Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Zusy


  • Please log in to reply
14 replies to this topic

#1 kokopoko

kokopoko

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 02 January 2014 - 09:26 PM

Superantispyware found the Trojan Zusy.  How do I make sure it's been removed completely by superantispyware?



BC AdBot (Login to Remove)

 


#2 kokopoko

kokopoko
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 02 January 2014 - 09:35 PM

I downloaded security check from this thread http://www.bleepingcomputer.com/forums/t/504264/svchostexe-running-crazy-trojanagent-zusygen-help/ and ran it.  Here are the results.

 

 Results of screen317's Security Check version 0.99.78  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Spyder3Elite     
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 25  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 11.7.700.224  
 Adobe Reader XI  
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Spybot Teatimer.exe is disabled! 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#3 kokopoko

kokopoko
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 02 January 2014 - 09:37 PM

I also downloaded and ran Farbar Service Scanner.

 

Farbar Service Scanner Version: 05-12-2013
Ran by Christine (administrator) on 02-01-2014 at 20:36:19
Running from "C:\Users\Christine\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#4 kokopoko

kokopoko
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 02 January 2014 - 09:40 PM

I ran Mini Toolbox and here are the results.

 

MiniToolBox by Farbar  Version: 18-12-2013
Ran by Christine (administrator) on 02-01-2014 at 20:38:16
Running from "C:\Users\Christine\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
D-Link WDA-2320 Desktop Adapter = Wireless Network Connection (Connected)
Belkin USB Wireless Adaptor = Wireless Network Connection 3 (Connected)
Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20) = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 4 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Christine-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : D-Link WDA-2320 Desktop Adapter
   Physical Address. . . . . . . . . : 00-21-91-1C-CD-2F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.104(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, January 02, 2014 8:23:00 PM
   Lease Expires . . . . . . . . . . : Thursday, January 09, 2014 8:23:00 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Wireless LAN adapter Wireless Network Connection 4:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : EC-1A-59-01-D3-D8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection 3:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Belkin USB Wireless Adaptor
   Physical Address. . . . . . . . . : EC-1A-59-01-D3-D8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.101(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, January 02, 2014 8:23:01 PM
   Lease Expires . . . . . . . . . . : Thursday, January 09, 2014 8:23:02 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
   Physical Address. . . . . . . . . : 00-30-67-86-98-9F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.0.1
 
Name:    google.com
Addresses:  2607:f8b0:4001:c00::8a
 208.53.243.113
 208.53.243.123
 208.53.243.121
 208.53.243.110
 208.53.243.106
 208.53.243.99
 208.53.243.101
 208.53.243.117
 208.53.243.95
 208.53.243.84
 208.53.243.102
 208.53.243.112
 208.53.243.88
 208.53.243.80
 208.53.243.91
 208.53.243.90
 
 
Pinging google.com [208.53.243.90] with 32 bytes of data:
Reply from 208.53.243.90: bytes=32 time=3ms TTL=60
Reply from 208.53.243.90: bytes=32 time=3ms TTL=60
 
Ping statistics for 208.53.243.90:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 3ms, Maximum = 3ms, Average = 3ms
Server:  UnKnown
Address:  192.168.0.1
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.139.183.24
 98.138.253.109
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=47ms TTL=51
Reply from 98.138.253.109: bytes=32 time=47ms TTL=51
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 47ms, Maximum = 47ms, Average = 47ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 21...00 21 91 1c cd 2f ......D-Link WDA-2320 Desktop Adapter
 20...ec 1a 59 01 d3 d8 ......Microsoft Virtual WiFi Miniport Adapter #2
 18...ec 1a 59 01 d3 d8 ......Belkin USB Wireless Adaptor
 10...00 30 67 86 98 9f ......Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.104     25
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.101     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.104    281
      192.168.0.0    255.255.255.0         On-link     192.168.0.101    281
    192.168.0.101  255.255.255.255         On-link     192.168.0.101    281
    192.168.0.104  255.255.255.255         On-link     192.168.0.104    281
    192.168.0.255  255.255.255.255         On-link     192.168.0.104    281
    192.168.0.255  255.255.255.255         On-link     192.168.0.101    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.101    281
        224.0.0.0        240.0.0.0         On-link     192.168.0.104    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.101    281
  255.255.255.255  255.255.255.255         On-link     192.168.0.104    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (01/02/2014 06:57:31 PM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 31.0.1650.63 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: ed8
 
Start Time: 01cf07ebcd61199a
 
Termination Time: 51
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: fd915084-7411-11e3-b9d2-00306786989f
 
Error: (12/15/2013 09:26:24 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume (C:) was not defragmented because an error was encountered: An attempt was made to load a program with an incorrect format. (0x8007000B)
 
Error: (12/01/2013 01:09:45 AM) (Source: Application Hang) (User: )
Description: The program SDScan.exe version 2.0.12.173 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 588
 
Start Time: 01ceee5ec2b7f07c
 
Termination Time: 17
 
Application Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
 
Report Id: 88bd4387-5a57-11e3-947c-00306786989f
 
Error: (11/03/2013 01:19:25 AM) (Source: Application Hang) (User: )
Description: The program mirc.exe version 7.32.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: cd0
 
Start Time: 01ced8583340be55
 
Termination Time: 94
 
Application Path: C:\Program Files (x86)\mIRC\mirc.exe
 
Report Id: 396416e6-4458-11e3-8058-00306786989f
 
Error: (10/27/2013 00:24:42 PM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of genuine ticket failed (hr=0x80072EE7) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f
 
Error: (10/27/2013 00:24:42 PM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details. 
hr=0x80072EE7
 
Error: (10/27/2013 01:36:12 AM) (Source: Application Error) (User: )
Description: Faulting application name: ScriptHelper.exe, version: 17.0.1.12, time stamp: 0x521c9196
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x1320
Faulting application start time: 0xScriptHelper.exe0
Faulting application path: ScriptHelper.exe1
Faulting module path: ScriptHelper.exe2
Report Id: ScriptHelper.exe3
 
Error: (10/27/2013 01:35:16 AM) (Source: Application Error) (User: )
Description: Faulting application name: ScriptHelper.exe, version: 17.0.1.12, time stamp: 0x521c9196
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0xa58
Faulting application start time: 0xScriptHelper.exe0
Faulting application path: ScriptHelper.exe1
Faulting module path: ScriptHelper.exe2
Report Id: ScriptHelper.exe3
 
Error: (10/27/2013 01:32:27 AM) (Source: Application Error) (User: )
Description: Faulting application name: update_checker.exe, version: 4.3.0.0, time stamp: 0x525d9c67
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000332b0
Faulting process id: 0x434
Faulting application start time: 0xupdate_checker.exe0
Faulting application path: update_checker.exe1
Faulting module path: update_checker.exe2
Report Id: update_checker.exe3
 
Error: (10/03/2013 07:37:59 PM) (Source: Application Hang) (User: )
Description: The program mirc.exe version 7.32.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1018
 
Start Time: 01cec09e2e353c97
 
Termination Time: 12
 
Application Path: C:\Program Files (x86)\mIRC\mirc.exe
 
Report Id: 6d305f7d-2c95-11e3-a080-00306786989f
 
 
System errors:
=============
Error: (01/02/2014 08:23:06 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
hola_net
 
Error: (01/02/2014 08:22:59 PM) (Source: Service Control Manager) (User: )
Description: The NNSvc service failed to start due to the following error: 
%%2
 
Error: (01/02/2014 00:51:49 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
hola_net
 
Error: (01/02/2014 00:51:47 PM) (Source: Service Control Manager) (User: )
Description: The WajamUpdater service failed to start due to the following error: 
%%2
 
Error: (01/02/2014 00:51:45 PM) (Source: Service Control Manager) (User: )
Description: The NNSvc service failed to start due to the following error: 
%%2
 
Error: (01/01/2014 03:43:04 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
hola_net
 
Error: (01/01/2014 03:43:00 PM) (Source: Service Control Manager) (User: )
Description: The WajamUpdater service failed to start due to the following error: 
%%2
 
Error: (01/01/2014 03:42:58 PM) (Source: Service Control Manager) (User: )
Description: The NNSvc service failed to start due to the following error: 
%%2
 
Error: (12/28/2013 10:35:19 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
hola_net
 
Error: (12/28/2013 10:35:17 PM) (Source: Service Control Manager) (User: )
Description: The WajamUpdater service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-05-19 20:17:10.504
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-05-19 20:17:10.253
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-01-21 02:09:45.564
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-01-21 02:09:45.548
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-01-21 02:09:45.501
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-01-21 02:09:45.470
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-01-21 02:09:05.955
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-01-21 02:09:05.939
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-01-21 02:09:05.908
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-01-21 02:09:05.814
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
 Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 3.3.2.30303)
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Photoshop Lightroom 3.6 64-bit (Version: 3.6.1)
Adobe Photoshop Lightroom 5.2 64-bit (Version: 5.2.1)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Application Profiles (Version: 2.0.4308.34093)
Belkin USB Wireless Adapter (Version: 1.0.0.12)
Bonjour (Version: 3.0.0.10)
calibre (Version: 0.9.38)
Canon MP Navigator EX 3.0
Canon MP560 series MP Drivers
CCleaner (Version: 4.02)
DivX Setup (Version: 2.5.0.15)
FileZilla Client 3.4.0 (Version: 3.4.0)
Fitbit Base Station (Driver Removal)
Fitbit Connect (Version: 1.0.0.2578)
Fitbit v2.1.0.8 (Version: 2.1.0.8)
FreeMind (Version: 0.9.0)
Google Chrome (Version: 31.0.1650.63)
Google Update Helper (Version: 1.3.22.3)
iMindMap 6 (Version: 6.0.644)
iTunes (Version: 11.0.5.5)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.22.270.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Mindjet MindManager Viewer 7 (Version: 7.1.394)
Minutor (Version: 1.6.2)
mIRC (Version: 7.32)
Moffsoft FreeCalc (Version: 1.1)
Notepad++ (Version: 5.9.6.2)
PowerISO (Version: 5.6)
Quicken 2008 (Version: 17.1.1.24)
Quicken 2010 (Version: 19.1.1.27)
Quicken 2011 (Version: 20.1.8.6)
Quicken 2013 (Version: 22.1.12.7)
Spotify (Version: 0.9.6.81.gd359a796)
Spybot - Search & Destroy (Version: 2.0.12)
Spyder3Elite
SUPERAntiSpyware (Version: 5.6.1014)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
Xenu's Link Sleuth (Version: 1.3.8)
XMind 2012 (v3.3.1) (Version: 3.3.1.201212250029)
 
========================= Devices: ================================
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Expat Shield Routing Miniport #9
Description: Expat Shield Routing Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Expat Shield
Service: HssDrv
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 29%
Total physical RAM: 8191.24 MB
Available physical RAM: 5762.02 MB
Total Pagefile: 18189.42 MB
Available Pagefile: 15266.87 MB
Total Virtual: 4095.88 MB
Available Virtual: 3959.61 MB
 
========================= Partitions: =====================================
 
2 Drive c: () (Fixed) (Total:465.76 GB) (Free:195.36 GB) NTFS
3 Drive e: (TRANSCEND) (Removable) (Total:14.92 GB) (Free:0.86 GB) FAT32
 
========================= Users: ========================================
 
User accounts for \\CHRISTINE-PC
 
Administrator            ASPNET                   Christine                
Guest                    
 
 
**** End of log ****


#5 kokopoko

kokopoko
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 02 January 2014 - 09:50 PM

I ran Malware Bytes and here is the log

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.02.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Christine :: CHRISTINE-PC [administrator]
 
1/2/2014 8:42:21 PM
mbam-log-2014-01-02 (20-42-21).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221431
Time elapsed: 7 minute(s), 3 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 7
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\WAJAM (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 5
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {1FBD153E-E442-11E2-85AA-00306786989F} -> Quarantined and deleted successfully.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {1FBD153E-E442-11E2-85AA-00306786989F} -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} (PUP.Optional.SweetPacks.A) -> Data:  -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} (PUP.Optional.SweetPacks.A) -> Data: C:\Program Files\Updater By SweetPacks\Firefox -> Quarantined and deleted successfully.
HKCU\Software\Wajam|affiliate_id (PUP.Optional.Wajam.A) -> Data: 8524 -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.SweetPacks) -> Bad: (http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10043&barid={1FBD153E-E442-11E2-85AA-00306786989F}) Good: (http://www.google.com) -> Quarantined and repaired successfully.
 
Folders Detected: 4
C:\ProgramData\IBUpdaterService (Adware.InstallBrain) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
 
Files Detected: 2
C:\ProgramData\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Quarantined and deleted successfully.
C:\Users\Christine\AppData\Roaming\PowerISO\Upgrade\PowerISO5.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
 
(end)


#6 kokopoko

kokopoko
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 02 January 2014 - 09:59 PM

Here's the Rkill log 

 

Rkill 2.6.4 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 01/02/2014 08:55:47 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\.exe\shell found and deleted!
 
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * WMPNetworkSvc [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 01/02/2014 08:58:44 PM
Execution time: 0 hours(s), 2 minute(s), and 56 seconds(s)


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:22 PM

Posted 02 January 2014 - 10:03 PM

It does look removed.. Lets just check one more item.

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 kokopoko

kokopoko
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 05 January 2014 - 03:49 AM

I ran TDSSkiller and here's the report

 

02:48:09.0352 0x1560  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
02:48:13.0436 0x1560  ============================================================
02:48:13.0436 0x1560  Current date / time: 2014/01/05 02:48:13.0436
02:48:13.0436 0x1560  SystemInfo:
02:48:13.0436 0x1560  
02:48:13.0436 0x1560  OS Version: 6.1.7601 ServicePack: 1.0
02:48:13.0436 0x1560  Product type: Workstation
02:48:13.0436 0x1560  ComputerName: CHRISTINE-PC
02:48:13.0437 0x1560  UserName: Christine
02:48:13.0437 0x1560  Windows directory: C:\Windows
02:48:13.0437 0x1560  System windows directory: C:\Windows
02:48:13.0437 0x1560  Running under WOW64
02:48:13.0437 0x1560  Processor architecture: Intel x64
02:48:13.0437 0x1560  Number of processors: 2
02:48:13.0437 0x1560  Page size: 0x1000
02:48:13.0437 0x1560  Boot type: Normal boot
02:48:13.0437 0x1560  ============================================================
02:48:15.0032 0x1560  KLMD registered as C:\Windows\system32\drivers\65137390.sys
02:48:15.0277 0x1560  System UUID: {280A8BFC-C5AD-21EF-9DC4-26F85529E12E}
02:48:16.0098 0x1560  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:48:16.0129 0x1560  Drive \Device\Harddisk2\DR2 - Size: 0x3BAFF6000 (14.92 Gb), SectorSize: 0x200, Cylinders: 0x79B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:48:16.0143 0x1560  ============================================================
02:48:16.0143 0x1560  \Device\Harddisk0\DR0:
02:48:16.0143 0x1560  MBR partitions:
02:48:16.0143 0x1560  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
02:48:16.0143 0x1560  \Device\Harddisk2\DR2:
02:48:16.0144 0x1560  MBR partitions:
02:48:16.0144 0x1560  \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x1DD7B81
02:48:16.0144 0x1560  ============================================================
02:48:16.0162 0x1560  C: <-> \Device\Harddisk0\DR0\Partition1
02:48:16.0163 0x1560  ============================================================
02:48:16.0163 0x1560  Initialize success
02:48:16.0163 0x1560  ============================================================
02:48:24.0870 0x12d8  ============================================================
02:48:24.0871 0x12d8  Scan started
02:48:24.0871 0x12d8  Mode: Manual; 
02:48:24.0871 0x12d8  ============================================================
02:48:24.0871 0x12d8  KSN ping started
02:48:27.0761 0x12d8  KSN ping finished: true
02:48:28.0419 0x12d8  ================ Scan system memory ========================
02:48:28.0419 0x12d8  System memory - ok
02:48:28.0420 0x12d8  ================ Scan services =============================
02:48:28.0570 0x12d8  [ 581D88B25C4D4121824FED2CA38E562F, 838FFC4270ED32858A4AC14B389DEA1ECCCAAFC94BEAF683F8976B5F5A91DD15 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
02:48:28.0574 0x12d8  !SASCORE - ok
02:48:28.0843 0x12d8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
02:48:28.0849 0x12d8  1394ohci - ok
02:48:28.0909 0x12d8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
02:48:28.0918 0x12d8  ACPI - ok
02:48:28.0965 0x12d8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
02:48:28.0966 0x12d8  AcpiPmi - ok
02:48:29.0096 0x12d8  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
02:48:29.0098 0x12d8  AdobeARMservice - ok
02:48:29.0178 0x12d8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
02:48:29.0193 0x12d8  adp94xx - ok
02:48:29.0219 0x12d8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
02:48:29.0228 0x12d8  adpahci - ok
02:48:29.0252 0x12d8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
02:48:29.0257 0x12d8  adpu320 - ok
02:48:29.0297 0x12d8  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
02:48:29.0298 0x12d8  AeLookupSvc - ok
02:48:29.0351 0x12d8  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
02:48:29.0376 0x12d8  AFD - ok
02:48:29.0413 0x12d8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
02:48:29.0415 0x12d8  agp440 - ok
02:48:29.0431 0x12d8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
02:48:29.0434 0x12d8  ALG - ok
02:48:29.0459 0x12d8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
02:48:29.0460 0x12d8  aliide - ok
02:48:29.0554 0x12d8  [ B5E2434FC851698C1F119CF1C3935A50, 857C9208BB9292E2221E1685833A35E4144A4E121555880A4AA391ADE1B0325F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
02:48:29.0560 0x12d8  AMD External Events Utility - ok
02:48:29.0574 0x12d8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
02:48:29.0575 0x12d8  amdide - ok
02:48:29.0595 0x12d8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
02:48:29.0598 0x12d8  AmdK8 - ok
02:48:30.0092 0x12d8  [ 9E3B4946F7E1BCA0B763E19D81EDBF2C, 413602EEAFD4320132C9B794D6C1A4F3CB829A2F93AD4027C52ED086D40E3D60 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
02:48:30.0420 0x12d8  amdkmdag - ok
02:48:30.0489 0x12d8  [ B9E1C7B7F1865F99B16FF2E1BB94EDB6, A38BD19BAFDC3470758F463942294DFE925A2EFE5251F7A69245DCFB9E53AE85 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
02:48:30.0498 0x12d8  amdkmdap - ok
02:48:30.0516 0x12d8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
02:48:30.0518 0x12d8  AmdPPM - ok
02:48:30.0569 0x12d8  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
02:48:30.0573 0x12d8  amdsata - ok
02:48:30.0596 0x12d8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
02:48:30.0602 0x12d8  amdsbs - ok
02:48:30.0623 0x12d8  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
02:48:30.0624 0x12d8  amdxata - ok
02:48:30.0669 0x12d8  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
02:48:30.0671 0x12d8  AppID - ok
02:48:30.0706 0x12d8  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
02:48:30.0707 0x12d8  AppIDSvc - ok
02:48:30.0743 0x12d8  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
02:48:30.0746 0x12d8  Appinfo - ok
02:48:30.0820 0x12d8  [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:48:30.0823 0x12d8  Apple Mobile Device - ok
02:48:30.0861 0x12d8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
02:48:30.0864 0x12d8  arc - ok
02:48:30.0891 0x12d8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
02:48:30.0894 0x12d8  arcsas - ok
02:48:30.0914 0x12d8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
02:48:30.0915 0x12d8  AsyncMac - ok
02:48:30.0938 0x12d8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
02:48:30.0939 0x12d8  atapi - ok
02:48:31.0044 0x12d8  [ 5D4529AC4156E16BEDB01441AE0CF984, 6E108BA8FF93277A9F8DA3EB8E4CC3082A7EF0DF963A00E347FD6E2105CA9E06 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
02:48:31.0120 0x12d8  athr - ok
02:48:31.0181 0x12d8  [ 230CF51113CD4B830B3BFD09B0D4C066, 54751AA93E5E697A09B9C02EED34BFFE4B9C98B69490B738BFD4127EACC0E39F ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
02:48:31.0184 0x12d8  AtiHDAudioService - ok
02:48:31.0795 0x12d8  [ 9E3B4946F7E1BCA0B763E19D81EDBF2C, 413602EEAFD4320132C9B794D6C1A4F3CB829A2F93AD4027C52ED086D40E3D60 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
02:48:32.0141 0x12d8  atikmdag - ok
02:48:32.0248 0x12d8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
02:48:32.0265 0x12d8  AudioEndpointBuilder - ok
02:48:32.0309 0x12d8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
02:48:32.0326 0x12d8  AudioSrv - ok
02:48:32.0370 0x12d8  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
02:48:32.0373 0x12d8  AxInstSV - ok
02:48:32.0417 0x12d8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
02:48:32.0429 0x12d8  b06bdrv - ok
02:48:32.0470 0x12d8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
02:48:32.0477 0x12d8  b57nd60a - ok
02:48:32.0536 0x12d8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
02:48:32.0540 0x12d8  BDESVC - ok
02:48:32.0556 0x12d8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
02:48:32.0557 0x12d8  Beep - ok
02:48:32.0635 0x12d8  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
02:48:32.0658 0x12d8  BFE - ok
02:48:32.0728 0x12d8  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
02:48:32.0752 0x12d8  BITS - ok
02:48:32.0781 0x12d8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
02:48:32.0783 0x12d8  blbdrive - ok
02:48:32.0861 0x12d8  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
02:48:32.0874 0x12d8  Bonjour Service - ok
02:48:32.0904 0x12d8  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
02:48:32.0907 0x12d8  bowser - ok
02:48:32.0924 0x12d8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:48:32.0925 0x12d8  BrFiltLo - ok
02:48:32.0937 0x12d8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:48:32.0938 0x12d8  BrFiltUp - ok
02:48:32.0969 0x12d8  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
02:48:32.0972 0x12d8  BridgeMP - ok
02:48:33.0013 0x12d8  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
02:48:33.0018 0x12d8  Browser - ok
02:48:33.0041 0x12d8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
02:48:33.0048 0x12d8  Brserid - ok
02:48:33.0071 0x12d8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
02:48:33.0072 0x12d8  BrSerWdm - ok
02:48:33.0085 0x12d8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
02:48:33.0087 0x12d8  BrUsbMdm - ok
02:48:33.0096 0x12d8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
02:48:33.0097 0x12d8  BrUsbSer - ok
02:48:33.0113 0x12d8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
02:48:33.0116 0x12d8  BTHMODEM - ok
02:48:33.0158 0x12d8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
02:48:33.0161 0x12d8  bthserv - ok
02:48:33.0186 0x12d8  catchme - ok
02:48:33.0205 0x12d8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
02:48:33.0208 0x12d8  cdfs - ok
02:48:33.0262 0x12d8  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
02:48:33.0266 0x12d8  cdrom - ok
02:48:33.0312 0x12d8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
02:48:33.0314 0x12d8  CertPropSvc - ok
02:48:33.0340 0x12d8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
02:48:33.0341 0x12d8  circlass - ok
02:48:33.0389 0x12d8  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
02:48:33.0399 0x12d8  CLFS - ok
02:48:33.0480 0x12d8  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:48:33.0482 0x12d8  clr_optimization_v2.0.50727_32 - ok
02:48:33.0549 0x12d8  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:48:33.0552 0x12d8  clr_optimization_v2.0.50727_64 - ok
02:48:33.0664 0x12d8  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:48:33.0668 0x12d8  clr_optimization_v4.0.30319_32 - ok
02:48:33.0724 0x12d8  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:48:33.0728 0x12d8  clr_optimization_v4.0.30319_64 - ok
02:48:33.0820 0x12d8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
02:48:33.0821 0x12d8  CmBatt - ok
02:48:33.0844 0x12d8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
02:48:33.0845 0x12d8  cmdide - ok
02:48:33.0882 0x12d8  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
02:48:33.0892 0x12d8  CNG - ok
02:48:33.0908 0x12d8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
02:48:33.0909 0x12d8  Compbatt - ok
02:48:33.0943 0x12d8  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
02:48:33.0944 0x12d8  CompositeBus - ok
02:48:33.0954 0x12d8  COMSysApp - ok
02:48:33.0969 0x12d8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
02:48:33.0970 0x12d8  crcdisk - ok
02:48:34.0004 0x12d8  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
02:48:34.0009 0x12d8  CryptSvc - ok
02:48:34.0063 0x12d8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
02:48:34.0079 0x12d8  DcomLaunch - ok
02:48:34.0124 0x12d8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
02:48:34.0132 0x12d8  defragsvc - ok
02:48:34.0182 0x12d8  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
02:48:34.0185 0x12d8  DfsC - ok
02:48:34.0235 0x12d8  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
02:48:34.0244 0x12d8  Dhcp - ok
02:48:34.0259 0x12d8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
02:48:34.0260 0x12d8  discache - ok
02:48:34.0274 0x12d8  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
02:48:34.0276 0x12d8  Disk - ok
02:48:34.0320 0x12d8  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
02:48:34.0326 0x12d8  Dnscache - ok
02:48:34.0370 0x12d8  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
02:48:34.0377 0x12d8  dot3svc - ok
02:48:34.0436 0x12d8  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
02:48:34.0441 0x12d8  DPS - ok
02:48:34.0471 0x12d8  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
02:48:34.0471 0x12d8  drmkaud - ok
02:48:34.0525 0x12d8  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
02:48:34.0550 0x12d8  DXGKrnl - ok
02:48:34.0590 0x12d8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
02:48:34.0592 0x12d8  EapHost - ok
02:48:34.0745 0x12d8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
02:48:34.0840 0x12d8  ebdrv - ok
02:48:34.0876 0x12d8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\Windows\System32\lsass.exe
02:48:34.0878 0x12d8  EFS - ok
02:48:34.0912 0x12d8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
02:48:34.0926 0x12d8  elxstor - ok
02:48:34.0965 0x12d8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
02:48:34.0965 0x12d8  ErrDev - ok
02:48:35.0011 0x12d8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
02:48:35.0022 0x12d8  EventSystem - ok
02:48:35.0048 0x12d8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
02:48:35.0053 0x12d8  exfat - ok
02:48:35.0076 0x12d8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
02:48:35.0081 0x12d8  fastfat - ok
02:48:35.0095 0x12d8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
02:48:35.0097 0x12d8  fdc - ok
02:48:35.0120 0x12d8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
02:48:35.0122 0x12d8  fdPHost - ok
02:48:35.0162 0x12d8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
02:48:35.0164 0x12d8  FDResPub - ok
02:48:35.0176 0x12d8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
02:48:35.0179 0x12d8  FileInfo - ok
02:48:35.0193 0x12d8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
02:48:35.0195 0x12d8  Filetrace - ok
02:48:35.0304 0x12d8  [ 98AB9EFEFD56483BA2F5FCD09691112F, AD07F117401A1D92DB5BF5BF63049D98099FA677C55098F072C70CF0EE7C68BF ] Fitbit          C:\Program Files (x86)\Fitbit\fitbit.exe
02:48:35.0324 0x12d8  Fitbit - ok
02:48:35.0410 0x12d8  [ 74CA3E6AD08389B78939EA0F1A2A0789, A5B22664A1E3374968999AD8750EC70E027AF69A1C72F4428F76506559311384 ] Fitbit Connect  C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
02:48:35.0444 0x12d8  Fitbit Connect - ok
02:48:35.0460 0x12d8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
02:48:35.0461 0x12d8  flpydisk - ok
02:48:35.0505 0x12d8  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
02:48:35.0511 0x12d8  FltMgr - ok
02:48:35.0583 0x12d8  [ 76C196B109E4BFA50132EF50AF6A1C1B, 6452E96C3C9D35433890FFE72CDBBECBD1D0F56BBAD92DDC31551C1EE44B5860 ] FontCache       C:\Windows\system32\FntCache.dll
02:48:35.0614 0x12d8  FontCache - ok
02:48:35.0641 0x12d8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
02:48:35.0643 0x12d8  FsDepends - ok
02:48:35.0689 0x12d8  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
02:48:35.0690 0x12d8  Fs_Rec - ok
02:48:35.0736 0x12d8  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
02:48:35.0742 0x12d8  fvevol - ok
02:48:35.0760 0x12d8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
02:48:35.0763 0x12d8  gagp30kx - ok
02:48:35.0820 0x12d8  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:48:35.0822 0x12d8  GEARAspiWDM - ok
02:48:35.0864 0x12d8  [ 14908F4F9005C29DE8F5587E271390EE, 43DDFA99F52467F91019DB858989F111EBE48A2BED8D43EA2C15D1FD3C104489 ] gfibto          C:\Windows\system32\drivers\gfibto.sys
02:48:35.0865 0x12d8  gfibto - ok
02:48:35.0930 0x12d8  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
02:48:35.0952 0x12d8  gpsvc - ok
02:48:36.0040 0x12d8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:48:36.0043 0x12d8  gupdate - ok
02:48:36.0058 0x12d8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:48:36.0062 0x12d8  gupdatem - ok
02:48:36.0082 0x12d8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
02:48:36.0083 0x12d8  hcw85cir - ok
02:48:36.0134 0x12d8  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
02:48:36.0143 0x12d8  HdAudAddService - ok
02:48:36.0170 0x12d8  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
02:48:36.0173 0x12d8  HDAudBus - ok
02:48:36.0189 0x12d8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
02:48:36.0190 0x12d8  HidBatt - ok
02:48:36.0211 0x12d8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
02:48:36.0214 0x12d8  HidBth - ok
02:48:36.0233 0x12d8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
02:48:36.0235 0x12d8  HidIr - ok
02:48:36.0271 0x12d8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
02:48:36.0273 0x12d8  hidserv - ok
02:48:36.0309 0x12d8  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
02:48:36.0310 0x12d8  HidUsb - ok
02:48:36.0347 0x12d8  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
02:48:36.0351 0x12d8  hkmsvc - ok
02:48:36.0399 0x12d8  [ 27CF435971444A41F990592933BB46B8, BEF70BEE140CB15131CA2CC5A790FEE68FFEEA09546A9799EFABD6029ED47850 ] hola_net        C:\Windows\system32\DRIVERS\hola_net.sys
02:48:36.0401 0x12d8  hola_net - ok
02:48:36.0444 0x12d8  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
02:48:36.0451 0x12d8  HomeGroupListener - ok
02:48:36.0491 0x12d8  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
02:48:36.0498 0x12d8  HomeGroupProvider - ok
02:48:36.0541 0x12d8  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
02:48:36.0544 0x12d8  HpSAMD - ok
02:48:36.0620 0x12d8  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
02:48:36.0638 0x12d8  HTTP - ok
02:48:36.0673 0x12d8  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
02:48:36.0673 0x12d8  hwpolicy - ok
02:48:36.0693 0x12d8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
02:48:36.0696 0x12d8  i8042prt - ok
02:48:36.0727 0x12d8  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
02:48:36.0739 0x12d8  iaStorV - ok
02:48:36.0847 0x12d8  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
02:48:36.0849 0x12d8  IDriverT - ok
02:48:36.0886 0x12d8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
02:48:36.0887 0x12d8  iirsp - ok
02:48:36.0933 0x12d8  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
02:48:36.0957 0x12d8  IKEEXT - ok
02:48:36.0983 0x12d8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
02:48:36.0985 0x12d8  intelide - ok
02:48:36.0996 0x12d8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
02:48:36.0998 0x12d8  intelppm - ok
02:48:37.0040 0x12d8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
02:48:37.0044 0x12d8  IPBusEnum - ok
02:48:37.0078 0x12d8  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:48:37.0081 0x12d8  IpFilterDriver - ok
02:48:37.0134 0x12d8  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
02:48:37.0150 0x12d8  iphlpsvc - ok
02:48:37.0174 0x12d8  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
02:48:37.0176 0x12d8  IPMIDRV - ok
02:48:37.0194 0x12d8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
02:48:37.0197 0x12d8  IPNAT - ok
02:48:37.0257 0x12d8  [ 78486992AC657AE5065C4A2135838570, E958E2977843A15A73F06A2D2F24130C7F62305A9AA0488F419E2D729BA6939A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
02:48:37.0274 0x12d8  iPod Service - ok
02:48:37.0299 0x12d8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
02:48:37.0301 0x12d8  IRENUM - ok
02:48:37.0314 0x12d8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
02:48:37.0316 0x12d8  isapnp - ok
02:48:37.0344 0x12d8  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
02:48:37.0352 0x12d8  iScsiPrt - ok
02:48:37.0377 0x12d8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
02:48:37.0379 0x12d8  kbdclass - ok
02:48:37.0408 0x12d8  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
02:48:37.0409 0x12d8  kbdhid - ok
02:48:37.0425 0x12d8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\Windows\system32\lsass.exe
02:48:37.0427 0x12d8  KeyIso - ok
02:48:37.0454 0x12d8  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
02:48:37.0457 0x12d8  KSecDD - ok
02:48:37.0476 0x12d8  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
02:48:37.0480 0x12d8  KSecPkg - ok
02:48:37.0498 0x12d8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
02:48:37.0499 0x12d8  ksthunk - ok
02:48:37.0540 0x12d8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
02:48:37.0550 0x12d8  KtmRm - ok
02:48:37.0597 0x12d8  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
02:48:37.0606 0x12d8  LanmanServer - ok
02:48:37.0645 0x12d8  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
02:48:37.0650 0x12d8  LanmanWorkstation - ok
02:48:37.0688 0x12d8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
02:48:37.0690 0x12d8  lltdio - ok
02:48:37.0732 0x12d8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
02:48:37.0741 0x12d8  lltdsvc - ok
02:48:37.0759 0x12d8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
02:48:37.0761 0x12d8  lmhosts - ok
02:48:37.0787 0x12d8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
02:48:37.0790 0x12d8  LSI_FC - ok
02:48:37.0805 0x12d8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
02:48:37.0808 0x12d8  LSI_SAS - ok
02:48:37.0826 0x12d8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:48:37.0828 0x12d8  LSI_SAS2 - ok
02:48:37.0844 0x12d8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:48:37.0847 0x12d8  LSI_SCSI - ok
02:48:37.0880 0x12d8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
02:48:37.0883 0x12d8  luafv - ok
02:48:37.0939 0x12d8  [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
02:48:37.0940 0x12d8  MBAMProtector - ok
02:48:38.0016 0x12d8  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
02:48:38.0027 0x12d8  MBAMScheduler - ok
02:48:38.0060 0x12d8  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
02:48:38.0078 0x12d8  MBAMService - ok
02:48:38.0128 0x12d8  [ 79D51E7F5926E8CE1B3EBECEBAE28CFF, 2722E217AF11F928E58F694E5C1CC5776283A56C54E7F84401FECFBD73E91EBA ] mcdbus          C:\Windows\system32\DRIVERS\mcdbus.sys
02:48:38.0133 0x12d8  mcdbus - ok
02:48:38.0151 0x12d8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
02:48:38.0152 0x12d8  megasas - ok
02:48:38.0177 0x12d8  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
02:48:38.0184 0x12d8  MegaSR - ok
02:48:38.0268 0x12d8  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
02:48:38.0270 0x12d8  Microsoft Office Groove Audit Service - ok
02:48:38.0303 0x12d8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
02:48:38.0307 0x12d8  MMCSS - ok
02:48:38.0321 0x12d8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
02:48:38.0322 0x12d8  Modem - ok
02:48:38.0362 0x12d8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
02:48:38.0363 0x12d8  monitor - ok
02:48:38.0402 0x12d8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
02:48:38.0404 0x12d8  mouclass - ok
02:48:38.0418 0x12d8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
02:48:38.0420 0x12d8  mouhid - ok
02:48:38.0461 0x12d8  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
02:48:38.0464 0x12d8  mountmgr - ok
02:48:38.0521 0x12d8  [ C6B88D62F20AC646C6BD5C032EC2FAF9, 111A07939F3C5A46F0C51B9D6F5C1D8478099E32EFD88BC260467109ADD975F8 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
02:48:38.0527 0x12d8  MpFilter - ok
02:48:38.0547 0x12d8  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
02:48:38.0550 0x12d8  mpio - ok
02:48:38.0572 0x12d8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
02:48:38.0574 0x12d8  mpsdrv - ok
02:48:38.0635 0x12d8  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
02:48:38.0657 0x12d8  MpsSvc - ok
02:48:38.0687 0x12d8  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
02:48:38.0691 0x12d8  MRxDAV - ok
02:48:38.0731 0x12d8  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
02:48:38.0735 0x12d8  mrxsmb - ok
02:48:38.0779 0x12d8  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:48:38.0786 0x12d8  mrxsmb10 - ok
02:48:38.0798 0x12d8  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:48:38.0802 0x12d8  mrxsmb20 - ok
02:48:38.0825 0x12d8  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
02:48:38.0826 0x12d8  msahci - ok
02:48:38.0878 0x12d8  [ A592A054D78750B4D73ABAA4C94DECDF, 40B135C9F9EE698EC78BD19BD18353AE2CF4D020DDB9CFC37CD2FDBF7602614A ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS64.exe
02:48:38.0882 0x12d8  MSCamSvc - ok
02:48:38.0923 0x12d8  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
02:48:38.0926 0x12d8  msdsm - ok
02:48:38.0952 0x12d8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
02:48:38.0957 0x12d8  MSDTC - ok
02:48:38.0993 0x12d8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
02:48:38.0994 0x12d8  Msfs - ok
02:48:39.0008 0x12d8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
02:48:39.0009 0x12d8  mshidkmdf - ok
02:48:39.0048 0x12d8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
02:48:39.0048 0x12d8  msisadrv - ok
02:48:39.0086 0x12d8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
02:48:39.0090 0x12d8  MSiSCSI - ok
02:48:39.0096 0x12d8  msiserver - ok
02:48:39.0117 0x12d8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
02:48:39.0118 0x12d8  MSKSSRV - ok
02:48:39.0202 0x12d8  [ 7675E15D1B2180745E4DA4D26AAD7385, 729AA6C610F67028CFFFF64B772FFA1CAE7581D37F8909BDA423D52AF85C92C8 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
02:48:39.0203 0x12d8  MsMpSvc - ok
02:48:39.0228 0x12d8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
02:48:39.0229 0x12d8  MSPCLOCK - ok
02:48:39.0239 0x12d8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
02:48:39.0240 0x12d8  MSPQM - ok
02:48:39.0283 0x12d8  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
02:48:39.0292 0x12d8  MsRPC - ok
02:48:39.0308 0x12d8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
02:48:39.0310 0x12d8  mssmbios - ok
02:48:39.0316 0x12d8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
02:48:39.0317 0x12d8  MSTEE - ok
02:48:39.0334 0x12d8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
02:48:39.0335 0x12d8  MTConfig - ok
02:48:39.0359 0x12d8  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
02:48:39.0362 0x12d8  Mup - ok
02:48:39.0409 0x12d8  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
02:48:39.0428 0x12d8  napagent - ok
02:48:39.0478 0x12d8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
02:48:39.0487 0x12d8  NativeWifiP - ok
02:48:39.0571 0x12d8  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
02:48:39.0594 0x12d8  NDIS - ok
02:48:39.0613 0x12d8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
02:48:39.0615 0x12d8  NdisCap - ok
02:48:39.0636 0x12d8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
02:48:39.0638 0x12d8  NdisTapi - ok
02:48:39.0706 0x12d8  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
02:48:39.0708 0x12d8  Ndisuio - ok
02:48:39.0754 0x12d8  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
02:48:39.0758 0x12d8  NdisWan - ok
02:48:39.0793 0x12d8  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
02:48:39.0795 0x12d8  NDProxy - ok
02:48:39.0826 0x12d8  [ 6F4607E2333FE21E9E3FF8133A88B35B, F7B7B262D85D03552A8D0F3F91E795B31E3D09020DDA1E3D62A4A3209D916BB6 ] Netaapl         C:\Windows\system32\DRIVERS\netaapl64.sys
02:48:39.0827 0x12d8  Netaapl - ok
02:48:39.0845 0x12d8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
02:48:39.0847 0x12d8  NetBIOS - ok
02:48:39.0890 0x12d8  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
02:48:39.0897 0x12d8  NetBT - ok
02:48:39.0909 0x12d8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\Windows\system32\lsass.exe
02:48:39.0911 0x12d8  Netlogon - ok
02:48:39.0957 0x12d8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
02:48:39.0967 0x12d8  Netman - ok
02:48:39.0996 0x12d8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
02:48:40.0009 0x12d8  netprofm - ok
02:48:40.0026 0x12d8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
02:48:40.0028 0x12d8  nfrd960 - ok
02:48:40.0072 0x12d8  [ ACE8C64C57E4A711473C8BC10ADF692B, 53D8083CE78DB5527080B4570AC28ABAA262667744A319707AE0C46E46B297F9 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
02:48:40.0076 0x12d8  NisDrv - ok
02:48:40.0113 0x12d8  [ 6247E8B31ED0A9D6BC5A26276E49BEB3, 230C0C560492C454B9EB14B50EB4A78DC74FAB6B662449A0EA3114B3E671BFF3 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
02:48:40.0123 0x12d8  NisSrv - ok
02:48:40.0168 0x12d8  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
02:48:40.0177 0x12d8  NlaSvc - ok
02:48:40.0214 0x12d8  NLNdisMP - ok
02:48:40.0221 0x12d8  NLNdisPT - ok
02:48:40.0270 0x12d8  NNSvc - ok
02:48:40.0283 0x12d8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
02:48:40.0285 0x12d8  Npfs - ok
02:48:40.0321 0x12d8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
02:48:40.0324 0x12d8  nsi - ok
02:48:40.0333 0x12d8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
02:48:40.0335 0x12d8  nsiproxy - ok
02:48:40.0436 0x12d8  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
02:48:40.0491 0x12d8  Ntfs - ok
02:48:40.0512 0x12d8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
02:48:40.0513 0x12d8  Null - ok
02:48:40.0546 0x12d8  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
02:48:40.0550 0x12d8  nvraid - ok
02:48:40.0591 0x12d8  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
02:48:40.0596 0x12d8  nvstor - ok
02:48:40.0629 0x12d8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
02:48:40.0632 0x12d8  nv_agp - ok
02:48:40.0714 0x12d8  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:48:40.0726 0x12d8  odserv - ok
02:48:40.0760 0x12d8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
02:48:40.0763 0x12d8  ohci1394 - ok
02:48:40.0802 0x12d8  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:48:40.0806 0x12d8  ose - ok
02:48:40.0861 0x12d8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
02:48:40.0872 0x12d8  p2pimsvc - ok
02:48:40.0920 0x12d8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
02:48:40.0932 0x12d8  p2psvc - ok
02:48:40.0983 0x12d8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
02:48:40.0986 0x12d8  Parport - ok
02:48:41.0021 0x12d8  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
02:48:41.0024 0x12d8  partmgr - ok
02:48:41.0043 0x12d8  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
02:48:41.0049 0x12d8  PcaSvc - ok
02:48:41.0061 0x12d8  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
02:48:41.0067 0x12d8  pci - ok
02:48:41.0090 0x12d8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
02:48:41.0090 0x12d8  pciide - ok
02:48:41.0114 0x12d8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
02:48:41.0121 0x12d8  pcmcia - ok
02:48:41.0138 0x12d8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
02:48:41.0140 0x12d8  pcw - ok
02:48:41.0173 0x12d8  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
02:48:41.0190 0x12d8  PEAUTH - ok
02:48:41.0292 0x12d8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
02:48:41.0294 0x12d8  PerfHost - ok
02:48:41.0387 0x12d8  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
02:48:41.0427 0x12d8  pla - ok
02:48:41.0501 0x12d8  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
02:48:41.0514 0x12d8  PlugPlay - ok
02:48:41.0534 0x12d8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
02:48:41.0537 0x12d8  PNRPAutoReg - ok
02:48:41.0561 0x12d8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
02:48:41.0572 0x12d8  PNRPsvc - ok
02:48:41.0610 0x12d8  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
02:48:41.0625 0x12d8  PolicyAgent - ok
02:48:41.0687 0x12d8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
02:48:41.0694 0x12d8  Power - ok
02:48:41.0745 0x12d8  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
02:48:41.0748 0x12d8  PptpMiniport - ok
02:48:41.0766 0x12d8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
02:48:41.0768 0x12d8  Processor - ok
02:48:41.0812 0x12d8  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
02:48:41.0820 0x12d8  ProfSvc - ok
02:48:41.0834 0x12d8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
02:48:41.0836 0x12d8  ProtectedStorage - ok
02:48:41.0912 0x12d8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
02:48:41.0965 0x12d8  ql2300 - ok
02:48:41.0987 0x12d8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
02:48:41.0991 0x12d8  ql40xx - ok
02:48:42.0026 0x12d8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
02:48:42.0034 0x12d8  QWAVE - ok
02:48:42.0049 0x12d8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
02:48:42.0051 0x12d8  QWAVEdrv - ok
02:48:42.0068 0x12d8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
02:48:42.0069 0x12d8  RasAcd - ok
02:48:42.0106 0x12d8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
02:48:42.0108 0x12d8  RasAgileVpn - ok
02:48:42.0123 0x12d8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
02:48:42.0128 0x12d8  RasAuto - ok
02:48:42.0167 0x12d8  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
02:48:42.0171 0x12d8  Rasl2tp - ok
02:48:42.0222 0x12d8  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
02:48:42.0235 0x12d8  RasMan - ok
02:48:42.0256 0x12d8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
02:48:42.0258 0x12d8  RasPppoe - ok
02:48:42.0271 0x12d8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
02:48:42.0274 0x12d8  RasSstp - ok
02:48:42.0299 0x12d8  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
02:48:42.0308 0x12d8  rdbss - ok
02:48:42.0327 0x12d8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
02:48:42.0329 0x12d8  rdpbus - ok
02:48:42.0345 0x12d8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
02:48:42.0346 0x12d8  RDPCDD - ok
02:48:42.0357 0x12d8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
02:48:42.0358 0x12d8  RDPENCDD - ok
02:48:42.0372 0x12d8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
02:48:42.0373 0x12d8  RDPREFMP - ok
02:48:42.0429 0x12d8  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
02:48:42.0431 0x12d8  RdpVideoMiniport - ok
02:48:42.0465 0x12d8  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
02:48:42.0472 0x12d8  RDPWD - ok
02:48:42.0517 0x12d8  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
02:48:42.0523 0x12d8  rdyboost - ok
02:48:42.0563 0x12d8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
02:48:42.0567 0x12d8  RemoteAccess - ok
02:48:42.0585 0x12d8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
02:48:42.0591 0x12d8  RemoteRegistry - ok
02:48:42.0606 0x12d8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
02:48:42.0611 0x12d8  RpcEptMapper - ok
02:48:42.0645 0x12d8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
02:48:42.0648 0x12d8  RpcLocator - ok
02:48:42.0705 0x12d8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
02:48:42.0721 0x12d8  RpcSs - ok
02:48:42.0738 0x12d8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
02:48:42.0740 0x12d8  rspndr - ok
02:48:42.0786 0x12d8  [ ABCB5A38A0D85BDF69B7877E1AD1EED5, 44DF1A92E8FA53677A04C46088B0AD49F1F6A090820BE550A514C4FBFD91444D ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
02:48:42.0791 0x12d8  RTL8167 - ok
02:48:42.0862 0x12d8  [ 5EDFCEE5682237607082880338415AA6, C711253F14B176800C68EE1B4620E11B5C2894CD052D5A82D4CE3B05E22B359C ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
02:48:42.0882 0x12d8  RTL8192su - ok
02:48:42.0900 0x12d8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\Windows\system32\lsass.exe
02:48:42.0902 0x12d8  SamSs - ok
02:48:42.0978 0x12d8  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
02:48:42.0979 0x12d8  SASDIFSV - ok
02:48:42.0997 0x12d8  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
02:48:42.0998 0x12d8  SASKUTIL - ok
02:48:43.0038 0x12d8  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
02:48:43.0041 0x12d8  sbp2port - ok
02:48:43.0079 0x12d8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
02:48:43.0086 0x12d8  SCardSvr - ok
02:48:43.0130 0x12d8  [ DD8C29C96307FDBD2DFA6F1730FBCE9A, C0B5DA32EF9913634C0ABFDADA371AC4A909CD83ED174B311EF00AFFA13B3A38 ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
02:48:43.0133 0x12d8  SCDEmu - ok
02:48:43.0173 0x12d8  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
02:48:43.0175 0x12d8  scfilter - ok
02:48:43.0251 0x12d8  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
02:48:43.0281 0x12d8  Schedule - ok
02:48:43.0320 0x12d8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
02:48:43.0323 0x12d8  SCPolicySvc - ok
02:48:43.0360 0x12d8  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
02:48:43.0368 0x12d8  SDRSVC - ok
02:48:43.0495 0x12d8  [ 206387AB881E93A1A6EB89966C8651F1, 3BF9DFF3E70F0787F7F94BE5B9717DFADD9E13AB8154FAE295CEAC834F0835E5 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
02:48:43.0522 0x12d8  SDScannerService - ok
02:48:43.0586 0x12d8  [ A529CFE32565C0B145578FFB2B32C9A5, 4B1596CBDDA74D510707FD475AAB3A89B1203E0B95ECAE3756CAA56555F9F66D ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
02:48:43.0628 0x12d8  SDUpdateService - ok
02:48:43.0671 0x12d8  [ CB63BDB77BB86549FC3303C2F11EDC18, 1C96C082B9CE08C8F3C088D5DE68BA8783E6F6A837A88E2654BC4CBCF7B81846 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
02:48:43.0675 0x12d8  SDWSCService - ok
02:48:43.0714 0x12d8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
02:48:43.0715 0x12d8  secdrv - ok
02:48:43.0744 0x12d8  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
02:48:43.0747 0x12d8  seclogon - ok
02:48:43.0757 0x12d8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
02:48:43.0761 0x12d8  SENS - ok
02:48:43.0781 0x12d8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
02:48:43.0784 0x12d8  SensrSvc - ok
02:48:43.0812 0x12d8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
02:48:43.0813 0x12d8  Serenum - ok
02:48:43.0833 0x12d8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
02:48:43.0836 0x12d8  Serial - ok
02:48:43.0848 0x12d8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
02:48:43.0850 0x12d8  sermouse - ok
02:48:43.0901 0x12d8  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
02:48:43.0906 0x12d8  SessionEnv - ok
02:48:43.0947 0x12d8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
02:48:43.0948 0x12d8  sffdisk - ok
02:48:43.0958 0x12d8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
02:48:43.0959 0x12d8  sffp_mmc - ok
02:48:43.0966 0x12d8  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
02:48:43.0968 0x12d8  sffp_sd - ok
02:48:43.0980 0x12d8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
02:48:43.0983 0x12d8  sfloppy - ok
02:48:44.0046 0x12d8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
02:48:44.0056 0x12d8  SharedAccess - ok
02:48:44.0103 0x12d8  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
02:48:44.0115 0x12d8  ShellHWDetection - ok
02:48:44.0132 0x12d8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:48:44.0133 0x12d8  SiSRaid2 - ok
02:48:44.0147 0x12d8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
02:48:44.0150 0x12d8  SiSRaid4 - ok
02:48:44.0194 0x12d8  [ 4C9F8E72F87F50A6125AAA31B63B2D18, 6EA3C9E8CC0CF848EAA4D760F4526E1FC17EBB731AF45086966EC240C8099367 ] SIUSBXP         C:\Windows\system32\drivers\SiUSBXp.sys
02:48:44.0195 0x12d8  SIUSBXP - ok
02:48:44.0259 0x12d8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
02:48:44.0262 0x12d8  Smb - ok
02:48:44.0310 0x12d8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
02:48:44.0313 0x12d8  SNMPTRAP - ok
02:48:44.0328 0x12d8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
02:48:44.0329 0x12d8  spldr - ok
02:48:44.0382 0x12d8  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
02:48:44.0398 0x12d8  Spooler - ok
02:48:44.0577 0x12d8  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
02:48:44.0693 0x12d8  sppsvc - ok
02:48:44.0717 0x12d8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
02:48:44.0722 0x12d8  sppuinotify - ok
02:48:44.0766 0x12d8  [ D8B882C520FC83547E22014FF5EC66D7, FC239052E74EEEC9B3CCE21B0D1D2127662ED68367D08C51F3D040AC368E1CAE ] Spyder3         C:\Windows\system32\DRIVERS\Spyder3.sys
02:48:44.0767 0x12d8  Spyder3 - ok
02:48:44.0817 0x12d8  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
02:48:44.0829 0x12d8  srv - ok
02:48:44.0852 0x12d8  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
02:48:44.0863 0x12d8  srv2 - ok
02:48:44.0879 0x12d8  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
02:48:44.0883 0x12d8  srvnet - ok
02:48:44.0899 0x12d8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
02:48:44.0906 0x12d8  SSDPSRV - ok
02:48:44.0950 0x12d8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
02:48:44.0954 0x12d8  SstpSvc - ok
02:48:44.0965 0x12d8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
02:48:44.0966 0x12d8  stexstor - ok
02:48:45.0035 0x12d8  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
02:48:45.0052 0x12d8  stisvc - ok
02:48:45.0073 0x12d8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
02:48:45.0074 0x12d8  swenum - ok
02:48:45.0108 0x12d8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
02:48:45.0123 0x12d8  swprv - ok
02:48:45.0223 0x12d8  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
02:48:45.0275 0x12d8  SysMain - ok
02:48:45.0298 0x12d8  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
02:48:45.0304 0x12d8  TabletInputService - ok
02:48:45.0348 0x12d8  [ F0B9D3ED88E56D3CD713DFF21E42AAF0, D914422032A6EC6B161F20CD040B631F8AF18D4B942F6CBE7E32069EBF551B6A ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
02:48:45.0350 0x12d8  tap0901 - ok
02:48:45.0400 0x12d8  [ F33FDC72298DF4BF9813A55D21F4EB31, 34AADF5115CA1B275FEF4238B420FE424F0E1D0FFD1606B24A0D594D7305CF1F ] taphss          C:\Windows\system32\DRIVERS\taphss.sys
02:48:45.0401 0x12d8  taphss - ok
02:48:45.0427 0x12d8  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
02:48:45.0438 0x12d8  TapiSrv - ok
02:48:45.0472 0x12d8  [ 4430E9B4C60AAB672D16E801BAD0555E, 9D9208FD66CF23BE03484C3C335E927D6914A405FED6A8D5B2878BA4F59203DE ] tbhsd           C:\Windows\system32\drivers\tbhsd.sys
02:48:45.0474 0x12d8  tbhsd - ok
02:48:45.0510 0x12d8  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
02:48:45.0514 0x12d8  TBS - ok
02:48:45.0607 0x12d8  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
02:48:45.0662 0x12d8  Tcpip - ok
02:48:45.0758 0x12d8  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
02:48:45.0817 0x12d8  TCPIP6 - ok
02:48:45.0860 0x12d8  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
02:48:45.0862 0x12d8  tcpipreg - ok
02:48:45.0905 0x12d8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
02:48:45.0906 0x12d8  TDPIPE - ok
02:48:45.0944 0x12d8  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
02:48:45.0945 0x12d8  TDTCP - ok
02:48:45.0982 0x12d8  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
02:48:45.0986 0x12d8  tdx - ok
02:48:45.0995 0x12d8  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
02:48:45.0997 0x12d8  TermDD - ok
02:48:46.0048 0x12d8  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
02:48:46.0069 0x12d8  TermService - ok
02:48:46.0085 0x12d8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
02:48:46.0090 0x12d8  Themes - ok
02:48:46.0129 0x12d8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
02:48:46.0132 0x12d8  THREADORDER - ok
02:48:46.0153 0x12d8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
02:48:46.0158 0x12d8  TrkWks - ok
02:48:46.0230 0x12d8  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
02:48:46.0235 0x12d8  TrustedInstaller - ok
02:48:46.0266 0x12d8  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
02:48:46.0267 0x12d8  tssecsrv - ok
02:48:46.0334 0x12d8  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
02:48:46.0336 0x12d8  TsUsbFlt - ok
02:48:46.0386 0x12d8  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
02:48:46.0390 0x12d8  tunnel - ok
02:48:46.0407 0x12d8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
02:48:46.0410 0x12d8  uagp35 - ok
02:48:46.0452 0x12d8  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
02:48:46.0461 0x12d8  udfs - ok
02:48:46.0505 0x12d8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
02:48:46.0508 0x12d8  UI0Detect - ok
02:48:46.0523 0x12d8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
02:48:46.0525 0x12d8  uliagpkx - ok
02:48:46.0565 0x12d8  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
02:48:46.0567 0x12d8  umbus - ok
02:48:46.0583 0x12d8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
02:48:46.0584 0x12d8  UmPass - ok
02:48:46.0614 0x12d8  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
02:48:46.0625 0x12d8  upnphost - ok
02:48:46.0659 0x12d8  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
02:48:46.0661 0x12d8  USBAAPL64 - ok
02:48:46.0709 0x12d8  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
02:48:46.0712 0x12d8  usbaudio - ok
02:48:46.0739 0x12d8  [ ACCEA6BC68D0C9A78EB97EE159028B4E, 132F7A543C1DA9456FBABA50552B37E3162ACA612A8567BB3FF0F7DA84231419 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
02:48:46.0742 0x12d8  usbccgp - ok
02:48:46.0766 0x12d8  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
02:48:46.0769 0x12d8  usbcir - ok
02:48:46.0796 0x12d8  [ 311C1DD1088E55BEAE15954D17F50646, A663344ABD1414D570617F59CC00020640F31DB34265142EFCA8817328DB842A ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
02:48:46.0798 0x12d8  usbehci - ok
02:48:46.0829 0x12d8  [ 280E90CBF4B2DDD169F0728CB44D726F, 2B39666C022A4F7338BDDB4CB0D7B4D0CC6B398298D29E38826F27FADF4C29DD ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
02:48:46.0840 0x12d8  usbhub - ok
02:48:46.0873 0x12d8  [ 9406D801042FAF859CF81B2C886413DC, D16536EC05260D7A2902314E1AA5E5F73533483B9967739C381FD41B6192B92F ] usbohci         C:\Windows\system32\drivers\usbohci.sys
02:48:46.0874 0x12d8  usbohci - ok
02:48:46.0891 0x12d8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
02:48:46.0893 0x12d8  usbprint - ok
02:48:46.0908 0x12d8  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
02:48:46.0910 0x12d8  usbscan - ok
02:48:46.0926 0x12d8  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:48:46.0929 0x12d8  USBSTOR - ok
02:48:46.0949 0x12d8  [ A83D0EC9AE4C31704442099D40BA2471, A29D714FCDF10DF7A2A17D54B131AEFDA61AED988CF8B99C7B30728C50130DCE ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
02:48:46.0950 0x12d8  usbuhci - ok
02:48:46.0989 0x12d8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
02:48:46.0993 0x12d8  UxSms - ok
02:48:47.0008 0x12d8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\Windows\system32\lsass.exe
02:48:47.0010 0x12d8  VaultSvc - ok
02:48:47.0021 0x12d8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
02:48:47.0022 0x12d8  vdrvroot - ok
02:48:47.0070 0x12d8  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
02:48:47.0087 0x12d8  vds - ok
02:48:47.0115 0x12d8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
02:48:47.0117 0x12d8  vga - ok
02:48:47.0130 0x12d8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
02:48:47.0131 0x12d8  VgaSave - ok
02:48:47.0172 0x12d8  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
02:48:47.0177 0x12d8  vhdmp - ok
02:48:47.0203 0x12d8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
02:48:47.0205 0x12d8  viaide - ok
02:48:47.0224 0x12d8  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
02:48:47.0226 0x12d8  volmgr - ok
02:48:47.0269 0x12d8  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
02:48:47.0286 0x12d8  volmgrx - ok
02:48:47.0311 0x12d8  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
02:48:47.0319 0x12d8  volsnap - ok
02:48:47.0340 0x12d8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
02:48:47.0344 0x12d8  vsmraid - ok
02:48:47.0437 0x12d8  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
02:48:47.0518 0x12d8  VSS - ok
02:48:47.0540 0x12d8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
02:48:47.0543 0x12d8  vwifibus - ok
02:48:47.0576 0x12d8  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
02:48:47.0578 0x12d8  vwififlt - ok
02:48:47.0599 0x12d8  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
02:48:47.0600 0x12d8  vwifimp - ok
02:48:47.0734 0x12d8  [ C366AE91D2CC2C1C25380061D235C36B, FF641D2D913223069EEDCDC08286D91D40BEE5FC7471610DE76E98D8A32045A2 ] VX3000          C:\Windows\system32\DRIVERS\VX3000.sys
02:48:47.0812 0x12d8  VX3000 - ok
02:48:47.0869 0x12d8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
02:48:47.0882 0x12d8  W32Time - ok
02:48:47.0901 0x12d8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
02:48:47.0902 0x12d8  WacomPen - ok
02:48:47.0936 0x12d8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
02:48:47.0939 0x12d8  WANARP - ok
02:48:47.0954 0x12d8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
02:48:47.0957 0x12d8  Wanarpv6 - ok
02:48:48.0047 0x12d8  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
02:48:48.0087 0x12d8  WatAdminSvc - ok
02:48:48.0178 0x12d8  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
02:48:48.0231 0x12d8  wbengine - ok
02:48:48.0261 0x12d8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
02:48:48.0269 0x12d8  WbioSrvc - ok
02:48:48.0311 0x12d8  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
02:48:48.0323 0x12d8  wcncsvc - ok
02:48:48.0343 0x12d8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
02:48:48.0347 0x12d8  WcsPlugInService - ok
02:48:48.0362 0x12d8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
02:48:48.0363 0x12d8  Wd - ok
02:48:48.0413 0x12d8  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
02:48:48.0434 0x12d8  Wdf01000 - ok
02:48:48.0449 0x12d8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
02:48:48.0454 0x12d8  WdiServiceHost - ok
02:48:48.0462 0x12d8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
02:48:48.0466 0x12d8  WdiSystemHost - ok
02:48:48.0489 0x12d8  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
02:48:48.0500 0x12d8  WebClient - ok
02:48:48.0530 0x12d8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
02:48:48.0539 0x12d8  Wecsvc - ok
02:48:48.0558 0x12d8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
02:48:48.0563 0x12d8  wercplsupport - ok
02:48:48.0582 0x12d8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
02:48:48.0587 0x12d8  WerSvc - ok
02:48:48.0596 0x12d8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
02:48:48.0598 0x12d8  WfpLwf - ok
02:48:48.0614 0x12d8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
02:48:48.0615 0x12d8  WIMMount - ok
02:48:48.0647 0x12d8  WinDefend - ok
02:48:48.0655 0x12d8  WinHttpAutoProxySvc - ok
02:48:48.0741 0x12d8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
02:48:48.0748 0x12d8  Winmgmt - ok
02:48:48.0889 0x12d8  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
02:48:48.0950 0x12d8  WinRM - ok
02:48:49.0011 0x12d8  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
02:48:49.0012 0x12d8  WinUsb - ok
02:48:49.0101 0x12d8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
02:48:49.0129 0x12d8  Wlansvc - ok
02:48:49.0147 0x12d8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
02:48:49.0149 0x12d8  WmiAcpi - ok
02:48:49.0199 0x12d8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
02:48:49.0205 0x12d8  wmiApSrv - ok
02:48:49.0220 0x12d8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
02:48:49.0223 0x12d8  WPCSvc - ok
02:48:49.0259 0x12d8  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
02:48:49.0265 0x12d8  WPDBusEnum - ok
02:48:49.0305 0x12d8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
02:48:49.0306 0x12d8  ws2ifsl - ok
02:48:49.0324 0x12d8  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
02:48:49.0330 0x12d8  wscsvc - ok
02:48:49.0336 0x12d8  WSearch - ok
02:48:49.0472 0x12d8  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
02:48:49.0538 0x12d8  wuauserv - ok
02:48:49.0586 0x12d8  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
02:48:49.0589 0x12d8  WudfPf - ok
02:48:49.0615 0x12d8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
02:48:49.0621 0x12d8  WUDFRd - ok
02:48:49.0698 0x12d8  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
02:48:49.0704 0x12d8  wudfsvc - ok
02:48:49.0754 0x12d8  [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc         C:\Windows\System32\wwansvc.dll
02:48:49.0761 0x12d8  WwanSvc - ok
02:48:49.0837 0x12d8  ================ Scan global ===============================
02:48:49.0876 0x12d8  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
02:48:49.0909 0x12d8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
02:48:49.0934 0x12d8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
02:48:49.0982 0x12d8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
02:48:50.0024 0x12d8  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
02:48:50.0036 0x12d8  [ Global ] - ok
02:48:50.0036 0x12d8  ================ Scan MBR ==================================
02:48:50.0048 0x12d8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
02:48:50.0256 0x12d8  \Device\Harddisk0\DR0 - ok
02:48:50.0262 0x12d8  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
02:48:50.0270 0x12d8  \Device\Harddisk2\DR2 - ok
02:48:50.0270 0x12d8  ================ Scan VBR ==================================
02:48:50.0275 0x12d8  [ DF73D393FBF46B8E9BD2DB75FC3E6ED9 ] \Device\Harddisk0\DR0\Partition1
02:48:50.0277 0x12d8  \Device\Harddisk0\DR0\Partition1 - ok
02:48:50.0286 0x12d8  [ D3E2F4D8EA831F3C2645DC5970CF9196 ] \Device\Harddisk2\DR2\Partition1
02:48:50.0288 0x12d8  \Device\Harddisk2\DR2\Partition1 - ok
02:48:50.0288 0x12d8  Waiting for KSN requests completion. In queue: 353
02:48:51.0289 0x12d8  Waiting for KSN requests completion. In queue: 44
02:48:52.0289 0x12d8  Waiting for KSN requests completion. In queue: 44
02:48:53.0304 0x12d8  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x61000 ( enabled : updated )
02:48:53.0308 0x12d8  Win FW state via NFP2: enabled


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:22 PM

Posted 05 January 2014 - 11:16 AM

This looks like the bottom of the log is missing.
Dous your log say nothing found? If not post the last 10 or 20 lines.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 kokopoko

kokopoko
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 05 January 2014 - 03:02 PM

I ran it again and here's the last part of the log.

 

14:01:59.0206 0x0b80  [ Global ] - ok
14:01:59.0206 0x0b80  ================ Scan MBR ==================================
14:01:59.0246 0x0b80  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:01:59.0838 0x0b80  \Device\Harddisk0\DR0 - ok
14:01:59.0845 0x0b80  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
14:01:59.0853 0x0b80  \Device\Harddisk2\DR2 - ok
14:01:59.0854 0x0b80  ================ Scan VBR ==================================
14:01:59.0861 0x0b80  [ DF73D393FBF46B8E9BD2DB75FC3E6ED9 ] \Device\Harddisk0\DR0\Partition1
14:01:59.0862 0x0b80  \Device\Harddisk0\DR0\Partition1 - ok
14:01:59.0870 0x0b80  [ D3E2F4D8EA831F3C2645DC5970CF9196 ] \Device\Harddisk2\DR2\Partition1
14:01:59.0872 0x0b80  \Device\Harddisk2\DR2\Partition1 - ok
14:01:59.0873 0x0b80  Waiting for KSN requests completion. In queue: 71
14:02:00.0873 0x0b80  Waiting for KSN requests completion. In queue: 71
14:02:01.0873 0x0b80  Waiting for KSN requests completion. In queue: 71
14:02:03.0173 0x0b80  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x61000 ( enabled : updated )
14:02:03.0228 0x0b80  Win FW state via NFP2: enabled


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:22 PM

Posted 05 January 2014 - 05:29 PM

The end of the log will look like this....
11:27:53.0451 0x1884 Win FW state via NFP2: enabled
11:27:55.0961 0x1884 ============================================================
11:27:55.0961 0x1884 Scan finished
11:27:55.0961 0x1884 ============================================================
11:27:55.0961 0x2e0c Detected object count: 0
11:27:55.0961 0x2e0c Actual detected object count: 0

OR if infected it will say what they are
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 kokopoko

kokopoko
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 06 January 2014 - 08:01 PM

Ok, ran again!  Here's the end of the log

 

18:35:50.0643 0x0908  Win FW state via NFP2: enabled
18:35:53.0404 0x0908  ============================================================
18:35:53.0404 0x0908  Scan finished
18:35:53.0404 0x0908  ============================================================
18:35:53.0420 0x0e94  Detected object count: 0
18:35:53.0420 0x0e94  Actual detected object count: 0


#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:22 PM

Posted 07 January 2014 - 12:07 PM

Thank you
 
Due to the nature of the Zusy (Tinba)infection. I want to run one more scan. It may take a couple hours.
 
Tinba is a small data stealing Trojan-banker. It hooks into browsers and steals login data, as well as sniffs network traffic. As with several other sophisticated banker-Trojans, it also uses Man in the Browser (MiTB) tricks and Web injects to change the look and feel of certain Web pages. Its purpose is to circumvent Two Factor Authentication (2FA) or to trick the infected user into providing additional sensitive data such as credit card data. Tinba is the smallest Trojan-banker CSIS has encountered to date, and it belongs to a new family of malware. The code is approximately 20 KB in size (including configuration and Web injects) and is simple without any packing or advanced encryption. Analyzed samples show that the antivirus detection is low. Upon execution, Tinba kicks off an injection routine, which is obfuscated to avoid antivirus detection (see Figure 4). It allocates new memory space where this specific injection function is stored and injects itself into the newly created process "winver.exe" (Version Reporter Applet). The latter is a legitimate file in the windows system folder. Tinba also injects itself into both "explorer.exe" and "svchost.exe" processes.


  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 kokopoko

kokopoko
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 13 January 2014 - 12:05 AM

C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.7z Win32/Bundled.Toolbar.Ask.B application
C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.dll Win32/Bundled.Toolbar.Ask.B application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\upgrade[1].cab a variant of Win32/Adware.OneStep.AG application
C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z Win32/Bundled.Toolbar.Ask.B application deleted - quarantined
C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll Win32/Bundled.Toolbar.Ask.B application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\upgrade[1].cab a variant of Win32/Adware.OneStep.AG application deleted - quarantined


#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:22 PM

Posted 13 January 2014 - 12:23 PM

OK, Good.. Last step.

Empty your temp folders using TFC (Temporary File Cleaner)
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users