Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Miscellany


  • This topic is locked This topic is locked
25 replies to this topic

#1 Castle Robin

Castle Robin

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 PM

Posted 25 February 2014 - 02:55 PM

Upon using Adw Cleaner, I found out today that they have an additional option to install Hosts Anti-Pup/Adware as extra protection.

 

Adw Cleaner, itself appears to not be infected, as no virus warning appeared when I scanned and cleaned before and after restarting my computer, but when I tried to install Hosts Anti-Pup/Adware (as part of Adw Cleaner), the following happened:

 

! AVG Detection

 

Worm/Autoit AZCI Infected

Worm/Autoit AZCH Infected

 

Remove All

 

Additional Information:

 

HOSTS-Anti-Adware-main.exe

HOSTS Anti-Adware.exe

 

At the same time, I spotted in my add-on bar that an extra icon had suddenly appeared.  When I clicked on it, the following details were listed:

 

Flash Files to Download

Watch-as3.swf

Videos to Download

DomaIQ: Fake Flash / Java - You Tube

+ 5 other sites with DomaIQ, all downloads stating webm, mp4, flv and 3gp video files, which relate to the add-on Flash and Video Download

 

I assume that as "Fake Flash" was listed among the details, I was wise to not click on any of those files, which would probably have infected my computer further.

 

I then clicked on "Remove All" and the AVG report changed to "Secured" next to both files and I deleted the Desktop shortcut to the worm program.

 

In between, this appeared and the http://www.malekal.com/2012/01/10/hosts-anti-pupsadware link appeared (the add-on Trust My Web gives this site a Green (safe) rating)

 

Erreur

Un probleme est survenu durant l'installation du programme

 

Checking Youtube since, "Videos to Download" has appeared again, but this time with genuine details.

 

Is my computer now clean?

 

Are AdwCleaner, Anti-Adware and Flash & Video Download all infected? and

 

Are any of the above three programs bogus? (as far as I know, they're all safe, but one had malware, another is highly recommended on this forum and the other is an add-on)

 

I don't know if the above is slowing down my browsing or if I need to use the CCleaner registry track remover, but my computer is quite new.

 

Following on from earlier, upon returning to my computer, for the first time that I opened up my browser, it began with the opening search engine page then went directly to open "Restore Session", even though I hadn't automatically set it up to switch to restore to the outstanding tabs, which may be related to what could be possible remnants of the virus. 


Edited by Castle Robin, 25 February 2014 - 05:13 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:56 AM

Posted 26 February 2014 - 10:24 AM

Hello I do not know this...
Anti-Adware and Flash & Video Download

AdwCleaner is written by one of our Staff associates..
I have never seen this... using Adw Cleaner, I found out today that they have an additional option to install Hosts Anti-Pup/Adware as extra protection.

Lets run it with these.. use my links for the tools.


Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • .
    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.
  • [/list]
  • [/list]

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Castle Robin

Castle Robin
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 PM

Posted 26 February 2014 - 11:36 AM

Anti-Adware is in the "Tools" menu of the French web site http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner download of AdwCleaner.  I'd not come across the supplementary Anti-Adware program before yesterday, which was meant to give extra protection but was instead malware infested.  It then opened up a new web site relating to Anti-Adware.

 

Flash & Video Download is a Firefox add-on, although to confuse matters, in the add-on bar it's listed as "Download Flash & Video".

 

Here are the first set of results:

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by User (administrator) on 26-02-2014 at 16:21:53
Running from "C:\Users\User\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : User-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Home

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 74-D4-35-0B-8B-F3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::39c7:b2b7:5120:8cec%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.5(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 26 February 2014 11:38:11
   Lease Expires . . . . . . . . . . : 27 February 2014 14:19:44
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 242537525
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-68-45-DA-74-D4-35-0B-8B-F3
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.Home:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:14fc:380e:3f57:fffa(Preferred)
   Link-local IPv6 Address . . . . . : fe80::14fc:380e:3f57:fffa%13(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  SkyRouter.Home
Address:  192.168.0.1

Name:    google.com
Addresses:  2a00:1450:4009:805::1000
      173.194.34.168
      173.194.34.163
      173.194.34.166
      173.194.34.167
      173.194.34.160
      173.194.34.164
      173.194.34.162
      173.194.34.165
      173.194.34.161
      173.194.34.169
      173.194.34.174


Pinging google.com [173.194.34.166] with 32 bytes of data:
Reply from 173.194.34.166: bytes=32 time=22ms TTL=58
Reply from 173.194.34.166: bytes=32 time=22ms TTL=58

Ping statistics for 173.194.34.166:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 22ms, Maximum = 22ms, Average = 22ms
Server:  SkyRouter.Home
Address:  192.168.0.1

Name:    yahoo.com
Addresses:  98.138.253.109
      98.139.183.24
      206.190.36.45


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=112ms TTL=51
Reply from 98.139.183.24: bytes=32 time=110ms TTL=51

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 110ms, Maximum = 112ms, Average = 111ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...74 d4 35 0b 8b f3 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.5     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.5    276
      192.168.0.5  255.255.255.255         On-link       192.168.0.5    276
    192.168.0.255  255.255.255.255         On-link       192.168.0.5    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.5    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.5    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:9d38:90d7:14fc:380e:3f57:fffa/128
                                    On-link
 11    276 fe80::/64                On-link
 13    306 fe80::/64                On-link
 13    306 fe80::14fc:380e:3f57:fffa/128
                                    On-link
 11    276 fe80::39c7:b2b7:5120:8cec/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/26/2014 11:39:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2014 11:36:44 AM) (Source: Application Error) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x47c
Faulting application start time: 0xFuel.Service.exe0
Faulting application path: Fuel.Service.exe1
Faulting module path: Fuel.Service.exe2
Report Id: Fuel.Service.exe3

Error: (02/26/2014 11:35:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2014 00:37:10 AM) (Source: Application Error) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x564
Faulting application start time: 0xFuel.Service.exe0
Faulting application path: Fuel.Service.exe1
Faulting module path: Fuel.Service.exe2
Report Id: Fuel.Service.exe3

Error: (02/25/2014 09:04:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2014 09:01:11 PM) (Source: Application Error) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x858
Faulting application start time: 0xFuel.Service.exe0
Faulting application path: Fuel.Service.exe1
Faulting module path: Fuel.Service.exe2
Report Id: Fuel.Service.exe3

Error: (02/25/2014 05:02:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2014 05:00:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x828
Faulting application start time: 0xFuel.Service.exe0
Faulting application path: Fuel.Service.exe1
Faulting module path: Fuel.Service.exe2
Report Id: Fuel.Service.exe3

Error: (02/25/2014 04:36:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2014 04:33:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x678
Faulting application start time: 0xFuel.Service.exe0
Faulting application path: Fuel.Service.exe1
Faulting module path: Fuel.Service.exe2
Report Id: Fuel.Service.exe3


System errors:
=============
Error: (02/26/2014 11:38:10 AM) (Source: Service Control Manager) (User: )
Description: The HOSTS Anti-PUPs service failed to start due to the following error:
%%2

Error: (02/26/2014 11:36:44 AM) (Source: Service Control Manager) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/26/2014 11:36:40 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/26/2014 11:36:21 AM) (Source: Service Control Manager) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/26/2014 11:34:19 AM) (Source: Service Control Manager) (User: )
Description: The HOSTS Anti-PUPs service failed to start due to the following error:
%%2

Error: (02/26/2014 00:37:10 AM) (Source: Service Control Manager) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/26/2014 00:37:04 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/26/2014 00:19:27 AM) (Source: Application Popup) (User: )
Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/25/2014 11:53:01 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/25/2014 11:40:01 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Microsoft Office Sessions:
=========================
Error: (02/07/2014 00:06:46 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5976 seconds with 2280 seconds of active time.  This session ended with a crash.

Error: (02/03/2014 10:26:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 34289 seconds with 3000 seconds of active time.  This session ended with a crash.

Error: (02/02/2014 00:04:40 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6185 seconds with 2460 seconds of active time.  This session ended with a crash.


=========================== Installed Programs ============================

@BIOS (Version: 2.30)
Adobe Flash Player 12 Plugin (Version: 12.0.0.70)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
AMD APP SDK Runtime (Version: 10.0.938.2)
AMD Catalyst Install Manager (Version: 8.0.881.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.0806.1213.19931)
AMD VISION Engine Control Center (Version: 2012.0806.1213.19931)
AutoGreen B12.1220.1 (Version: 1.00.0000)
AVG 2014 (Version: 14.0.3705)
AVG 2014 (Version: 14.0.4335)
AVG 2014 (Version: 2014.0.4335)
Catalyst Control Center InstallProxy (Version: 2012.0806.1213.19931)
Catalyst Control Center Localization All (Version: 2012.0806.1213.19931)
CCC Help Chinese Standard (Version: 2012.0806.1212.19931)
CCC Help Chinese Traditional (Version: 2012.0806.1212.19931)
CCC Help Czech (Version: 2012.0806.1212.19931)
CCC Help Danish (Version: 2012.0806.1212.19931)
CCC Help Dutch (Version: 2012.0806.1212.19931)
CCC Help English (Version: 2012.0806.1212.19931)
CCC Help Finnish (Version: 2012.0806.1212.19931)
CCC Help French (Version: 2012.0806.1212.19931)
CCC Help German (Version: 2012.0806.1212.19931)
CCC Help Greek (Version: 2012.0806.1212.19931)
CCC Help Hungarian (Version: 2012.0806.1212.19931)
CCC Help Italian (Version: 2012.0806.1212.19931)
CCC Help Japanese (Version: 2012.0806.1212.19931)
CCC Help Korean (Version: 2012.0806.1212.19931)
CCC Help Norwegian (Version: 2012.0806.1212.19931)
CCC Help Polish (Version: 2012.0806.1212.19931)
CCC Help Portuguese (Version: 2012.0806.1212.19931)
CCC Help Russian (Version: 2012.0806.1212.19931)
CCC Help Spanish (Version: 2012.0806.1212.19931)
CCC Help Swedish (Version: 2012.0806.1212.19931)
CCC Help Thai (Version: 2012.0806.1212.19931)
CCC Help Turkish (Version: 2012.0806.1212.19931)
ccc-utility64 (Version: 2012.0806.1213.19931)
Cyberfox Web Browser (Version: 27.0.1.0)
Easy Tune 6 B13.0323.1 (Version: 1.00.0000)
Epson Easy Photo Print 2 (Version: 2.4.1.0)
Epson Event Manager (Version: 3.10.0017)
EPSON Manuals (Version: 1.32.0.0)
Epson Print CD (Version: 2.21.00)
EPSON Scan
EPSON XP-610 Series Printer Uninstall
Google Update Helper (Version: 1.3.22.5)
ImgBurn (Version: 2.5.8.0)
Internet Explorer (Enable DEP)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
ModifyRegistry version 0.1 (Version: 0.1)
MyEPSON Portal
MyEPSON Portal (Version: 1.0.4.0)
ON_OFF Charge B12.1025.1 (Version: 1.00.0001)
OpenOffice 4.0.1 (Version: 4.01.9714)
Platform (Version: 1.39)
Realtek Ethernet Controller Driver (Version: 7.48.823.2011)
Sandboxie 4.08 (64-bit) (Version: 4.08)
SeaMonkey 2.24 (x86 en-US) (Version: 2.24)
Software Updater (Version: 4.2.1)
Speccy (Version: 1.25)
SUPERAntiSpyware (Version: 5.7.1018)
The Lord of the Rings FREE Trial  (Version: 1.00.0000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VIA Platform Device Manager (Version: 1.39)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
VLC media player 2.1.3 (Version: 2.1.3)

========================= Memory info: ===================================

Percentage of memory in use: 15%
Total physical RAM: 7661.54 MB
Available physical RAM: 6439.74 MB
Total Pagefile: 15321.26 MB
Available Pagefile: 13392.05 MB
Total Virtual: 4095.88 MB
Available Virtual: 3968.7 MB

========================= Partitions: =====================================

1 Drive c: (Windows) (Fixed) (Total:931.41 GB) (Free:886.31 GB) NTFS

========================= Users: ========================================

User accounts for \\USER-PC

Administrator            Guest                    User                     


**** End of log ****



#4 Castle Robin

Castle Robin
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 PM

Posted 26 February 2014 - 11:46 AM

TDSS Killer has given positive results - 0 threats or objects, but here is the Report:

 

16:38:53.0953 0x1860  TDSS rootkit removing tool 3.0.0.23 Feb 10 2014 23:32:41
16:39:05.0778 0x1860  ============================================================
16:39:05.0778 0x1860  Current date / time: 2014/02/26 16:39:05.0778
16:39:05.0778 0x1860  SystemInfo:
16:39:05.0778 0x1860  
16:39:05.0778 0x1860  OS Version: 6.1.7601 ServicePack: 1.0
16:39:05.0778 0x1860  Product type: Workstation
16:39:05.0778 0x1860  ComputerName: USER-PC
16:39:05.0778 0x1860  UserName: User
16:39:05.0778 0x1860  Windows directory: C:\Windows
16:39:05.0778 0x1860  System windows directory: C:\Windows
16:39:05.0778 0x1860  Running under WOW64
16:39:05.0778 0x1860  Processor architecture: Intel x64
16:39:05.0778 0x1860  Number of processors: 6
16:39:05.0778 0x1860  Page size: 0x1000
16:39:05.0778 0x1860  Boot type: Normal boot
16:39:05.0778 0x1860  ============================================================
16:39:05.0949 0x1860  KLMD registered as C:\Windows\system32\drivers\67806672.sys
16:39:06.0121 0x1860  System UUID: {83F92EDE-41EE-0E91-56D0-40DBC7D591EC}
16:39:06.0417 0x1860  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:39:06.0527 0x1860  ============================================================
16:39:06.0527 0x1860  \Device\Harddisk0\DR0:
16:39:06.0527 0x1860  MBR partitions:
16:39:06.0527 0x1860  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:39:06.0527 0x1860  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
16:39:06.0527 0x1860  ============================================================
16:39:06.0542 0x1860  C: <-> \Device\Harddisk0\DR0\Partition2
16:39:06.0542 0x1860  ============================================================
16:39:06.0542 0x1860  Initialize success
16:39:06.0542 0x1860  ============================================================
16:39:12.0798 0x12e8  ============================================================
16:39:12.0798 0x12e8  Scan started
16:39:12.0798 0x12e8  Mode: Manual;
16:39:12.0798 0x12e8  ============================================================
16:39:12.0798 0x12e8  KSN ping started
16:39:15.0216 0x12e8  KSN ping finished: true
16:39:15.0434 0x12e8  ================ Scan system memory ========================
16:39:15.0434 0x12e8  System memory - ok
16:39:15.0434 0x12e8  ================ Scan services =============================
16:39:15.0512 0x12e8  [ 620C92D6EEFA9853A3EAD41B5EB9B5FD, 72DD7297179AC6629B816DD9656D5EC3F02BE677EA01A05A5EB808180F0D775F ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
16:39:15.0512 0x12e8  !SASCORE - ok
16:39:15.0637 0x12e8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:39:15.0653 0x12e8  1394ohci - ok
16:39:15.0668 0x12e8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:39:15.0684 0x12e8  ACPI - ok
16:39:15.0684 0x12e8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:39:15.0699 0x12e8  AcpiPmi - ok
16:39:15.0762 0x12e8  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:39:15.0762 0x12e8  AdobeARMservice - ok
16:39:15.0793 0x12e8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:39:15.0793 0x12e8  adp94xx - ok
16:39:15.0809 0x12e8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:39:15.0809 0x12e8  adpahci - ok
16:39:15.0824 0x12e8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:39:15.0824 0x12e8  adpu320 - ok
16:39:15.0840 0x12e8  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:39:15.0840 0x12e8  AeLookupSvc - ok
16:39:15.0902 0x12e8  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
16:39:15.0918 0x12e8  AFD - ok
16:39:15.0933 0x12e8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
16:39:15.0933 0x12e8  agp440 - ok
16:39:15.0949 0x12e8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
16:39:15.0949 0x12e8  ALG - ok
16:39:15.0965 0x12e8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:39:15.0965 0x12e8  aliide - ok
16:39:15.0996 0x12e8  [ A359974EAAC83A435497C52F62A2E590, 7A7AFFE1CCE8732C478AE3EA630AA46C94DE0DBFE19EE63E3FB99B0D3338F038 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:39:15.0996 0x12e8  AMD External Events Utility - ok
16:39:16.0011 0x12e8  AMD FUEL Service - ok
16:39:16.0027 0x12e8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:39:16.0027 0x12e8  amdide - ok
16:39:16.0043 0x12e8  [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
16:39:16.0043 0x12e8  amdiox64 - ok
16:39:16.0058 0x12e8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
16:39:16.0058 0x12e8  AmdK8 - ok
16:39:16.0292 0x12e8  [ 60216B0E704584DE6D5A9F59E9C34C47, CC3E9F09FB28E50FDFCC5E6A996E28CB4E721DDDD50E23710DC74C5B0F7CE3E3 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:39:16.0542 0x12e8  amdkmdag - ok
16:39:16.0573 0x12e8  [ 6B4E9261B613B047A9A145F328889968, E5C6611E88381A9D40AD1CE80BFDDBDA733F4A8D3602AAE25A155D2C39B3B7FD ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
16:39:16.0589 0x12e8  amdkmdap - ok
16:39:16.0589 0x12e8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:39:16.0589 0x12e8  AmdPPM - ok
16:39:16.0604 0x12e8  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:39:16.0604 0x12e8  amdsata - ok
16:39:16.0620 0x12e8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:39:16.0620 0x12e8  amdsbs - ok
16:39:16.0635 0x12e8  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:39:16.0635 0x12e8  amdxata - ok
16:39:16.0651 0x12e8  [ EE4797DFEBBE8ACDB548DD8E80BE0A88, 9D56F835A5A9C045829EDFB546379E3448C9E539E5C2608B559DE4D052FEC769 ] amd_sata        C:\Windows\system32\DRIVERS\amd_sata.sys
16:39:16.0667 0x12e8  amd_sata - ok
16:39:16.0667 0x12e8  [ D56EAD71A86FD2ACAE2DB47D0A6A3A41, 2E5E6D0E00D25765CC8B9997B26DE43F305966BFA518CB72EA7CA77152001726 ] amd_xata        C:\Windows\system32\DRIVERS\amd_xata.sys
16:39:16.0667 0x12e8  amd_xata - ok
16:39:16.0682 0x12e8  [ 5B25D1A753CC3A3EDB909BB759AC1098, 1B931342D8D36C8D177D6D9BFFFD8CDC0C6E6F82BA552DC8E5CDC1CAF528D0B0 ] AODDriver4.1    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
16:39:16.0682 0x12e8  AODDriver4.1 - ok
16:39:16.0698 0x12e8  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
16:39:16.0698 0x12e8  AppID - ok
16:39:16.0713 0x12e8  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:39:16.0729 0x12e8  AppIDSvc - ok
16:39:16.0745 0x12e8  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
16:39:16.0745 0x12e8  Appinfo - ok
16:39:16.0760 0x12e8  [ CC19A6452BA688EA32D14D8DBEC190F4, 6D52B63926E1766DB8BD00CC5CC0AD9EA3B68FC1E6C66FAF4E899606437468A3 ] AppleCharger    C:\Windows\system32\DRIVERS\AppleCharger.sys
16:39:16.0760 0x12e8  AppleCharger - ok
16:39:16.0776 0x12e8  [ 95EF7247C50C7241FDAE39A9B3AFF4AE, 6E08FB095C04B2E217B139D6431336C0F24C128A2A83082A3085DC8C44AA247D ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
16:39:16.0776 0x12e8  AppleChargerSrv - ok
16:39:16.0776 0x12e8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
16:39:16.0791 0x12e8  arc - ok
16:39:16.0791 0x12e8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:39:16.0791 0x12e8  arcsas - ok
16:39:16.0854 0x12e8  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:39:16.0854 0x12e8  aspnet_state - ok
16:39:16.0869 0x12e8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:39:16.0869 0x12e8  AsyncMac - ok
16:39:16.0901 0x12e8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:39:16.0901 0x12e8  atapi - ok
16:39:16.0932 0x12e8  [ B0790FF0E25B7A2674296052F2162C1A, 930D1A09E93117E081C532D6EDB1E870736AE3806D13AE7F0C7748FD4EAB3D89 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:39:16.0932 0x12e8  AtiHDAudioService - ok
16:39:17.0166 0x12e8  [ 60216B0E704584DE6D5A9F59E9C34C47, CC3E9F09FB28E50FDFCC5E6A996E28CB4E721DDDD50E23710DC74C5B0F7CE3E3 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:39:17.0306 0x12e8  atikmdag - ok
16:39:17.0322 0x12e8  [ 7C5D273E29DCC5505469B299C6F29163, 206CAB85CE12A3953F0861C811575DC7FD000147436219EEE334584A33370B3A ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
16:39:17.0322 0x12e8  AtiPcie - ok
16:39:17.0337 0x12e8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:39:17.0353 0x12e8  AudioEndpointBuilder - ok
16:39:17.0369 0x12e8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:39:17.0384 0x12e8  AudioSrv - ok
16:39:17.0415 0x12e8  [ BE5047191368D2C014202AB2775768B7, 5EC5B88B7FA7F9A9A6A665FD8638A3DF8030D6CD72C15C53CC3C34A88C1B9B27 ] Avgdiska        C:\Windows\system32\DRIVERS\avgdiska.sys
16:39:17.0415 0x12e8  Avgdiska - ok
16:39:17.0431 0x12e8  [ CA10D51653068DB6A0ADEEDDC4946C47, 6E731B28C38ED2BA48CF4855EBBF8B548D45C8DB8ABD9521E5516227CA68072B ] Avgfwfd         C:\Windows\system32\DRIVERS\avgfwd6a.sys
16:39:17.0431 0x12e8  Avgfwfd - ok
16:39:17.0509 0x12e8  [ 1E68487EF81995767905DE628866215B, 2E2D0EAFFD10387871E7B5D7D401A3A2D9B3C998817E6D61D59494700DA72349 ] avgfws          C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
16:39:17.0525 0x12e8  avgfws - ok
16:39:17.0634 0x12e8  [ 45982902C522F1883A2B403844CA9B07, 32BE4F3BC1B6E23469EB8E39057747E16F73168AFA9775D8785F18110BDBC1C7 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
16:39:17.0696 0x12e8  AVGIDSAgent - ok
16:39:17.0712 0x12e8  [ EE48CA8AB25E2B0EE3D3E5A463C5A37E, 06A0AF4CB8D3715701ABD272E42F7CCF406C61AF838F5F53A7F6630D4A600905 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
16:39:17.0712 0x12e8  AVGIDSDriver - ok
16:39:17.0727 0x12e8  [ 494D668B4CB866A1D6835E5F01B13EF1, A2989DB82F31F9B30E4DC1F814BD0D7E286B33DB033C63796E2020BD18648EF3 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
16:39:17.0743 0x12e8  AVGIDSHA - ok
16:39:17.0759 0x12e8  [ 4BE8BB177B4C2BC3564845EF6D1073F1, 4ACA54EA54F5ABA96A73BD83C0C5A83C37090FEB7CBE67AE94E9CD3E364931C8 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
16:39:17.0759 0x12e8  Avgldx64 - ok
16:39:17.0774 0x12e8  [ D3772CC086FB81F76B5A82C85E1C7C8E, B1BEFD7AC658F28AECEF5468F5815504BDDC8A4203207B6F0CA53C5B216F782D ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
16:39:17.0774 0x12e8  Avgloga - ok
16:39:17.0790 0x12e8  [ A0BCE5DC2C1F1EE5C1CA19A33375AC23, 517663AEDD7A45607E17910DE60B2847E521472F9C0AB56034617BE2F351DE8D ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
16:39:17.0805 0x12e8  Avgmfx64 - ok
16:39:17.0821 0x12e8  [ 12FAAF366975B2BF2E93F1866C0E480D, 559480A1434E6805CF4F3DB5352E98387053194BB7B0DB18099B53D306D9951D ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
16:39:17.0821 0x12e8  Avgrkx64 - ok
16:39:17.0837 0x12e8  [ 4E364FABBD147F59E5D524C9EA86D772, 5D2B1E35EDBF68C23C5BF38B8B7AC484E3430219E0072C4831F58A9E8386A5FD ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
16:39:17.0837 0x12e8  Avgtdia - ok
16:39:17.0852 0x12e8  [ B747B6BB015E552F49C634BB19540F3D, 5000AD41BD101BC06D595484B6E58DEEBB962939ACF4B24DE515771D1C4AE3ED ] avgwd           C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
16:39:17.0868 0x12e8  avgwd - ok
16:39:17.0868 0x12e8  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:39:17.0868 0x12e8  AxInstSV - ok
16:39:17.0899 0x12e8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
16:39:17.0915 0x12e8  b06bdrv - ok
16:39:17.0930 0x12e8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:39:17.0930 0x12e8  b57nd60a - ok
16:39:17.0946 0x12e8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:39:17.0946 0x12e8  BDESVC - ok
16:39:17.0961 0x12e8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:39:17.0961 0x12e8  Beep - ok
16:39:17.0977 0x12e8  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
16:39:17.0993 0x12e8  BFE - ok
16:39:18.0024 0x12e8  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
16:39:18.0039 0x12e8  BITS - ok
16:39:18.0055 0x12e8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:39:18.0055 0x12e8  blbdrive - ok
16:39:18.0071 0x12e8  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:39:18.0071 0x12e8  bowser - ok
16:39:18.0086 0x12e8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
16:39:18.0086 0x12e8  BrFiltLo - ok
16:39:18.0086 0x12e8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
16:39:18.0086 0x12e8  BrFiltUp - ok
16:39:18.0102 0x12e8  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
16:39:18.0102 0x12e8  Browser - ok
16:39:18.0117 0x12e8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:39:18.0117 0x12e8  Brserid - ok
16:39:18.0133 0x12e8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:39:18.0133 0x12e8  BrSerWdm - ok
16:39:18.0133 0x12e8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:39:18.0133 0x12e8  BrUsbMdm - ok
16:39:18.0133 0x12e8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:39:18.0149 0x12e8  BrUsbSer - ok
16:39:18.0149 0x12e8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:39:18.0149 0x12e8  BTHMODEM - ok
16:39:18.0164 0x12e8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
16:39:18.0164 0x12e8  bthserv - ok
16:39:18.0180 0x12e8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:39:18.0180 0x12e8  cdfs - ok
16:39:18.0195 0x12e8  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:39:18.0195 0x12e8  cdrom - ok
16:39:18.0211 0x12e8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:39:18.0211 0x12e8  CertPropSvc - ok
16:39:18.0211 0x12e8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
16:39:18.0211 0x12e8  circlass - ok
16:39:18.0227 0x12e8  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
16:39:18.0242 0x12e8  CLFS - ok
16:39:18.0273 0x12e8  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:39:18.0273 0x12e8  clr_optimization_v2.0.50727_32 - ok
16:39:18.0305 0x12e8  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:39:18.0305 0x12e8  clr_optimization_v2.0.50727_64 - ok
16:39:18.0351 0x12e8  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:39:18.0367 0x12e8  clr_optimization_v4.0.30319_32 - ok
16:39:18.0383 0x12e8  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:39:18.0383 0x12e8  clr_optimization_v4.0.30319_64 - ok
16:39:18.0398 0x12e8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
16:39:18.0398 0x12e8  CmBatt - ok
16:39:18.0414 0x12e8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:39:18.0414 0x12e8  cmdide - ok
16:39:18.0461 0x12e8  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
16:39:18.0461 0x12e8  CNG - ok
16:39:18.0476 0x12e8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
16:39:18.0476 0x12e8  Compbatt - ok
16:39:18.0492 0x12e8  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
16:39:18.0492 0x12e8  CompositeBus - ok
16:39:18.0492 0x12e8  COMSysApp - ok
16:39:18.0507 0x12e8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:39:18.0507 0x12e8  crcdisk - ok
16:39:18.0523 0x12e8  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:39:18.0523 0x12e8  CryptSvc - ok
16:39:18.0554 0x12e8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:39:18.0570 0x12e8  DcomLaunch - ok
16:39:18.0601 0x12e8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
16:39:18.0601 0x12e8  defragsvc - ok
16:39:18.0601 0x12e8  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:39:18.0617 0x12e8  DfsC - ok
16:39:18.0632 0x12e8  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:39:18.0632 0x12e8  Dhcp - ok
16:39:18.0648 0x12e8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
16:39:18.0648 0x12e8  discache - ok
16:39:18.0648 0x12e8  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
16:39:18.0663 0x12e8  Disk - ok
16:39:18.0679 0x12e8  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:39:18.0679 0x12e8  Dnscache - ok
16:39:18.0695 0x12e8  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:39:18.0695 0x12e8  dot3svc - ok
16:39:18.0710 0x12e8  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
16:39:18.0710 0x12e8  DPS - ok
16:39:18.0726 0x12e8  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:39:18.0726 0x12e8  drmkaud - ok
16:39:18.0773 0x12e8  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:39:18.0788 0x12e8  DXGKrnl - ok
16:39:18.0804 0x12e8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
16:39:18.0804 0x12e8  EapHost - ok
16:39:18.0882 0x12e8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
16:39:18.0944 0x12e8  ebdrv - ok
16:39:18.0975 0x12e8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\Windows\System32\lsass.exe
16:39:18.0975 0x12e8  EFS - ok
16:39:19.0038 0x12e8  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:39:19.0053 0x12e8  ehRecvr - ok
16:39:19.0053 0x12e8  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
16:39:19.0069 0x12e8  ehSched - ok
16:39:19.0085 0x12e8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:39:19.0100 0x12e8  elxstor - ok
16:39:19.0116 0x12e8  [ D315FF43E23DF424ECEC2F6C930203E4, 68940EDA34DC4945CDD0D8018D96A0DA8F99F16A930946D14E4FECEE033FCB80 ] EpsonScanSvc    C:\Windows\system32\EscSvc64.exe
16:39:19.0131 0x12e8  EpsonScanSvc - ok
16:39:19.0131 0x12e8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:39:19.0131 0x12e8  ErrDev - ok
16:39:19.0163 0x12e8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
16:39:19.0163 0x12e8  EventSystem - ok
16:39:19.0178 0x12e8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
16:39:19.0178 0x12e8  exfat - ok
16:39:19.0194 0x12e8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:39:19.0194 0x12e8  fastfat - ok
16:39:19.0225 0x12e8  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
16:39:19.0241 0x12e8  Fax - ok
16:39:19.0241 0x12e8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:39:19.0241 0x12e8  fdc - ok
16:39:19.0256 0x12e8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
16:39:19.0256 0x12e8  fdPHost - ok
16:39:19.0256 0x12e8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:39:19.0256 0x12e8  FDResPub - ok
16:39:19.0256 0x12e8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:39:19.0272 0x12e8  FileInfo - ok
16:39:19.0272 0x12e8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:39:19.0287 0x12e8  Filetrace - ok
16:39:19.0287 0x12e8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
16:39:19.0287 0x12e8  flpydisk - ok
16:39:19.0287 0x12e8  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:39:19.0303 0x12e8  FltMgr - ok
16:39:19.0334 0x12e8  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
16:39:19.0365 0x12e8  FontCache - ok
16:39:19.0397 0x12e8  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:39:19.0397 0x12e8  FontCache3.0.0.0 - ok
16:39:19.0412 0x12e8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:39:19.0412 0x12e8  FsDepends - ok
16:39:19.0428 0x12e8  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:39:19.0428 0x12e8  Fs_Rec - ok
16:39:19.0443 0x12e8  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:39:19.0443 0x12e8  fvevol - ok
16:39:19.0459 0x12e8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:39:19.0475 0x12e8  gagp30kx - ok
16:39:19.0490 0x12e8  [ 7907E14F9BCF3A4689C9A74A1A873CB6, 17927B93B2D6AB4271C158F039CAE2D60591D6A14458F5A5690AEC86F5D54229 ] gdrv            C:\Windows\gdrv.sys
16:39:19.0490 0x12e8  gdrv - ok
16:39:19.0506 0x12e8  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:39:19.0537 0x12e8  gpsvc - ok
16:39:19.0568 0x12e8  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:39:19.0568 0x12e8  gupdate - ok
16:39:19.0599 0x12e8  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:39:19.0615 0x12e8  gupdatem - ok
16:39:19.0631 0x12e8  [ 8126331FBD4ED29EB3B356F9C905064D, A58BCE904591DD762410E99960FD956FB579C2CE78FA7BF1406075D29537EF82 ] GVTDrv64        C:\Windows\GVTDrv64.sys
16:39:19.0631 0x12e8  GVTDrv64 - ok
16:39:19.0646 0x12e8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:39:19.0646 0x12e8  hcw85cir - ok
16:39:19.0662 0x12e8  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:39:19.0677 0x12e8  HdAudAddService - ok
16:39:19.0677 0x12e8  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:39:19.0677 0x12e8  HDAudBus - ok
16:39:19.0677 0x12e8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
16:39:19.0693 0x12e8  HidBatt - ok
16:39:19.0693 0x12e8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:39:19.0709 0x12e8  HidBth - ok
16:39:19.0709 0x12e8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
16:39:19.0709 0x12e8  HidIr - ok
16:39:19.0709 0x12e8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
16:39:19.0709 0x12e8  hidserv - ok
16:39:19.0740 0x12e8  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:39:19.0740 0x12e8  HidUsb - ok
16:39:19.0755 0x12e8  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:39:19.0771 0x12e8  hkmsvc - ok
16:39:19.0787 0x12e8  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:39:19.0787 0x12e8  HomeGroupListener - ok
16:39:19.0818 0x12e8  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:39:19.0818 0x12e8  HomeGroupProvider - ok
16:39:19.0833 0x12e8  HOSTS Anti-PUPs - ok
16:39:19.0849 0x12e8  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:39:19.0849 0x12e8  HpSAMD - ok
16:39:19.0865 0x12e8  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:39:19.0880 0x12e8  HTTP - ok
16:39:19.0896 0x12e8  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:39:19.0896 0x12e8  hwpolicy - ok
16:39:19.0911 0x12e8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:39:19.0911 0x12e8  i8042prt - ok
16:39:19.0927 0x12e8  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:39:19.0943 0x12e8  iaStorV - ok
16:39:19.0958 0x12e8  [ 33D4D4A24791587E83F7EE05A446FB7E, 081E48AF76D7D3A71850A4C910EFBB0B280235E2A5303178B0338230F4BA2DE2 ] ICCS            C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
16:39:19.0974 0x12e8  ICCS - ok
16:39:20.0005 0x12e8  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:39:20.0021 0x12e8  IDriverT - ok
16:39:20.0052 0x12e8  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:39:20.0067 0x12e8  idsvc - ok
16:39:20.0067 0x12e8  IEEtwCollectorService - ok
16:39:20.0083 0x12e8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:39:20.0083 0x12e8  iirsp - ok
16:39:20.0130 0x12e8  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
16:39:20.0145 0x12e8  IKEEXT - ok
16:39:20.0145 0x12e8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:39:20.0145 0x12e8  intelide - ok
16:39:20.0161 0x12e8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
16:39:20.0161 0x12e8  intelppm - ok
16:39:20.0161 0x12e8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:39:20.0177 0x12e8  IPBusEnum - ok
16:39:20.0177 0x12e8  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:39:20.0177 0x12e8  IpFilterDriver - ok
16:39:20.0208 0x12e8  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:39:20.0208 0x12e8  iphlpsvc - ok
16:39:20.0223 0x12e8  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:39:20.0223 0x12e8  IPMIDRV - ok
16:39:20.0223 0x12e8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:39:20.0239 0x12e8  IPNAT - ok
16:39:20.0255 0x12e8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:39:20.0255 0x12e8  IRENUM - ok
16:39:20.0255 0x12e8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:39:20.0255 0x12e8  isapnp - ok
16:39:20.0270 0x12e8  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:39:20.0286 0x12e8  iScsiPrt - ok
16:39:20.0301 0x12e8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:39:20.0301 0x12e8  kbdclass - ok
16:39:20.0317 0x12e8  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:39:20.0317 0x12e8  kbdhid - ok
16:39:20.0333 0x12e8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\Windows\system32\lsass.exe
16:39:20.0333 0x12e8  KeyIso - ok
16:39:20.0348 0x12e8  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:39:20.0348 0x12e8  KSecDD - ok
16:39:20.0364 0x12e8  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:39:20.0364 0x12e8  KSecPkg - ok
16:39:20.0364 0x12e8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:39:20.0379 0x12e8  ksthunk - ok
16:39:20.0426 0x12e8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:39:20.0442 0x12e8  KtmRm - ok
16:39:20.0457 0x12e8  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:39:20.0457 0x12e8  LanmanServer - ok
16:39:20.0473 0x12e8  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:39:20.0473 0x12e8  LanmanWorkstation - ok
16:39:20.0504 0x12e8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:39:20.0504 0x12e8  lltdio - ok
16:39:20.0520 0x12e8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:39:20.0535 0x12e8  lltdsvc - ok
16:39:20.0535 0x12e8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:39:20.0535 0x12e8  lmhosts - ok
16:39:20.0551 0x12e8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:39:20.0551 0x12e8  LSI_FC - ok
16:39:20.0551 0x12e8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:39:20.0567 0x12e8  LSI_SAS - ok
16:39:20.0567 0x12e8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:39:20.0567 0x12e8  LSI_SAS2 - ok
16:39:20.0582 0x12e8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:39:20.0582 0x12e8  LSI_SCSI - ok
16:39:20.0598 0x12e8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
16:39:20.0598 0x12e8  luafv - ok
16:39:20.0613 0x12e8  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:39:20.0613 0x12e8  Mcx2Svc - ok
16:39:20.0629 0x12e8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
16:39:20.0629 0x12e8  megasas - ok
16:39:20.0645 0x12e8  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
16:39:20.0645 0x12e8  MegaSR - ok
16:39:20.0660 0x12e8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
16:39:20.0660 0x12e8  MMCSS - ok
16:39:20.0676 0x12e8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
16:39:20.0676 0x12e8  Modem - ok
16:39:20.0691 0x12e8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:39:20.0691 0x12e8  monitor - ok
16:39:20.0707 0x12e8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:39:20.0707 0x12e8  mouclass - ok
16:39:20.0707 0x12e8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:39:20.0707 0x12e8  mouhid - ok
16:39:20.0723 0x12e8  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:39:20.0723 0x12e8  mountmgr - ok
16:39:20.0738 0x12e8  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:39:20.0738 0x12e8  mpio - ok
16:39:20.0738 0x12e8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:39:20.0754 0x12e8  mpsdrv - ok
16:39:20.0785 0x12e8  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:39:20.0801 0x12e8  MpsSvc - ok
16:39:20.0816 0x12e8  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:39:20.0832 0x12e8  MRxDAV - ok
16:39:20.0847 0x12e8  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:39:20.0863 0x12e8  mrxsmb - ok
16:39:20.0863 0x12e8  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:39:20.0879 0x12e8  mrxsmb10 - ok
16:39:20.0879 0x12e8  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:39:20.0879 0x12e8  mrxsmb20 - ok
16:39:20.0894 0x12e8  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:39:20.0894 0x12e8  msahci - ok
16:39:20.0910 0x12e8  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:39:20.0910 0x12e8  msdsm - ok
16:39:20.0925 0x12e8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
16:39:20.0925 0x12e8  MSDTC - ok
16:39:20.0941 0x12e8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:39:20.0941 0x12e8  Msfs - ok
16:39:20.0941 0x12e8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:39:20.0957 0x12e8  mshidkmdf - ok
16:39:20.0957 0x12e8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:39:20.0957 0x12e8  msisadrv - ok
16:39:20.0972 0x12e8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:39:20.0972 0x12e8  MSiSCSI - ok
16:39:20.0972 0x12e8  msiserver - ok
16:39:20.0988 0x12e8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:39:20.0988 0x12e8  MSKSSRV - ok
16:39:20.0988 0x12e8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:39:20.0988 0x12e8  MSPCLOCK - ok
16:39:21.0003 0x12e8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:39:21.0003 0x12e8  MSPQM - ok
16:39:21.0019 0x12e8  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:39:21.0019 0x12e8  MsRPC - ok
16:39:21.0019 0x12e8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:39:21.0019 0x12e8  mssmbios - ok
16:39:21.0035 0x12e8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:39:21.0035 0x12e8  MSTEE - ok
16:39:21.0035 0x12e8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
16:39:21.0035 0x12e8  MTConfig - ok
16:39:21.0050 0x12e8  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
16:39:21.0050 0x12e8  Mup - ok
16:39:21.0128 0x12e8  [ 213F5D05EE522E7321C513D4A6A318E0, 07E45361CF46ABFB3F7E3EC5E2CAF743B9A9B5D0CA8BFEA7C044EA8015FA7F38 ] MyEPSON Connect Service C:\Program Files (x86)\EPSON\MyEPSON Connect\mepService.exe
16:39:21.0144 0x12e8  MyEPSON Connect Service - ok
16:39:21.0175 0x12e8  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
16:39:21.0175 0x12e8  napagent - ok
16:39:21.0191 0x12e8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:39:21.0206 0x12e8  NativeWifiP - ok
16:39:21.0237 0x12e8  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:39:21.0253 0x12e8  NDIS - ok
16:39:21.0269 0x12e8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:39:21.0269 0x12e8  NdisCap - ok
16:39:21.0284 0x12e8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:39:21.0284 0x12e8  NdisTapi - ok
16:39:21.0300 0x12e8  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:39:21.0300 0x12e8  Ndisuio - ok
16:39:21.0300 0x12e8  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:39:21.0300 0x12e8  NdisWan - ok
16:39:21.0315 0x12e8  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:39:21.0315 0x12e8  NDProxy - ok
16:39:21.0315 0x12e8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:39:21.0315 0x12e8  NetBIOS - ok
16:39:21.0331 0x12e8  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:39:21.0331 0x12e8  NetBT - ok
16:39:21.0331 0x12e8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\Windows\system32\lsass.exe
16:39:21.0331 0x12e8  Netlogon - ok
16:39:21.0362 0x12e8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
16:39:21.0362 0x12e8  Netman - ok
16:39:21.0378 0x12e8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:39:21.0393 0x12e8  NetMsmqActivator - ok
16:39:21.0393 0x12e8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:39:21.0393 0x12e8  NetPipeActivator - ok
16:39:21.0409 0x12e8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
16:39:21.0409 0x12e8  netprofm - ok
16:39:21.0425 0x12e8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:39:21.0425 0x12e8  NetTcpActivator - ok
16:39:21.0425 0x12e8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:39:21.0425 0x12e8  NetTcpPortSharing - ok
16:39:21.0440 0x12e8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:39:21.0440 0x12e8  nfrd960 - ok
16:39:21.0471 0x12e8  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:39:21.0471 0x12e8  NlaSvc - ok
16:39:21.0487 0x12e8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:39:21.0487 0x12e8  Npfs - ok
16:39:21.0487 0x12e8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
16:39:21.0487 0x12e8  nsi - ok
16:39:21.0503 0x12e8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:39:21.0503 0x12e8  nsiproxy - ok
16:39:21.0565 0x12e8  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:39:21.0596 0x12e8  Ntfs - ok
16:39:21.0612 0x12e8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
16:39:21.0612 0x12e8  Null - ok
16:39:21.0643 0x12e8  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:39:21.0659 0x12e8  nvraid - ok
16:39:21.0674 0x12e8  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:39:21.0674 0x12e8  nvstor - ok
16:39:21.0690 0x12e8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:39:21.0705 0x12e8  nv_agp - ok
16:39:21.0783 0x12e8  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:39:21.0799 0x12e8  odserv - ok
16:39:21.0815 0x12e8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:39:21.0815 0x12e8  ohci1394 - ok
16:39:21.0861 0x12e8  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:39:21.0877 0x12e8  ose - ok
16:39:21.0893 0x12e8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:39:21.0908 0x12e8  p2pimsvc - ok
16:39:21.0924 0x12e8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
16:39:21.0939 0x12e8  p2psvc - ok
16:39:21.0955 0x12e8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:39:21.0955 0x12e8  Parport - ok
16:39:21.0986 0x12e8  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:39:21.0986 0x12e8  partmgr - ok
16:39:22.0002 0x12e8  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:39:22.0002 0x12e8  PcaSvc - ok
16:39:22.0002 0x12e8  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
16:39:22.0017 0x12e8  pci - ok
16:39:22.0033 0x12e8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
16:39:22.0033 0x12e8  pciide - ok
16:39:22.0049 0x12e8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:39:22.0064 0x12e8  pcmcia - ok
16:39:22.0064 0x12e8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:39:22.0064 0x12e8  pcw - ok
16:39:22.0080 0x12e8  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:39:22.0095 0x12e8  PEAUTH - ok
16:39:22.0142 0x12e8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:39:22.0142 0x12e8  PerfHost - ok
16:39:22.0173 0x12e8  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
16:39:22.0205 0x12e8  pla - ok
16:39:22.0236 0x12e8  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:39:22.0236 0x12e8  PlugPlay - ok
16:39:22.0251 0x12e8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:39:22.0251 0x12e8  PNRPAutoReg - ok
16:39:22.0267 0x12e8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:39:22.0267 0x12e8  PNRPsvc - ok
16:39:22.0298 0x12e8  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:39:22.0314 0x12e8  PolicyAgent - ok
16:39:22.0345 0x12e8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
16:39:22.0345 0x12e8  Power - ok
16:39:22.0345 0x12e8  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:39:22.0345 0x12e8  PptpMiniport - ok
16:39:22.0361 0x12e8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
16:39:22.0361 0x12e8  Processor - ok
16:39:22.0376 0x12e8  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:39:22.0376 0x12e8  ProfSvc - ok
16:39:22.0376 0x12e8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
16:39:22.0376 0x12e8  ProtectedStorage - ok
16:39:22.0407 0x12e8  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:39:22.0407 0x12e8  Psched - ok
16:39:22.0439 0x12e8  [ 05A0C2744CEAC6F1B723EC469B650EF0, D9F2E0E4431217C6A7CDE38D36362CD5A06E93B9F45F92638120EF151089B370 ] PSKMAD          C:\Windows\system32\DRIVERS\PSKMAD.sys
16:39:22.0439 0x12e8  PSKMAD - ok
16:39:22.0485 0x12e8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:39:22.0518 0x12e8  ql2300 - ok
16:39:22.0533 0x12e8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:39:22.0533 0x12e8  ql40xx - ok
16:39:22.0549 0x12e8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
16:39:22.0564 0x12e8  QWAVE - ok
16:39:22.0564 0x12e8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:39:22.0564 0x12e8  QWAVEdrv - ok
16:39:22.0580 0x12e8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:39:22.0580 0x12e8  RasAcd - ok
16:39:22.0596 0x12e8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:39:22.0596 0x12e8  RasAgileVpn - ok
16:39:22.0611 0x12e8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
16:39:22.0611 0x12e8  RasAuto - ok
16:39:22.0627 0x12e8  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:39:22.0627 0x12e8  Rasl2tp - ok
16:39:22.0642 0x12e8  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
16:39:22.0658 0x12e8  RasMan - ok
16:39:22.0658 0x12e8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:39:22.0658 0x12e8  RasPppoe - ok
16:39:22.0658 0x12e8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:39:22.0674 0x12e8  RasSstp - ok
16:39:22.0674 0x12e8  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:39:22.0689 0x12e8  rdbss - ok
16:39:22.0689 0x12e8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
16:39:22.0689 0x12e8  rdpbus - ok
16:39:22.0705 0x12e8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:39:22.0705 0x12e8  RDPCDD - ok
16:39:22.0720 0x12e8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:39:22.0720 0x12e8  RDPENCDD - ok
16:39:22.0720 0x12e8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:39:22.0720 0x12e8  RDPREFMP - ok
16:39:22.0752 0x12e8  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:39:22.0752 0x12e8  RdpVideoMiniport - ok
16:39:22.0783 0x12e8  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:39:22.0783 0x12e8  RDPWD - ok
16:39:22.0798 0x12e8  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:39:22.0798 0x12e8  rdyboost - ok
16:39:22.0830 0x12e8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:39:22.0830 0x12e8  RemoteAccess - ok
16:39:22.0830 0x12e8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:39:22.0845 0x12e8  RemoteRegistry - ok
16:39:22.0861 0x12e8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:39:22.0861 0x12e8  RpcEptMapper - ok
16:39:22.0861 0x12e8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
16:39:22.0876 0x12e8  RpcLocator - ok
16:39:22.0892 0x12e8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
16:39:22.0892 0x12e8  RpcSs - ok
16:39:22.0892 0x12e8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:39:22.0908 0x12e8  rspndr - ok
16:39:22.0939 0x12e8  [ 9140DB0911DE035FED0A9A77A2D156EA, 07C9D7E2978062ABD84B58B390360D4C0F72C6A5A2310444579DC095943BD008 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
16:39:22.0939 0x12e8  RTL8167 - ok
16:39:22.0954 0x12e8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\Windows\system32\lsass.exe
16:39:22.0954 0x12e8  SamSs - ok
16:39:23.0001 0x12e8  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
16:39:23.0001 0x12e8  SASDIFSV - ok
16:39:23.0048 0x12e8  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
16:39:23.0048 0x12e8  SASKUTIL - ok
16:39:23.0095 0x12e8  [ E20128053F3F4641A2627ECFA7149ECA, CE5620BC170E76E53FEDCCEE12BBFBEE7C67B96E53E5D9C63FA7773C36699DC6 ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
16:39:23.0095 0x12e8  SbieDrv - ok
16:39:23.0110 0x12e8  [ 0FA1025D7AC725EEA5EA3076965EEA6B, 80AFCFD77BCE07F34C1276F5F416A156ABB9FEDC2AAF7AE68CEA500A4468D125 ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
16:39:23.0110 0x12e8  SbieSvc - ok
16:39:23.0110 0x12e8  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:39:23.0126 0x12e8  sbp2port - ok
16:39:23.0126 0x12e8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:39:23.0142 0x12e8  SCardSvr - ok
16:39:23.0142 0x12e8  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:39:23.0157 0x12e8  scfilter - ok
16:39:23.0188 0x12e8  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
16:39:23.0204 0x12e8  Schedule - ok
16:39:23.0220 0x12e8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:39:23.0220 0x12e8  SCPolicySvc - ok
16:39:23.0235 0x12e8  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:39:23.0235 0x12e8  SDRSVC - ok
16:39:23.0266 0x12e8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:39:23.0266 0x12e8  secdrv - ok
16:39:23.0266 0x12e8  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
16:39:23.0282 0x12e8  seclogon - ok
16:39:23.0282 0x12e8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
16:39:23.0298 0x12e8  SENS - ok
16:39:23.0298 0x12e8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:39:23.0313 0x12e8  SensrSvc - ok
16:39:23.0329 0x12e8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:39:23.0329 0x12e8  Serenum - ok
16:39:23.0329 0x12e8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:39:23.0329 0x12e8  Serial - ok
16:39:23.0344 0x12e8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:39:23.0344 0x12e8  sermouse - ok
16:39:23.0360 0x12e8  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
16:39:23.0360 0x12e8  SessionEnv - ok
16:39:23.0376 0x12e8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:39:23.0376 0x12e8  sffdisk - ok
16:39:23.0376 0x12e8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:39:23.0376 0x12e8  sffp_mmc - ok
16:39:23.0376 0x12e8  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:39:23.0376 0x12e8  sffp_sd - ok
16:39:23.0376 0x12e8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
16:39:23.0376 0x12e8  sfloppy - ok
16:39:23.0407 0x12e8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:39:23.0422 0x12e8  SharedAccess - ok
16:39:23.0438 0x12e8  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:39:23.0438 0x12e8  ShellHWDetection - ok
16:39:23.0454 0x12e8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:39:23.0469 0x12e8  SiSRaid2 - ok
16:39:23.0469 0x12e8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:39:23.0469 0x12e8  SiSRaid4 - ok
16:39:23.0485 0x12e8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:39:23.0485 0x12e8  Smb - ok
16:39:23.0500 0x12e8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:39:23.0500 0x12e8  SNMPTRAP - ok
16:39:23.0500 0x12e8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:39:23.0500 0x12e8  spldr - ok
16:39:23.0532 0x12e8  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
16:39:23.0547 0x12e8  Spooler - ok
16:39:23.0625 0x12e8  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
16:39:23.0672 0x12e8  sppsvc - ok
16:39:23.0688 0x12e8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:39:23.0703 0x12e8  sppuinotify - ok
16:39:23.0719 0x12e8  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:39:23.0734 0x12e8  srv - ok
16:39:23.0750 0x12e8  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:39:23.0750 0x12e8  srv2 - ok
16:39:23.0766 0x12e8  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:39:23.0766 0x12e8  srvnet - ok
16:39:23.0781 0x12e8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:39:23.0781 0x12e8  SSDPSRV - ok
16:39:23.0797 0x12e8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:39:23.0797 0x12e8  SstpSvc - ok
16:39:23.0812 0x12e8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:39:23.0812 0x12e8  stexstor - ok
16:39:23.0828 0x12e8  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
16:39:23.0844 0x12e8  stisvc - ok
16:39:23.0859 0x12e8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:39:23.0859 0x12e8  swenum - ok
16:39:23.0859 0x12e8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
16:39:23.0875 0x12e8  swprv - ok
16:39:23.0922 0x12e8  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
16:39:23.0953 0x12e8  SysMain - ok
16:39:23.0968 0x12e8  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:39:23.0968 0x12e8  TabletInputService - ok
16:39:23.0984 0x12e8  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:39:23.0984 0x12e8  TapiSrv - ok
16:39:24.0000 0x12e8  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
16:39:24.0000 0x12e8  TBS - ok
16:39:24.0046 0x12e8  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:39:24.0078 0x12e8  Tcpip - ok
16:39:24.0124 0x12e8  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:39:24.0156 0x12e8  TCPIP6 - ok
16:39:24.0171 0x12e8  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:39:24.0171 0x12e8  tcpipreg - ok
16:39:24.0187 0x12e8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:39:24.0187 0x12e8  TDPIPE - ok
16:39:24.0202 0x12e8  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:39:24.0202 0x12e8  TDTCP - ok
16:39:24.0218 0x12e8  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:39:24.0218 0x12e8  tdx - ok
16:39:24.0234 0x12e8  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:39:24.0234 0x12e8  TermDD - ok
16:39:24.0249 0x12e8  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
16:39:24.0280 0x12e8  TermService - ok
16:39:24.0280 0x12e8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
16:39:24.0280 0x12e8  Themes - ok
16:39:24.0296 0x12e8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
16:39:24.0296 0x12e8  THREADORDER - ok
16:39:24.0312 0x12e8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
16:39:24.0312 0x12e8  TrkWks - ok
16:39:24.0343 0x12e8  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:39:24.0358 0x12e8  TrustedInstaller - ok
16:39:24.0374 0x12e8  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:39:24.0374 0x12e8  tssecsrv - ok
16:39:24.0405 0x12e8  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:39:24.0421 0x12e8  TsUsbFlt - ok
16:39:24.0452 0x12e8  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
16:39:24.0452 0x12e8  TsUsbGD - ok
16:39:24.0468 0x12e8  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:39:24.0483 0x12e8  tunnel - ok
16:39:24.0499 0x12e8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:39:24.0499 0x12e8  uagp35 - ok
16:39:24.0530 0x12e8  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:39:24.0530 0x12e8  udfs - ok
16:39:24.0546 0x12e8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:39:24.0546 0x12e8  UI0Detect - ok
16:39:24.0546 0x12e8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:39:24.0561 0x12e8  uliagpkx - ok
16:39:24.0561 0x12e8  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:39:24.0561 0x12e8  umbus - ok
16:39:24.0577 0x12e8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
16:39:24.0577 0x12e8  UmPass - ok
16:39:24.0577 0x12e8  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
16:39:24.0592 0x12e8  upnphost - ok
16:39:24.0608 0x12e8  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:39:24.0624 0x12e8  usbccgp - ok
16:39:24.0639 0x12e8  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:39:24.0639 0x12e8  usbcir - ok
16:39:24.0655 0x12e8  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:39:24.0655 0x12e8  usbehci - ok
16:39:24.0670 0x12e8  [ 5AE9C87A1ED4B243942B3FDDD902134B, E19657C637B354F968099755DD311A159E57C4BD5ED89D81BDA1C70A62DC732E ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
16:39:24.0686 0x12e8  usbfilter - ok
16:39:24.0686 0x12e8  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:39:24.0702 0x12e8  usbhub - ok
16:39:24.0702 0x12e8  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
16:39:24.0717 0x12e8  usbohci - ok
16:39:24.0733 0x12e8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:39:24.0733 0x12e8  usbprint - ok
16:39:24.0748 0x12e8  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:39:24.0748 0x12e8  usbscan - ok
16:39:24.0780 0x12e8  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:39:24.0780 0x12e8  USBSTOR - ok
16:39:24.0795 0x12e8  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:39:24.0795 0x12e8  usbuhci - ok
16:39:24.0811 0x12e8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
16:39:24.0811 0x12e8  UxSms - ok
16:39:24.0811 0x12e8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\Windows\system32\lsass.exe
16:39:24.0811 0x12e8  VaultSvc - ok
16:39:24.0826 0x12e8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:39:24.0826 0x12e8  vdrvroot - ok
16:39:24.0842 0x12e8  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
16:39:24.0858 0x12e8  vds - ok
16:39:24.0858 0x12e8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:39:24.0858 0x12e8  vga - ok
16:39:24.0873 0x12e8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:39:24.0873 0x12e8  VgaSave - ok
16:39:24.0889 0x12e8  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:39:24.0904 0x12e8  vhdmp - ok
16:39:24.0967 0x12e8  [ 3CCC0D9607419AC28B4216C18F6FA5E9, D51049B48EAC426C78C0651630BE6995E78E3E0E045AA4A8C7285A9941BF22A3 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
16:39:25.0014 0x12e8  VIAHdAudAddService - ok
16:39:25.0029 0x12e8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:39:25.0029 0x12e8  viaide - ok
16:39:25.0045 0x12e8  [ 888450E821E7A66CB8A4E5B7A01BA5C5, 9D78E82F533D045CB47E4BF452C1BF3F5451A71171D7D11E744CFA03C154D242 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
16:39:25.0045 0x12e8  VIAKaraokeService - ok
16:39:25.0060 0x12e8  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:39:25.0060 0x12e8  volmgr - ok
16:39:25.0076 0x12e8  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:39:25.0076 0x12e8  volmgrx - ok
16:39:25.0092 0x12e8  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:39:25.0092 0x12e8  volsnap - ok
16:39:25.0107 0x12e8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:39:25.0107 0x12e8  vsmraid - ok
16:39:25.0154 0x12e8  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
16:39:25.0185 0x12e8  VSS - ok
16:39:25.0216 0x12e8  [ A138BA7B5EB4FDA2346FD688C1332A32, CB7E3B609C99130F14B1FCDDC6852DE833E94719996B45341DB22DC83AC17AB2 ] VUSB3HUB        C:\Windows\system32\DRIVERS\ViaHub3.sys
16:39:25.0216 0x12e8  VUSB3HUB - ok
16:39:25.0216 0x12e8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:39:25.0216 0x12e8  vwifibus - ok
16:39:25.0248 0x12e8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
16:39:25.0263 0x12e8  W32Time - ok
16:39:25.0279 0x12e8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:39:25.0279 0x12e8  WacomPen - ok
16:39:25.0279 0x12e8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:39:25.0279 0x12e8  WANARP - ok
16:39:25.0294 0x12e8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:39:25.0294 0x12e8  Wanarpv6 - ok
16:39:25.0372 0x12e8  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
16:39:25.0388 0x12e8  WatAdminSvc - ok
16:39:25.0497 0x12e8  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
16:39:25.0528 0x12e8  wbengine - ok
16:39:25.0544 0x12e8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:39:25.0544 0x12e8  WbioSrvc - ok
16:39:25.0560 0x12e8  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:39:25.0575 0x12e8  wcncsvc - ok
16:39:25.0575 0x12e8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:39:25.0591 0x12e8  WcsPlugInService - ok
16:39:25.0591 0x12e8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
16:39:25.0591 0x12e8  Wd - ok
16:39:25.0638 0x12e8  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
16:39:25.0638 0x12e8  WDC_SAM - ok
16:39:25.0684 0x12e8  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:39:25.0700 0x12e8  Wdf01000 - ok
16:39:25.0700 0x12e8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:39:25.0700 0x12e8  WdiServiceHost - ok
16:39:25.0716 0x12e8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:39:25.0716 0x12e8  WdiSystemHost - ok
16:39:25.0731 0x12e8  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
16:39:25.0747 0x12e8  WebClient - ok
16:39:25.0747 0x12e8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:39:25.0762 0x12e8  Wecsvc - ok
16:39:25.0778 0x12e8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:39:25.0778 0x12e8  wercplsupport - ok
16:39:25.0778 0x12e8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:39:25.0778 0x12e8  WerSvc - ok
16:39:25.0794 0x12e8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:39:25.0794 0x12e8  WfpLwf - ok
16:39:25.0794 0x12e8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:39:25.0794 0x12e8  WIMMount - ok
16:39:25.0809 0x12e8  WinDefend - ok
16:39:25.0825 0x12e8  WinHttpAutoProxySvc - ok
16:39:25.0872 0x12e8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:39:25.0887 0x12e8  Winmgmt - ok
16:39:25.0950 0x12e8  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
16:39:25.0981 0x12e8  WinRM - ok
16:39:26.0028 0x12e8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:39:26.0043 0x12e8  Wlansvc - ok
16:39:26.0059 0x12e8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
16:39:26.0059 0x12e8  WmiAcpi - ok
16:39:26.0074 0x12e8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:39:26.0074 0x12e8  wmiApSrv - ok
16:39:26.0090 0x12e8  WMPNetworkSvc - ok
16:39:26.0090 0x12e8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:39:26.0090 0x12e8  WPCSvc - ok
16:39:26.0106 0x12e8  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:39:26.0106 0x12e8  WPDBusEnum - ok
16:39:26.0106 0x12e8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:39:26.0106 0x12e8  ws2ifsl - ok
16:39:26.0121 0x12e8  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
16:39:26.0121 0x12e8  wscsvc - ok
16:39:26.0121 0x12e8  WSearch - ok
16:39:26.0199 0x12e8  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:39:26.0230 0x12e8  wuauserv - ok
16:39:26.0262 0x12e8  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:39:26.0262 0x12e8  WudfPf - ok
16:39:26.0293 0x12e8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:39:26.0293 0x12e8  WUDFRd - ok
16:39:26.0293 0x12e8  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:39:26.0308 0x12e8  wudfsvc - ok
16:39:26.0324 0x12e8  [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:39:26.0340 0x12e8  WwanSvc - ok
16:39:26.0355 0x12e8  [ E541EE779B0861BFA36B4EFCE1A30486, EEC0898691DA9F3D82C5F72BD4F523DC0E2D0EA84FCA3E253E8BD3A600BC459B ] xhcdrv          C:\Windows\system32\DRIVERS\xhcdrv.sys
16:39:26.0371 0x12e8  xhcdrv - ok
16:39:26.0371 0x12e8  ================ Scan global ===============================
16:39:26.0386 0x12e8  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
16:39:26.0402 0x12e8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
16:39:26.0418 0x12e8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
16:39:26.0449 0x12e8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
16:39:26.0464 0x12e8  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
16:39:26.0480 0x12e8  [ Global ] - ok
16:39:26.0480 0x12e8  ================ Scan MBR ==================================
16:39:26.0496 0x12e8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:39:26.0620 0x12e8  \Device\Harddisk0\DR0 - ok
16:39:26.0620 0x12e8  ================ Scan VBR ==================================
16:39:26.0636 0x12e8  [ 8435134B0C7E1D55DE3412A4CE22F2C7 ] \Device\Harddisk0\DR0\Partition1
16:39:26.0683 0x12e8  \Device\Harddisk0\DR0\Partition1 - ok
16:39:26.0683 0x12e8  [ 1942C5C4B05908E2F4C4D45661937845 ] \Device\Harddisk0\DR0\Partition2
16:39:26.0714 0x12e8  \Device\Harddisk0\DR0\Partition2 - ok
16:39:26.0714 0x12e8  Waiting for KSN requests completion. In queue: 301
16:39:27.0728 0x12e8  Waiting for KSN requests completion. In queue: 301
16:39:28.0742 0x12e8  Waiting for KSN requests completion. In queue: 301
16:39:29.0772 0x12e8  AV detected via SS2: AVG Internet Security 2014, C:\Program Files (x86)\AVG\AVG2014\avgwsc.exe ( 14.0.0.4110 ), 0x41000 ( enabled : updated )
16:39:29.0772 0x12e8  FW detected via SS2: AVG Internet Security 2014, C:\Program Files (x86)\AVG\AVG2014\avgwsc.exe ( 14.0.0.4110 ), 0x41010 ( enabled )
16:39:32.0237 0x12e8  ============================================================
16:39:32.0237 0x12e8  Scan finished
16:39:32.0237 0x12e8  ============================================================
16:39:32.0237 0x1144  Detected object count: 0
16:39:32.0237 0x1144  Actual detected object count: 0



#5 Castle Robin

Castle Robin
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 PM

Posted 26 February 2014 - 12:01 PM

There are two Bleepingcomputer links for AdwCleaner, but as one is the author's site, I've opted for the first "Download Now @BleepingComputer" link.  If you'd prefer me to install the "Visit Author's Site" link, I'll uninstall the first link and install that one.

For now, here is the result of the first AdwCleaner link scan:

Nothing is listed except under Firefox where there is an entry I deleted yesterday with the other download of AdwCleaner, which kept reappearing for a Firefox add-on Trust My Web when I did a couple of further cleans.

The details contains "prefs.js" in the "AppData - Roaming" folder in the first line and

"user_pref"("extensions trustmyweb addons.firefox@hotmail.com install-event-fired".true): in the second line

Should I clean this with the new download?, as the only way to clean anything would include the above folder/add-on as there is no option to tick or untick anything, in the "Firefox" directory.

The "Hosts Anti-PUP/Adware" feature (infected with malware yesterday) is listed in "Tools" in the new download, but I won't touch this unless you specifically request me to at a later stage.  Meanwhile, here is the Report:

 

# AdwCleaner v3.019 - Report created 26/02/2014 at 16:51:33
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jzefkbdd.default-1392814384203\prefs.js ]

Line Found : user_pref("extensions.trustmyweb.addons.firefox@hotmail.com.install-event-fired", true);

*************************

AdwCleaner[R10].txt - [734 octets] - [26/02/2014 16:51:33]

########## EOF - C:\AdwCleaner\AdwCleaner[R10].txt - [794 octets] ##########


Edited by Castle Robin, 26 February 2014 - 12:04 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:56 AM

Posted 26 February 2014 - 12:05 PM

:deadhorse: FWIW I still do not see Anti Adware
http://general-changelog-team.fr/fr/outils?limitstart=0

 

But many of those tools are not his, so I cannot vouch for their safety.. eg ComboFix that's a BC tool


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Castle Robin

Castle Robin
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 PM

Posted 26 February 2014 - 12:10 PM

The sub-program Hosts Anti-PUP Adware is in AdwCleaner under "Tools" below Quarantine manager.

 

I'd assumed it was safe, due to being part of the AdwCleaner program, but the version I tried to install as part of the previous Anti-PUP download was infested with malware.  In light of yesterday, I'll avoid this program altogether, in case that is also malware ridden and stick with just AdwCleaner of the two programs.

 

Shall I clean with AdwCleaner or close AdwCleaner and move straight on to the Junkware Removal Tool?

 

:deadhorse: FWIW I still do not see Anti Adware
http://general-changelog-team.fr/fr/outils?limitstart=0

 

But many of those tools are not his, so I cannot vouch for their safety.. eg ComboFix that's a BC tool


Edited by Castle Robin, 26 February 2014 - 12:11 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:56 AM

Posted 26 February 2014 - 12:19 PM

You can clean
 
Double click on AdwCleaner.exe to run the tool again.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
I am contacting Explode about this .. Just to be sure his site issafe.. He is a tool writer and they will attack him..

All the tools there should be safe But as you are saying something, things need to be addressed.
Thanks for the feedback.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Castle Robin

Castle Robin
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 PM

Posted 26 February 2014 - 12:27 PM

I've rescanned with AdwCleaner and here are the results. 

 

It looks like the owner of Explode wasn't aware of this malware.  Thanks for offering to contact him:

 

# AdwCleaner v3.019 - Report created 26/02/2014 at 17:22:39
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jzefkbdd.default-1392814384203\prefs.js ]

Line Deleted : user_pref("extensions.trustmyweb.addons.firefox@hotmail.com.install-event-fired", true);

*************************

AdwCleaner[R10].txt - [874 octets] - [26/02/2014 16:51:33]
AdwCleaner[R11].txt - [934 octets] - [26/02/2014 17:21:26]
AdwCleaner[S4].txt - [857 octets] - [26/02/2014 17:22:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [916 octets] ##########



#10 Castle Robin

Castle Robin
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 PM

Posted 26 February 2014 - 12:43 PM

Oh, that's odd.  Just as I was about to post the Junkware Removal Tool results, this appeared:

 

Opening AdwCleaner.exe

 

You have chosen to open:

 

AdwCleaner.exe

which is: Binary File (1.2 MB)

from: http://download.bleepingcomputer.com

Would you like to save this file?

 

As I already used it earlier, I cancelled the request.

 

 

Here are the JRT results:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on 26/02/2014 at 17:37:16.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/02/2014 at 17:41:17.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#11 Castle Robin

Castle Robin
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 PM

Posted 26 February 2014 - 02:04 PM

The ESET scan gave the all clear, so no threats found.



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:56 AM

Posted 26 February 2014 - 02:10 PM

It looks clean here just need to know about ADW from the author.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Castle Robin

Castle Robin
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 PM

Posted 26 February 2014 - 02:18 PM

It looks clean here just need to know about ADW from the author.

 

This is excellent news that my computer is now clean.  Many thanks for all your efforts. :)

 

I'll carry on as normal and avoid the Anti-PUP program altogether unless the malware issue is resolved.  The concept of the Anti-PUP program is very good, but I'd rather not risk using it while the malware issue remains.


Edited by Castle Robin, 26 February 2014 - 02:23 PM.


#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:56 AM

Posted 26 February 2014 - 02:47 PM

AdwCleaner comes with Tools: Quarantine Manager & HOSTS Anti-PUP/Adware.

HOSTS Anti-PUP/Adware is a program developed by Malekal_Morte which reduces the risk of installing potentially unwanted programs and adwares by blocking access to some websites. By clicking OK, Hosts Anti-PUP/Adware will be downloaded and installed...it can easily be uninstalled later if you no longer want to use it.

If AVG is detecting HOSTS Anti-PUP/Adware as malware, it's most likely a "false positive".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 Castle Robin

Castle Robin
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:56 PM

Posted 26 February 2014 - 06:17 PM

AdwCleaner comes with Tools: Quarantine Manager & HOSTS Anti-PUP/Adware.

HOSTS Anti-PUP/Adware is a program developed by Malekal_Morte which reduces the risk of installing potentially unwanted programs and adwares by blocking access to some websites. By clicking OK, Hosts Anti-PUP/Adware will be downloaded and installed...it can easily be uninstalled later if you no longer want to use it.

If AVG is detecting HOSTS Anti-PUP/Adware as malware, it's most likely a "false positive".

 

Hopefully you're right, but I can't be completely sure, due to the following. 

 

If AVG is giving a false positive, this also means that Panda Cloud Cleaner is also incorrect, as I installed the Panda program later yesterday evening and their scan also detected Hosts Anti-PUP/Adware as malware.

 

The other puzzling thing is that, when AVG warned me of malware, with Youtube open at the same time, I clicked on the Flash and Video Download add-on bar which displayed the following errors:

 

Flash Files to Download

Watch-as3.swf

Videos to Download

DomaIQ: Fake Flash / Java - You Tube

+ 5 other instances of the above "DomaIQ" appeared

 

"DomaIQ" and "Fake Flash" were nowhere in sight later on when I returned to Youtube, but a few web sites have further information on "DomaIQ" and Fake Flash, including references to downloads via CNET, Brothersoft and Softonic sneaking in DomaIQ.  I've installed Comodo software via a CNET download in the past, and when I was about to install Panda Cloud Anti-Virus, I spotted that it had a "Softonic" reference in the download, even though the link to download was in the official UK site, so I think I'll avoid that program:

 

http://malwaretips.com/blogs/pup-fakeflash-domaiq-virus-removal/

https://addons.mozilla.org/en-US/firefox/addon/download-flash-and-video/


Edited by Castle Robin, 26 February 2014 - 06:20 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users