0x1344  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:49:48.0878 0x1344  Compbatt - ok
15:49:48.0902 0x1344  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:49:48.0904 0x1344  CompositeBus - ok
15:49:48.0917 0x1344  COMSysApp - ok
15:49:48.0923 0x1344  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:49:48.0924 0x1344  crcdisk - ok
15:49:48.0957 0x1344  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:49:48.0961 0x1344  CryptSvc - ok
15:49:48.0984 0x1344  [ 1F632CA8C63BC7D17F15E7A1DE6029B0, 9C614410C47EC56E2522F87AD9F79EDBA8F881AEE3DE4A7810CD6C3AE491D150 ] CT20XUT         C:\Windows\system32\drivers\CT20XUT.SYS
15:49:48.0988 0x1344  Suspicious file ( Forged ): C:\Windows\system32\drivers\CT20XUT.SYS. Real md5: 1F632CA8C63BC7D17F15E7A1DE6029B0, sha256: 9C614410C47EC56E2522F87AD9F79EDBA8F881AEE3DE4A7810CD6C3AE491D150, fake md5: 521E42736E7AE4097478C0D980DFDF96, fake sha256: 1C1ADD6134405948556DCD1520DD87378F920E0474363071A8AE02461F4AD41B
15:49:48.0988 0x1344  CT20XUT - detected ForgedFile.Multi.Generic ( 1 )
15:49:51.0850 0x1344  CT20XUT ( ForgedFile.Multi.Generic ) - warning
15:49:51.0850 0x1344  Force sending object to P2P due to detect: C:\Windows\system32\drivers\CT20XUT.SYS
15:49:54.0544 0x1344  Object send P2P result: true
15:49:57.0025 0x1344  [ 1F632CA8C63BC7D17F15E7A1DE6029B0, 9C614410C47EC56E2522F87AD9F79EDBA8F881AEE3DE4A7810CD6C3AE491D150 ] CT20XUT.SYS     C:\Windows\System32\drivers\CT20XUT.SYS
15:49:57.0028 0x1344  Suspicious file ( Forged ): C:\Windows\System32\drivers\CT20XUT.SYS. Real md5: 1F632CA8C63BC7D17F15E7A1DE6029B0, sha256: 9C614410C47EC56E2522F87AD9F79EDBA8F881AEE3DE4A7810CD6C3AE491D150, fake md5: 521E42736E7AE4097478C0D980DFDF96, fake sha256: 1C1ADD6134405948556DCD1520DD87378F920E0474363071A8AE02461F4AD41B
15:49:57.0028 0x1344  CT20XUT.SYS - detected ForgedFile.Multi.Generic ( 1 )
15:49:57.0028 0x1344  CT20XUT.SYS ( ForgedFile.Multi.Generic ) - warning
15:49:59.0565 0x1344  [ 61D3D4702CDCA1C9A545A8CB4B548415, F493CD1AB8549928502DB87159E2F7A4CAE1537BAB1EE7A729FC29A2DE42F8B0 ] ctac32k         C:\Windows\system32\drivers\ctac32k.sys
15:49:59.0574 0x1344  Suspicious file ( Forged ): C:\Windows\system32\drivers\ctac32k.sys. Real md5: 61D3D4702CDCA1C9A545A8CB4B548415, sha256: F493CD1AB8549928502DB87159E2F7A4CAE1537BAB1EE7A729FC29A2DE42F8B0, fake md5: 655F8A21B5575F9513F333E4811EC74D, fake sha256: 535648757080BD1FCD1E48F8294B6E789C748235F907350F94193ADD4694FC50
15:49:59.0574 0x1344  ctac32k - detected ForgedFile.Multi.Generic ( 1 )
15:50:02.0194 0x1344  ctac32k ( ForgedFile.Multi.Generic ) - warning
15:50:04.0670 0x1344  [ E164AAE9F2D9D7CF1583D3A2C0B54112, DFC221D925B4EFA7DE872E67688CF7215D10ADCC84049E5B3F0D5874A6E6B050 ] ctaud2k         C:\Windows\system32\drivers\ctaud2k.sys
15:50:04.0680 0x1344  Suspicious file ( Forged ): C:\Windows\system32\drivers\ctaud2k.sys. Real md5: E164AAE9F2D9D7CF1583D3A2C0B54112, sha256: DFC221D925B4EFA7DE872E67688CF7215D10ADCC84049E5B3F0D5874A6E6B050, fake md5: 7309B82A496C0C79242B237C90C5BD22, fake sha256: 277F495CF7E427CCA0B14DE9705A510F4994E990710998C7B80D3515850142F9
15:50:04.0680 0x1344  ctaud2k - detected ForgedFile.Multi.Generic ( 1 )
15:50:07.0113 0x1344  ctaud2k ( ForgedFile.Multi.Generic ) - warning
15:50:07.0113 0x1344  Force sending object to P2P due to detect: C:\Windows\system32\drivers\ctaud2k.sys
15:50:09.0766 0x1344  Object send P2P result: true
15:50:12.0273 0x1344  [ 118F92507814C1397527B907451F358B, FBFFD2585770BF5F2F6662CDCFA446E80C3D0EADD0F04E5939A306815BA073B9 ] CTEXFIFX        C:\Windows\system32\drivers\CTEXFIFX.SYS
15:50:12.0293 0x1344  Suspicious file ( Forged ): C:\Windows\system32\drivers\CTEXFIFX.SYS. Real md5: 118F92507814C1397527B907451F358B, sha256: FBFFD2585770BF5F2F6662CDCFA446E80C3D0EADD0F04E5939A306815BA073B9, fake md5: E27974C258DD27F8F7E06664D64EEB11, fake sha256: EB0253D5F3515FC9F8A20266D2590DE192AA064B0223CB4D9B40A71D00B8232F
15:50:12.0294 0x1344  CTEXFIFX - detected ForgedFile.Multi.Generic ( 1 )
15:50:14.0828 0x1344  CTEXFIFX ( ForgedFile.Multi.Generic ) - warning
15:50:17.0331 0x1344  [ 118F92507814C1397527B907451F358B, FBFFD2585770BF5F2F6662CDCFA446E80C3D0EADD0F04E5939A306815BA073B9 ] CTEXFIFX.SYS    C:\Windows\System32\drivers\CTEXFIFX.SYS
15:50:17.0350 0x1344  Suspicious file ( Forged ): C:\Windows\System32\drivers\CTEXFIFX.SYS. Real md5: 118F92507814C1397527B907451F358B, sha256: FBFFD2585770BF5F2F6662CDCFA446E80C3D0EADD0F04E5939A306815BA073B9, fake md5: E27974C258DD27F8F7E06664D64EEB11, fake sha256: EB0253D5F3515FC9F8A20266D2590DE192AA064B0223CB4D9B40A71D00B8232F
15:50:17.0351 0x1344  CTEXFIFX.SYS - detected ForgedFile.Multi.Generic ( 1 )
15:50:17.0351 0x1344  CTEXFIFX.SYS ( ForgedFile.Multi.Generic ) - warning
15:50:17.0351 0x1344  Force sending object to P2P due to detect: C:\Windows\System32\drivers\CTEXFIFX.SYS
15:50:20.0059 0x1344  Object send P2P result: true
15:50:22.0545 0x1344  [ D715BEE2A9F51D6C357FE50B63230D9D, CB689C7A09637C05EA5227BD225CE39A495ECB231F773A8A8FEFC4737B8E791B ] CTHWIUT         C:\Windows\system32\drivers\CTHWIUT.SYS
15:50:22.0547 0x1344  Suspicious file ( Forged ): C:\Windows\system32\drivers\CTHWIUT.SYS. Real md5: D715BEE2A9F51D6C357FE50B63230D9D, sha256: CB689C7A09637C05EA5227BD225CE39A495ECB231F773A8A8FEFC4737B8E791B, fake md5: 91767EFEDFDBCD5A76BAAC71AB2B5B54, fake sha256: 6EFA6FAEC2698023F6E317EF06A2A718F88D8D0D9A2390A61780ED9BADBF83E4
15:50:22.0548 0x1344  CTHWIUT - detected ForgedFile.Multi.Generic ( 1 )
15:50:25.0130 0x1344  CTHWIUT ( ForgedFile.Multi.Generic ) - warning
15:50:27.0612 0x1344  [ D715BEE2A9F51D6C357FE50B63230D9D, CB689C7A09637C05EA5227BD225CE39A495ECB231F773A8A8FEFC4737B8E791B ] CTHWIUT.SYS     C:\Windows\System32\drivers\CTHWIUT.SYS
15:50:27.0613 0x1344  Suspicious file ( Forged ): C:\Windows\System32\drivers\CTHWIUT.SYS. Real md5: D715BEE2A9F51D6C357FE50B63230D9D, sha256: CB689C7A09637C05EA5227BD225CE39A495ECB231F773A8A8FEFC4737B8E791B, fake md5: 91767EFEDFDBCD5A76BAAC71AB2B5B54, fake sha256: 6EFA6FAEC2698023F6E317EF06A2A718F88D8D0D9A2390A61780ED9BADBF83E4
15:50:27.0613 0x1344  CTHWIUT.SYS - detected ForgedFile.Multi.Generic ( 1 )
15:50:27.0613 0x1344  CTHWIUT.SYS ( ForgedFile.Multi.Generic ) - warning
15:50:27.0613 0x1344  Force sending object to P2P due to detect: C:\Windows\System32\drivers\CTHWIUT.SYS
15:50:30.0275 0x1344  Object send P2P result: true
15:50:32.0751 0x1344  [ 22B828FAFD3F82020365C39A6F1F2E2E, E470DB109ED0465A056EA135B63D14839E44BA851B0DE4B3015C73843EE668DB ] ctprxy2k        C:\Windows\system32\drivers\ctprxy2k.sys
15:50:32.0752 0x1344  Suspicious file ( Forged ): C:\Windows\system32\drivers\ctprxy2k.sys. Real md5: 22B828FAFD3F82020365C39A6F1F2E2E, sha256: E470DB109ED0465A056EA135B63D14839E44BA851B0DE4B3015C73843EE668DB, fake md5: 745AB6EBEAF3A828E59905B660EDFA33, fake sha256: 095437F8731F065BF29236D7E9B0E81F61EBAD78D6535D49DC1907931F857C8D
15:50:32.0752 0x1344  ctprxy2k - detected ForgedFile.Multi.Generic ( 1 )
15:50:35.0283 0x1344  ctprxy2k ( ForgedFile.Multi.Generic ) - warning
15:50:35.0283 0x1344  Force sending object to P2P due to detect: C:\Windows\system32\drivers\ctprxy2k.sys
15:50:39.0515 0x1344  Object send P2P result: true
15:50:41.0996 0x1344  [ 9B111EE2F488A8D9C21A13ED4C777795, 07D3D28994A05D251952A34339955F44B1222CF6FA5E9216023FFC4181FF9528 ] ctsfm2k         C:\Windows\system32\drivers\ctsfm2k.sys
15:50:42.0001 0x1344  ctsfm2k - ok
15:50:42.0042 0x1344  [ C6E1C081C0849E08FECEC18DF73B10C4, B5E552F4744C91836CBAF3F62CB861C1D9422721870D11B5CCE21B45E384985A ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
15:50:42.0043 0x1344  dc3d - ok
15:50:42.0091 0x1344  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:50:42.0099 0x1344  DcomLaunch - ok
15:50:42.0135 0x1344  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:50:42.0140 0x1344  defragsvc - ok
15:50:42.0161 0x1344  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:50:42.0164 0x1344  DfsC - ok
15:50:42.0203 0x1344  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:50:42.0209 0x1344  Dhcp - ok
15:50:42.0231 0x1344  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
15:50:42.0232 0x1344  discache - ok
15:50:42.0255 0x1344  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:50:42.0256 0x1344  Disk - ok
15:50:42.0286 0x1344  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:50:42.0290 0x1344  Dnscache - ok
15:50:42.0319 0x1344  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:50:42.0325 0x1344  dot3svc - ok
15:50:42.0349 0x1344  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
15:50:42.0352 0x1344  DPS - ok
15:50:42.0383 0x1344  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:50:42.0384 0x1344  drmkaud - ok
15:50:42.0427 0x1344  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:50:42.0441 0x1344  DXGKrnl - ok
15:50:42.0492 0x1344  [ 78A3903702B7535154F56685CA1517D4, FAA277491EA02EBA5C580D837A1526E77FA776632EFF73E433C9A852367BADDE ] eamonm          C:\Windows\system32\DRIVERS\eamonm.sys
15:50:42.0496 0x1344  eamonm - ok
15:50:42.0527 0x1344  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
15:50:42.0530 0x1344  EapHost - ok
15:50:42.0613 0x1344  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:50:42.0711 0x1344  ebdrv - ok
15:50:42.0735 0x1344  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\Windows\System32\lsass.exe
15:50:42.0736 0x1344  EFS - ok
15:50:42.0767 0x1344  [ 9E39134330C18CBAC0F24C1283701D7E, 6F6B2AB6CD1932216BA516F4DE8316BE9625CFAF602522A99F77351A538E5799 ] ehdrv           C:\Windows\system32\DRIVERS\ehdrv.sys
15:50:42.0770 0x1344  ehdrv - ok
15:50:42.0824 0x1344  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:50:42.0836 0x1344  ehRecvr - ok
15:50:42.0866 0x1344  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
15:50:42.0869 0x1344  ehSched - ok
15:50:42.0997 0x1344  [ 501C1787CA4FAC7F6E9F585E96EB2FAC, 63FCF49D245BE2DB83F6C2D77F2946455969A6D51F5398D715DC847C03AB6468 ] ekrn            C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
15:50:43.0015 0x1344  ekrn - ok
15:50:43.0053 0x1344  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:50:43.0063 0x1344  elxstor - ok
15:50:43.0083 0x1344  [ 36BA15D6679B97E993A0957F9474AAED, 60639DE8CA591D9CF40AEF158EA25208338E1312F4E38FB43B7760BD5D107953 ] emupia          C:\Windows\system32\drivers\emupia2k.sys
15:50:43.0085 0x1344  Suspicious file ( Forged ): C:\Windows\system32\drivers\emupia2k.sys. Real md5: 36BA15D6679B97E993A0957F9474AAED, sha256: 60639DE8CA591D9CF40AEF158EA25208338E1312F4E38FB43B7760BD5D107953, fake md5: F3A97E8B45624A4E704A5B3A07A4D477, fake sha256: 3A0D1CBCB9470A976ADF64737303DB80FDD9E9E7E45F58B1FAE800D1193F62E0
15:50:43.0085 0x1344  emupia - detected ForgedFile.Multi.Generic ( 1 )
15:50:45.0708 0x1344  emupia ( ForgedFile.Multi.Generic ) - warning
15:50:45.0708 0x1344  Force sending object to P2P due to detect: C:\Windows\system32\drivers\emupia2k.sys
15:50:48.0380 0x1344  Object send P2P result: true
15:50:50.0858 0x1344  [ B4E8DC817963B256537B1EC09AF0647E, 8171A0A378C32D9B61D9276EE982DEE4A3136322F40100B7AAEEA3C6AC98AF67 ] epfwwfpr        C:\Windows\system32\DRIVERS\epfwwfpr.sys
15:50:50.0860 0x1344  epfwwfpr - ok
15:50:50.0882 0x1344  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:50:50.0883 0x1344  ErrDev - ok
15:50:50.0914 0x1344  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
15:50:50.0922 0x1344  EventSystem - ok
15:50:50.0935 0x1344  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
15:50:50.0939 0x1344  exfat - ok
15:50:50.0948 0x1344  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:50:50.0952 0x1344  fastfat - ok
15:50:50.0960 0x1344  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:50:50.0961 0x1344  fdc - ok
15:50:50.0982 0x1344  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
15:50:50.0983 0x1344  fdPHost - ok
15:50:50.0990 0x1344  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:50:50.0991 0x1344  FDResPub - ok
15:50:51.0005 0x1344  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:50:51.0006 0x1344  FileInfo - ok
15:50:51.0019 0x1344  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:50:51.0020 0x1344  Filetrace - ok
15:50:51.0030 0x1344  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:50:51.0031 0x1344  flpydisk - ok
15:50:51.0064 0x1344  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:50:51.0070 0x1344  FltMgr - ok
15:50:51.0124 0x1344  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
15:50:51.0142 0x1344  FontCache - ok
15:50:51.0192 0x1344  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:50:51.0194 0x1344  FontCache3.0.0.0 - ok
15:50:51.0201 0x1344  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:50:51.0203 0x1344  FsDepends - ok
15:50:51.0225 0x1344  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:50:51.0225 0x1344  Fs_Rec - ok
15:50:51.0249 0x1344  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:50:51.0253 0x1344  fvevol - ok
15:50:51.0267 0x1344  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:50:51.0269 0x1344  gagp30kx - ok
15:50:51.0310 0x1344  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:50:51.0324 0x1344  gpsvc - ok
15:50:51.0383 0x1344  [ 86633C0F1427246008E1BD01C3EF70B0, 48BC8F686432C6F29D5CAA4537F43C2731D5CEE70BD5518451FB6FCFF548982F ] ha20x22k        C:\Windows\system32\drivers\ha20x22k.sys
15:50:51.0405 0x1344  Suspicious file ( Forged ): C:\Windows\system32\drivers\ha20x22k.sys. Real md5: 86633C0F1427246008E1BD01C3EF70B0, sha256: 48BC8F686432C6F29D5CAA4537F43C2731D5CEE70BD5518451FB6FCFF548982F, fake md5: 85B17ABF6C4539E44C07DBFFD7B9886B, fake sha256: 9F4BFCA464A6751450CC9C7A70747B2957CE5C14CAD723FF85440F27999F852D
15:50:51.0406 0x1344  ha20x22k - detected ForgedFile.Multi.Generic ( 1 )
15:50:54.0211 0x1344  ha20x22k ( ForgedFile.Multi.Generic ) - warning
15:50:56.0706 0x1344  [ 4CDCC0CDE0A66A3E3540C42D23193D4B, 2205DCD21392E97FFC8622C503AA773710A427518157BFC42567805362744024 ] ha20x2k         C:\Windows\system32\drivers\ha20x2k.sys
15:50:56.0728 0x1344  Suspicious file ( Forged ): C:\Windows\system32\drivers\ha20x2k.sys. Real md5: 4CDCC0CDE0A66A3E3540C42D23193D4B, sha256: 2205DCD21392E97FFC8622C503AA773710A427518157BFC42567805362744024, fake md5: 3B9B36703540FC7DED862AEDCAE5D3BD, fake sha256: 353EFFABFACD9E6F5D9622C2242EAFF201DDBFC4E010EB13E81D468301D42F7C
15:50:56.0730 0x1344  ha20x2k - detected ForgedFile.Multi.Generic ( 1 )
15:50:59.0271 0x1344  ha20x2k ( ForgedFile.Multi.Generic ) - warning
15:50:59.0272 0x1344  Force sending object to P2P due to detect: C:\Windows\system32\drivers\ha20x2k.sys
15:51:01.0933 0x1344  Object send P2P result: true
15:51:04.0406 0x1344  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:51:04.0407 0x1344  hcw85cir - ok
15:51:04.0441 0x1344  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:51:04.0448 0x1344  HdAudAddService - ok
15:51:04.0473 0x1344  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:51:04.0476 0x1344  HDAudBus - ok
15:51:04.0502 0x1344  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:51:04.0503 0x1344  HidBatt - ok
15:51:04.0519 0x1344  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:51:04.0522 0x1344  HidBth - ok
15:51:04.0529 0x1344  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:51:04.0531 0x1344  HidIr - ok
15:51:04.0559 0x1344  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
15:51:04.0561 0x1344  hidserv - ok
15:51:04.0601 0x1344  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
15:51:04.0603 0x1344  HidUsb - ok
15:51:04.0620 0x1344  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:51:04.0623 0x1344  hkmsvc - ok
15:51:04.0642 0x1344  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:51:04.0647 0x1344  HomeGroupListener - ok
15:51:04.0658 0x1344  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:51:04.0663 0x1344  HomeGroupProvider - ok
15:51:04.0691 0x1344  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:51:04.0694 0x1344  HpSAMD - ok
15:51:04.0733 0x1344  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:51:04.0746 0x1344  HTTP - ok
15:51:04.0764 0x1344  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:51:04.0764 0x1344  hwpolicy - ok
15:51:04.0789 0x1344  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:51:04.0792 0x1344  i8042prt - ok
15:51:04.0866 0x1344  [ 7548066DF68A8A1A56B043359F915F37, 6225DDE554E45858374CBD284A85A00F773089A667C08492187A637232B8BD9A ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:51:04.0872 0x1344  IAANTMON - ok
15:51:04.0908 0x1344  [ 1D004CB1DA6323B1F55CAEF7F94B61D9, 8FFFB429BA46938724BBB87AB9B3EC77EA17C4B893BABDBDD38309F02963D405 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
15:51:04.0914 0x1344  iaStor - ok
15:51:04.0947 0x1344  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:51:04.0955 0x1344  iaStorV - ok
15:51:04.0999 0x1344  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:51:05.0014 0x1344  idsvc - ok
15:51:05.0032 0x1344  IEEtwCollectorService - ok
15:51:05.0038 0x1344  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:51:05.0040 0x1344  iirsp - ok
15:51:05.0080 0x1344  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
15:51:05.0096 0x1344  IKEEXT - ok
15:51:05.0124 0x1344  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:51:05.0125 0x1344  intelide - ok
15:51:05.0147 0x1344  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:51:05.0149 0x1344  intelppm - ok
15:51:05.0181 0x1344  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:51:05.0184 0x1344  IPBusEnum - ok
15:51:05.0209 0x1344  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:51:05.0211 0x1344  IpFilterDriver - ok
15:51:05.0243 0x1344  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:51:05.0252 0x1344  iphlpsvc - ok
15:51:05.0267 0x1344  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:51:05.0269 0x1344  IPMIDRV - ok
15:51:05.0278 0x1344  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:51:05.0281 0x1344  IPNAT - ok
15:51:05.0290 0x1344  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:51:05.0291 0x1344  IRENUM - ok
15:51:05.0304 0x1344  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:51:05.0305 0x1344  isapnp - ok
15:51:05.0323 0x1344  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:51:05.0329 0x1344  iScsiPrt - ok
15:51:05.0350 0x1344  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:51:05.0351 0x1344  kbdclass - ok
15:51:05.0374 0x1344  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:51:05.0375 0x1344  kbdhid - ok
15:51:05.0385 0x1344  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\Windows\system32\lsass.exe
15:51:05.0386 0x1344  KeyIso - ok
15:51:05.0409 0x1344  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:51:05.0411 0x1344  KSecDD - ok
15:51:05.0422 0x1344  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:51:05.0426 0x1344  KSecPkg - ok
15:51:05.0431 0x1344  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:51:05.0432 0x1344  ksthunk - ok
15:51:05.0457 0x1344  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:51:05.0465 0x1344  KtmRm - ok
15:51:05.0492 0x1344  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:51:05.0496 0x1344  LanmanServer - ok
15:51:05.0524 0x1344  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:51:05.0528 0x1344  LanmanWorkstation - ok
15:51:05.0560 0x1344  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:51:05.0562 0x1344  lltdio - ok
15:51:05.0595 0x1344  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:51:05.0601 0x1344  lltdsvc - ok
15:51:05.0609 0x1344  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:51:05.0611 0x1344  lmhosts - ok
15:51:05.0630 0x1344  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:51:05.0633 0x1344  LSI_FC - ok
15:51:05.0648 0x1344  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:51:05.0650 0x1344  LSI_SAS - ok
15:51:05.0662 0x1344  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:51:05.0676 0x1344  LSI_SAS2 - ok
15:51:05.0688 0x1344  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:51:05.0691 0x1344  LSI_SCSI - ok
15:51:05.0715 0x1344  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
15:51:05.0717 0x1344  luafv - ok
15:51:05.0740 0x1344  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:51:05.0743 0x1344  Mcx2Svc - ok
15:51:05.0756 0x1344  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:51:05.0758 0x1344  megasas - ok
15:51:05.0771 0x1344  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:51:05.0776 0x1344  MegaSR - ok
15:51:05.0801 0x1344  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
15:51:05.0803 0x1344  MMCSS - ok
15:51:05.0810 0x1344  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
15:51:05.0812 0x1344  Modem - ok
15:51:05.0845 0x1344  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:51:05.0846 0x1344  monitor - ok
15:51:05.0871 0x1344  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:51:05.0872 0x1344  mouclass - ok
15:51:05.0883 0x1344  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:51:05.0884 0x1344  mouhid - ok
15:51:05.0893 0x1344  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:51:05.0895 0x1344  mountmgr - ok
15:51:05.0967 0x1344  [ 5E0686615A80A6279B2314E13CD23F6E, 659931AB2DD395FAA2E5036D02BC6AAE8A7E4C9FF1A902B1FF9C15E878C89E77 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:51:05.0970 0x1344  MozillaMaintenance - ok
15:51:05.0980 0x1344  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:51:05.0984 0x1344  mpio - ok
15:51:06.0014 0x1344  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:51:06.0016 0x1344  mpsdrv - ok
15:51:06.0057 0x1344  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:51:06.0073 0x1344  MpsSvc - ok
15:51:06.0099 0x1344  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:51:06.0102 0x1344  MRxDAV - ok
15:51:06.0127 0x1344  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:51:06.0131 0x1344  mrxsmb - ok
15:51:06.0159 0x1344  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:51:06.0165 0x1344  mrxsmb10 - ok
15:51:06.0177 0x1344  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:51:06.0180 0x1344  mrxsmb20 - ok
15:51:06.0207 0x1344  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:51:06.0208 0x1344  msahci - ok
15:51:06.0228 0x1344  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:51:06.0232 0x1344  msdsm - ok
15:51:06.0245 0x1344  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
15:51:06.0248 0x1344  MSDTC - ok
15:51:06.0269 0x1344  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:51:06.0270 0x1344  Msfs - ok
15:51:06.0277 0x1344  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:51:06.0278 0x1344  mshidkmdf - ok
15:51:06.0300 0x1344  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:51:06.0300 0x1344  msisadrv - ok
15:51:06.0332 0x1344  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:51:06.0336 0x1344  MSiSCSI - ok
15:51:06.0338 0x1344  msiserver - ok
15:51:06.0366 0x1344  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:51:06.0367 0x1344  MSKSSRV - ok
15:51:06.0369 0x1344  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:51:06.0370 0x1344  MSPCLOCK - ok
15:51:06.0372 0x1344  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:51:06.0373 0x1344  MSPQM - ok
15:51:06.0406 0x1344  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:51:06.0412 0x1344  MsRPC - ok
15:51:06.0424 0x1344  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:51:06.0425 0x1344  mssmbios - ok
15:51:06.0428 0x1344  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:51:06.0428 0x1344  MSTEE - ok
15:51:06.0439 0x1344  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:51:06.0440 0x1344  MTConfig - ok
15:51:06.0482 0x1344  [ 03B7145C889603537E9FFEABB1AD1089, B3CD93B893D4A2370CBF382366C6F596372857F8711EF6FFF83BFE2B449F424E ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
15:51:06.0483 0x1344  MTsensor - ok
15:51:06.0492 0x1344  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
15:51:06.0494 0x1344  Mup - ok
15:51:06.0527 0x1344  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
15:51:06.0537 0x1344  napagent - ok
15:51:06.0566 0x1344  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:51:06.0572 0x1344  NativeWifiP - ok
15:51:06.0617 0x1344  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:51:06.0633 0x1344  NDIS - ok
15:51:06.0652 0x1344  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:51:06.0654 0x1344  NdisCap - ok
15:51:06.0673 0x1344  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:51:06.0675 0x1344  NdisTapi - ok
15:51:06.0699 0x1344  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:51:06.0700 0x1344  Ndisuio - ok
15:51:06.0724 0x1344  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:51:06.0728 0x1344  NdisWan - ok
15:51:06.0751 0x1344  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:51:06.0753 0x1344  NDProxy - ok
15:51:06.0765 0x1344  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:51:06.0766 0x1344  NetBIOS - ok
15:51:06.0801 0x1344  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:51:06.0806 0x1344  NetBT - ok
15:51:06.0818 0x1344  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\Windows\system32\lsass.exe
15:51:06.0819 0x1344  Netlogon - ok
15:51:06.0845 0x1344  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
15:51:06.0852 0x1344  Netman - ok
15:51:06.0874 0x1344  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:51:06.0888 0x1344  NetMsmqActivator - ok
15:51:06.0892 0x1344  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:51:06.0894 0x1344  NetPipeActivator - ok
15:51:06.0918 0x1344  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
15:51:06.0927 0x1344  netprofm - ok
15:51:06.0931 0x1344  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:51:06.0933 0x1344  NetTcpActivator - ok
15:51:06.0937 0x1344  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:51:06.0939 0x1344  NetTcpPortSharing - ok
15:51:06.0951 0x1344  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:51:06.0952 0x1344  nfrd960 - ok
15:51:06.0982 0x1344  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:51:06.0989 0x1344  NlaSvc - ok
15:51:06.0999 0x1344  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:51:07.0001 0x1344  Npfs - ok
15:51:07.0026 0x1344  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
15:51:07.0028 0x1344  nsi - ok
15:51:07.0037 0x1344  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:51:07.0038 0x1344  nsiproxy - ok
15:51:07.0103 0x1344  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:51:07.0150 0x1344  Ntfs - ok
15:51:07.0169 0x1344  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
15:51:07.0170 0x1344  Null - ok
15:51:07.0204 0x1344  [ 554964B900AE2954B8B589B6287034AC, C6C9EA3ADAFEBBF2AF944E4A0656BD795AD37706008CC0CA3F2150BD709476E7 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
15:51:07.0208 0x1344  NVHDA - ok
15:51:07.0519 0x1344  [ E71E299FF15390E585BACF2C18F55078, 7A51D989DA55349B1761839DEAFD593B6E6F88C433B132E7B027467E050FBA67 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:51:07.0687 0x1344  nvlddmkm - ok
15:51:07.0718 0x1344  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:51:07.0722 0x1344  nvraid - ok
15:51:07.0747 0x1344  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:51:07.0750 0x1344  nvstor - ok
15:51:08.0163 0x1344  [ 99BC3E05B906F359901647EF852EF353, A872B9A265EE75313647B4B85EC6DB5F57593D31CB6FEAB453DAA0B331895D9A ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
15:51:08.0365 0x1344  NvStreamSvc - ok
15:51:08.0443 0x1344  [ 415695F5A54E91E869EEBFEA261361A6, 1829C15E07D902686171C8A66EB03040A037CAC1E00E24BF598030D9DA795CEC ] NVSvc           C:\Windows\system32\nvvsvc.exe
15:51:08.0457 0x1344  NVSvc - ok
15:51:08.0574 0x1344  [ 10DEF604B1929D9515969E1CAE7D250A, AC343E716453B9CA16B4763A714FB4B09671D8EB56A8C46C22CBD769EB7937C4 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:51:08.0618 0x1344  nvUpdatusService - ok
15:51:08.0645 0x1344  [ 31B16657118E439B77B0A527F7EA66CB, 8C375D2AFF56125E08587DDDCE6AD31DE6D2DEEDC9AD95ADE95B7499F79A5B56 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
15:51:08.0646 0x1344  nvvad_WaveExtensible - ok
15:51:08.0668 0x1344  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:51:08.0671 0x1344  nv_agp - ok
15:51:08.0696 0x1344  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:51:08.0698 0x1344  ohci1394 - ok
15:51:08.0758 0x1344  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:51:08.0761 0x1344  ose - ok
15:51:08.0938 0x1344  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:51:09.0056 0x1344  osppsvc - ok
15:51:09.0088 0x1344  [ A29A80A1CF63D0DC27EEFCAF27D34664, FAABFF46F3C349395D502036ACA32EE1D46FDC72E29DD8C179DF8DA6BB8CD4E1 ] ossrv           C:\Windows\system32\drivers\ctoss2k.sys
15:51:09.0092 0x1344  ossrv - ok
15:51:09.0121 0x1344  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:51:09.0128 0x1344  p2pimsvc - ok
15:51:09.0161 0x1344  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
15:51:09.0170 0x1344  p2psvc - ok
15:51:09.0194 0x1344  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:51:09.0196 0x1344  Parport - ok
15:51:09.0223 0x1344  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:51:09.0224 0x1344  partmgr - ok
15:51:09.0251 0x1344  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:51:09.0255 0x1344  PcaSvc - ok
15:51:09.0268 0x1344  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
15:51:09.0272 0x1344  pci - ok
15:51:09.0299 0x1344  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
15:51:09.0300 0x1344  pciide - ok
15:51:09.0317 0x1344  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:51:09.0322 0x1344  pcmcia - ok
15:51:09.0330 0x1344  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:51:09.0331 0x1344  pcw - ok
15:51:09.0356 0x1344  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:51:09.0367 0x1344  PEAUTH - ok
15:51:09.0441 0x1344  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:51:09.0442 0x1344  PerfHost - ok
15:51:09.0502 0x1344  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
15:51:09.0535 0x1344  pla - ok
15:51:09.0578 0x1344  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:51:09.0584 0x1344  PlugPlay - ok
15:51:09.0607 0x1344  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:51:09.0609 0x1344  PNRPAutoReg - ok
15:51:09.0617 0x1344  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:51:09.0622 0x1344  PNRPsvc - ok
15:51:09.0652 0x1344  [ 520D48ECB54A33821C95EE496A4235AF, 3C7984E480F134E303E6AD03A3837515F3E03A4727F1AD184BD1D8C71D68FFEF ] Point64         C:\Windows\system32\DRIVERS\point64.sys
15:51:09.0653 0x1344  Point64 - ok
15:51:09.0680 0x1344  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:51:09.0691 0x1344  PolicyAgent - ok
15:51:09.0720 0x1344  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
15:51:09.0724 0x1344  Power - ok
15:51:09.0762 0x1344  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:51:09.0765 0x1344  PptpMiniport - ok
15:51:09.0779 0x1344  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:51:09.0781 0x1344  Processor - ok
15:51:09.0819 0x1344  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:51:09.0823 0x1344  ProfSvc - ok
15:51:09.0834 0x1344  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
15:51:09.0836 0x1344  ProtectedStorage - ok
15:51:09.0867 0x1344  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:51:09.0869 0x1344  Psched - ok
15:51:09.0918 0x1344  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:51:09.0965 0x1344  ql2300 - ok
15:51:09.0978 0x1344  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:51:09.0981 0x1344  ql40xx - ok
15:51:10.0010 0x1344  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
15:51:10.0016 0x1344  QWAVE - ok
15:51:10.0028 0x1344  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:51:10.0030 0x1344  QWAVEdrv - ok
15:51:10.0198 0x1344  [ 000D82CC258E2D341605A6F350C4D1E6, 59EC5BA95D8B9EC739BC7D0BBE0E244CA2AE2DF01A8B65BFF7741DFBE38C2940 ] RapportCerberus_59849 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys
15:51:10.0207 0x1344  RapportCerberus_59849 - ok
15:51:10.0270 0x1344  [ 65F38060719F254E445EBC33E42BF1AF, 3A101571ABAF5BAD37105A3E47490118BD050FB6AE1FBEFA2A5B448ECAD441A4 ] RapportEI64     C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
15:51:10.0275 0x1344  RapportEI64 - ok
15:51:10.0303 0x1344  [ 0C9F7D59A83DF19897B60742E0D3F205, 7DB9B1A6FD9E9D8F9C836F22396AEDB0DBFD2687F532FBC57363C163A9D710A7 ] RapportKE64     C:\Windows\system32\Drivers\RapportKE64.sys
15:51:10.0309 0x1344  RapportKE64 - ok
15:51:10.0388 0x1344  [ AD5B5C2C88A4D7E8D5AAA68576CB79C2, EBED14980CF4BC34839D81C49CE34DBBEA12282FBA890DF0DC90C013E70B41B2 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
15:51:10.0412 0x1344  RapportMgmtService - ok
15:51:10.0455 0x1344  [ 400FC02504B250B86AA374689884B92B, 822D6F8BEBF5BBD78192BB688069F624F28EE195E23427BABFC56408D28002EC ] RapportPG64     C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
15:51:10.0463 0x1344  RapportPG64 - ok
15:51:10.0478 0x1344  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:51:10.0479 0x1344  RasAcd - ok
15:51:10.0509 0x1344  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:51:10.0511 0x1344  RasAgileVpn - ok
15:51:10.0527 0x1344  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
15:51:10.0530 0x1344  RasAuto - ok
15:51:10.0551 0x1344  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:51:10.0554 0x1344  Rasl2tp - ok
15:51:10.0580 0x1344  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
15:51:10.0587 0x1344  RasMan - ok
15:51:10.0599 0x1344  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:51:10.0601 0x1344  RasPppoe - ok
15:51:10.0617 0x1344  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:51:10.0619 0x1344  RasSstp - ok
15:51:10.0650 0x1344  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:51:10.0656 0x1344  rdbss - ok
15:51:10.0663 0x1344  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:51:10.0665 0x1344  rdpbus - ok
15:51:10.0677 0x1344  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:51:10.0678 0x1344  RDPCDD - ok
15:51:10.0695 0x1344  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:51:10.0696 0x1344  RDPENCDD - ok
15:51:10.0716 0x1344  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:51:10.0717 0x1344  RDPREFMP - ok
15:51:10.0770 0x1344  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:51:10.0771 0x1344  RdpVideoMiniport - ok
15:51:10.0792 0x1344  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:51:10.0797 0x1344  RDPWD - ok
15:51:10.0828 0x1344  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:51:10.0831 0x1344  rdyboost - ok
15:51:10.0855 0x1344  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:51:10.0858 0x1344  RemoteAccess - ok
15:51:10.0881 0x1344  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:51:10.0885 0x1344  RemoteRegistry - ok
15:51:10.0903 0x1344  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:51:10.0905 0x1344  RpcEptMapper - ok
15:51:10.0929 0x1344  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
15:51:10.0931 0x1344  RpcLocator - ok
15:51:10.0966 0x1344  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
15:51:10.0974 0x1344  RpcSs - ok
15:51:10.0987 0x1344  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:51:10.0989 0x1344  rspndr - ok
15:51:11.0023 0x1344  [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:51:11.0030 0x1344  RTL8167 - ok
15:51:11.0044 0x1344  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\Windows\system32\lsass.exe
15:51:11.0045 0x1344  SamSs - ok
15:51:11.0103 0x1344  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:51:11.0104 0x1344  SASDIFSV - ok
15:51:11.0115 0x1344  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:51:11.0115 0x1344  SASKUTIL - ok
15:51:11.0142 0x1344  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:51:11.0144 0x1344  sbp2port - ok
15:51:11.0172 0x1344  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:51:11.0176 0x1344  SCardSvr - ok
15:51:11.0201 0x1344  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:51:11.0203 0x1344  scfilter - ok
15:51:11.0244 0x1344  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
15:51:11.0261 0x1344  Schedule - ok
15:51:11.0293 0x1344  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:51:11.0295 0x1344  SCPolicySvc - ok
15:51:11.0322 0x1344  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:51:11.0327 0x1344  SDRSVC - ok
15:51:11.0349 0x1344  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:51:11.0350 0x1344  secdrv - ok
15:51:11.0368 0x1344  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
15:51:11.0370 0x1344  seclogon - ok
15:51:11.0380 0x1344  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
15:51:11.0383 0x1344  SENS - ok
15:51:11.0408 0x1344  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:51:11.0410 0x1344  SensrSvc - ok
15:51:11.0430 0x1344  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:51:11.0432 0x1344  Serenum - ok
15:51:11.0455 0x1344  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:51:11.0457 0x1344  Serial - ok
15:51:11.0484 0x1344  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:51:11.0486 0x1344  sermouse - ok
15:51:11.0506 0x1344  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
15:51:11.0510 0x1344  SessionEnv - ok
15:51:11.0529 0x1344  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:51:11.0530 0x1344  sffdisk - ok
15:51:11.0537 0x1344  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:51:11.0538 0x1344  sffp_mmc - ok
15:51:11.0540 0x1344  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:51:11.0541 0x1344  sffp_sd - ok
15:51:11.0562 0x1344  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:51:11.0563 0x1344  sfloppy - ok
15:51:11.0602 0x1344  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:51:11.0610 0x1344  SharedAccess - ok
15:51:11.0648 0x1344  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:51:11.0656 0x1344  ShellHWDetection - ok
15:51:11.0667 0x1344  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:51:11.0669 0x1344  SiSRaid2 - ok
15:51:11.0681 0x1344  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:51:11.0683 0x1344  SiSRaid4 - ok
15:51:11.0698 0x1344  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:51:11.0700 0x1344  Smb - ok
15:51:11.0721 0x1344  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:51:11.0722 0x1344  SNMPTRAP - ok
15:51:11.0733 0x1344  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:51:11.0733 0x1344  spldr - ok
15:51:11.0762 0x1344  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
15:51:11.0772 0x1344  Spooler - ok
15:51:11.0877 0x1344  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
15:51:11.0964 0x1344  sppsvc - ok
15:51:11.0982 0x1344  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:51:11.0984 0x1344  sppuinotify - ok
15:51:12.0018 0x1344  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:51:12.0026 0x1344  srv - ok
15:51:12.0045 0x1344  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:51:12.0053 0x1344  srv2 - ok
15:51:12.0065 0x1344  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:51:12.0068 0x1344  srvnet - ok
15:51:12.0096 0x1344  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:51:12.0100 0x1344  SSDPSRV - ok
15:51:12.0115 0x1344  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:51:12.0118 0x1344  SstpSvc - ok
15:51:12.0174 0x1344  [ A87A39F9B42D82F5D60D36BB1D3CC9D3, F609CC721B898B5053FE34B24C94970453BD57441F9A2C93D4F77CB297D56169 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
15:51:12.0184 0x1344  Steam Client Service - ok
15:51:12.0259 0x1344  [ A9D26626BEADF5A0641BF6B5095EF309, EABC711466FECA20058D7E24CA2593059E1F113B38A2E7574822E48BFBBF4146 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:51:12.0265 0x1344  Stereo Service - ok
15:51:12.0274 0x1344  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:51:12.0275 0x1344  stexstor - ok
15:51:12.0316 0x1344  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
15:51:12.0327 0x1344  stisvc - ok
15:51:12.0350 0x1344  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:51:12.0351 0x1344  swenum - ok
15:51:12.0420 0x1344  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:51:12.0430 0x1344  SwitchBoard - ok
15:51:12.0447 0x1344  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
15:51:12.0458 0x1344  swprv - ok
15:51:12.0523 0x1344  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
15:51:12.0578 0x1344  SysMain - ok
15:51:12.0601 0x1344  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:51:12.0604 0x1344  TabletInputService - ok
15:51:12.0742 0x1344  [ 276D287C0995625E138DB13F858E2334, 0975E741B49C5CF28D3F20580D1425A06F996BFFE8B129BDB1E69819CA57094A ] TabletServiceWacom C:\Windows\system32\Wacom_Tablet.exe
15:51:12.0864 0x1344  TabletServiceWacom - ok
15:51:12.0896 0x1344  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:51:12.0903 0x1344  TapiSrv - ok
15:51:12.0921 0x1344  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
15:51:12.0923 0x1344  TBS - ok
15:51:12.0994 0x1344  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:51:13.0045 0x1344  Tcpip - ok
15:51:13.0096 0x1344  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:51:13.0122 0x1344  TCPIP6 - ok
15:51:13.0147 0x1344  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:51:13.0149 0x1344  tcpipreg - ok
15:51:13.0169 0x1344  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:51:13.0170 0x1344  TDPIPE - ok
15:51:13.0195 0x1344  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:51:13.0205 0x1344  TDTCP - ok
15:51:13.0243 0x1344  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:51:13.0246 0x1344  tdx - ok
15:51:13.0265 0x1344  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:51:13.0266 0x1344  TermDD - ok
15:51:13.0300 0x1344  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
15:51:13.0313 0x1344  TermService - ok
15:51:13.0322 0x1344  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
15:51:13.0325 0x1344  Themes - ok
15:51:13.0343 0x1344  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
15:51:13.0345 0x1344  THREADORDER - ok
15:51:13.0357 0x1344  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
15:51:13.0360 0x1344  TrkWks - ok
15:51:13.0405 0x1344  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:51:13.0409 0x1344  TrustedInstaller - ok
15:51:13.0434 0x1344  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:51:13.0436 0x1344  tssecsrv - ok
15:51:13.0470 0x1344  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:51:13.0472 0x1344  TsUsbFlt - ok
15:51:13.0514 0x1344  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:51:13.0517 0x1344  tunnel - ok
15:51:13.0532 0x1344  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:51:13.0534 0x1344  uagp35 - ok
15:51:13.0562 0x1344  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:51:13.0568 0x1344  udfs - ok
15:51:13.0588 0x1344  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:51:13.0590 0x1344  UI0Detect - ok
15:51:13.0598 0x1344  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:51:13.0599 0x1344  uliagpkx - ok
15:51:13.0626 0x1344  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:51:13.0628 0x1344  umbus - ok
15:51:13.0639 0x1344  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:51:13.0640 0x1344  UmPass - ok
15:51:13.0654 0x1344  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
15:51:13.0662 0x1344  upnphost - ok
15:51:13.0689 0x1344  [ ACCEA6BC68D0C9A78EB97EE159028B4E, 132F7A543C1DA9456FBABA50552B37E3162ACA612A8567BB3FF0F7DA84231419 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:51:13.0692 0x1344  usbccgp - ok
15:51:13.0719 0x1344  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:51:13.0722 0x1344  usbcir - ok
15:51:13.0748 0x1344  [ 311C1DD1088E55BEAE15954D17F50646, A663344ABD1414D570617F59CC00020640F31DB34265142EFCA8817328DB842A ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:51:13.0750 0x1344  usbehci - ok
15:51:13.0764 0x1344  [ 280E90CBF4B2DDD169F0728CB44D726F, 2B39666C022A4F7338BDDB4CB0D7B4D0CC6B398298D29E38826F27FADF4C29DD ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:51:13.0771 0x1344  usbhub - ok
15:51:13.0798 0x1344  [ 9406D801042FAF859CF81B2C886413DC, D16536EC05260D7A2902314E1AA5E5F73533483B9967739C381FD41B6192B92F ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:51:13.0799 0x1344  usbohci - ok
15:51:13.0810 0x1344  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:51:13.0812 0x1344  usbprint - ok
15:51:13.0842 0x1344  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
15:51:13.0843 0x1344  usbscan - ok
15:51:13.0868 0x1344  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:51:13.0871 0x1344  USBSTOR - ok
15:51:13.0883 0x1344  [ A83D0EC9AE4C31704442099D40BA2471, A29D714FCDF10DF7A2A17D54B131AEFDA61AED988CF8B99C7B30728C50130DCE ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:51:13.0885 0x1344  usbuhci - ok
15:51:13.0910 0x1344  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
15:51:13.0912 0x1344  UxSms - ok
15:51:13.0918 0x1344  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\Windows\system32\lsass.exe
15:51:13.0920 0x1344  VaultSvc - ok
15:51:13.0930 0x1344  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:51:13.0931 0x1344  vdrvroot - ok
15:51:13.0967 0x1344  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
15:51:13.0978 0x1344  vds - ok
15:51:13.0993 0x1344  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:51:13.0995 0x1344  vga - ok
15:51:14.0006 0x1344  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:51:14.0007 0x1344  VgaSave - ok
15:51:14.0032 0x1344  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:51:14.0036 0x1344  vhdmp - ok
15:51:14.0053 0x1344  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:51:14.0054 0x1344  viaide - ok
15:51:14.0063 0x1344  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:51:14.0065 0x1344  volmgr - ok
15:51:14.0098 0x1344  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:51:14.0105 0x1344  volmgrx - ok
15:51:14.0116 0x1344  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:51:14.0121 0x1344  volsnap - ok
15:51:14.0138 0x1344  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:51:14.0142 0x1344  vsmraid - ok
15:51:14.0200 0x1344  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
15:51:14.0246 0x1344  VSS - ok
15:51:14.0254 0x1344  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:51:14.0255 0x1344  vwifibus - ok
15:51:14.0270 0x1344  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
15:51:14.0278 0x1344  W32Time - ok
15:51:14.0306 0x1344  [ 6B6718DC4B4597EC10F4F8C614282EE1, 5383E48210CC8A8BAECFD2F84F58E8551B77C9723197E896C4146901A746B660 ] wacmoumonitor   C:\Windows\system32\DRIVERS\wacmoumonitor.sys
15:51:14.0308 0x1344  wacmoumonitor - ok
15:51:14.0345 0x1344  [ E04D43C7D1641E95D35CAE6086C7E350, BF08ED680EC835D70C522B91560B8987F206793E8E2987117C1D7B77DEFF8556 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
15:51:14.0346 0x1344  wacommousefilter - ok
15:51:14.0349 0x1344  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:51:14.0350 0x1344  WacomPen - ok
15:51:14.0376 0x1344  [ 26B430E7C5F598FE7353E3BC4B261321, 86D612DAA7381CD9A58AF4F60D2413705DD6C8DC2BDCC43ACD3C8063A7D52E07 ] wacomvhid       C:\Windows\system32\DRIVERS\wacomvhid.sys
15:51:14.0377 0x1344  wacomvhid - ok
15:51:14.0402 0x1344  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:51:14.0405 0x1344  WANARP - ok
15:51:14.0408 0x1344  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:51:14.0410 0x1344  Wanarpv6 - ok
15:51:14.0484 0x1344  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
15:51:14.0533 0x1344  WatAdminSvc - ok
15:51:14.0582 0x1344  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
15:51:14.0624 0x1344  wbengine - ok
15:51:14.0653 0x1344  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:51:14.0658 0x1344  WbioSrvc - ok
15:51:14.0688 0x1344  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:51:14.0697 0x1344  wcncsvc - ok
15:51:14.0709 0x1344  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:51:14.0711 0x1344  WcsPlugInService - ok
15:51:14.0721 0x1344  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:51:14.0723 0x1344  Wd - ok
15:51:14.0760 0x1344  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:51:14.0773 0x1344  Wdf01000 - ok
15:51:14.0785 0x1344  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:51:14.0788 0x1344  WdiServiceHost - ok
15:51:14.0791 0x1344  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:51:14.0794 0x1344  WdiSystemHost - ok
15:51:14.0818 0x1344  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
15:51:14.0824 0x1344  WebClient - ok
15:51:14.0842 0x1344  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:51:14.0848 0x1344  Wecsvc - ok
15:51:14.0858 0x1344  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:51:14.0861 0x1344  wercplsupport - ok
15:51:14.0878 0x1344  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:51:14.0881 0x1344  WerSvc - ok
15:51:14.0897 0x1344  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:51:14.0898 0x1344  WfpLwf - ok
15:51:14.0906 0x1344  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:51:14.0907 0x1344  WIMMount - ok
15:51:14.0920 0x1344  WinDefend - ok
15:51:14.0929 0x1344  WinHttpAutoProxySvc - ok
15:51:14.0974 0x1344  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:51:14.0979 0x1344  Winmgmt - ok
15:51:15.0053 0x1344  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:51:15.0129 0x1344  WinRM - ok
15:51:15.0201 0x1344  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:51:15.0218 0x1344  Wlansvc - ok
15:51:15.0287 0x1344  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:51:15.0288 0x1344  WmiAcpi - ok
15:51:15.0316 0x1344  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:51:15.0321 0x1344  wmiApSrv - ok
15:51:15.0332 0x1344  WMPNetworkSvc - ok
15:51:15.0415 0x1344  [ 83B6CA03C846FCD47F9883D77D1EB27B, 1616DBBC95085B6618B7F884383507E2A54D561A41288E79FA6DC99218C02802 ] WMZuneComm      C:\Program Files\Zune\WMZuneComm.exe
15:51:15.0422 0x1344  WMZuneComm - ok
15:51:15.0434 0x1344  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:51:15.0436 0x1344  WPCSvc - ok
15:51:15.0464 0x1344  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:51:15.0467 0x1344  WPDBusEnum - ok
15:51:15.0473 0x1344  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:51:15.0474 0x1344  ws2ifsl - ok
15:51:15.0488 0x1344  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
15:51:15.0491 0x1344  wscsvc - ok
15:51:15.0520 0x1344  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
15:51:15.0522 0x1344  WSDPrintDevice - ok
15:51:15.0524 0x1344  WSearch - ok
15:51:15.0599 0x1344  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:51:15.0655 0x1344  wuauserv - ok
15:51:15.0679 0x1344  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:51:15.0681 0x1344  WudfPf - ok
15:51:15.0699 0x1344  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:51:15.0703 0x1344  WUDFRd - ok
15:51:15.0727 0x1344  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:51:15.0730 0x1344  wudfsvc - ok
15:51:15.0762 0x1344  [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:51:15.0768 0x1344  WwanSvc - ok
15:51:15.0999 0x1344  [ 67B787C34FB2888D01B130AE007042D8, E44878E53F265C89F271B08B81C129105E42D1C78C14467B2D96E28A9A428B1A ] ZuneNetworkSvc  C:\Program Files\Zune\ZuneNss.exe
15:51:16.0206 0x1344  ZuneNetworkSvc - ok
15:51:16.0247 0x1344  [ 4D89FC1C20CF655739EFAC5DA81A67BC, 788D0A5B9972ED6D80242C0C5E80AB0FAB44A708B896D5F724AC1559A291C8DD ] ZuneWlanCfgSvc  C:\Program Files\Zune\ZuneWlanCfgSvc.exe
15:51:16.0257 0x1344  ZuneWlanCfgSvc - ok
15:51:16.0294 0x1344  [ 604E6E21361356CA8DCD22A4064C5E1A, E606421CBBB22CCA1A734960658AD03D86227BD8AB3F7F444131828696F21949 ] {EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTHWIUT.SYS C:\Windows\SYSTEM32\{EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTHWIUT.SYS
15:51:16.0297 0x1344  Suspicious file ( Forged ): C:\Windows\SYSTEM32\{EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTHWIUT.SYS. Real md5: 604E6E21361356CA8DCD22A4064C5E1A, sha256: E606421CBBB22CCA1A734960658AD03D86227BD8AB3F7F444131828696F21949, fake md5: 91767EFEDFDBCD5A76BAAC71AB2B5B54, fake sha256: 6EFA6FAEC2698023F6E317EF06A2A718F88D8D0D9A2390A61780ED9BADBF83E4
15:51:16.0298 0x1344  {EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTHWIUT.SYS - detected ForgedFile.Multi.Generic ( 1 )
15:51:19.0127 0x1344  {EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTHWIUT.SYS ( ForgedFile.Multi.Generic ) - warning
15:51:19.0127 0x1344  Force sending object to P2P due to detect: C:\Windows\SYSTEM32\{EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTHWIUT.SYS
15:51:21.0799 0x1344  Object send P2P result: true
15:51:24.0274 0x1344  ================ Scan global ===============================
15:51:24.0296 0x1344  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
15:51:24.0326 0x1344  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
15:51:24.0335 0x1344  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
15:51:24.0367 0x1344  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
15:51:24.0398 0x1344  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
15:51:24.0405 0x1344  [ Global ] - ok
15:51:24.0406 0x1344  ================ Scan MBR ==================================
15:51:24.0420 0x1344  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:51:24.0603 0x1344  \Device\Harddisk0\DR0 - ok
15:51:24.0608 0x1344  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
15:51:24.0624 0x1344  \Device\Harddisk1\DR1 - ok
15:51:24.0624 0x1344  ================ Scan VBR ==================================
15:51:24.0626 0x1344  [ C315FF36F03F1DB1B4586253F4B54DCD ] \Device\Harddisk0\DR0\Partition1
15:51:24.0627 0x1344  \Device\Harddisk0\DR0\Partition1 - ok
15:51:24.0628 0x1344  [ A51ACC9CD49B6B84074C9C256284FEE3 ] \Device\Harddisk1\DR1\Partition1
15:51:24.0629 0x1344  \Device\Harddisk1\DR1\Partition1 - ok
15:51:24.0644 0x1344  AV detected via SS2: ESET NOD32 Antivirus 6.0, C:\Program Files\ESET\ESET NOD32 Antivirus\ecmd.exe ( 6.0.308.0 ), 0x41000 ( enabled : updated )
15:51:24.0646 0x1344  Win FW state via NFP2: enabled
15:51:27.0090 0x1344  ============================================================
15:51:27.0090 0x1344  Scan finished
15:51:27.0090 0x1344  ============================================================
15:51:27.0094 0x17ec  Detected object count: 13
15:51:27.0094 0x17ec  Actual detected object count: 13
15:52:41.0896 0x17ec  CT20XUT ( ForgedFile.Multi.Generic ) - skipped by user
15:52:41.0896 0x17ec  CT20XUT ( ForgedFile.Multi.Generic ) - User select action: Skip
15:52:41.0897 0x17ec  CT20XUT.SYS ( ForgedFile.Multi.Generic ) - skipped by user
15:52:41.0897 0x17ec  CT20XUT.SYS ( ForgedFile.Multi.Generic ) - User select action: Skip
15:52:41.0897 0x17ec  ctac32k ( ForgedFile.Multi.Generic ) - skipped by user
15:52:41.0897 0x17ec  ctac32k ( ForgedFile.Multi.Generic ) - User select action: Skip
15:52:41.0898 0x17ec  ctaud2k ( ForgedFile.Multi.Generic ) - skipped by user
15:52:41.0898 0x17ec  ctaud2k ( ForgedFile.Multi.Generic ) - User select action: Skip
15:52:41.0899 0x17ec  CTEXFIFX ( ForgedFile.Multi.Generic ) - skipped by user
15:52:41.0899 0x17ec  CTEXFIFX ( ForgedFile.Multi.Generic ) - User select action: Skip
15:52:41.0900 0x17ec  CTEXFIFX.SYS ( ForgedFile.Multi.Generic ) - skipped by user
15:52:41.0900 0x17ec  CTEXFIFX.SYS ( ForgedFile.Multi.Generic ) - User select action: Skip
15:52:41.0901 0x17ec  CTHWIUT ( ForgedFile.Multi.Generic ) - skipped by user
15:52:41.0901 0x17ec  CTHWIUT ( ForgedFile.Multi.Generic ) - User select action: Skip
15:52:41.0901 0x17ec  CTHWIUT.SYS ( ForgedFile.Multi.Generic ) - skipped by user
15:52:41.0901 0x17ec  CTHWIUT.SYS ( ForgedFile.Multi.Generic ) - User select action: Skip
15:52:41.0902 0x17ec  ctprxy2k ( ForgedFile.Multi.Generic ) - skipped by user
15:52:41.0902 0x17ec  ctprxy2k ( ForgedFile.Multi.Generic ) - User select action: Skip
15:52:41.0903 0x17ec  emupia ( ForgedFile.Multi.Generic ) - skipped by user
15:52:41.0903 0x17ec  emupia ( ForgedFile.Multi.Generic ) - User select action: Skip
15:52:41.0904 0x17ec  ha20x22k ( ForgedFile.Multi.Generic ) - skipped by user
15:52:41.0904 0x17ec  ha20x22k ( ForgedFile.Multi.Generic ) - User select action: Skip
15:52:41.0904 0x17ec  ha20x2k ( ForgedFile.Multi.Generic ) - skipped by user
15:52:41.0904 0x17ec  ha20x2k ( ForgedFile.Multi.Generic ) - User select action: Skip
15:52:41.0905 0x17ec  {EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTHWIUT.SYS ( ForgedFile.Multi.Generic ) - skipped by user
15:52:41.0905 0x17ec  {EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTHWIUT.SYS ( ForgedFile.Multi.Generic ) - User select action: Skip

 

--------------------------------------------------------------------------------------------------------
 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:30 PM

Posted 28 December 2013 - 12:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/518334 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:30 PM

Posted 02 January 2014 - 12:20 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users