Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Maxed out CPU/Ram & Random Radio/Ads Playing


  • This topic is locked This topic is locked
30 replies to this topic

#1 Suprr

Suprr

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 02 January 2014 - 08:52 PM

Right after New Years Eve I encountered a strange audio flickering even after closing all programs and restarting. Upon looking in the sound mixer, I discover that a program under the name "Name Not Available" is causing this. Therefore, I looked under resource monitor and discovered the svchost was using a very large amount of CPU also, when the audio was playing the "network" tab displayed that my computer was receiving a lot of data from the "DcomLaunch" version of svchost.exe. I concluded that my svchost is quite possibly infected, so I decided to run numerous scans including Malwarebytes, Microsoft malicious software removal tool, Microsoft Security Essentials, Spybot Search and Destroy, and lastly, I ran TDSSKiller after researching this issue, and found out it may be a rootkit. After running TDSSKiller DcomLaunch and RpcSs came up as potentially malicious, further proving my suspicions. Both tasks are using the file (c:\Windows\System32\rcpss.dll). Lastly, after quarantining them and restarting, I ran TDSSKiller again to find that the "malicious" files are there once again. Please help.
================================================
Below I have attached the DDS Log and the TDSSKiller Log:
================================================
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.17267  BrowserJavaVersion: 10.45.2
Run by Mike at 20:30:53 on 2014-01-02
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.6007.2488 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRServer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRFeature.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Mike\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Mike\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\hp\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe
C:\Program Files (x86)\Ralink\Common\RaUI.exe
C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\hp\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Windows\system32\SndVol.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
c:\program files (x86)\teamviewer\version9\TeamViewer_Desktop.exe
C:\Users\Mike\Desktop\TDSSKiller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Mike\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mDefault_Page_URL = about:blank
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [F.lux] "C:\Users\Mike\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Spotify Web Helper] "C:\Users\Mike\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [HP Officejet 6600 (NET)] "C:\Program Files\hp\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" -deviceID "CN37N7SJ5R05RN:NW" -scfn "HP Officejet 6600 (NET)" -AutoStart 1
uRun: [Akamai NetSession Interface] "C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
dRun: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
StartupFolder: C:\Users\Mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PLAYWI~1.LNK - C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RALINK~1.LNK - C:\Program Files (x86)\Ralink\Common\RaUI.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{260F2662-1516-4A64-A0A5-E028A1423F07} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{260F2662-1516-4A64-A0A5-E028A1423F07}\8393742333241314437354 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9FB34F5F-4FD5-4624-9025-27DF0297C5C3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9FB34F5F-4FD5-4624-9025-27DF0297C5C3}\2796A7A7F63757166756 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{9FB34F5F-4FD5-4624-9025-27DF0297C5C3}\8393742333241314437354 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B6F6691E-0754-4E7E-BDAF-DCC64132D704} : DHCPNameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{EF4FF472-4561-47C9-90A2-3290BFC79932} : DHCPNameServer = 7.254.254.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m8n5cd2s.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/?type=714647&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Mike\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m8n5cd2s.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m8n5cd2s.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0 
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R?2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-7 1370912]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-1-1 652344]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-1-1 28216]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-3-23 283200]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2013-9-5 46792]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 2210640]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2013-7-25 853800]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2013-7-25 548136]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-4 14904]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2013-1-1 2464400]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 377104]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2013-4-30 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-12-6 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-22 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-22 701512]
R2 McNeelUpdate;McNeel Update Service 5.0;C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [2012-10-25 67752]
R2 mitsijm2014;Autodesk Simulation Moldflow MITSI 2014 Job Manager;C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe [2013-1-25 952608]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-7 15125280]
R2 RalinkRegistryWriter;RalinkRegistryWriter;C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [2013-1-1 372736]
R2 RalinkRegistryWriter64;RalinkRegistryWriter64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2013-1-1 447488]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-1-6 1153368]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2013-6-28 789856]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-8-7 609056]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-11 414496]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-28 5341536]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-4 2320920]
R3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-1-18 25632]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-3-4 56344]
R3 KeyScrambler;KeyScrambler;C:\Windows\System32\drivers\keyscrambler.sys [2011-9-22 222904]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2012-10-2 66360]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech HD Webcam C510(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2011-8-19 4865568]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-4-21 25928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-12-7 39200]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2013-1-1 243712]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-1-1 769168]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-6-20 42184]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2011-4-21 35112]
R3 VSTWinDriver6;VSTWinDriver6;C:\Windows\System32\drivers\VSTwindrvr6.sys [2013-3-29 252928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 BCMH43XX;N+ Wireless USB Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2009-11-6 838136]
S3 CGVPNCliSrvc;CyberGhost VPN Client;C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2012-2-12 2430128]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-10-28 107288]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-11-15 1471352]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-3-4 158976]
S3 MonitorFunction;Driver for Monitor;C:\Windows\System32\drivers\TVMonitor.sys [2011-1-12 16376]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 RaMediaServer;Ralink UPnP Media Server;C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [2013-1-1 1863680]
S3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-8-25 202632]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-10-28 204568]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2012-10-13 31232]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-10-13 754584]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-21 1255736]
.
=============== File Associations ===============
.
FileExt: .scr: DWGTrueViewScriptFile=C:\Windows\System32\notepad.exe "%1"
FileExt: .js: JSFile=C:\Windows\System32\WScript.exe "%1" %* [UserChoice]
.
=============== Created Last 30 ================
.
2014-01-02 22:56:44 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-02 22:56:42 117464 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-01-02 22:55:59 89304 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-01-02 22:50:33 -------- d-----w- C:\Windows\ERUNT
2014-01-02 22:21:52 -------- d-----w- C:\TDSSKiller_Quarantine
2014-01-02 22:17:59 46592 ----a-w- C:\Windows\System32\drivers\qwavedrv.sys.bak
2014-01-02 22:16:59 652344 ----a-w- C:\Windows\System32\drivers\iaStorA.sys.bak
2014-01-02 04:14:53 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A9A4D735-D3D3-4133-A6F6-2F14B69CF75A}\mpengine.dll
2014-01-02 03:48:35 -------- d-sh--w- C:\$RECYCLE.BIN
2014-01-02 03:17:03 98816 ----a-w- C:\Windows\sed.exe
2014-01-02 03:17:03 256000 ----a-w- C:\Windows\PEV.exe
2014-01-02 03:17:03 208896 ----a-w- C:\Windows\MBR.exe
2014-01-02 03:16:52 -------- d-----w- C:\ComboFix
2013-12-31 21:15:33 10315576 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-25 16:18:30 40960 ----a-r- C:\Users\Mike\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2013-12-25 16:18:30 40960 ----a-r- C:\Users\Mike\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2013-12-25 16:18:28 -------- d-----w- C:\Program Files (x86)\Project64 1.6
2013-12-25 16:13:25 -------- d-----w- C:\Windows\USB_Vibration
2013-12-25 16:12:12 -------- d-----w- C:\Program Files (x86)\USB_Vibration
2013-12-22 02:03:15 -------- d-----w- C:\Users\Mike\AppData\Roaming\DogeCoin
2013-12-07 19:57:28 -------- d-----w- C:\Users\Mike\AppData\Local\NVIDIA
2013-12-07 19:56:53 1064224 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-12-07 19:56:52 955168 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-12-07 15:02:08 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2013-12-07 04:22:55 60744 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LMIproc.dll
2013-12-07 04:22:55 35656 ----a-w- C:\Windows\System32\LMIport.dll
2013-12-07 04:22:54 72216 ----a-w- C:\Windows\System32\drivers\LMIRfsDriver.sys
2013-12-07 04:22:54 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2013-12-07 04:22:54 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2013-12-07 04:22:44 92488 ----a-w- C:\Windows\System32\LMIinit.dll
2013-12-07 04:22:05 -------- d-----w- C:\Program Files (x86)\LogMeIn
2013-12-07 01:31:38 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C8C1FCD-D0E3-4831-8FCB-78ECB5D06E07}\gapaengine.dll
.
==================== Find3M  ====================
.
2013-12-11 05:07:23 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 05:07:23 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-07 20:12:23 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-12-07 20:06:01 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-11-24 00:21:51 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-11 15:02:02 6674208 ----a-w- C:\Windows\System32\nvcpl.dll
2013-11-11 15:02:02 3490080 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-11-11 15:01:59 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-11-11 15:01:59 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-11-11 15:01:59 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-11-11 15:01:58 3467927 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-11-11 13:59:28 590112 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-10-28 06:12:12 204568 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2013-10-28 06:12:10 107288 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2013-10-08 11:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 20:34:21.97 ===============
20:07:31.0749 0x197c  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
20:07:34.0222 0x197c  ============================================================
20:07:34.0222 0x197c  Current date / time: 2014/01/02 20:07:34.0222
20:07:34.0222 0x197c  SystemInfo:
20:07:34.0222 0x197c  
20:07:34.0222 0x197c  OS Version: 6.1.7600 ServicePack: 0.0
20:07:34.0222 0x197c  Product type: Workstation
20:07:34.0222 0x197c  ComputerName: MIKE-HP
20:07:34.0223 0x197c  UserName: Mike
20:07:34.0223 0x197c  Windows directory: C:\Windows
20:07:34.0223 0x197c  System windows directory: C:\Windows
20:07:34.0223 0x197c  Running under WOW64
20:07:34.0223 0x197c  Processor architecture: Intel x64
20:07:34.0223 0x197c  Number of processors: 4
20:07:34.0223 0x197c  Page size: 0x1000
20:07:34.0223 0x197c  Boot type: Normal boot
20:07:34.0223 0x197c  ============================================================
20:07:41.0544 0x197c  KLMD registered as C:\Windows\system32\drivers\54940180.sys
20:07:41.0696 0x197c  System UUID: {91EA13B0-FF91-0FA5-62F8-9A25796AD963}
20:07:42.0596 0x197c  Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:07:42.0701 0x197c  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:07:42.0705 0x197c  ============================================================
20:07:42.0705 0x197c  \Device\Harddisk0\DR0:
20:07:43.0063 0x197c  MBR partitions:
20:07:43.0063 0x197c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:07:43.0063 0x197c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAD0C1800
20:07:43.0063 0x197c  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xAD0F4000, BlocksNum 0x1993000
20:07:43.0063 0x197c  \Device\Harddisk1\DR1:
20:07:43.0067 0x197c  MBR partitions:
20:07:43.0068 0x197c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
20:07:43.0068 0x197c  ============================================================
20:07:43.0886 0x197c  C: <-> \Device\Harddisk0\DR0\Partition2
20:07:44.0162 0x197c  D: <-> \Device\Harddisk0\DR0\Partition3
20:07:44.0173 0x197c  F: <-> \Device\Harddisk1\DR1\Partition1
20:07:44.0173 0x197c  ============================================================
20:07:44.0173 0x197c  Initialize success
20:07:44.0173 0x197c  ============================================================
20:07:52.0395 0x1c54  ============================================================
20:07:52.0395 0x1c54  Scan started
20:07:52.0395 0x1c54  Mode: Manual; SigCheck; TDLFS; 
20:07:52.0395 0x1c54  ============================================================
20:07:52.0395 0x1c54  KSN ping started
20:08:17.0881 0x1c54  KSN ping finished: true
20:08:25.0592 0x1c54  ================ Scan system memory ========================
20:08:25.0592 0x1c54  System memory - ok
20:08:25.0593 0x1c54  ================ Scan services =============================
20:08:42.0024 0x1c54  [ 1B00662092F9F9568B995902F0CC40D5, D345014CF146FA57B2682C189D5E7F27D4C78F321F2723D912D623E777C2BB70 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
20:08:42.0343 0x1c54  1394ohci - ok
20:08:42.0525 0x1c54  [ 6F11E88748CDEFD2F76AA215F97DDFE5, BD0B3561EDCDE5EFD89372793CFD09DF879709BF469542F4A049705CBA9FD060 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
20:08:42.0547 0x1c54  ACPI - ok
20:08:42.0597 0x1c54  [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
20:08:44.0191 0x1c54  AcpiPmi - ok
20:08:45.0347 0x1c54  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:08:45.0371 0x1c54  AdobeARMservice - ok
20:08:56.0208 0x1c54  [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:08:56.0223 0x1c54  AdobeFlashPlayerUpdateSvc - ok
20:08:56.0335 0x1c54  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:08:56.0370 0x1c54  adp94xx - ok
20:08:56.0412 0x1c54  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:08:56.0439 0x1c54  adpahci - ok
20:08:56.0456 0x1c54  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:08:56.0473 0x1c54  adpu320 - ok
20:08:56.0501 0x1c54  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:08:57.0079 0x1c54  AeLookupSvc - ok
20:08:57.0261 0x1c54  [ DB9D6C6B2CD95A9CA414D045B627422E, A4A0B2ACBFE311C20EF9F06A49DBE02CE90433C2364B292F6E8F78F6C274DF88 ] AFD             C:\Windows\system32\drivers\afd.sys
20:08:57.0537 0x1c54  AFD - ok
20:08:57.0609 0x1c54  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
20:08:57.0625 0x1c54  agp440 - ok
20:08:57.0681 0x1c54  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
20:08:57.0773 0x1c54  ALG - ok
20:08:57.0796 0x1c54  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
20:08:57.0810 0x1c54  aliide - ok
20:08:58.0496 0x1c54  ALSysIO - ok
20:08:58.0514 0x1c54  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
20:08:58.0525 0x1c54  amdide - ok
20:08:58.0542 0x1c54  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:08:58.0595 0x1c54  AmdK8 - ok
20:08:58.0636 0x1c54  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:08:58.0709 0x1c54  AmdPPM - ok
20:08:58.0752 0x1c54  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9, 786B30C86FA7FEC6BA2569FF818044AA0F7C134693304ED0FF7BD0541F9A755F ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:08:58.0784 0x1c54  amdsata - ok
20:08:58.0837 0x1c54  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:08:58.0857 0x1c54  amdsbs - ok
20:08:58.0888 0x1c54  [ DB27766102C7BF7E95140A2AA81D042E, 489F812B596EA06E53D891CD05047AA17CDF752854BBD553BA65D10799AF78DF ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:08:58.0900 0x1c54  amdxata - ok
20:08:58.0958 0x1c54  [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID           C:\Windows\system32\drivers\appid.sys
20:08:59.0060 0x1c54  AppID - ok
20:08:59.0086 0x1c54  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:08:59.0171 0x1c54  AppIDSvc - ok
20:08:59.0214 0x1c54  [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo         C:\Windows\System32\appinfo.dll
20:08:59.0305 0x1c54  Appinfo - ok
20:08:59.0478 0x1c54  [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:08:59.0488 0x1c54  Apple Mobile Device - ok
20:08:59.0531 0x1c54  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:08:59.0548 0x1c54  arc - ok
20:08:59.0571 0x1c54  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:08:59.0585 0x1c54  arcsas - ok
20:09:00.0057 0x1c54  [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:09:00.0315 0x1c54  aspnet_state - ok
20:09:00.0342 0x1c54  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:09:00.0562 0x1c54  AsyncMac - ok
20:09:00.0738 0x1c54  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
20:09:00.0751 0x1c54  atapi - ok
20:09:00.0798 0x1c54  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:09:00.0934 0x1c54  AudioEndpointBuilder - ok
20:09:01.0110 0x1c54  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:09:01.0174 0x1c54  AudioSrv - ok
20:09:01.0258 0x1c54  [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:09:01.0922 0x1c54  AxInstSV - ok
20:09:02.0192 0x1c54  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:09:02.0385 0x1c54  b06bdrv - ok
20:09:02.0421 0x1c54  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:09:02.0476 0x1c54  b57nd60a - ok
20:09:02.0613 0x1c54  [ E49110A58A32E9450356686A95DD7763, 0C16196F48184907B92167AD6C4DA3A6039711AB99CB0D2D1BD37F935696303B ] BCMH43XX        C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
20:09:02.0697 0x1c54  BCMH43XX - ok
20:09:02.0853 0x1c54  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:09:03.0092 0x1c54  BDESVC - ok
20:09:03.0284 0x1c54  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:09:03.0639 0x1c54  Beep - ok
20:09:04.0108 0x1c54  [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE             C:\Windows\System32\bfe.dll
20:09:04.0287 0x1c54  BFE - ok
20:09:04.0607 0x1c54  [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS            C:\Windows\system32\qmgr.dll
20:09:05.0036 0x1c54  BITS - ok
20:09:05.0167 0x1c54  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:09:05.0185 0x1c54  blbdrive - ok
20:09:06.0217 0x1c54  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:09:06.0479 0x1c54  Bonjour Service - ok
20:09:06.0607 0x1c54  [ 19D20159708E152267E53B66677A4995, 6401FA5C3EFF26BED075FEC68F868CD8D0598FDB45EA9381810615F7252F7A9A ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:09:06.0707 0x1c54  bowser - ok
20:09:06.0940 0x1c54  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:09:06.0999 0x1c54  BrFiltLo - ok
20:09:07.0030 0x1c54  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:09:07.0047 0x1c54  BrFiltUp - ok
20:09:07.0739 0x1c54  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
20:09:07.0963 0x1c54  BridgeMP - ok
20:09:08.0177 0x1c54  [ 6B054C67AAA87843504E8E3C09102009, 284AA58625FBDBFECB851A35407331B40BAEC141F2DCEDB9F15733BAB22F5C81 ] Browser         C:\Windows\System32\browser.dll
20:09:08.0307 0x1c54  Browser - ok
20:09:08.0380 0x1c54  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:09:08.0541 0x1c54  Brserid - ok
20:09:08.0596 0x1c54  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:09:08.0654 0x1c54  BrSerWdm - ok
20:09:08.0681 0x1c54  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:09:08.0740 0x1c54  BrUsbMdm - ok
20:09:08.0811 0x1c54  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:09:08.0885 0x1c54  BrUsbSer - ok
20:09:08.0927 0x1c54  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:09:09.0008 0x1c54  BTHMODEM - ok
20:09:09.0049 0x1c54  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
20:09:09.0127 0x1c54  bthserv - ok
20:09:09.0260 0x1c54  catchme - ok
20:09:09.0319 0x1c54  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:09:09.0818 0x1c54  cdfs - ok
20:09:09.0950 0x1c54  [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:09:09.0976 0x1c54  cdrom - ok
20:09:10.0051 0x1c54  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:09:10.0186 0x1c54  CertPropSvc - ok
20:09:10.0478 0x1c54  [ 6A61DFC83D7BB41F376CBB16124D480B, BF6FEB177D892BA4EE2973596A99A5F23DE28EE164FBF47EAC7A601EDD103EDD ] CGVPNCliSrvc    C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
20:09:10.0621 0x1c54  CGVPNCliSrvc - ok
20:09:10.0719 0x1c54  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:09:10.0787 0x1c54  circlass - ok
20:09:11.0035 0x1c54  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
20:09:11.0064 0x1c54  CLFS - ok
20:09:11.0687 0x1c54  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:09:11.0709 0x1c54  clr_optimization_v2.0.50727_32 - ok
20:09:12.0054 0x1c54  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:09:12.0065 0x1c54  clr_optimization_v2.0.50727_64 - ok
20:09:12.0145 0x1c54  [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:09:12.0291 0x1c54  clr_optimization_v4.0.30319_32 - ok
20:09:12.0399 0x1c54  [ 86329C35FF23CFEF0FB6C0023BA06BCE, D915CE7AD564F97A1C3B047D5248B7EF67ADDC59687FBC90F1776C21DAA0D3FD ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:09:12.0420 0x1c54  clr_optimization_v4.0.30319_64 - ok
20:09:12.0455 0x1c54  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:09:12.0497 0x1c54  CmBatt - ok
20:09:12.0530 0x1c54  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
20:09:12.0545 0x1c54  cmdide - ok
20:09:12.0767 0x1c54  [ CA7720B73446FDDEC5C69519C1174C98, F24796765587CC1D653A04783B1659564F42E600DA3AFA3DED724592B291D033 ] CNG             C:\Windows\system32\Drivers\cng.sys
20:09:12.0820 0x1c54  CNG - ok
20:09:12.0855 0x1c54  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:09:12.0874 0x1c54  Compbatt - ok
20:09:13.0003 0x1c54  [ 59D203C3F46F3CA536ECAC0E084CD887, 0D04D469ADE2AEFAA18920E13A8EC74FDFB7C6827A78BFCD987B66D579BFF846 ] CompFilter64    C:\Windows\system32\DRIVERS\lvbflt64.sys
20:09:13.0107 0x1c54  CompFilter64 - ok
20:09:13.0127 0x1c54  [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
20:09:13.0177 0x1c54  CompositeBus - ok
20:09:13.0222 0x1c54  COMSysApp - ok
20:09:13.0720 0x1c54  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:09:13.0857 0x1c54  crcdisk - ok
20:09:14.0274 0x1c54  [ BAF19B633933A9FB4883D27D66C39E9A, 2D8ABB5161736CCCADA67B3E6A8D70B0B5E1E3FE6084561891F394DA191B3439 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:09:14.0451 0x1c54  CryptSvc - ok
20:09:14.0594 0x1c54  [ 1F911C2BBAD194A6FE4801EE868BABF9, 9254819914701C1701540E51EF0279F74C54CEE7F26F68765F203645DE4E027A ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:09:15.0200 0x1c54  DcomLaunch - detected UnsignedFile.Multi.Generic ( 1 )
20:09:25.0288 0x1c54  Object is SCO, delete is not allowed
20:09:25.0288 0x1c54  DcomLaunch ( UnsignedFile.Multi.Generic ) - warning
20:09:45.0459 0x1c54  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
20:09:45.0549 0x1c54  defragsvc - ok
20:09:45.0611 0x1c54  [ 9C253CE7311CA60FC11C774692A13208, 23507138576DB75AA8B7415140F7B5D8A90CB2661796223870461C721A36AEBF ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:09:45.0637 0x1c54  DfsC - ok
20:09:45.0701 0x1c54  dgderdrv - ok
20:09:45.0747 0x1c54  [ 955FFE2B1D74A9E0E3E0E558E6A17F3B, C046C2EF86ED847954931E714A82A0F65ECB6B64068F4EB6F69C2A26CD5B848B ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
20:09:45.0836 0x1c54  dg_ssudbus - ok
20:09:45.0878 0x1c54  [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:09:45.0942 0x1c54  Dhcp - ok
20:09:45.0965 0x1c54  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
20:09:46.0002 0x1c54  discache - ok
20:09:46.0040 0x1c54  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:09:46.0055 0x1c54  Disk - ok
20:09:46.0084 0x1c54  [ 85CF424C74A1D5EC33533E1DBFF9920A, 882D5FA0D5EC053D76A0C46A6047A621D607651693CF94E5506219EECCC8D079 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:09:46.0174 0x1c54  Dnscache - ok
20:09:46.0200 0x1c54  [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:09:46.0283 0x1c54  dot3svc - ok
20:09:46.0339 0x1c54  [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS             C:\Windows\system32\dps.dll
20:09:46.0383 0x1c54  DPS - ok
20:09:46.0405 0x1c54  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:09:46.0422 0x1c54  drmkaud - ok
20:09:46.0467 0x1c54  [ 46571ED73AE84469DCA53081D33CF3C8, 8BB386BB4F6AD39F06A8607CD1DF3D67CFA45BBE52E40EDB90EB8C862283EBFF ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:09:46.0481 0x1c54  dtsoftbus01 - ok
20:09:46.0587 0x1c54  [ EBCE0B0924835F635F620D19F0529DCE, 15BF803765373264390879FCA86C6D89C92DAFD0B1A36DEFA78EF01EBA2F9C26 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:09:46.0630 0x1c54  DXGKrnl - ok
20:09:46.0727 0x1c54  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
20:09:46.0811 0x1c54  EapHost - ok
20:09:49.0629 0x1c54  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:09:49.0937 0x1c54  ebdrv - ok
20:09:50.0023 0x1c54  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] EFS             C:\Windows\System32\lsass.exe
20:09:50.0139 0x1c54  EFS - ok
20:09:50.0569 0x1c54  [ 47C071994C3F649F23D9CD075AC9304A, B7AA2DD6AD14F18A19620F5FB79D50C630D3750E72DD67BF8D105CC4F5CE1D46 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:09:50.0863 0x1c54  ehRecvr - ok
20:09:50.0973 0x1c54  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
20:09:51.0232 0x1c54  ehSched - ok
20:09:51.0289 0x1c54  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:09:51.0320 0x1c54  elxstor - ok
20:09:51.0341 0x1c54  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
20:09:51.0392 0x1c54  ErrDev - ok
20:09:51.0484 0x1c54  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
20:09:51.0585 0x1c54  EventSystem - ok
20:09:51.0709 0x1c54  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:09:51.0802 0x1c54  exfat - ok
20:09:51.0891 0x1c54  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:09:52.0004 0x1c54  fastfat - ok
20:09:52.0257 0x1c54  [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax             C:\Windows\system32\fxssvc.exe
20:09:52.0434 0x1c54  Fax - ok
20:09:52.0597 0x1c54  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:09:52.0844 0x1c54  fdc - ok
20:09:52.0897 0x1c54  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
20:09:52.0979 0x1c54  fdPHost - ok
20:09:53.0078 0x1c54  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:09:53.0128 0x1c54  FDResPub - ok
20:09:53.0179 0x1c54  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:09:53.0190 0x1c54  FileInfo - ok
20:09:53.0297 0x1c54  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:09:53.0427 0x1c54  Filetrace - ok
20:09:53.0620 0x1c54  [ ECC329F6104EE208C24C4A8C1B4A9D14, E120DAAB58C4083577A8445230DBB841984818188BFD0609576BC704C836DF3F ] FlexNet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
20:09:53.0681 0x1c54  FlexNet Licensing Service 64 - ok
20:09:53.0729 0x1c54  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:09:53.0753 0x1c54  flpydisk - ok
20:09:53.0781 0x1c54  [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:09:53.0805 0x1c54  FltMgr - ok
20:09:54.0267 0x1c54  [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A, 6587B22ED91F98D3E3614967F62D7A58F42C12F45F8E1D47835D195CD350BC54 ] FontCache       C:\Windows\system32\FntCache.dll
20:09:54.0406 0x1c54  FontCache - ok
20:09:54.0615 0x1c54  [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:09:54.0625 0x1c54  FontCache3.0.0.0 - ok
20:09:54.0641 0x1c54  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:09:54.0658 0x1c54  FsDepends - ok
20:09:55.0534 0x1c54  [ D3E3F93D67821A2DB2B3D9FAC2DC2064, 727FAA7E15A20ED3A37668D294ABDE6EAF1C87C34EE283C99EE3303E85001404 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:09:55.0544 0x1c54  Fs_Rec - ok
20:09:55.0598 0x1c54  [ 1F44F8559E61A8306ECC67BB1E168B7C, 5B7CDD4EDF128B48817145357BB36E2107F0D081C26004B44BFF7C63AD29D99B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:09:55.0617 0x1c54  fvevol - ok
20:09:55.0655 0x1c54  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:09:55.0666 0x1c54  gagp30kx - ok
20:09:55.0900 0x1c54  [ D154305DE6090E6E84E525F84BB08A06, 7B235178C3F26043AB7DB9EAD9A2185CEAF3C07BC48D63CA0EB6D56BCFEDF41A ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
20:09:55.0922 0x1c54  GameConsoleService - ok
20:09:55.0968 0x1c54  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:09:55.0981 0x1c54  GEARAspiWDM - ok
20:09:56.0359 0x1c54  [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:09:56.0454 0x1c54  gpsvc - ok
20:09:56.0730 0x1c54  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:09:56.0754 0x1c54  gupdate - ok
20:09:56.0787 0x1c54  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:09:56.0799 0x1c54  gupdatem - ok
20:09:56.0907 0x1c54  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
20:09:56.0919 0x1c54  hamachi - ok
20:09:57.0779 0x1c54  [ E24E88736B13BC54CA93E7F86A0F4FCF, 0BD480373AE40C1155E4B4C1D5607C7DF9CD4C5D9C5034F7A35993180BDF2665 ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
20:09:57.0908 0x1c54  Hamachi2Svc - ok
20:09:57.0976 0x1c54  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:09:58.0112 0x1c54  hcw85cir - ok
20:09:58.0151 0x1c54  [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:09:58.0218 0x1c54  HdAudAddService - ok
20:09:58.0269 0x1c54  [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:09:58.0328 0x1c54  HDAudBus - ok
20:09:58.0385 0x1c54  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
20:09:58.0397 0x1c54  HECIx64 - ok
20:09:58.0426 0x1c54  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:09:58.0484 0x1c54  HidBatt - ok
20:09:58.0523 0x1c54  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:09:58.0583 0x1c54  HidBth - ok
20:09:58.0672 0x1c54  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:09:58.0746 0x1c54  HidIr - ok
20:09:58.0836 0x1c54  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
20:09:58.0954 0x1c54  hidserv - ok
20:09:58.0997 0x1c54  [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:09:59.0014 0x1c54  HidUsb - ok
20:09:59.0066 0x1c54  [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:09:59.0121 0x1c54  hkmsvc - ok
20:09:59.0278 0x1c54  [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:09:59.0311 0x1c54  HomeGroupListener - ok
20:09:59.0435 0x1c54  [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:09:59.0520 0x1c54  HomeGroupProvider - ok
20:09:59.0706 0x1c54  [ 3DC11A802353401332D49C3CBFBBE5FC, E812E8A4ED64FEC346BE6B175CE651CFC553A23F31B0ABC5D50E6995A7F130DF ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
20:09:59.0721 0x1c54  HPClientSvc - ok
20:10:00.0414 0x1c54  [ 9B7EDD3FE7C211C36E921D34D18A3A0A, 03A450F85A042F9668D1560FA2B8B89783568C87CDB1A8685CDA2AC9FE3761C3 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
20:10:00.0449 0x1c54  hpqwmiex - ok
20:10:00.0515 0x1c54  [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
20:10:00.0537 0x1c54  HpSAMD - ok
20:10:01.0081 0x1c54  [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
20:10:01.0298 0x1c54  HPSLPSVC - detected UnsignedFile.Multi.Generic ( 1 )
20:10:03.0970 0x1c54  Detect skipped due to KSN trusted
20:10:03.0970 0x1c54  HPSLPSVC - ok
20:10:04.0283 0x1c54  [ 226A0F01AB0FA8196CD1FED1B869A274, 93DD87CC685F3E07867838D011964CBA3A2DB1168620E441705E685933D3EBEC ] hshld           C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
20:10:04.0313 0x1c54  hshld - ok
20:10:04.0394 0x1c54  [ BB27565DA23F7A60841FDE267B35F72B, 7E5D65283163EAE9C282AB82F57F0E138C2C160B919C29B70C1701C4AAFD4D48 ] HssDRV6         C:\Windows\system32\DRIVERS\hssdrv6.sys
20:10:04.0404 0x1c54  HssDRV6 - ok
20:10:04.0462 0x1c54  [ 77EB66E9CCEE08C96652043DBEC10478, DA5B60731E5D0E7D381F828821F32F062FB42F8270646FBE002CE733B302DE07 ] HssTrayService  C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
20:10:04.0471 0x1c54  HssTrayService - ok
20:10:04.0514 0x1c54  [ 7B98291834A10A2185D84148A5DC0863, 6F0E4D253496574E328D73CA0EF97747E9AE2376429B82591BCC500A0A6C223C ] HssWd           C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
20:10:04.0541 0x1c54  HssWd - ok
20:10:04.0627 0x1c54  [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:10:04.0693 0x1c54  HTTP - ok
20:10:04.0812 0x1c54  [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:10:04.0824 0x1c54  hwpolicy - ok
20:10:04.0862 0x1c54  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:10:04.0882 0x1c54  i8042prt - ok
20:10:04.0976 0x1c54  [ ABBF174CB394F5C437410A788B7E404A, 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
20:10:05.0012 0x1c54  iaStor - ok
20:10:05.0337 0x1c54  [ AE0C5DF7E7DA3E7AC29B64CFA8C4F044, 0486DDD6EC60A9695BC8D030158503E02BB0561EEA4B9F4A7FB19F89B3622C90 ] iaStorA         C:\Windows\system32\DRIVERS\iaStorA.sys
20:10:05.0376 0x1c54  iaStorA - ok
20:10:05.0577 0x1c54  [ 777788D9B63CCEEEF2DB353BA4EDD454, 36A3099C252F1F18D09A8B03A4F103E5E8AF09C80AB4F08133CCD4D3BB71EE25 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
20:10:05.0588 0x1c54  IAStorDataMgrSvc - ok
20:10:05.0603 0x1c54  [ 711241EA1BA9DB44F34D03D2AD00ED08, D23AA8D0495F2783E0395F0E1266A9781BED3FD0504712F9B9D30B88411514B5 ] iaStorF         C:\Windows\system32\DRIVERS\iaStorF.sys
20:10:05.0615 0x1c54  iaStorF - ok
20:10:05.0908 0x1c54  [ B75E45C564E944A2657167D197AB29DA, 622EA73F4D9CAE17628C18148FB241817A0AE6D80A74B099204ED27C1A750B24 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:10:05.0931 0x1c54  iaStorV - ok
20:10:06.0223 0x1c54  [ 829EA5ECCAA623279D94EAEE3B5AD140, 2D40536146203079BDD31B0A86E442CE896DAF08F8AC7ACF77E38BC85BB179A4 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
20:10:06.0356 0x1c54  IconMan_R - ok
20:10:06.0568 0x1c54  [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:10:06.0610 0x1c54  idsvc - ok
20:10:07.0338 0x1c54  [ 2A22AB054F4630D2EF4BAB2853F6D5F6, 9CD7A5FFB7E25B51E9D311531EE5EC20CEAC356C7A27D52B61DA810DB412437B ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
20:10:08.0014 0x1c54  igfx - ok
20:10:08.0065 0x1c54  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:10:08.0594 0x1c54  iirsp - ok
20:10:09.0161 0x1c54  [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT          C:\Windows\System32\ikeext.dll
20:10:09.0461 0x1c54  IKEEXT - ok
20:10:09.0603 0x1c54  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
20:10:09.0714 0x1c54  Impcd - ok
20:10:10.0108 0x1c54  [ 5C0BBE779BA3D6F84EB5AE3CB8793E11, EA729B622F30E847E2700787E6747A33769B405DD08D36175AACF42BE7A8600F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:10:10.0277 0x1c54  IntcAzAudAddService - ok
20:10:10.0323 0x1c54  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
20:10:10.0337 0x1c54  intelide - ok
20:10:10.0555 0x1c54  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:10:10.0811 0x1c54  intelppm - ok
20:10:10.0869 0x1c54  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:10:11.0047 0x1c54  IPBusEnum - ok
20:10:11.0128 0x1c54  [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:10:11.0240 0x1c54  IpFilterDriver - ok
20:10:11.0464 0x1c54  [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:10:11.0581 0x1c54  iphlpsvc - ok
20:10:11.0649 0x1c54  [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:10:11.0676 0x1c54  IPMIDRV - ok
20:10:11.0689 0x1c54  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:10:11.0784 0x1c54  IPNAT - ok
20:10:11.0961 0x1c54  [ 33B286326BD2B1A7748C43391058FB19, C6240C9ED5B7C227595E953E3D1AB5F2D45CCD86FDBDF985836A970B4B6467FE ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:10:12.0003 0x1c54  iPod Service - ok
20:10:12.0081 0x1c54  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:10:12.0105 0x1c54  IRENUM - ok
20:10:12.0147 0x1c54  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
20:10:12.0162 0x1c54  isapnp - ok
20:10:12.0238 0x1c54  [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
20:10:12.0257 0x1c54  iScsiPrt - ok
20:10:12.0295 0x1c54  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:10:12.0309 0x1c54  kbdclass - ok
20:10:12.0323 0x1c54  [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:10:12.0348 0x1c54  kbdhid - ok
20:10:12.0373 0x1c54  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] KeyIso          C:\Windows\system32\lsass.exe
20:10:12.0398 0x1c54  KeyIso - ok
20:10:12.0494 0x1c54  [ E3CF421210EBDDACB4590AE67A0226DC, 1798363C1AC60701919F6E73180CC5F5AC96A9356FDC2DA2D384CE4F829A4FDC ] KeyScrambler    C:\Windows\system32\drivers\keyscrambler.sys
20:10:12.0513 0x1c54  KeyScrambler - ok
20:10:12.0606 0x1c54  [ 4F4B5FDE429416877DE7143044582EB5, A28FFEA078DBD91F3CC28088810EEEB727107B3F0F48370B44D87DC8F8C55B99 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:10:12.0619 0x1c54  KSecDD - ok
20:10:12.0730 0x1c54  [ 6F40465A44ECDC1731BEFAFEC5BDD03C, 317334D414D0AF73CB4D9CA11EA80C641E786760B8800F2795D0CB38378DBB80 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:10:12.0744 0x1c54  KSecPkg - ok
20:10:12.0784 0x1c54  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:10:12.0875 0x1c54  ksthunk - ok
20:10:13.0070 0x1c54  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:10:13.0246 0x1c54  KtmRm - ok
20:10:13.0508 0x1c54  [ 81F1D04D4D0E433099365127375FD501, C2A81B5A482C974E8108806486EC28CB2D81400D42639682FE7B7A9BDF14BA9B ] LanmanServer    C:\Windows\System32\srvsvc.dll
20:10:13.0992 0x1c54  LanmanServer - ok
20:10:14.0251 0x1c54  [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:10:14.0537 0x1c54  LanmanWorkstation - ok
20:10:14.0972 0x1c54  [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
20:10:14.0996 0x1c54  LGBusEnum - ok
20:10:15.0363 0x1c54  [ F7205E939F50B1C8D16F895916BE6756, 914326BAF54691AE880F6A3817B277F027F32AD7EF507A83F9A60DCA02901EDA ] LGSHidFilt      C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
20:10:15.0513 0x1c54  LGSHidFilt - ok
20:10:15.0904 0x1c54  [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
20:10:15.0947 0x1c54  LGVirHid - ok
20:10:17.0066 0x1c54  [ FA4A45C179AB0E0F1A31B9751D4B18D7, 4356777C2608A65185C9CB8243F071EC9E11BCD152E0C0ACDE25B6BCFD75A7F4 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:10:17.0145 0x1c54  LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
20:10:19.0813 0x1c54  Detect skipped due to KSN trusted
20:10:19.0814 0x1c54  LightScribeService - ok
20:10:19.0942 0x1c54  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:10:20.0032 0x1c54  lltdio - ok
20:10:20.0121 0x1c54  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:10:20.0234 0x1c54  lltdsvc - ok
20:10:20.0339 0x1c54  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:10:20.0407 0x1c54  lmhosts - ok
20:10:20.0528 0x1c54  [ 02468469C450CD16FB66A56FAB70138B, 9C3788B3DB2DBF9DE192447EADB6F1A17B69FC4813284B86E589784A53154FAA ] LMIGuardianSvc  C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
20:10:20.0563 0x1c54  LMIGuardianSvc - ok
20:10:20.0896 0x1c54  [ 0F28935ECF1FBDEC22BAF720A5A94564, A4E8E13FD7FE1882243AD7139D5E0925F09069616920382F952D79586A4936E7 ] LMIInfo         C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
20:10:20.0910 0x1c54  LMIInfo - ok
20:10:21.0282 0x1c54  [ 777C479BBB31FD1F8ED80BAA75F4AEC1, E0711F4705BA593BA357F3403F7239102DC1B55CDCB09CEEA43F21AA69957469 ] LMIMaint        C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
20:10:21.0296 0x1c54  LMIMaint - ok
20:10:21.0330 0x1c54  [ 413ECDCFAD9A82804D3674C8D7EEC24E, C8A65ED0B079D16D1A4449E840B4A9475388FBE61B5A84DFEFC35F4FB3B9A9B1 ] lmimirr         C:\Windows\system32\DRIVERS\lmimirr.sys
20:10:21.0341 0x1c54  lmimirr - ok
20:10:21.0447 0x1c54  LMIRfsClientNP - ok
20:10:21.0520 0x1c54  [ C57D3FAA50E6F395759FFB7C709BD944, 7B0B86F0E710934D57801E1F7BB048AD878F871147B2A16BBF81219A4022B499 ] LMIRfsDriver    C:\Windows\system32\drivers\LMIRfsDriver.sys
20:10:21.0534 0x1c54  LMIRfsDriver - ok
20:10:21.0576 0x1c54  [ E38775922D4A4C05B5D96733AB4CE169, 92888BF351C4249C81189CA7F25419077017DD2F1F88FD91D1F4A51CEBF98A62 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:10:21.0596 0x1c54  LMS - ok
20:10:21.0672 0x1c54  [ D3760BC17E1755091B7120CF32DBF56B, 2B31CA0CD838BEE0103054520E2FBEA2436A07D99E711B14543B85F3A511478F ] LogMeIn         C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
20:10:21.0692 0x1c54  LogMeIn - ok
20:10:22.0043 0x1c54  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:10:22.0061 0x1c54  LSI_FC - ok
20:10:22.0099 0x1c54  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:10:22.0479 0x1c54  LSI_SAS - ok
20:10:23.0026 0x1c54  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:10:23.0117 0x1c54  LSI_SAS2 - ok
20:10:23.0506 0x1c54  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:10:23.0785 0x1c54  LSI_SCSI - ok
20:10:23.0936 0x1c54  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
20:10:24.0100 0x1c54  luafv - ok
20:10:24.0901 0x1c54  [ 0C85B2B6FB74B36A251792D45E0EF860, 2E04204560C1159ABC25F273B0B7F81FDF9BA5E88C17929FD924C4E945DE5020 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
20:10:24.0920 0x1c54  LVRS64 - ok
20:10:25.0670 0x1c54  [ FF3A488924B0032B1A9CA6948C1FA9E8, 6F05852B75498210926F5CDF49D2A6DD97C39CD93D32E3200D7240AADA3E7BEE ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
20:10:25.0891 0x1c54  LVUVC64 - ok
20:10:25.0976 0x1c54  [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
20:10:25.0996 0x1c54  MBAMProtector - ok
20:10:26.0075 0x1c54  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:10:26.0105 0x1c54  MBAMScheduler - ok
20:10:26.0193 0x1c54  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:10:26.0231 0x1c54  MBAMService - ok
20:10:26.0342 0x1c54  [ A004350C9BB9C25B366262A6F53B3A60, 99DA81F03309CAC0F085458DBC4067F7A2C1B6255657F29659D0FF0FD99FA122 ] McNeelUpdate    C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
20:10:26.0357 0x1c54  McNeelUpdate - ok
20:10:26.0434 0x1c54  [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:10:26.0461 0x1c54  Mcx2Svc - ok
20:10:26.0575 0x1c54  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:10:26.0606 0x1c54  megasas - ok
20:10:26.0769 0x1c54  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:10:26.0803 0x1c54  MegaSR - ok
20:10:27.0013 0x1c54  Microsoft SharePoint Workspace Audit Service - ok
20:10:27.0600 0x1c54  [ 9F98EFA7BB6535E456D3B6E83D8F5474, E087984916127C25AC7FEC2A19D7CB385720B27E6DF2A0347C68F7C9EAE08374 ] mitsijm2014     C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe
20:10:27.0656 0x1c54  mitsijm2014 - ok
20:10:27.0714 0x1c54  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
20:10:27.0804 0x1c54  MMCSS - ok
20:10:27.0884 0x1c54  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
20:10:28.0004 0x1c54  Modem - ok
20:10:28.0073 0x1c54  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:10:28.0190 0x1c54  monitor - ok
20:10:28.0256 0x1c54  [ 95314C3A08589471983C2C8173F23CDA, 05D30728D7204ABA2437259ECF929A94E6573F7621BAF35D76EBA26F5489A6CF ] MonitorFunction C:\Windows\system32\DRIVERS\TVMonitor.sys
20:10:28.0280 0x1c54  MonitorFunction - ok
20:10:28.0324 0x1c54  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:10:28.0342 0x1c54  mouclass - ok
20:10:28.0410 0x1c54  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:10:28.0431 0x1c54  mouhid - ok
20:10:28.0473 0x1c54  [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:10:28.0498 0x1c54  mountmgr - ok
20:10:28.0570 0x1c54  [ 5E0686615A80A6279B2314E13CD23F6E, 659931AB2DD395FAA2E5036D02BC6AAE8A7E4C9FF1A902B1FF9C15E878C89E77 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:10:28.0583 0x1c54  MozillaMaintenance - ok
20:10:28.0646 0x1c54  [ C6B88D62F20AC646C6BD5C032EC2FAF9, 111A07939F3C5A46F0C51B9D6F5C1D8478099E32EFD88BC260467109ADD975F8 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
20:10:28.0668 0x1c54  MpFilter - ok
20:10:28.0693 0x1c54  [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
20:10:28.0714 0x1c54  mpio - ok
20:10:28.0740 0x1c54  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:10:28.0799 0x1c54  mpsdrv - ok
20:10:29.0837 0x1c54  [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:10:30.0014 0x1c54  MpsSvc - ok
20:10:30.0175 0x1c54  [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:10:30.0270 0x1c54  MRxDAV - ok
20:10:30.0719 0x1c54  [ 040D62A9D8AD28922632137ACDD984F2, D9457BDA88C2E3AA4E716C0657B77A4A3E212328CDABD5C18279B6440E1C1594 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:10:30.0950 0x1c54  mrxsmb - ok
20:10:31.0065 0x1c54  [ F0067552F8F9B33D7C59403AB808A3CB, 698B63528E1943BB4253BF7578DC128AA824C71BD04FF0521277E68B20656C02 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:10:31.0225 0x1c54  mrxsmb10 - ok
20:10:31.0308 0x1c54  [ 3C142D31DE9F2F193218A53FE2632051, 026B3A932A95D5160B64E470FC414F3D388D429317D5EAEA2D476F715C4CAE75 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:10:31.0358 0x1c54  mrxsmb20 - ok
20:10:31.0432 0x1c54  [ 2BA4FF3D5EB68587DD662A896F649C7D, E7262683BC370A279C33D0B83F7CE445E51584F0CF3DDA5FBB1C808265CDDB30 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
20:10:31.0449 0x1c54  msahci - ok
20:10:31.0592 0x1c54  [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
20:10:31.0610 0x1c54  msdsm - ok
20:10:31.0728 0x1c54  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
20:10:31.0751 0x1c54  MSDTC - ok
20:10:31.0788 0x1c54  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:10:31.0840 0x1c54  Msfs - ok
20:10:31.0910 0x1c54  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:10:31.0958 0x1c54  mshidkmdf - ok
20:10:32.0047 0x1c54  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
20:10:32.0059 0x1c54  msisadrv - ok
20:10:32.0139 0x1c54  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:10:32.0236 0x1c54  MSiSCSI - ok
20:10:32.0243 0x1c54  msiserver - ok
20:10:32.0312 0x1c54  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:10:32.0412 0x1c54  MSKSSRV - ok
20:10:32.0545 0x1c54  [ 7675E15D1B2180745E4DA4D26AAD7385, 729AA6C610F67028CFFFF64B772FFA1CAE7581D37F8909BDA423D52AF85C92C8 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:10:32.0561 0x1c54  MsMpSvc - ok
20:10:32.0611 0x1c54  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:10:32.0676 0x1c54  MSPCLOCK - ok
20:10:32.0703 0x1c54  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:10:32.0831 0x1c54  MSPQM - ok
20:10:32.0867 0x1c54  [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:10:32.0891 0x1c54  MsRPC - ok
20:10:32.0922 0x1c54  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:10:32.0938 0x1c54  mssmbios - ok
20:10:33.0018 0x1c54  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:10:33.0126 0x1c54  MSTEE - ok
20:10:33.0376 0x1c54  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:10:33.0477 0x1c54  MTConfig - ok
20:10:33.0592 0x1c54  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
20:10:33.0619 0x1c54  Mup - ok
20:10:33.0868 0x1c54  [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent        C:\Windows\system32\qagentRT.dll
20:10:33.0990 0x1c54  napagent - ok
20:10:34.0105 0x1c54  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:10:34.0172 0x1c54  NativeWifiP - ok
20:10:34.0381 0x1c54  [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:10:34.0437 0x1c54  NDIS - ok
20:10:34.0534 0x1c54  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:10:34.0598 0x1c54  NdisCap - ok
20:10:34.0644 0x1c54  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:10:34.0760 0x1c54  NdisTapi - ok
20:10:34.0829 0x1c54  [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:10:34.0911 0x1c54  Ndisuio - ok
20:10:35.0026 0x1c54  [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:10:35.0189 0x1c54  NdisWan - ok
20:10:35.0347 0x1c54  [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:10:35.0439 0x1c54  NDProxy - ok
20:10:35.0656 0x1c54  [ 6F4607E2333FE21E9E3FF8133A88B35B, F7B7B262D85D03552A8D0F3F91E795B31E3D09020DDA1E3D62A4A3209D916BB6 ] Netaapl         C:\Windows\system32\DRIVERS\netaapl64.sys
20:10:35.0680 0x1c54  Netaapl - detected UnsignedFile.Multi.Generic ( 1 )
20:10:45.0682 0x1c54  Netaapl ( UnsignedFile.Multi.Generic ) - warning
20:11:00.0397 0x1c54  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:11:00.0489 0x1c54  NetBIOS - ok
20:11:00.0608 0x1c54  [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:11:00.0668 0x1c54  NetBT - ok
20:11:00.0695 0x1c54  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] Netlogon        C:\Windows\system32\lsass.exe
20:11:00.0712 0x1c54  Netlogon - ok
20:11:00.0918 0x1c54  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
20:11:01.0058 0x1c54  Netman - ok
20:11:01.0204 0x1c54  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:11:01.0251 0x1c54  NetMsmqActivator - ok
20:11:01.0260 0x1c54  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:11:01.0279 0x1c54  NetPipeActivator - ok
20:11:01.0560 0x1c54  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
20:11:01.0681 0x1c54  netprofm - ok
20:11:02.0007 0x1c54  [ 2EED549279D7FBD10B846B5397573967, 4F7EBB6C1AC58D1EFFA7A86AC799137FC88F5CCA3AC27E563B4EE2AF1EAE4ECC ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
20:11:02.0116 0x1c54  netr28x - ok
20:11:02.0195 0x1c54  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:11:02.0215 0x1c54  NetTcpActivator - ok
20:11:02.0311 0x1c54  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:11:02.0325 0x1c54  NetTcpPortSharing - ok
20:11:02.0408 0x1c54  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:11:02.0424 0x1c54  nfrd960 - ok
20:11:02.0465 0x1c54  [ ACE8C64C57E4A711473C8BC10ADF692B, 53D8083CE78DB5527080B4570AC28ABAA262667744A319707AE0C46E46B297F9 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:11:02.0489 0x1c54  NisDrv - ok
20:11:02.0565 0x1c54  [ 6247E8B31ED0A9D6BC5A26276E49BEB3, 230C0C560492C454B9EB14B50EB4A78DC74FAB6B662449A0EA3114B3E671BFF3 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
20:11:02.0604 0x1c54  NisSrv - ok
20:11:02.0815 0x1c54  [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:11:03.0200 0x1c54  NlaSvc - ok
20:11:03.0325 0x1c54  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:11:03.0408 0x1c54  Npfs - ok
20:11:03.0568 0x1c54  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
20:11:03.0651 0x1c54  nsi - ok
20:11:03.0697 0x1c54  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:11:03.0785 0x1c54  nsiproxy - ok
20:11:04.0486 0x1c54  [ 9A6089B056EA1B83B36424FC9D0A300E, EA60282C5A32B497921B568C1FE735F5BDB9D954DDC4E609F7F3CAE5ED823CEC ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:11:04.0557 0x1c54  Ntfs - ok
20:11:04.0601 0x1c54  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
20:11:04.0656 0x1c54  Null - ok
20:11:04.0959 0x1c54  [ 554964B900AE2954B8B589B6287034AC, C6C9EA3ADAFEBBF2AF944E4A0656BD795AD37706008CC0CA3F2150BD709476E7 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
20:11:04.0985 0x1c54  NVHDA - ok
20:11:06.0767 0x1c54  [ F554291C0A11F5B713B54C5886D4AA31, 65B7DF4BB3DFF616DC2C863988E30F901E14221C00E2A99A2079E19D91D93BAE ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:11:07.0291 0x1c54  nvlddmkm - ok
20:11:08.0326 0x1c54  [ 1D3878E5722F0AB3C22D04E88AC4AC55, F36048FA1CDDA5065AD1DEF1F08A241D1859A1BC199B073DCD1C355257A97D7C ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
20:11:08.0460 0x1c54  NvNetworkService - ok
20:11:08.0654 0x1c54  [ A4D9C9A608A97F59307C2F2600EDC6A4, D786F4CA2D10BAC31CE14A338C442F7027D4BB2E955AB99BC44C2F241D383BBE ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:11:08.0882 0x1c54  nvraid - ok
20:11:09.0132 0x1c54  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9, 8D5337742A0F5B04D636C163CE77D4A9B3684CF81170026912A402513B44BA77 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:11:09.0259 0x1c54  nvstor - ok
20:11:11.0892 0x1c54  [ 259A2A5AE440B5EC3F6DEA96AA90F3BF, B7883F6DCEACCBFB13336E8EDD122350D6568684E7E1D162A42D45B487D986DB ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
20:11:12.0718 0x1c54  NvStreamSvc - ok
20:11:12.0864 0x1c54  [ 8E99BF264C1F20934A67E91BC9F4FB20, 89AA8823B751F4CEF4E862F1270E7EFDA81A6E5D9C5F72625CBF83C70B312353 ] nvsvc           C:\Windows\system32\nvvsvc.exe
20:11:13.0013 0x1c54  nvsvc - ok
20:11:13.0091 0x1c54  [ 31B16657118E439B77B0A527F7EA66CB, 8C375D2AFF56125E08587DDDCE6AD31DE6D2DEEDC9AD95ADE95B7499F79A5B56 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
20:11:13.0103 0x1c54  nvvad_WaveExtensible - ok
20:11:13.0131 0x1c54  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
20:11:13.0163 0x1c54  nv_agp - ok
20:11:13.0215 0x1c54  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
20:11:13.0350 0x1c54  ohci1394 - ok
20:11:13.0472 0x1c54  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:11:13.0491 0x1c54  ose - ok
20:11:13.0959 0x1c54  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:11:14.0325 0x1c54  osppsvc - ok
20:11:14.0428 0x1c54  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:11:14.0528 0x1c54  p2pimsvc - ok
20:11:14.0563 0x1c54  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
20:11:14.0616 0x1c54  p2psvc - ok
20:11:14.0732 0x1c54  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:11:14.0774 0x1c54  Parport - ok
20:11:14.0863 0x1c54  [ 90061B1ACFE8CCAA5345750FFE08D8B8, 76309683FFDF380AF9C6E1D9A52E46B011A0BF1026D747181D01F3312B7541C7 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:11:14.0876 0x1c54  partmgr - ok
20:11:14.0897 0x1c54  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:11:14.0965 0x1c54  PcaSvc - ok
20:11:15.0238 0x1c54  [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci             C:\Windows\system32\DRIVERS\pci.sys
20:11:15.0256 0x1c54  pci - ok
20:11:15.0289 0x1c54  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
20:11:15.0308 0x1c54  pciide - ok
20:11:15.0331 0x1c54  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:11:15.0361 0x1c54  pcmcia - ok
20:11:15.0446 0x1c54  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:11:15.0500 0x1c54  pcw - ok
20:11:15.0808 0x1c54  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:11:15.0997 0x1c54  PEAUTH - ok
20:11:17.0456 0x1c54  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:11:17.0519 0x1c54  PerfHost - ok
20:11:17.0776 0x1c54  [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla             C:\Windows\system32\pla.dll
20:11:18.0044 0x1c54  pla - ok
20:11:18.0110 0x1c54  [ 98B1721B8718164293B9701B98C52D77, 27F5F00D4AA394D4D8D0A0062EDC3F944B603E07CAAEDC5CC959BA1E8C208C2A ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:11:18.0168 0x1c54  PlugPlay - ok
20:11:18.0231 0x1c54  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:11:18.0301 0x1c54  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
20:11:21.0314 0x1c54  Detect skipped due to KSN trusted
20:11:21.0314 0x1c54  Pml Driver HPZ12 - ok
20:11:21.0400 0x1c54  PnkBstrA - ok
20:11:21.0430 0x1c54  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:11:21.0527 0x1c54  PNRPAutoReg - ok
20:11:21.0696 0x1c54  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:11:21.0730 0x1c54  PNRPsvc - ok
20:11:21.0971 0x1c54  [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:11:22.0145 0x1c54  PolicyAgent - ok
20:11:22.0245 0x1c54  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
20:11:22.0481 0x1c54  Power - ok
20:11:22.0754 0x1c54  [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:11:22.0874 0x1c54  PptpMiniport - ok
20:11:23.0019 0x1c54  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:11:23.0167 0x1c54  Processor - ok
20:11:23.0234 0x1c54  [ 97293447431311C06703368AD0F6C4BE, 302A3CA8F6961717D95469B20A8A71954D4ECFCDF4638238D3D44AAE5A8D9B8B ] ProfSvc         C:\Windows\system32\profsvc.dll
20:11:23.0341 0x1c54  ProfSvc - ok
20:11:23.0460 0x1c54  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:11:23.0497 0x1c54  ProtectedStorage - ok
20:11:23.0558 0x1c54  [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:11:23.0623 0x1c54  Psched - ok
20:11:24.0190 0x1c54  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:11:24.0269 0x1c54  ql2300 - ok
20:11:24.0342 0x1c54  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:11:24.0367 0x1c54  ql40xx - ok
20:11:24.0407 0x1c54  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
20:11:24.0466 0x1c54  QWAVE - ok
20:11:24.0532 0x1c54  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:11:24.0577 0x1c54  QWAVEdrv - ok
20:11:24.0766 0x1c54  [ 4E033A3D13F2D3611A7DF0A60CE090CB, 545AC55E76A122C7303F074A4733F5363E2C758465E80A0DFBC80E6DA7FBAE35 ] RalinkRegistryWriter C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
20:11:24.0792 0x1c54  RalinkRegistryWriter - detected UnsignedFile.Multi.Generic ( 1 )
20:11:27.0708 0x1c54  Detect skipped due to KSN trusted
20:11:27.0708 0x1c54  RalinkRegistryWriter - ok
20:11:27.0925 0x1c54  [ 1222BD405310F8B39D4EC28691E24F7A, CDE37AB98B924A699A4DB193D92FC17F8A76EFED38558102C1537DC265636292 ] RalinkRegistryWriter64 C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
20:11:27.0974 0x1c54  RalinkRegistryWriter64 - detected UnsignedFile.Multi.Generic ( 1 )
20:11:30.0583 0x1c54  Detect skipped due to KSN trusted
20:11:30.0584 0x1c54  RalinkRegistryWriter64 - ok
20:11:31.0053 0x1c54  [ 2977F7750EA2BECB3E623814D2C18800, A2FAE078FC18481C59D7D3B465D4E53756D85C1C49F6471D3840EEF49814EA19 ] RaMediaServer   C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
20:11:31.0194 0x1c54  RaMediaServer - detected UnsignedFile.Multi.Generic ( 1 )
20:11:34.0018 0x1c54  Detect skipped due to KSN trusted
20:11:34.0019 0x1c54  RaMediaServer - ok
20:11:34.0107 0x1c54  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:11:34.0310 0x1c54  RasAcd - ok
20:11:34.0400 0x1c54  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:11:34.0441 0x1c54  RasAgileVpn - ok
20:11:34.0473 0x1c54  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
20:11:34.0548 0x1c54  RasAuto - ok
20:11:34.0592 0x1c54  [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:11:34.0713 0x1c54  Rasl2tp - ok
20:11:34.0805 0x1c54  [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan          C:\Windows\System32\rasmans.dll
20:11:34.0887 0x1c54  RasMan - ok
20:11:34.0928 0x1c54  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:11:34.0971 0x1c54  RasPppoe - ok
20:11:35.0015 0x1c54  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:11:35.0079 0x1c54  RasSstp - ok
20:11:35.0186 0x1c54  [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:11:35.0237 0x1c54  rdbss - ok
20:11:35.0273 0x1c54  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:11:35.0324 0x1c54  rdpbus - ok
20:11:35.0358 0x1c54  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:11:35.0408 0x1c54  RDPCDD - ok
20:11:35.0439 0x1c54  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:11:35.0523 0x1c54  RDPENCDD - ok
20:11:35.0566 0x1c54  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:11:35.0615 0x1c54  RDPREFMP - ok
20:11:35.0707 0x1c54  [ 447DE7E3DEA39D422C1504F245B668B1, C54D90D2F9405E011E490D3C2F0F64488B87B969C95E367C076BBFCFD8654909 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:11:35.0893 0x1c54  RDPWD - ok
20:11:35.0926 0x1c54  [ 634B9A2181D98F15941236886164EC8B, 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:11:35.0942 0x1c54  rdyboost - ok
20:11:36.0022 0x1c54  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:11:36.0068 0x1c54  RemoteAccess - ok
20:11:36.0137 0x1c54  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:11:36.0242 0x1c54  RemoteRegistry - ok
20:11:36.0460 0x1c54  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:11:36.0504 0x1c54  RpcEptMapper - ok
20:11:36.0582 0x1c54  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
20:11:36.0637 0x1c54  RpcLocator - ok
20:11:36.0924 0x1c54  [ 1F911C2BBAD194A6FE4801EE868BABF9, 9254819914701C1701540E51EF0279F74C54CEE7F26F68765F203645DE4E027A ] RpcSs           C:\Windows\System32\rpcss.dll
20:11:36.0948 0x1c54  RpcSs - detected UnsignedFile.Multi.Generic ( 1 )
20:11:39.0790 0x1c54  Object is SCO, delete is not allowed
20:11:39.0790 0x1c54  RpcSs ( UnsignedFile.Multi.Generic ) - warning
20:11:42.0527 0x1c54  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:11:42.0702 0x1c54  rspndr - ok
20:11:42.0800 0x1c54  [ FC009873CBC12CC6D7045D803D8E8CD3, 00452A8180D96C5C3AAB833F27B6FEAD619AA54E38F8DED2706DE60F6366B662 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
20:11:43.0078 0x1c54  RSUSBSTOR - ok
20:11:43.0780 0x1c54  [ B358C047E081AC70035017BD1D7ED818, D52455156F2913C5A88B18EC76C4C10B3589FE95F9735DD687A0307FA00FF500 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
20:11:43.0821 0x1c54  RTL8167 - ok
20:11:43.0922 0x1c54  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] SamSs           C:\Windows\system32\lsass.exe
20:11:44.0030 0x1c54  SamSs - ok
20:11:44.0324 0x1c54  [ F444EBA4C58AD1D6D1DA9850C2B5D829, 4ED1F4BC7F19396F3E3FC0C70CDDA68924DBEDD11820AEBE93C2AC3DB5CB78B2 ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
20:11:44.0382 0x1c54  SbieDrv - ok
20:11:44.0491 0x1c54  [ 9E92ABAE6F6A63C4307FE7CC4AC95831, 9756CB07778504EF7D8D42F70F08BA41B59486F0F5182977E53C197924091267 ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
20:11:44.0533 0x1c54  SbieSvc - ok
20:11:45.0064 0x1c54  [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
20:11:45.0087 0x1c54  sbp2port - ok
20:11:45.0234 0x1c54  [ 794D4B48DFB6E999537C7C3947863463, 93DA8AA20D6B02A3360E7F56150F126E75266E9372E6409D42B89DA588EF49C3 ] SBSDWSCService  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
20:11:45.0294 0x1c54  SBSDWSCService - ok
20:11:45.0492 0x1c54  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:11:45.0560 0x1c54  SCardSvr - ok
20:11:45.0670 0x1c54  [ B2F50286DC82B93C013E3FC57BA1A956, DCE74B47A493FA0F17B2DF970A852038793CD8A61AA2D2000C249273C2EC554A ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
20:11:45.0697 0x1c54  SCDEmu - ok
20:11:45.0757 0x1c54  [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:11:45.0852 0x1c54  scfilter - ok
20:11:46.0354 0x1c54  [ 624D0F5FF99428BB90A5B8A4123E918E, 90A43E6F09B56CB86A3E3851F8E5ABB74905AEB70296F4B87BEDBC3027E65E86 ] Schedule        C:\Windows\system32\schedsvc.dll
20:11:46.0424 0x1c54  Schedule - ok
20:11:46.0458 0x1c54  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:11:46.0501 0x1c54  SCPolicySvc - ok
20:11:46.0548 0x1c54  [ 8B56BDCE6A303DDE63D63440D1CF9AD1, 66A4356C29D00A1B8A95975C073AE4E6D2A90CBF3B143FE9B83B96BEC0805D46 ] ScreamBAudioSvc C:\Windows\system32\drivers\ScreamingBAudio64.sys
20:11:46.0556 0x1c54  ScreamBAudioSvc - ok
20:11:46.0590 0x1c54  [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:11:46.0768 0x1c54  SDRSVC - ok
20:11:46.0801 0x1c54  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:11:46.0848 0x1c54  secdrv - ok
20:11:46.0950 0x1c54  [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon        C:\Windows\system32\seclogon.dll
20:11:47.0055 0x1c54  seclogon - ok
20:11:47.0101 0x1c54  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
20:11:47.0148 0x1c54  SENS - ok
20:11:47.0179 0x1c54  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:11:47.0212 0x1c54  SensrSvc - ok
20:11:47.0243 0x1c54  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:11:47.0292 0x1c54  Serenum - ok
20:11:47.0336 0x1c54  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:11:47.0366 0x1c54  Serial - ok
20:11:47.0465 0x1c54  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:11:47.0535 0x1c54  sermouse - ok
20:11:47.0610 0x1c54  [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE0 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:11:47.0658 0x1c54  SessionEnv - ok
20:11:47.0741 0x1c54  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
20:11:47.0820 0x1c54  sffdisk - ok
20:11:47.0842 0x1c54  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:11:47.0855 0x1c54  sffp_mmc - ok
20:11:47.0875 0x1c54  [ 178298F767FE638C9FEDCBDEF58BB5E4, 053D12CFEE5C54EA7D06F9C9CAE93544FE258A4825CDE2A14090BC81A96E1CF7 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
20:11:47.0885 0x1c54  sffp_sd - ok
20:11:47.0904 0x1c54  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:11:47.0927 0x1c54  sfloppy - ok
20:11:47.0972 0x1c54  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:11:48.0033 0x1c54  SharedAccess - ok
20:11:48.0199 0x1c54  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:11:48.0266 0x1c54  ShellHWDetection - ok
20:11:48.0316 0x1c54  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:11:48.0328 0x1c54  SiSRaid2 - ok
20:11:48.0343 0x1c54  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:11:48.0360 0x1c54  SiSRaid4 - ok
20:11:48.0458 0x1c54  [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:11:48.0516 0x1c54  SkypeUpdate - ok
20:11:48.0659 0x1c54  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:11:48.0782 0x1c54  Smb - ok
20:11:48.0904 0x1c54  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:11:48.0977 0x1c54  SNMPTRAP - ok
20:11:49.0119 0x1c54  [ 88A4C3A2144E992A78C92545A47CBB2C, 83F13C436AAEF6122B47742187966E3851FB818D61D6EE4832132B058B6A0E4F ] SplashtopRemoteService C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe
20:11:49.0158 0x1c54  SplashtopRemoteService - ok
20:11:49.0190 0x1c54  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:11:49.0201 0x1c54  spldr - ok
20:11:49.0339 0x1c54  [ 567977DC43CC13C4C35ED7084C0B84D5, 93EEC3ABA66DA83157F49F056EF1CB3355122204F2BB0F8B618064AF47D59A61 ] Spooler         C:\Windows\System32\spoolsv.exe
20:11:49.0425 0x1c54  Spooler - ok
20:11:49.0592 0x1c54  [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc          C:\Windows\system32\sppsvc.exe
20:11:49.0860 0x1c54  sppsvc - ok
20:11:49.0906 0x1c54  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:11:49.0963 0x1c54  sppuinotify - ok
20:11:50.0067 0x1c54  [ 83BE26217FD07B3613D151D24AAA9BEB, 6F37A7EACB9F0B4BBA32573D8AF7817B44D5AFEEBB1CFD38FD0B4B683080BF00 ] SRS_SSCFilter   C:\Windows\system32\drivers\srs_sscfilter_amd64.sys
20:11:50.0084 0x1c54  SRS_SSCFilter - ok
20:11:50.0284 0x1c54  [ 2408C0366D96BCDF63E8F1C78E4A29C5, 66F646890695B5D80536E88B1566C8765D89CFE25954ED650F6D773EFF045016 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:11:50.0333 0x1c54  srv - ok
20:11:50.0375 0x1c54  [ 76548F7B818881B47D8D1AE1BE9C11F8, 8F1356B07A6A55746FC71B6DB0322128941AE890850196F2B19BC01E6FC9B41C ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:11:50.0447 0x1c54  srv2 - ok
20:11:50.0497 0x1c54  [ 0AF6E19D39C70844C5CAA8FB0183C36E, 4494EEFDEA7198888D32E74727E5BC0AC628FFA70B1FE7EB59DBEEDC1A95D0DD ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:11:50.0554 0x1c54  srvnet - ok
20:11:50.0638 0x1c54  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:11:50.0693 0x1c54  SSDPSRV - ok
20:11:50.0723 0x1c54  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:11:50.0779 0x1c54  SstpSvc - ok
20:11:51.0013 0x1c54  [ BB94A5E2CEE5FD83BA5A72A37AECADDF, 2A94AFAF671F11CD496A41687C48B3FF2870B6CA12184E2E29FDCA73544C2B2A ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
20:11:51.0027 0x1c54  ssudmdm - ok
20:11:51.0790 0x1c54  [ 2AC95C47E4A05A8188D506A80FD05EE5, EC6ECA96D936F8F63759DA5821B7403D6735F024EAE94EC55ADB3B0AA7752B49 ] SSUService      C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
20:11:51.0839 0x1c54  SSUService - ok
20:11:52.0411 0x1c54  [ A87A39F9B42D82F5D60D36BB1D3CC9D3, F609CC721B898B5053FE34B24C94970453BD57441F9A2C93D4F77CB297D56169 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
20:11:52.0608 0x1c54  Steam Client Service - ok
20:11:53.0422 0x1c54  [ 49D9C17FDDFAC66F27FA735E94923216, 18C8FE5B794927989CDD3BB7A5500C73CCC23559470EEB37D42FD9AD04098C0D ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:11:53.0457 0x1c54  Stereo Service - ok
20:11:53.0548 0x1c54  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:11:53.0564 0x1c54  stexstor - ok
20:11:53.0654 0x1c54  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
20:11:53.0708 0x1c54  StillCam - ok
20:11:53.0927 0x1c54  [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc          C:\Windows\System32\wiaservc.dll
20:11:54.0034 0x1c54  stisvc - ok
20:11:54.0079 0x1c54  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:11:54.0088 0x1c54  swenum - ok
20:11:54.0295 0x1c54  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:11:54.0356 0x1c54  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
20:12:04.0358 0x1c54  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
20:12:21.0734 0x1c54  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
20:12:21.0866 0x1c54  swprv - ok
20:12:21.0999 0x1c54  [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain         C:\Windows\system32\sysmain.dll
20:12:22.0244 0x1c54  SysMain - ok
20:12:22.0311 0x1c54  [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:12:22.0442 0x1c54  TabletInputService - ok
20:12:23.0477 0x1c54  [ 4EF44915E522F3ECD1A3FF540AA64126, 3B7ABB4B263F5DC7E12BEBD0512A13877236E0C020B7FE618EE84FAB3E3BF991 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
20:12:23.0795 0x1c54  tap0901 - ok
20:12:24.0002 0x1c54  [ B08740047145B9BCE15BF75CA0F9718A, 3E2A8A5A2A4DC4D0F05E22EA2C0EBD85AA5C7C6854E873D53538D1F54B8F7C63 ] tap0901t        C:\Windows\system32\DRIVERS\tap0901t.sys
20:12:24.0021 0x1c54  tap0901t - detected UnsignedFile.Multi.Generic ( 1 )
20:12:29.0696 0x1c54  Detect skipped due to KSN trusted
20:12:29.0696 0x1c54  tap0901t - ok
20:12:29.0768 0x1c54  [ F33FDC72298DF4BF9813A55D21F4EB31, 34AADF5115CA1B275FEF4238B420FE424F0E1D0FFD1606B24A0D594D7305CF1F ] taphss          C:\Windows\system32\DRIVERS\taphss.sys
20:12:29.0826 0x1c54  taphss - ok
20:12:29.0875 0x1c54  [ 3A7CABF7DE8F1325BE8F46685469AEC3, 03B2FDEA5E10B9584EFC4ED22D6C2529322FBEF0DFEC60FE12FCE5C4A2E42F9C ] taphss6         C:\Windows\system32\DRIVERS\taphss6.sys
20:12:29.0892 0x1c54  taphss6 - ok
20:12:30.0008 0x1c54  [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:12:30.0116 0x1c54  TapiSrv - ok
20:12:30.0274 0x1c54  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
20:12:30.0361 0x1c54  TBS - ok
20:12:30.0493 0x1c54  [ 5CFB7AB8F9524D1A1E14369DE63B83CC, BC22FC5714A6A8F8CF95D3D9656332D7B315FF7CFA50C0DEB7437A30651D10C7 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:12:30.0621 0x1c54  Tcpip - ok
20:12:30.0934 0x1c54  [ 5CFB7AB8F9524D1A1E14369DE63B83CC, BC22FC5714A6A8F8CF95D3D9656332D7B315FF7CFA50C0DEB7437A30651D10C7 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:12:31.0015 0x1c54  TCPIP6 - ok
20:12:31.0076 0x1c54  [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:12:31.0138 0x1c54  tcpipreg - ok
20:12:31.0171 0x1c54  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:12:31.0271 0x1c54  TDPIPE - ok
20:12:31.0291 0x1c54  [ 7518F7BCFD4B308ABC9192BACAF6C970, CF08E547EF4059DA3F5A2FCBA98939E84092BB6E0E37F9BBCD1E4D9EBB8A58BB ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:12:31.0366 0x1c54  TDTCP - ok
20:12:31.0393 0x1c54  [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:12:31.0500 0x1c54  tdx - ok
20:12:33.0906 0x1c54  [ DF4A7E1E2BA788E28747F1EF49692ED6, 3417C0C713AB086E31CA20D6DCE923FF224093CFF2BAA6F29DCCBD2BEE5EEED6 ] TeamViewer9     C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
20:12:34.0115 0x1c54  TeamViewer9 - ok
20:12:34.0217 0x1c54  [ F5520DBB47C60EE83024B38720ABDA24, B8E555D92440BF93E3B55A66E27CEF936477EF7528F870D3B78BD3B294A05CC0 ] teamviewervpn   C:\Windows\system32\DRIVERS\teamviewervpn.sys
20:12:34.0228 0x1c54  teamviewervpn - ok
20:12:34.0265 0x1c54  [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:12:34.0281 0x1c54  TermDD - ok
20:12:34.0418 0x1c54  [ 0F05EC2887BFE197AD82A13287D2F404, 78C8A8FE9B1101430CA79875DA34413C35B6D7A5EE1932E454C50731335437A6 ] TermService     C:\Windows\System32\termsrv.dll
20:12:34.0661 0x1c54  TermService - ok
20:12:34.0728 0x1c54  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
20:12:34.0781 0x1c54  Themes - ok
20:12:34.0808 0x1c54  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
20:12:34.0907 0x1c54  THREADORDER - ok
20:12:34.0927 0x1c54  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
20:12:35.0061 0x1c54  TrkWks - ok
20:12:35.0113 0x1c54  [ 370A6907DDF79532A39319492B1FA38A, 46AECC5160F04FC3FFE4D37B404CCBBD1C5DC1501C2CEEE8284FF544DBDF10F8 ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
20:12:35.0138 0x1c54  truecrypt - ok
20:12:35.0316 0x1c54  [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:12:35.0403 0x1c54  TrustedInstaller - ok
20:12:35.0450 0x1c54  [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:12:35.0560 0x1c54  tssecsrv - ok
20:12:35.0619 0x1c54  [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:12:35.0702 0x1c54  tunnel - ok
20:12:35.0970 0x1c54  [ ADF0BC359B3959ECBF4141EC1F2E0DD4, 3A2EAA7C4D8D8941013FAEF5EF26F2D654692326200BC124893B70580246C32F ] TunngleService  C:\Program Files (x86)\Tunngle\TnglCtrl.exe
20:12:36.0062 0x1c54  TunngleService - detected UnsignedFile.Multi.Generic ( 1 )
20:12:38.0737 0x1c54  Detect skipped due to KSN trusted
20:12:38.0737 0x1c54  TunngleService - ok
20:12:38.0768 0x1c54  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:12:38.0787 0x1c54  uagp35 - ok
20:12:39.0046 0x1c54  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB, DBAEA010F11A5EFD961B1841308EA3F220A9FFB01F364BA9B8F72200DA2BBCD8 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:12:39.0175 0x1c54  udfs - ok
20:12:39.0230 0x1c54  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:12:39.0252 0x1c54  UI0Detect - ok
20:12:39.0268 0x1c54  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
20:12:39.0287 0x1c54  uliagpkx - ok
20:12:39.0309 0x1c54  [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:12:39.0344 0x1c54  umbus - ok
20:12:39.0393 0x1c54  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:12:39.0443 0x1c54  UmPass - ok
20:12:39.0602 0x1c54  [ 927754ABF077AEB5504BE4E0F2C60C1B, 14DBDB8DAD85432D310C4F3DDF99C07AA5E23DC3D92280CB8B9ECC7456B9F6E1 ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
20:12:39.0634 0x1c54  UMVPFSrv - ok
20:12:40.0218 0x1c54  [ 02C298382359653BEC4C737C2AB7F9C5, 44F285478591DAD476B7FDF5F15A78C76FE3FB207408D1C665ACD54B758EAC1B ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:12:40.0378 0x1c54  UNS - ok
20:12:40.0517 0x1c54  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
20:12:40.0604 0x1c54  upnphost - ok
20:12:40.0634 0x1c54  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
20:12:40.0718 0x1c54  USBAAPL64 - ok
20:12:40.0761 0x1c54  [ 77B01BC848298223A95D4EC23E1785A1, 7D0FBBA746588401400226BB966507EE34EEBB2F4F16607601E3D7383CAD34E2 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:12:40.0822 0x1c54  usbaudio - ok
20:12:40.0875 0x1c54  [ 7B6A127C93EE590E4D79A5F2A76FE46F, 6F178916EF6D58D1E5B26C0D9D95C276B776505BFC9F716BB1E3ABD3B2B72FCE ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:12:40.0976 0x1c54  usbccgp - ok
20:12:41.0013 0x1c54  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
20:12:41.0093 0x1c54  usbcir - ok
20:12:41.0129 0x1c54  [ 92969BA5AC44E229C55A332864F79677, 4ED1E1049E7641D3FFF5D296F2D59060225CE52AB9F7B5CA618898B46A772F98 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
20:12:41.0152 0x1c54  usbehci - ok
20:12:41.0188 0x1c54  [ E7DF1CFD28CA86B35EF5ADD0735CEEF3, AA751288EC34D61D934D7E8C036B60BBCEDC2A746815623478BB015D87D6A998 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:12:41.0292 0x1c54  usbhub - ok
20:12:41.0386 0x1c54  [ F1BB1E55F1E7A65C5839CCC7B36D773E, 4F517F81FA5688D78D3627EA7D2EA16AD4EB410D7624FE483C7AF26951E579A9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:12:41.0417 0x1c54  usbohci - ok
20:12:41.0492 0x1c54  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:12:41.0524 0x1c54  usbprint - ok
20:12:41.0550 0x1c54  [ F39983647BC1F3E6100778DDFE9DCE29, 3BD36594F7C753680DB5A4354B1D6A33FC3011631D2D56DD4B2464AA99C85F7B ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:12:41.0585 0x1c54  USBSTOR - ok
20:12:41.0604 0x1c54  [ BC3070350A491D84B518D7CCA9ABD36F, 96FFF9F76A93CF4806297AE7C11A5C6D1E7A9980260E6CFC960F8247D5032161 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:12:41.0631 0x1c54  usbuhci - ok
20:12:41.0654 0x1c54  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
20:12:41.0715 0x1c54  UxSms - ok
20:12:41.0735 0x1c54  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] VaultSvc        C:\Windows\system32\lsass.exe
20:12:41.0766 0x1c54  VaultSvc - ok
20:12:41.0799 0x1c54  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
20:12:41.0816 0x1c54  vdrvroot - ok
20:12:41.0915 0x1c54  [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds             C:\Windows\System32\vds.exe
20:12:41.0953 0x1c54  vds - ok
20:12:41.0971 0x1c54  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:12:41.0988 0x1c54  vga - ok
20:12:42.0000 0x1c54  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:12:42.0088 0x1c54  VgaSave - ok
20:12:42.0154 0x1c54  [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
20:12:42.0177 0x1c54  vhdmp - ok
20:12:42.0208 0x1c54  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
20:12:42.0226 0x1c54  viaide - ok
20:12:42.0249 0x1c54  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
20:12:42.0268 0x1c54  volmgr - ok
20:12:42.0292 0x1c54  [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:12:42.0319 0x1c54  volmgrx - ok
20:12:42.0361 0x1c54  [ 9E425AC5C9A5A973273D169F43B4F5E1, 64C9A9D4A39865E56F01B4FDE1B56034C4B2A2AEF2ABE15EC1C37911C59595B0 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:12:42.0399 0x1c54  volsnap - ok
20:12:42.0468 0x1c54  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:12:42.0487 0x1c54  vsmraid - ok
20:12:42.0645 0x1c54  [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS             C:\Windows\system32\vssvc.exe
20:12:42.0837 0x1c54  VSS - ok
20:12:42.0991 0x1c54  [ E72B7F6AD60EC55B2BBEF6C6202CDE2A, 9218329A0C090E5AB388279D58997CD22DB2F93B329B473706DBBCDAABA6110E ] VSTWinDriver6   C:\Windows\system32\drivers\VSTwindrvr6.sys
20:12:43.0043 0x1c54  VSTWinDriver6 - ok
20:12:43.0082 0x1c54  vtany - ok
20:12:43.0092 0x1c54  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:12:43.0111 0x1c54  vwifibus - ok
20:12:43.0127 0x1c54  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:12:43.0190 0x1c54  vwififlt - ok
20:12:43.0241 0x1c54  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
20:12:43.0268 0x1c54  vwifimp - ok
20:12:43.0304 0x1c54  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
20:12:43.0394 0x1c54  W32Time - ok
20:12:43.0451 0x1c54  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:12:43.0478 0x1c54  WacomPen - ok
20:12:43.0518 0x1c54  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:12:43.0608 0x1c54  WANARP - ok
20:12:43.0616 0x1c54  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:12:43.0670 0x1c54  Wanarpv6 - ok
20:12:43.0790 0x1c54  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:12:43.0852 0x1c54  WatAdminSvc - ok
20:12:44.0041 0x1c54  [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine        C:\Windows\system32\wbengine.exe
20:12:44.0261 0x1c54  wbengine - ok
20:12:44.0291 0x1c54  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:12:44.0337 0x1c54  WbioSrvc - ok
20:12:44.0421 0x1c54  [ DD1BAE8EBFC653824D29CCF8C9054D68, 81D6640222FE276D721168745F6BB905D4E756909A9B2C706AF25465D748772D ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:12:44.0562 0x1c54  wcncsvc - ok
20:12:44.0581 0x1c54  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:12:44.0615 0x1c54  WcsPlugInService - ok
20:12:44.0634 0x1c54  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:12:44.0648 0x1c54  Wd - ok
20:12:44.0698 0x1c54  [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:12:44.0744 0x1c54  Wdf01000 - ok
20:12:44.0778 0x1c54  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:12:44.0861 0x1c54  WdiServiceHost - ok
20:12:44.0867 0x1c54  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:12:44.0934 0x1c54  WdiSystemHost - ok
20:12:45.0008 0x1c54  [ 733006127F235BE7C35354EBEE7B9A7B, 2C7E7030D586C36261F33F29883337695493D48CEA415D6DBA7C5635845A5B32 ] WebClient       C:\Windows\System32\webclnt.dll
20:12:45.0136 0x1c54  WebClient - ok
20:12:45.0151 0x1c54  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:12:45.0284 0x1c54  Wecsvc - ok
20:12:45.0352 0x1c54  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:12:45.0448 0x1c54  wercplsupport - ok
20:12:45.0478 0x1c54  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:12:45.0576 0x1c54  WerSvc - ok
20:12:45.0646 0x1c54  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:12:45.0788 0x1c54  WfpLwf - ok
20:12:45.0838 0x1c54  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:12:45.0851 0x1c54  WIMMount - ok
20:12:45.0861 0x1c54  WinDefend - ok
20:12:45.0879 0x1c54  WinHttpAutoProxySvc - ok
20:12:46.0009 0x1c54  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:12:46.0122 0x1c54  Winmgmt - ok
20:12:46.0382 0x1c54  [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:12:46.0662 0x1c54  WinRM - ok
20:12:46.0710 0x1c54  [ 817EAFF5D38674EDD7713B9DFB8E9791, F6E0BFC503BA7395F92989C11B454D1F1E58E29302BA203801449A2C5236E84D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:12:46.0755 0x1c54  WinUsb - ok
20:12:46.0851 0x1c54  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:12:46.0938 0x1c54  Wlansvc - ok
20:12:47.0528 0x1c54  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:12:47.0663 0x1c54  wlidsvc - ok
20:12:47.0691 0x1c54  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
20:12:47.0712 0x1c54  WmiAcpi - ok
20:12:47.0863 0x1c54  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:12:47.0894 0x1c54  wmiApSrv - ok
20:12:48.0045 0x1c54  WMPNetworkSvc - ok
20:12:48.0052 0x1c54  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:12:48.0091 0x1c54  WPCSvc - ok
20:12:48.0116 0x1c54  [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:12:48.0192 0x1c54  WPDBusEnum - ok
20:12:48.0261 0x1c54  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:12:48.0350 0x1c54  ws2ifsl - ok
20:12:48.0392 0x1c54  [ 8F9F3969933C02DA96EB0F84576DB43E, C424D7B881A4DCC348433CF02044383013E32DB94CC66D1D20E1866CB3B0F952 ] wscsvc          C:\Windows\system32\wscsvc.dll
20:12:48.0423 0x1c54  wscsvc - ok
20:12:48.0442 0x1c54  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
20:12:48.0489 0x1c54  WSDPrintDevice - ok
20:12:48.0495 0x1c54  WSearch - ok
20:12:48.0789 0x1c54  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:12:48.0994 0x1c54  wuauserv - ok
20:12:49.0071 0x1c54  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:12:49.0165 0x1c54  WudfPf - ok
20:12:49.0186 0x1c54  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:12:49.0216 0x1c54  WUDFRd - ok
20:12:49.0270 0x1c54  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:12:49.0339 0x1c54  wudfsvc - ok
20:12:49.0437 0x1c54  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:12:49.0595 0x1c54  WwanSvc - ok
20:12:49.0909 0x1c54  ================ Scan global ===============================
20:12:49.0938 0x1c54  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
20:12:49.0981 0x1c54  [ 3FB74FF230B5D240A57AE1C4A3D0459D, 7A4036CAC3BAAEC719E4152F2CAA9D9B69DACBDC7502147D7160D04AE70BC8DF ] C:\Windows\system32\winsrv.dll
20:12:49.0997 0x1c54  [ 3FB74FF230B5D240A57AE1C4A3D0459D, 7A4036CAC3BAAEC719E4152F2CAA9D9B69DACBDC7502147D7160D04AE70BC8DF ] C:\Windows\system32\winsrv.dll
20:12:50.0035 0x1c54  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:12:50.0071 0x1c54  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
20:12:50.0084 0x1c54  [ Global ] - ok
20:12:50.0084 0x1c54  ================ Scan MBR ==================================
20:12:50.0107 0x1c54  [ EAC4928E274CC95042BE183741B48D11 ] \Device\Harddisk0\DR0
20:12:58.0442 0x1c54  \Device\Harddisk0\DR0 - ok
20:12:58.0471 0x1c54  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
20:12:58.0524 0x1c54  \Device\Harddisk1\DR1 - ok
20:12:58.0525 0x1c54  ================ Scan VBR ==================================
20:12:58.0552 0x1c54  [ CC75AF57133437350C04993D406CC4A6 ] \Device\Harddisk0\DR0\Partition1
20:12:58.0577 0x1c54  \Device\Harddisk0\DR0\Partition1 - ok
20:12:58.0644 0x1c54  [ B216F815BC0E31DEBA0E404CDBEF763F ] \Device\Harddisk0\DR0\Partition2
20:12:58.0720 0x1c54  \Device\Harddisk0\DR0\Partition2 - ok
20:12:58.0760 0x1c54  [ B14A7681B4309117597E054FC9A8838B ] \Device\Harddisk0\DR0\Partition3
20:12:58.0867 0x1c54  \Device\Harddisk0\DR0\Partition3 - ok
20:12:58.0904 0x1c54  [ 2FD7406B2EE5D197A3ADA8720FC2E0DF ] \Device\Harddisk1\DR1\Partition1
20:12:58.0907 0x1c54  \Device\Harddisk1\DR1\Partition1 - ok
20:12:58.0992 0x1c54  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x60000 ( disabled : updated )
20:12:59.0000 0x1c54  Win FW state via NFP2: enabled
20:13:01.0757 0x1c54  ============================================================
20:13:01.0757 0x1c54  Scan finished
20:13:01.0757 0x1c54  ============================================================
20:13:01.0784 0x1c4c  Detected object count: 4
20:13:01.0784 0x1c4c  Actual detected object count: 4
20:41:58.0735 0x1c4c  DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
20:41:58.0736 0x1c4c  Netaapl ( UnsignedFile.Multi.Generic ) - skipped by user
20:41:58.0736 0x1c4c  Netaapl ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:41:58.0782 0x1c4c  RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
20:41:58.0783 0x1c4c  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
20:41:58.0784 0x1c4c  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
 


BC AdBot (Login to Remove)

 


#2 Suprr

Suprr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 02 January 2014 - 09:05 PM

After a little browsing on this forum, I can see a lot of people have the same virus as I do!



#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:58 AM

Posted 03 January 2014 - 12:28 PM

Hello, please go to http://www.virustotal.com and submit c:\windows\system32\rpcss.dll (just type the name into the File Name box, browsing will likely not work). Please link me to the scan results.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#4 Suprr

Suprr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 03 January 2014 - 12:36 PM

https://www.virustotal.com/en/file/9254819914701c1701540e51ef0279f74c54cee7f26f68765f203645de4e027a/analysis/1388770372/

Virus Total Scan results: came up as negative.

 

Will report back with the FSS log as my plug and play drivers/dcomlaunch have apparently stopped working so now I have to restart (the virus keeps doing this).


Edited by Suprr, 03 January 2014 - 12:36 PM.


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:58 AM

Posted 03 January 2014 - 12:49 PM

Okay, I'll wait for the log. :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#6 Suprr

Suprr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 03 January 2014 - 12:50 PM

Farbar Service Scanner Version: 05-12-2013
Ran by Mike (administrator) on 03-01-2014 at 12:48:43
Running from "C:\Users\Mike\Desktop"
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-02-12 17:15] - [2013-01-04 00:41] - 1893224 ____A (Microsoft Corporation) 5CFB7AB8F9524D1A1E14369DE63B83CC
 
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-07-13 19:00] - [2009-07-13 20:41] - 0510464 ____A (Microsoft Corporation) 1F911C2BBAD194A6FE4801EE868BABF9
 
 
 
**** End of log ****


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:58 AM

Posted 03 January 2014 - 01:05 PM

Okay, thats definitely a hit. :) Lets see what GMER has to say. I want to see if it flags a modified MBR.

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#8 Suprr

Suprr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 03 January 2014 - 03:06 PM

Even after running GMER with the provided guidlines and in safe mode the program kept unexpectedly closing. I started the scan over 15 times and this happened every single time.



#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:58 AM

Posted 03 January 2014 - 03:10 PM

Okay, lets try something different. :)

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1
  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.
This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#10 Suprr

Suprr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 03 January 2014 - 03:23 PM

Wait, I am confused. I need to put the GETxPUD.exe on my USB then open it on a different computer? 


Edited by Suprr, 03 January 2014 - 03:27 PM.


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:58 AM

Posted 03 January 2014 - 03:25 PM

No, you need the usb only for the mbr dump, the downloaded file will create a bootable CD. You can do this on any working computer, including the infected one.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#12 Suprr

Suprr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 03 January 2014 - 03:31 PM

Wait a second, I need a CD?



#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:58 AM

Posted 03 January 2014 - 03:34 PM

You need both, just read the instructions carefully. :) If you don't have a CD let me know and I'll give you instructions for USB only. Using a CD is usually a bit easier during boot as many computers are set up to boot from CD first.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:58 AM

Posted 03 January 2014 - 04:30 PM

Please try this instead if the CD doesn't boot:
  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flashdrive into the infected PC.
    :spacer:
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt
    :spacer:
  • Once in the Command Prompt:
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#15 Suprr

Suprr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 03 January 2014 - 05:07 PM

I've messaged you the log, it is not letting me post it.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users