Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista Virus.. csrss trustedinstaller searchindexer font files


  • Please log in to reply
22 replies to this topic

#1 SeekerOfAnswers

SeekerOfAnswers

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 01 March 2014 - 05:38 AM

Ok, so.. I know I've got a virus.
I keep AVG running on my machine, and I keep it up to date.
At the time of infection I was running service pack 2, completely up to date.. Drivers and er'ry thing.

Now I've got this bug in my machine that I just can't get rid of.. I'm one of those peeps that likes to do things themselves...
However, after trying everything I can think of.. I've tried like 10 antivirus/malware/spyware. I've formatted/reinstalled vista countless times. I've flashed the bios. I've unplugged and left the mobo battery out hours.

This bug just will not leave my machine.
Figured I'd post on this forum since this is the only forum the bug has actually tried to block me from visiting.. That's right, I googled programs to use and found "ComboFix." Well, I can't download from this site.
I get a big ol' error message telling me I'm restricted. So, naturally I just went to cnet and got it there :P Once I ran it, it told me I had a few things that I already knew I had. I got rid of them, didn't do any good.
Pretty sure this bug is deeper than anything I can press delete for.

Any help, anyone?

Notes for anyone who wants to help :P
2x csrss.exe show up in my task manager, I've hunted them down in system32 folder.. Microsoft website says they it's suppose to be approx. 1600kb, mine is 8kb. Also, I cannot click it in task manager, nor delete it from disk.
TrustedInstaller.exe is acting mighty fishy(to the point that I know it's infected) it's eating a crap load of resources upon initial boot from fresh format, and seems to me to be what's running the show as far as saying what the virus loads/runs next.
Upon fresh format/installation of vista as soon as I log in for the first time my system resources sky-rocket. Mainly hard disk, hits about 90% CPU hits about 80% Memory his about 70% I don't recall netword, I quit letting it have access to the web after the first so many tries.. Until now, which I'm trying to get help here lol.
At first it was liking to rename files .mui, i.e. notepad.exe.mui ~ That stopped though, for some reason.

 

Also, this virus was laying dormant for months collecting data(trojan?) until I noticed it.. At which point I tried to delete a process(forget which) and it went crazy on me.

I found this http://www.bleepingcomputer.com/forums/t/520049/two-csrssexe-processes-in-task-manager/
Which looks sorta like the issue I'm having, he didn't give hardly any detail though. I'm sure I've got a virus, however.

As well, I've been browsing though the forums.. I should also mention that searchindexer or w/e in the processes was also eating a crap load of resources, like the TrustedInstaller has been. They're both accountable for about 200k read/write. I think that's correct? Also, it seems that there's some foul play with font files.. idk?

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 7.0.6001.18000
Run by Jaimz at 5:25:46 on 2014-03-01
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.8190.6384 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3F37C223-7C9D-41BF-A774-A5480502A908} : DHCPNameServer = 192.168.1.1
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jaimz\AppData\Roaming\Mozilla\Firefox\Profiles\czi9b8hy.default\
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2013-7-5 91136]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2012-7-8 1012184]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2006-11-2 273408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-1-20 93696]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-03-01 08:01:56	0	----a-w-	C:\Windows\ativpsrm.bin
2014-01-27 14:58:44	270496	------w-	C:\Windows\System32\MpSigStub.exe
2013-12-06 22:07:36	78432	----a-w-	C:\Windows\System32\atimpc64.dll
2013-12-06 22:07:36	78432	----a-w-	C:\Windows\System32\amdpcom64.dll
2013-12-06 22:07:14	71704	----a-w-	C:\Windows\SysWow64\atimpc32.dll
2013-12-06 22:07:14	71704	----a-w-	C:\Windows\SysWow64\amdpcom32.dll
2013-12-06 22:04:10	143304	----a-w-	C:\Windows\System32\atiuxp64.dll
2013-12-06 22:03:46	126336	----a-w-	C:\Windows\SysWow64\atiuxpag.dll
2013-12-06 22:03:00	115512	----a-w-	C:\Windows\System32\atiu9p64.dll
2013-12-06 22:02:38	98496	----a-w-	C:\Windows\SysWow64\atiu9pag.dll
2013-12-06 22:01:52	1318552	----a-w-	C:\Windows\System32\aticfx64.dll
2013-12-06 22:01:04	1100216	----a-w-	C:\Windows\SysWow64\aticfx32.dll
2013-12-06 22:00:16	9753752	----a-w-	C:\Windows\System32\atidxx64.dll
2013-12-06 21:59:50	8406024	----a-w-	C:\Windows\SysWow64\atidxx32.dll
2013-12-06 21:59:00	8287008	----a-w-	C:\Windows\SysWow64\atiumdva.dll
2013-12-06 21:58:10	6630232	----a-w-	C:\Windows\SysWow64\atiumdag.dll
2013-12-06 21:57:20	8927704	----a-w-	C:\Windows\System32\atiumd6a.dll
2013-12-06 21:56:54	7751920	----a-w-	C:\Windows\System32\atiumd64.dll
2013-12-06 21:52:14	13207552	----a-w-	C:\Windows\System32\drivers\atikmdag.sys
2013-12-06 21:38:52	230912	----a-w-	C:\Windows\System32\clinfo.exe
2013-12-06 21:38:40	1187342	----a-w-	C:\Windows\System32\amdocl_as64.exe
2013-12-06 21:38:40	1061902	----a-w-	C:\Windows\System32\amdocl_ld64.exe
2013-12-06 21:38:38	995342	----a-w-	C:\Windows\SysWow64\amdocl_as32.exe
2013-12-06 21:38:38	798734	----a-w-	C:\Windows\SysWow64\amdocl_ld32.exe
2013-12-06 21:38:34	99840	----a-w-	C:\Windows\System32\OpenVideo64.dll
2013-12-06 21:38:28	83968	----a-w-	C:\Windows\SysWow64\OpenVideo.dll
2013-12-06 21:38:22	86528	----a-w-	C:\Windows\System32\OVDecode64.dll
2013-12-06 21:38:18	73728	----a-w-	C:\Windows\SysWow64\OVDecode.dll
2013-12-06 21:37:58	29382144	----a-w-	C:\Windows\System32\amdocl64.dll
2013-12-06 21:35:36	24860160	----a-w-	C:\Windows\SysWow64\amdocl.dll
2013-12-06 21:33:28	63488	----a-w-	C:\Windows\System32\OpenCL.dll
2013-12-06 21:33:24	57344	----a-w-	C:\Windows\SysWow64\OpenCL.dll
2013-12-06 21:26:44	129536	----a-w-	C:\Windows\System32\coinst_13.251.dll
2013-12-06 21:16:40	26352128	----a-w-	C:\Windows\System32\atio6axx.dll
2013-12-06 21:13:02	368640	----a-w-	C:\Windows\System32\atiapfxx.exe
2013-12-06 21:12:52	62464	----a-w-	C:\Windows\System32\aticalrt64.dll
2013-12-06 21:12:50	52224	----a-w-	C:\Windows\SysWow64\aticalrt.dll
2013-12-06 21:12:42	55808	----a-w-	C:\Windows\System32\aticalcl64.dll
2013-12-06 21:12:40	49152	----a-w-	C:\Windows\SysWow64\aticalcl.dll
2013-12-06 21:12:26	15716352	----a-w-	C:\Windows\System32\aticaldd64.dll
2013-12-06 21:09:18	14302208	----a-w-	C:\Windows\SysWow64\aticaldd.dll
2013-12-06 20:58:50	22157824	----a-w-	C:\Windows\SysWow64\atioglxx.dll
2013-12-06 20:53:18	442368	----a-w-	C:\Windows\System32\atidemgy.dll
2013-12-06 20:53:10	31232	----a-w-	C:\Windows\System32\atimuixx.dll
2013-12-06 20:53:04	588288	----a-w-	C:\Windows\System32\atieclxx.exe
2013-12-06 20:52:10	239616	----a-w-	C:\Windows\System32\atiesrxx.exe
2013-12-06 20:50:36	190976	----a-w-	C:\Windows\System32\atitmm64.dll
2013-12-06 20:22:54	96256	----a-w-	C:\Windows\System32\amdave64.dll
2013-12-06 20:22:48	90112	----a-w-	C:\Windows\SysWow64\amdave32.dll
2013-12-06 20:22:42	1144320	----a-w-	C:\Windows\System32\atiadlxx.dll
2013-12-06 20:22:38	89088	----a-w-	C:\Windows\System32\atisamu64.dll
2013-12-06 20:22:34	80896	----a-w-	C:\Windows\atisamu32.dll
2013-12-06 20:22:28	825344	----a-w-	C:\Windows\SysWow64\atiadlxy.dll
2013-12-06 20:22:12	74752	----a-w-	C:\Windows\System32\atig6pxx.dll
2013-12-06 20:22:08	69632	----a-w-	C:\Windows\SysWow64\atiglpxx.dll
2013-12-06 20:22:08	69632	----a-w-	C:\Windows\System32\atiglpxx.dll
2013-12-06 20:22:04	100352	----a-w-	C:\Windows\System32\atig6txx.dll
2013-12-06 20:21:54	96768	----a-w-	C:\Windows\SysWow64\atigktxx.dll
2013-12-06 20:21:44	626176	----a-w-	C:\Windows\System32\drivers\atikmpag.sys
2013-12-06 20:18:24	45056	----a-w-	C:\Windows\System32\atitmp64.dll
2013-12-06 20:18:12	43520	----a-w-	C:\Windows\System32\drivers\ati2erec.dll
.
============= FINISH:  5:25:56.71 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SeekerOfAnswers

SeekerOfAnswers
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 01 March 2014 - 05:41 AM

Also should mention, I installed .net 3.5.. Then tried to install .net 4, cuz, well this is a fresh format/install~ Still infected~ 3.5 installed fine, 4 said it couldn't install due to a higher version being on my computer.. Thought that was fishy, but, looking through these logs.. It says that I've got .net 4.5, which I should not have due to having a fresh install of vista. I've reinstalled vista many times, I know for a fact that after a fresh install 3.5 isnt on there, 4 isnt on there, and, certainly 4.5 isn't on here.



#3 SeekerOfAnswers

SeekerOfAnswers
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 01 March 2014 - 04:32 PM

I found this log concerning the .net 4.5 framework the virus installed.
It's 10 mb so I can't upload it, but, yeh.. idk what to do to show who ever wants to look..


Edited by SeekerOfAnswers, 01 March 2014 - 04:40 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:47 PM

Posted 02 March 2014 - 10:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Nothing suspicious was found on the DDS log.
Lets check deeper.

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#5 SeekerOfAnswers

SeekerOfAnswers
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 02 March 2014 - 10:20 AM

I've been working on this for hours non stop since I posted this.. I've ran this program quite a few times, only getting satisfactory results from it once or twice.
To save us both some time, and point you in the right direction so as you may steer me right.. I've got what I believe to be a zeroaccess bootkit, if that's a thing?

I've deleted $recycle.bin from a couple hdd, but, as soon as I did that a REALLY fast and quite SUDDEN reboot came outta nowhere and upon restarting I got a filesystem msg telling me it was gonna relocate the virus elsewhere =/

Anywho, Still digging.

I'll post up one of the old logs if you want, a new scan isn't gonna find us anything. I've exhasted this resource.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:47 PM

Posted 02 March 2014 - 11:53 AM

See if you can run this tool.

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

#7 SeekerOfAnswers

SeekerOfAnswers
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 02 March 2014 - 12:59 PM

I had to format again, got pretty far with it.. imo anyway, but..~ I corrupted something, or, rather the virus insisted on hanging on the boot after my last nip/tuck :P

Before we delve too deep, I'd just like to say thanks for the time you're throwing my way. I know I very well may end up having to replace a few pieces of hardware, but, it's folks lending a helping hand that make the world go 'round.

Anyway, here's the first log you asked for ;)

-----
----
---
--
-

12:36:23.0609 0x0d64  TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
12:36:27.0498 0x0d64  ============================================================
12:36:27.0498 0x0d64  Current date / time: 2014/03/02 12:36:27.0498
12:36:27.0498 0x0d64  SystemInfo:
12:36:27.0498 0x0d64  
12:36:27.0498 0x0d64  OS Version: 6.0.6001 ServicePack: 1.0
12:36:27.0498 0x0d64  Product type: Workstation
12:36:27.0498 0x0d64  ComputerName: TehB0x
12:36:27.0498 0x0d64  UserName: Jaimz
12:36:27.0498 0x0d64  Windows directory: C:\Windows
12:36:27.0498 0x0d64  System windows directory: C:\Windows
12:36:27.0498 0x0d64  Running under WOW64
12:36:27.0498 0x0d64  Processor architecture: Intel x64
12:36:27.0498 0x0d64  Number of processors: 4
12:36:27.0498 0x0d64  Page size: 0x1000
12:36:27.0498 0x0d64  Boot type: Normal boot
12:36:27.0498 0x0d64  ============================================================
12:36:29.0535 0x0d64  KLMD registered as C:\Windows\system32\drivers\24295843.sys
12:36:29.0578 0x0d64  System UUID: {980296AA-F562-4E10-A6BB-0ADF7D1A2DBE}
12:36:30.0032 0x0d64  Drive \Device\Harddisk2\DR2 - Size: 0x22EF13E000 (139.74 Gb), SectorSize: 0x200, Cylinders: 0x4741, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:36:30.0042 0x0d64  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:36:30.0053 0x0d64  Drive \Device\Harddisk1\DR1 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:36:30.0056 0x0d64  ============================================================
12:36:30.0056 0x0d64  \Device\Harddisk2\DR2:
12:36:30.0056 0x0d64  MBR partitions:
12:36:30.0056 0x0d64  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x11777800
12:36:30.0056 0x0d64  \Device\Harddisk0\DR0:
12:36:30.0075 0x0d64  MBR partitions:
12:36:30.0075 0x0d64  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
12:36:30.0076 0x0d64  \Device\Harddisk1\DR1:
12:36:30.0076 0x0d64  MBR partitions:
12:36:30.0076 0x0d64  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xEE7B000
12:36:30.0076 0x0d64  ============================================================
12:36:30.0114 0x0d64  C: <-> \Device\Harddisk0\DR0\Partition1
12:36:30.0150 0x0d64  D: <-> \Device\Harddisk1\DR1\Partition1
12:36:30.0166 0x0d64  E: <-> \Device\Harddisk2\DR2\Partition1
12:36:30.0166 0x0d64  ============================================================
12:36:30.0166 0x0d64  Initialize success
12:36:30.0166 0x0d64  ============================================================
12:36:37.0216 0x06b0  ============================================================
12:36:37.0216 0x06b0  Scan started
12:36:37.0216 0x06b0  Mode: Manual; SigCheck; TDLFS;
12:36:37.0216 0x06b0  ============================================================
12:36:37.0216 0x06b0  KSN ping started
12:36:39.0689 0x06b0  KSN ping finished: true
12:36:42.0381 0x06b0  ================ Scan system memory ========================
12:36:42.0381 0x06b0  System memory - ok
12:36:42.0381 0x06b0  ================ Scan services =============================
12:36:42.0912 0x06b0  [ 8C99ED256A889D647935A97C543B7B85, A11099D52528A398CC01C84EB2AD83120171B7B2E24C1AEDDA18596C921183E4 ] ACPI            C:\Windows\system32\drivers\acpi.sys
12:36:43.0005 0x06b0  ACPI - ok
12:36:43.0036 0x06b0  [ F14215E37CF124104575073F782111D2, 7F624F7F0FE9909C07AB2E4C74727686FDA9DF33778A9CBBE35027D6579E4F71 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:36:43.0130 0x06b0  adp94xx - ok
12:36:43.0192 0x06b0  [ 7D05A75E3066861A6610F7EE04FF085C, 406F2CE539C306BA60C233FBCDB029153588F0499BBE91E66FC915E5C5D7D2A5 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:36:43.0333 0x06b0  adpahci - ok
12:36:43.0364 0x06b0  [ 820A201FE08A0C345B3BEDBC30E1A77C, 3170B308724CAA0AD50B74D045C837C48BD6A3A11ABA222670BEA82192A861BF ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
12:36:43.0411 0x06b0  adpu160m - ok
12:36:43.0426 0x06b0  [ 9B4AB6854559DC168FBB4C24FC52E794, 83CD75DE0A16AE66586837565ECA8B98BA9309519139C4C2032474B8DDF5A1AD ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:36:43.0504 0x06b0  adpu320 - ok
12:36:43.0567 0x06b0  [ 0F421175574BFE0BF2F4D8E910A253BB, CEABE3A4F546EB6ACA079931AB532DC88FF757DEEF6F434991802220328A9CD6 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:36:43.0598 0x06b0  AeLookupSvc - ok
12:36:43.0676 0x06b0  [ DB37041AB857ABC7E179E856D8E1582C, 1D52512EBF0A9F5044DA6435D7F23B6556242EED88744E418636045DD946976F ] AFD             C:\Windows\system32\drivers\afd.sys
12:36:43.0738 0x06b0  AFD - ok
12:36:43.0770 0x06b0  [ F6F6793B7F17B550ECFDBD3B229173F7, 7EB12A9372B7966440E39F1B567A43C21231D67DDFAA9C1DECC7E68627F82346 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:36:43.0785 0x06b0  agp440 - ok
12:36:43.0816 0x06b0  [ 222CB641B4B8A1D1126F8033F9FD6A00, 8C7FD4BF87DC00893B99E64344C0E6A3F321DAD9BE60A99763629260E7C6312C ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
12:36:43.0816 0x06b0  aic78xx - ok
12:36:43.0832 0x06b0  [ 5922F4F59B7868F3D74BBBBEB7B825A3, 71504BC8B596F540BF059059670BC0C138D8759C1DD9F99F1EC368FD5C53F573 ] ALG             C:\Windows\System32\alg.exe
12:36:43.0863 0x06b0  ALG - ok
12:36:43.0879 0x06b0  [ 157D0898D4B73F075CE9FA26B482DF98, 84C3E163D7393FD306842F155C88A50B7D8AE88B59586F9014DB76B749CC33D5 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:36:43.0879 0x06b0  aliide - ok
12:36:43.0894 0x06b0  [ 970FA5059E61E30D25307B99903E991E, CFB241803A63EA3469B2596462A42DDCA813B3ACF96E56BB34F5979BB34DDC32 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:36:43.0894 0x06b0  amdide - ok
12:36:43.0910 0x06b0  [ CDC3632A3A5EA4DBB83E46076A3165A1, 40BE3451A3F29CD3352360FF72165C54237E44D01006390805D493B0D06F51DB ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:36:44.0128 0x06b0  AmdK8 - ok
12:36:44.0238 0x06b0  [ 9C37B3FD5615477CB9A0CD116CF43F5C, BD3F85A29931072F2B0C7283761E224E4621FE0D9D34D6D668A4516B28388484 ] Appinfo         C:\Windows\System32\appinfo.dll
12:36:44.0253 0x06b0  Appinfo - ok
12:36:44.0284 0x06b0  [ BA8417D4765F3988FF921F30F630E303, 876A8F34E578020DD9EDD64F7F77A0A3B4592EC568830B500D7EA844D3159C72 ] arc             C:\Windows\system32\drivers\arc.sys
12:36:44.0300 0x06b0  arc - ok
12:36:44.0425 0x06b0  [ 9D41C435619733B34CC16A511E644B11, DEFFBBB5ECE33B7DF949DF979188AF3B6674E7580FC069397AB756EA84E24822 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:36:44.0440 0x06b0  arcsas - ok
12:36:44.0456 0x06b0  [ 22D13FF3DAFEC2A80634752B1EAA2DE6, 503F7E5F1B14D3F7AEAB0982E812B19DABE38FD4104D93922F50F0B2D19BECFB ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:36:44.0487 0x06b0  AsyncMac - ok
12:36:44.0503 0x06b0  [ 1898FAE8E07D97F2F6C2D5326C633FAC, 62142E7B720C0A7FAD36577EE985B5793CB395574A3ECA9F2AF613C0F889D39C ] atapi           C:\Windows\system32\drivers\atapi.sys
12:36:44.0503 0x06b0  atapi - ok
12:36:44.0721 0x06b0  [ 2A54B6A48AB6D2166271B05E9469326E, 657DBD481CD9F9B8A3AD5CE4F93F832187FB9A5F7069523F0492925421C78733 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:36:44.0752 0x06b0  AudioEndpointBuilder - ok
12:36:44.0799 0x06b0  [ 2A54B6A48AB6D2166271B05E9469326E, 657DBD481CD9F9B8A3AD5CE4F93F832187FB9A5F7069523F0492925421C78733 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:36:44.0830 0x06b0  AudioSrv - ok
12:36:44.0939 0x06b0  [ BC4737AAFFA5964E4F8827C9B8C0EB8E, 5507F41DCD8DD155A1C09BDEAF9CFDF53B40A89369BD59D60834B2753F73F8C0 ] BFE             C:\Windows\System32\bfe.dll
12:36:44.0986 0x06b0  BFE - ok
12:36:45.0127 0x06b0  [ D896A0D43F8AB81ECB1FC6C24DECFD58, 0E643D95A459910FD4DD0D2B924A55A2D01923C70D4F78BA6F3AC073E51B04DF ] BITS            C:\Windows\System32\qmgr.dll
12:36:45.0189 0x06b0  BITS - ok
12:36:45.0220 0x06b0  [ 79FEEB40056683F8F61398D81DDA65D2, 5EA3016194F71A2A2177C2B5129E82738EC621ACAD269809F4C131B72CFEB6C6 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
12:36:45.0236 0x06b0  blbdrive - ok
12:36:45.0267 0x06b0  [ 8B2B19031D0AEADE6E1B933DF1ACBA7E, 8F963BBFBCB4A87347D46BEE107852DAA3966956BCAE62C78198951252A5076C ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:36:45.0298 0x06b0  bowser - ok
12:36:45.0314 0x06b0  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
12:36:45.0329 0x06b0  BrFiltLo - ok
12:36:45.0345 0x06b0  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
12:36:45.0376 0x06b0  BrFiltUp - ok
12:36:45.0407 0x06b0  [ A1B39DE453433B115B4EA69EE0343816, 61441E7E9D5259A5987DBD3FC8D4E3221A57F42C7CC0F94DB48E80EEF96CA5D4 ] Browser         C:\Windows\System32\browser.dll
12:36:45.0439 0x06b0  Browser - ok
12:36:45.0439 0x06b0  [ F0F0BA4D815BE446AA6A4583CA3BCA9B, E0A5DB5A0C7D6AF93ED45F34D2597F77982DFF41E4FDAC827FE5D80323ADED60 ] Brserid         C:\Windows\system32\drivers\brserid.sys
12:36:45.0485 0x06b0  Brserid - ok
12:36:45.0501 0x06b0  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
12:36:45.0532 0x06b0  BrSerWdm - ok
12:36:45.0548 0x06b0  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
12:36:45.0595 0x06b0  BrUsbMdm - ok
12:36:45.0595 0x06b0  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
12:36:45.0641 0x06b0  BrUsbSer - ok
12:36:45.0641 0x06b0  [ E0777B34E05F8A82A21856EFC900C29F, A7ACE3C65D1773C50ACD98A13B3ADBDD2A6052D7F5D124CB6EE6E7C22151A424 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:36:45.0688 0x06b0  BTHMODEM - ok
12:36:45.0704 0x06b0  [ B4D787DB8D30793A4D4DF9FEED18F136, 2A956F7DCFE61E556F30BDA6D45592A05533541D6ED321C251C1C05F6CEA6DDC ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:36:45.0735 0x06b0  cdfs - ok
12:36:45.0751 0x06b0  [ 3B2FB35363423ED60C8FBF15FC8680BD, 6AA11129BF61288F4696DF8A9E87A1C200EC94A80DE0BD0865878B73735DA57D ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:36:45.0782 0x06b0  cdrom - ok
12:36:45.0797 0x06b0  [ EDFFFC8B6AFB609BF33DBE0A900426B6, 069E51698CADB01800CD4D1D98010B809652A93647670EC612373D154FA1E9CC ] CertPropSvc     C:\Windows\System32\certprop.dll
12:36:45.0813 0x06b0  CertPropSvc - ok
12:36:45.0829 0x06b0  [ 02EA568D498BBDD4BA55BF3FCE34D456, 5A418B156CBB48D14E0F6B6AE6E03B8CD97AABE838F260757014479566C63F17 ] circlass        C:\Windows\system32\drivers\circlass.sys
12:36:45.0860 0x06b0  circlass - ok
12:36:45.0891 0x06b0  [ CAEDA2572B7042B11062F327F099251D, 8A00C45380B2A061B977190F55BD82C117567C07CCA84616444B92DB1D3298DD ] CLFS            C:\Windows\system32\CLFS.sys
12:36:45.0907 0x06b0  CLFS - ok
12:36:46.0047 0x06b0  [ A4AF4201BD519971F8F34724F3CA9DBB, 6A93AA71BCD081CFD565A14E5DA69735B93DCFED0467A737AF8CB4B783598D2F ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:36:46.0063 0x06b0  clr_optimization_v2.0.50727_32 - ok
12:36:46.0172 0x06b0  [ 0EE3F378DFF6A8F0A122B5BFB6F2D9E5, 83139BC0DC34B6E4E2B11FD995BD72F2BF069986937F1CE9035FA9C392BFAA1A ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:36:46.0172 0x06b0  clr_optimization_v2.0.50727_64 - ok
12:36:46.0187 0x06b0  [ E5D5499A1C50A54B5161296B6AFE6192, 20A8A0478918063A9EE81565F21F4ACCAA7B6A8B2E9E084099879D85574BAB3E ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:36:46.0203 0x06b0  cmdide - ok
12:36:46.0203 0x06b0  [ 7FB8AD01DB0EABE60C8A861531A8F431, E19353C686B07A0DBBA92CFCC88AB9B6BEBAF389416B78F4470BA673E7CD73C3 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
12:36:46.0203 0x06b0  Compbatt - ok
12:36:46.0203 0x06b0  COMSysApp - ok
12:36:46.0219 0x06b0  [ A8585B6412253803CE8EFCBD6D6DC15C, C3906B080D3BB06CB976FD98C62CBA97DAE74970A5559D51EF5111D773949322 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:36:46.0219 0x06b0  crcdisk - ok
12:36:46.0250 0x06b0  [ 4374F784121D8B3BB466B03F5E5EBD33, EA37D4B0EA11C81A5F9277EEC2FA16F9A863B655E685BFF40C9D57B26158D582 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:36:46.0281 0x06b0  CryptSvc - ok
12:36:46.0328 0x06b0  [ FF27BE0BA7B3C48D5C99AFCB56D436C2, 273A28980125B149BFD41B3AF290A4ED4FBB85BECF36CD33F4870D0E1BDACDE9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:36:46.0375 0x06b0  DcomLaunch - ok
12:36:46.0390 0x06b0  [ BD4ACC56E477AD7419CBE90FCEEB621B, ADBA935113BA324815F1B845D6EF2EAF23134D4A1AA1A2079FE5C4EE60E75778 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:36:46.0421 0x06b0  DfsC - ok
12:36:46.0609 0x06b0  [ 1781F99840979EE7B126C9073C377FD0, D5E8445B0381429FD1BB4CFB12F48D79B6C8405472E856A80FC4CCC4DB1437D5 ] DFSR            C:\Windows\system32\DFSR.exe
12:36:47.0108 0x06b0  DFSR - ok
12:36:47.0186 0x06b0  [ FDAA0EDFCFB70CD529589AD654651B40, D3729FE3A019CEA859B0475904CDAE7EDA7E9C71FC3E4A71B94A6E3ACEA14098 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
12:36:47.0217 0x06b0  Dhcp - ok
12:36:47.0232 0x06b0  [ 2DC415FC05FB8A079F896CBBACB19324, B868592C68A7E84BCAB456225A8326B561416B75BC6F4FBB80F2F281FF304100 ] disk            C:\Windows\system32\drivers\disk.sys
12:36:47.0264 0x06b0  disk - ok
12:36:47.0279 0x06b0  [ 93CE26DBED3182634F18DD2FE10E41BE, 91ECC6F70A4D22DC9A5CA6C9949D74B364D9B5110267E6052FA3F8FB4248B9F5 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:36:47.0310 0x06b0  Dnscache - ok
12:36:47.0326 0x06b0  [ CC661867677627F2911C2A4970DEE0F1, 7C3F2FEE7EFA10F92EB8FA951E15754AD6A467411127345527CEC7094AF7AC74 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:36:47.0357 0x06b0  dot3svc - ok
12:36:47.0373 0x06b0  [ 1583B39790DB3EAEC7EDB0CB0140C708, F94F9AE7054A38602CD25D4E10FE7C7B574BD9ED8440C3FDAA7275A1D1E663E7 ] DPS             C:\Windows\system32\dps.dll
12:36:47.0404 0x06b0  DPS - ok
12:36:47.0451 0x06b0  [ F1A78A98CFC2EE02144C6BEC945447E6, D2E2AA13BE6319F967002476A5D3CF09B1B44350576DD8E1C1C531854F53B488 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:36:47.0482 0x06b0  drmkaud - ok
12:36:47.0529 0x06b0  [ 645B6C9DAD903EDDE4703CB76929B7DC, 5235C2B8554EEC51F1F2C8D13233568220443348C378317D6CD9F4D113FE0FF1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:36:47.0576 0x06b0  DXGKrnl - ok
12:36:47.0654 0x06b0  [ 264CEE7B031A9D6C827F3D0CB031F2FE, 50CAD28A73D29E7E04A45330146CF713BA17101215955009121E36D43CD5C536 ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
12:36:47.0700 0x06b0  E1G60 - ok
12:36:47.0794 0x06b0  [ C2303883FD9BE49DC36A6400643002EA, F062D1D6D503CF5195BDE8C1DC75B541F559CB8175ADABCDB7690E9F1CA3EA4E ] EapHost         C:\Windows\System32\eapsvc.dll
12:36:47.0856 0x06b0  EapHost - ok
12:36:47.0872 0x06b0  [ 7343D950A34A95DCB7441642E3E6BEEF, 6C38E7C0C1D5F619269BA03E41AA0340A93D556B38396B3AE65CCE1A4393C997 ] Ecache          C:\Windows\system32\drivers\ecache.sys
12:36:47.0903 0x06b0  Ecache - ok
12:36:48.0012 0x06b0  [ 14CE384D2E27B64C256BDA4DC39C312D, D5FA9C2BB162F1C22E419D33671B8202AAC245A87F6B183B97F83F5BFA165B41 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:36:48.0044 0x06b0  ehRecvr - ok
12:36:48.0075 0x06b0  [ B93159C1313D66FDFBBE876F5189CD52, 51E39160EA56F6B08449267EDF2A0F604612663768D2348DE23554AB07BDBB62 ] ehSched         C:\Windows\ehome\ehsched.exe
12:36:48.0075 0x06b0  ehSched - ok
12:36:48.0090 0x06b0  [ F5EE2527D74449868E3C3227A59BCD28, 11640E97EE9D8F9A5DC3FEA6BA7A737AA796A7235C7F5C7EF1ABFB51C9D730D3 ] ehstart         C:\Windows\ehome\ehstart.dll
12:36:48.0106 0x06b0  ehstart - ok
12:36:48.0122 0x06b0  [ C4636D6E10469404AB5308D9FD45ED07, 367D958D19F672395462206F27C1E138386C2F37B0FA77546F4217CF16D05C84 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:36:48.0215 0x06b0  elxstor - ok
12:36:48.0356 0x06b0  [ 31272DD1F13EE5031AF1E3EA054FD92C, 97AD108FB58C622CCF146DC9A1CBC8F7D57C83ED2AEB96E8718D7284E681CAE0 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
12:36:48.0543 0x06b0  EMDMgmt - ok
12:36:48.0558 0x06b0  [ BC3A58E938BB277E46BF4B3003B01ABD, 2BB054E632A96951DAB25B3BE8541AEC1B97A7739FC8D0E34BE8B9295600C8FC ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:36:48.0574 0x06b0  ErrDev - ok
12:36:48.0621 0x06b0  [ D8338E6B3C23AD36096A6FDABD039283, AD16BE916718179577415E10D539E90A27CB99F8565C65481069F8434508D29F ] EventSystem     C:\Windows\system32\es.dll
12:36:48.0699 0x06b0  EventSystem - ok
12:36:48.0714 0x06b0  [ 2A546B9A84658B0554B1EC35CD9ADAF5, 211C7D2CCEF5F3B7DB02BD81FA034BA1329E76E26E5D36B87618DE3D7129FE95 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:36:48.0777 0x06b0  exfat - ok
12:36:48.0792 0x06b0  [ FE731D345ED9EEABBC72A59B35941834, 92B20565814B3182A6236DA73557D116FC15B7739DF33714E93C6F962239B6C9 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:36:48.0824 0x06b0  fastfat - ok
12:36:48.0980 0x06b0  [ 81B79B6DF71FA1D2C6D688D830616E39, 62F8BC0DB918A49B10A5BE1724A2E2F17FA7D8208D5D86822FACB2DCD97B3591 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:36:49.0011 0x06b0  fdc - ok
12:36:49.0026 0x06b0  [ BB9267ACACD8B7533DD936C34A0CBA5E, 32DE6E10ABA540D62F0D8AE30DE8769D7BF29E547838BEBE67C04183CC0B32C7 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:36:49.0042 0x06b0  fdPHost - ok
12:36:49.0089 0x06b0  [ 300C80931EABBE1DB7591C516EFE8D0F, F031DA96B06B6FA8E0AD56D5E10E5A5882765C3FF258A4DE06A47EC34829FF04 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:36:49.0136 0x06b0  FDResPub - ok
12:36:49.0151 0x06b0  [ 457B7D1D533E4BD62A99AED9C7BB4C59, 3933907DE163F8D3A81ED25169B693D723296C437C7C990BFE9DEFD60F7635FD ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:36:49.0182 0x06b0  FileInfo - ok
12:36:49.0214 0x06b0  [ D421327FD6EFCCAF884A54C58E1B0D7F, C2F3B72EA36BA8B74A30E128C088307CA768FDBE232BFA216CD78B0F9B7AF18A ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:36:49.0245 0x06b0  Filetrace - ok
12:36:49.0338 0x06b0  [ 230923EA2B80F79B0F88D90F87B87EBD, 1F3287970FEC73011F3B675C447BF0CA35416490D4740C6960595B091181059C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:36:49.0370 0x06b0  flpydisk - ok
12:36:49.0432 0x06b0  [ 7DACF1A3A4219575070C6DC7C957428A, B55B98ECC29CE895E57AA017876772ECF3F2FB5EBE95E1958F61F9D13E7782EE ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:36:49.0479 0x06b0  FltMgr - ok
12:36:49.0588 0x06b0  [ 3A8059E00C155283323CF57F998A73E0, 8B1B013224E25132B6CED153D922E515D0C668E5944A2D99D880DFDDF4B71736 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:36:49.0619 0x06b0  FontCache3.0.0.0 - ok
12:36:49.0650 0x06b0  [ 29D99E860A1CA0A03C6A733FDD0DA703, A5CAEFBFDD74991ECEAA068572E8FAF51BEA2CD4EB39D28EEB60D936760E3589 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:36:49.0713 0x06b0  Fs_Rec - ok
12:36:49.0728 0x06b0  [ C8E416668D3DC2BE3D4FE4C79224997F, 7DBC8E7687179A649638F606C9584F2E8EC2065762997CDF151F9BB99FA8D535 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:36:49.0744 0x06b0  gagp30kx - ok
12:36:49.0791 0x06b0  [ 9E5B254D58232EC8921EC3C5A94C81ED, 99465633B61B51079C809113D8B3D1D34E1044068AECF3E9A05DAE4D619C4F9D ] gpsvc           C:\Windows\System32\gpsvc.dll
12:36:49.0853 0x06b0  gpsvc - ok
12:36:49.0884 0x06b0  [ DF45F8142DC6DF9D18C39B3EFFBD0409, E0F04525530FF403C5A34B7E9A03CDE70B7BACE12E2E50103554E92AF374BD09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:36:49.0931 0x06b0  HdAudAddService - ok
12:36:49.0931 0x06b0  [ 0C0D0F8A3FF09ECC81963D09EC6A0A84, CB5F5E81F6E149D5E65717B5F9D4C3CF52F28FD424D6DECA7116EA3F7DA92265 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:36:49.0962 0x06b0  HDAudBus - ok
12:36:49.0978 0x06b0  [ B4881C84A180E75B8C25DC1D726C375F, C0BEDBF43EFB0DD442A1D7985EA4A7493671648954B7D1840E30FB2FC46589A4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:36:50.0009 0x06b0  HidBth - ok
12:36:50.0025 0x06b0  [ 4E77A77E2C986E8F88F996BB3E1AD829, 1748676EB038A145405080B829DF4156C2596691BE5C67FD8269BE8D9351B400 ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:36:50.0071 0x06b0  HidIr - ok
12:36:50.0071 0x06b0  [ 0AA154538544E988429DA2D5AA803A6C, 72FA9D73CCCEDA49743FD932D2E941CC629634FF472323BACBAA0A4107434551 ] hidserv         C:\Windows\system32\hidserv.dll
12:36:50.0103 0x06b0  hidserv - ok
12:36:50.0118 0x06b0  [ 128E2DA8483FDD4DD0C7B3F9ABD6F323, 1392C1B66AF9738237C736A9E564C814C90592D301E01C86FCC23E53C2A73F30 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:36:50.0149 0x06b0  HidUsb - ok
12:36:50.0165 0x06b0  [ B12F367EA39C0795FD57E31242CE1A5A, 498439FE4D1217211EB6C1AC35CDA5D59F3AE8F06AF5E41EE9FDB0DC559FBE27 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:36:50.0196 0x06b0  hkmsvc - ok
12:36:50.0227 0x06b0  [ D7109A1E6BD2DFDBCBA72A6BC626A13B, 6141B6645F4152A326ECA8AD0DD04CB38C9EDA395BDF6FF260AB17CB86FC4C87 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
12:36:50.0227 0x06b0  HpCISSs - ok
12:36:50.0259 0x06b0  [ 7C39506BC3BE2B77B7671BB320FDB736, EE1CF3FDEDAAFFDA33151E94A22877BF85D966C68F06D92C7253D606C567BC04 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:36:50.0305 0x06b0  HTTP - ok
12:36:50.0321 0x06b0  [ DA94C854CEA5FAC549D4E1F6E88349E8, 10BEB47DB90F55BD1792C2041E49ED13E4E52BCC11BE6599F6DA8D91B79CC8D1 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
12:36:50.0337 0x06b0  i2omp - ok
12:36:50.0337 0x06b0  [ CBB597659A2713CE0C9CC20C88C7591F, A2BAC75F7247D871842A32EAA7594D338E728D1BFEAEA3C1FCDBF65F007BC06A ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:36:50.0368 0x06b0  i8042prt - ok
12:36:50.0383 0x06b0  [ 3E3BF3627D886736D0B4E90054F929F6, 95A138B65DC9133E92F53A529C7AD897D8823EFAED343756549FDF6C8C749CD0 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
12:36:50.0399 0x06b0  iaStorV - ok
12:36:50.0461 0x06b0  [ F8E071CD7B92E81A2C64D860347EDA1E, A1E88E535BF5A23189E3AE3B63791F5546CBABBCC829FCCEB9844DC4950BB410 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:36:50.0508 0x06b0  idsvc - ok
12:36:50.0524 0x06b0  [ 8C3951AD2FE886EF76C7B5027C3125D3, 85CF7231756E02BD9E5F4378F3FC794394A072B8028F27827F83ACE9EE554499 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:36:50.0524 0x06b0  iirsp - ok
12:36:50.0555 0x06b0  [ 3A3B232140C33376E134E7B61A0EAA44, 8F4605216DC2F792C0EC01A1FD60A863021E400DB80854EB022CA2CF50A1F706 ] IKEEXT          C:\Windows\System32\ikeext.dll
12:36:50.0602 0x06b0  IKEEXT - ok
12:36:50.0602 0x06b0  [ DF797A12176F11B2D301C5B234BB200E, 384343636B21CA7EDF28EFD1B6728EAB1508CA49CE48FF3DC0D91DB843C0C73E ] intelide        C:\Windows\system32\drivers\intelide.sys
12:36:50.0617 0x06b0  intelide - ok
12:36:50.0633 0x06b0  [ BFD84AF32FA1BAD6231C4585CB469630, 33E0842F2D0879B02C115301174FCB19ED3AAF7B1B8E6284839CE16DE56476EA ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:36:50.0664 0x06b0  intelppm - ok
12:36:50.0680 0x06b0  [ 5624BC1BC5EEB49C0AB76A8114F05EA3, BD5AA534D8A923AF4D205EEC6DA55A3DC5F915E5F3223BF23F24C09824FA90B6 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:36:50.0711 0x06b0  IPBusEnum - ok
12:36:50.0727 0x06b0  [ 99B821F5BEBD6A3CC3FE564F802AE0FD, ACBD24DF39544B3562E6C80448540DBF9B695F90990CEBBF0C00065B511501D6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:36:50.0742 0x06b0  IpFilterDriver - ok
12:36:50.0758 0x06b0  [ 82EFC3D6D161DD874F1203C5F60F623C, A7891655473786E5364E09FAF7E866B837F6AF3104DBDDB272B5C7215FF587EA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:36:50.0836 0x06b0  iphlpsvc - ok
12:36:50.0836 0x06b0  IpInIp - ok
12:36:50.0883 0x06b0  [ 9C2EE2E6E5A7203BFAE15C299475EC67, E51628ECAB9CCCBCE02801C5E71406487A280765FEE318D14B0C227141B87658 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
12:36:50.0914 0x06b0  IPMIDRV - ok
12:36:50.0929 0x06b0  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE, C29D7F392116BB09F7047A90702331F200DACFB3C94E7F912932971E0B7F0413 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
12:36:50.0961 0x06b0  IPNAT - ok
12:36:50.0976 0x06b0  [ 8C42CA155343A2F11D29FECA67FAA88D, 699F06D25C5F270CE1194F4D350CB0BE22C6AB609EECF35D066C034AC380BEE3 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:36:50.0992 0x06b0  IRENUM - ok
12:36:51.0023 0x06b0  [ 0672BFCEDC6FC468A2B0500D81437F4F, A0322B569C309F258684AFECCD52924A33F363186261730469245B7FA357C645 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:36:51.0023 0x06b0  isapnp - ok
12:36:51.0054 0x06b0  [ 49E4CCBF74783FCE5D2CC1FF6480E1F4, 1685841CD3F64415D7E3DDE6AC4E1D9F21E420089485F23E970CE5C8C2D929F0 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
12:36:51.0070 0x06b0  iScsiPrt - ok
12:36:51.0085 0x06b0  [ 63C766CDC609FF8206CB447A65ABBA4A, D9CA006FA852C95E90E8A0837E296FCBFD76246DA8AFDE563863D5F95BDFEC52 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
12:36:51.0085 0x06b0  iteatapi - ok
12:36:51.0132 0x06b0  [ 1281FE73B17664631D12F643CBEA3F59, B27571A0348CDF81DC102A61712CBA9A4AF7AC0015A7702B0DE73AD4E4646853 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
12:36:51.0132 0x06b0  iteraid - ok
12:36:51.0179 0x06b0  [ 423696F3BA6472DD17699209B933BC26, 00C2EAA1A8E9D422D178B7678598743234930C1858D76C632F079EF789BB56C3 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:36:51.0179 0x06b0  kbdclass - ok
12:36:51.0195 0x06b0  [ BF8783A5066CFECF45095459E8010FA7, 90845E1A154189258B2754C4FF8E6732AA462FF3777E8DFBAF8246C7C5B2740D ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:36:51.0226 0x06b0  kbdhid - ok
12:36:51.0241 0x06b0  [ 1B461E9F6DB0EF829B4369F47A24BBEC, E90462284688FA593CD5632DEE45255D2759A58DF4D17AE830A64B686E7A700D ] KeyIso          C:\Windows\system32\lsass.exe
12:36:51.0241 0x06b0  KeyIso - ok
12:36:51.0273 0x06b0  [ A6F636C447CF3DEF5F50018F0C0E1AAE, 1B6289C198557FF94DFCE0F4DD8F6C077A214CEE1BFD9E7DDDDFED33FEF7D687 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:36:51.0288 0x06b0  KSecDD - ok
12:36:51.0319 0x06b0  [ 1D419CF43DB29396ECD7113D129D94EB, 21ECCE9D17F055C7B5066110864E10C99291CE50B389C545371333904CE2DBB5 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:36:51.0335 0x06b0  ksthunk - ok
12:36:51.0382 0x06b0  [ 1FAF6926F3416D3DA05C5B265491BDAE, 3989E18522691CC3820092033E00ED39D08861DFB369AA0DFFF4B379E48EA1F0 ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:36:51.0429 0x06b0  KtmRm - ok
12:36:51.0460 0x06b0  [ 6F212EDD7AAE8BD905C9E8824A34F8AE, B6B178431CF86DF779D63B0603E18C9CEAAD382AC3BF2888082C1804E427C1C8 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:36:51.0491 0x06b0  LanmanServer - ok
12:36:51.0507 0x06b0  [ D81690276C9E06A50D398CD1AE3C89AB, 67393AD4E40083949737141F877B5BC93DDD84080892E22E5787C305D4AF54A7 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:36:51.0538 0x06b0  LanmanWorkstation - ok
12:36:51.0553 0x06b0  [ 96ECE2659B6654C10A0C310AE3A6D02C, 3322E87B9F64C3ACBCB634F2390AAB212FA7695383BF01F0092A803871BF19B2 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:36:51.0585 0x06b0  lltdio - ok
12:36:51.0600 0x06b0  [ 961CCBD0B1CCB5675D64976FAE37D092, 258378BE76A13E4368C9587E6A22727721E4B267B0D26D3D3E333B3B2A5A0611 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:36:51.0647 0x06b0  lltdsvc - ok
12:36:51.0647 0x06b0  [ A47F8080CACC23C91FE823AD19AA5612, 161575406D158D6D5C9220F1E82C0CC19108C74ADC35C509BAF9B0C414EFD8EE ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:36:51.0678 0x06b0  lmhosts - ok
12:36:51.0725 0x06b0  [ ACBE1AF32D3123E330A07BFBC5EC4A9B, 0E17E4DD30B5AF8F269EF8EA003836C9E16273262A050B9BE3ED802DD3AC9319 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:36:51.0819 0x06b0  LSI_FC - ok
12:36:51.0865 0x06b0  [ 799FFB2FC4729FA46D2157C0065B3525, AB462A34D061C113DA12641C45159A58D0AEA1C440233D061A20DF99586CFA93 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:36:51.0943 0x06b0  LSI_SAS - ok
12:36:52.0021 0x06b0  [ F445FF1DAAD8A226366BFAF42551226B, 92B63E15363F1EAE8A54D4E74ED21669D0A9FE99C654671556C58456228278B1 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:36:52.0052 0x06b0  LSI_SCSI - ok
12:36:52.0115 0x06b0  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E, 2EB22DD418D4934BDD22C5DB49D5D06178EC0419AB5CC28DD544CA91823987B0 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:36:52.0146 0x06b0  luafv - ok
12:36:52.0177 0x06b0  [ 76A58DF02BD4EA29F189B82D0BEF17F8, B3A96AABE050BB332ECD9AF7C35D08B468AC459D30FF4D49B609BA3F95ECEEDA ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:36:52.0208 0x06b0  Mcx2Svc - ok
12:36:52.0224 0x06b0  [ 5C5CD6AACED32FB26C3FB34B3DCF972F, 34A66C21FA79800D3CDE933CFA71343218F94D67AAE763EA0B53AC49060CB6D0 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:36:52.0224 0x06b0  megasas - ok
12:36:52.0271 0x06b0  [ 859BC2436B076C77C159ED694ACFE8F8, 4AEA57A8B9EACEC1B8DED3ECC95621C56E6D65CFE2DA9F07DAF7C7BAD132B624 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
12:36:52.0286 0x06b0  MegaSR - ok
12:36:52.0333 0x06b0  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] MMCSS           C:\Windows\system32\mmcss.dll
12:36:52.0349 0x06b0  MMCSS - ok
12:36:52.0364 0x06b0  [ 59848D5CC74606F0EE7557983BB73C2E, EA6ACF0619DE1E4272AEDC69F2E66E29DA499E8E8094243C9EF735FD8369229D ] Modem           C:\Windows\system32\drivers\modem.sys
12:36:52.0396 0x06b0  Modem - ok
12:36:52.0411 0x06b0  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5, 357811D1B8F70828F6432879F59DAB916FBB55673B3473D879382DE33CFB3FAF ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:36:52.0442 0x06b0  monitor - ok
12:36:52.0442 0x06b0  [ 9367304E5E412B120CF5F4EA14E4E4F1, F87EBACEE27A50E6610FDCB4BD3001C35A99FEE6D63D643FF2CBF0D484CD082C ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:36:52.0442 0x06b0  mouclass - ok
12:36:52.0458 0x06b0  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69, B77E4A7511923E7BD35A177A40B4E461AC9CB050D6F0575D4799DEF85DA6DA38 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:36:52.0552 0x06b0  mouhid - ok
12:36:52.0630 0x06b0  [ 11BC9B1E8801B01F7F6ADB9EAD30019B, 1BAF820C0AB1B70A114E767B2155A58BF86CD0D9CF582813C1635A86BE3A7A05 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
12:36:52.0661 0x06b0  MountMgr - ok
12:36:52.0708 0x06b0  [ F8276EB8698142884498A528DFEA8478, C0FF504F721F1D00F42CFE783D4F32C6728518F64646F5C5C11BA3A4824815BB ] mpio            C:\Windows\system32\drivers\mpio.sys
12:36:52.0739 0x06b0  mpio - ok
12:36:52.0770 0x06b0  [ C92B9ABDB65A5991E00C28F13491DBA2, D1233381A9E4262F0AB396BBDB7DE402D4370805E11EB8A118C846F6E9474098 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:36:52.0801 0x06b0  mpsdrv - ok
12:36:52.0957 0x06b0  [ 8A670648C755867A3AA38DA50BA569AA, 8CB16EA50DCA5F9C294AC85DE7D2CB7F4B6B5016C1F878BC864D83F2ADF4F423 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:36:53.0144 0x06b0  MpsSvc - ok
12:36:53.0160 0x06b0  [ 3C200630A89EF2C0864D515B7A75802E, AA4A312E7A28FCE7A944747BADB809CAAD3D67899EBBE663D473621DB25B140A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
12:36:53.0160 0x06b0  Mraid35x - ok
12:36:53.0176 0x06b0  [ FE2706C15F8345C342820E4E4583FEA0, EA954064272D65E5BDAA66772D35D1BE8985A0ABDA0E09857F8F522BEC37EE70 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:36:53.0191 0x06b0  MRxDAV - ok
12:36:53.0207 0x06b0  [ 8E01ED1D845B0DAC094A9BE50D426187, 31DD7F9D4219A293A0668051FBF143A083BAF98C63D617CB297E72D26EF5C93A ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:36:53.0238 0x06b0  mrxsmb - ok
12:36:53.0269 0x06b0  [ 7ACA70376A4ECA01A8E02957E55D2710, D933635692D536928C9571B7E4FA4BFF4FBF9D93A6CC61118CAB039B7DF77131 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:36:53.0300 0x06b0  mrxsmb10 - ok
12:36:53.0456 0x06b0  [ 168DA84EBF8AFBC6E8F8EE229CC6DC9F, 8FA6C5C45BA7F686970102F25DD237D5BE148F510AEFB55929B961EC79E76471 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:36:53.0472 0x06b0  mrxsmb20 - ok
12:36:53.0488 0x06b0  [ 1AC860612B85D8E85EE257D372E39F4D, 74682CCE44BCEE31BCA286D4F4E53B64CAAE244155F2B4C8FEB6AE7C391CA89D ] msahci          C:\Windows\system32\drivers\msahci.sys
12:36:53.0503 0x06b0  msahci - ok
12:36:53.0519 0x06b0  [ 264BBB4AAF312A485F0E44B65A6B7202, 1DF36540C77D5D885B6C2EE91F0446864D8E6D6CFED87A9ED0765E76FE05E102 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:36:53.0566 0x06b0  msdsm - ok
12:36:53.0612 0x06b0  [ 7EC02CE772F068ED0BEAFA3DA341A9BC, 3B5B4EA0BF1D1E57F4DF74A569304A5EE41821F5E2F352760B8C9CA82C6D8292 ] MSDTC           C:\Windows\System32\msdtc.exe
12:36:53.0659 0x06b0  MSDTC - ok
12:36:53.0737 0x06b0  [ 704F59BFC4512D2BB0146AEC31B10A7C, F7712944DDC192C47953D577BE31B79B4D11217305B1C3D0DCA31B1518CB8DCB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:36:53.0768 0x06b0  Msfs - ok
12:36:53.0784 0x06b0  [ 00EBC952961664780D43DCA157E79B27, 4F8F5718D8574A128E0F6CD54C9BE59A93A7638A5689A8FF68D0C81D3E67808F ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:36:53.0784 0x06b0  msisadrv - ok
12:36:53.0800 0x06b0  [ 366B0C1F4478B519C181E37D43DCDA32, A98E2BC397FAD7D90653F55AC283CACAE7465D7F10A198D715046B1D896AF246 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:36:53.0831 0x06b0  MSiSCSI - ok
12:36:53.0831 0x06b0  msiserver - ok
12:36:53.0862 0x06b0  [ 0EA73E498F53B96D83DBFCA074AD4CF8, E3DDE34FCFF272E06CD8DA836F8D79E2515885715D4A7CD7BF8D97D7A4E0E781 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:36:53.0878 0x06b0  MSKSSRV - ok
12:36:53.0893 0x06b0  [ 52E59B7E992A58E740AA63F57EDBAE8B, A89F607B330BA1F42CA9FF01EF289BBD088350CF376568E58CB9865F1DA6CD72 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:36:53.0924 0x06b0  MSPCLOCK - ok
12:36:53.0956 0x06b0  [ 49084A75BAE043AE02D5B44D02991BB2, 4CD2692D191035CE9D18F4D21F054FF8C3F9CF2734464EA33EAB480A28AD447F ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:36:53.0987 0x06b0  MSPQM - ok
12:36:54.0002 0x06b0  [ B8E32E6103FBBA9FBB1D0C11FF0D13B5, A12F218C6B0AFE3CB6E3B5925CFF7FB586946924FA22F4D0478588F1B5CED53A ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:36:54.0018 0x06b0  MsRPC - ok
12:36:54.0034 0x06b0  [ 855796E59DF77EA93AF46F20155BF55B, 75DFCEE16A9D94EDF74295B9686D92552817E8A00958917CB0E17089EDCF6A97 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:36:54.0049 0x06b0  mssmbios - ok
12:36:54.0049 0x06b0  [ 86D632D75D05D5B7C7C043FA3564AE86, 96911FBC106B91E76598EE110B5147D4C55E42C9194E857F866B6B395E78D2CB ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:36:54.0080 0x06b0  MSTEE - ok
12:36:54.0096 0x06b0  [ DDF133501F68D6988A0F55DFA88637B4, 172CDD021E1EBB519168986021EB8129F9D9DF5DE658534C1D4FBDAF22D8B2E8 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:36:54.0096 0x06b0  Mup - ok
12:36:54.0143 0x06b0  [ C25022CDD18980846973B598900915F8, 43372D206BD98FFBA817551E6D66C8568314636FC0826476F2A706C1F6AFA6CF ] napagent        C:\Windows\system32\qagentRT.dll
12:36:54.0174 0x06b0  napagent - ok
12:36:54.0205 0x06b0  [ 7C81124EA83CCA576558371C6AC0896D, 716857583087F0AB81226BFA8DC0861F07B8CD6C90929EA5FD4D62D802949CB4 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:36:54.0221 0x06b0  NativeWifiP - ok
12:36:54.0267 0x06b0  [ 2A2EE457AF36C5C9A6808C768BD3A12B, 4AC487436B8B20E26BC0C8633B9BEFBB36CEA522CB5CDA8F5B8CB1EECBD06B94 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:36:54.0299 0x06b0  NDIS - ok
12:36:54.0314 0x06b0  [ 64DF698A425478E321981431AC171334, C43177CB60F5D58E1FF7A31E9BE5DA7D92C4B25235867DD65BADC069EDF023F3 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:36:54.0345 0x06b0  NdisTapi - ok
12:36:54.0345 0x06b0  [ 8BAA43196D7B5BB972C9A6B2BBF61A19, 8AFFB26F6E8CF67F562818BBFE12FB448E4FCDF9B68858B625681565DE30DDC1 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:36:54.0377 0x06b0  Ndisuio - ok
12:36:54.0392 0x06b0  [ 52E3E8E35101399BE9B2938C992AA087, FF71F48DFDEC95C7C57C2CBE2B2B94588683ADFC17B7702CFE49056B0A95A2AD ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:36:54.0423 0x06b0  NdisWan - ok
12:36:54.0439 0x06b0  [ 9CB77ED7CB72850253E973A2D6AFDF49, C3C15B317A7F7AE68B7BC62343962C47F075240F252727811DB4BEE443F9103F ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:36:54.0470 0x06b0  NDProxy - ok
12:36:54.0486 0x06b0  [ A499294F5029A7862ADC115BDA7371CE, 6BE0AAFE4EB59E056A929D6C1A009D8DFD547025481108CEFB12E5D6F86DBE14 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:36:54.0501 0x06b0  NetBIOS - ok
12:36:54.0533 0x06b0  [ 7A29CA243A629230799754162D80120F, 6856641397B5264EE0E35CBF77AD5B4A052D52B25DCC8757AAD9C0FAC7A4067E ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
12:36:54.0564 0x06b0  netbt - ok
12:36:54.0564 0x06b0  [ 1B461E9F6DB0EF829B4369F47A24BBEC, E90462284688FA593CD5632DEE45255D2759A58DF4D17AE830A64B686E7A700D ] Netlogon        C:\Windows\system32\lsass.exe
12:36:54.0579 0x06b0  Netlogon - ok
12:36:54.0611 0x06b0  [ 9B63B29DEFC0F3115A559D2597BF5D75, 297319D3F2E97CB34464EA59D8FD96AC2B8B1A4F2AEE666937F16A041128021F ] Netman          C:\Windows\System32\netman.dll
12:36:54.0642 0x06b0  Netman - ok
12:36:54.0657 0x06b0  [ 7846D0136CC2B264926A73047BA7688A, 6F56CC1B17095C378D98B58A92F9EDA2D009529DDB6F60E815D85C7606C8EDC0 ] netprofm        C:\Windows\System32\netprofm.dll
12:36:54.0704 0x06b0  netprofm - ok
12:36:54.0735 0x06b0  [ F9102685F97F9BA85F4A70AFCF722CFE, B7C067F8BBBD06D7AF3C72CE964CB071AB74E93924563A3E277DE04AD1A9AC1E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:36:54.0767 0x06b0  NetTcpPortSharing - ok
12:36:54.0845 0x06b0  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7, 8D7DE921E14BAF09D7E2704CFB2FB1C8A78A46DAF86CDF7A347C5D113A8C110B ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:36:54.0891 0x06b0  nfrd960 - ok
12:36:54.0907 0x06b0  [ F145BF4C4668E7E312069F81EF847CFC, C4926EFB41FE2813E90D83456C6CB8F3157D835391B443C7E26168F4E1D67DC7 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:36:54.0938 0x06b0  NlaSvc - ok
12:36:54.0969 0x06b0  [ B06154E2A2C91E9BE5599FCA53BC4CD0, 7D4DDF1B7C1A8B08231DB9A005CB83E5FBB9681FD35B12C29BA1C9DCA8A5678C ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:36:55.0001 0x06b0  Npfs - ok
12:36:55.0016 0x06b0  [ ACB62BAA1C319B17752553DF3026EEEB, 5A309DF390A097245250BB64AD5F8575BECA601E0A122DDCB494C67D3D9EA089 ] nsi             C:\Windows\system32\nsisvc.dll
12:36:55.0047 0x06b0  nsi - ok
12:36:55.0063 0x06b0  [ 1523AF19EE8B030BA682F7A53537EAEB, B000630CE4B562D39B5EE4148409B2E01D8924D33D27607B24ADC901357E7AA5 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:36:55.0094 0x06b0  nsiproxy - ok
12:36:55.0235 0x06b0  [ FE86BA5AC3B50E2CA911E9C60C07B638, 8C5E8FDA50C91A6B45DDA7D7BA70B28EDE48259E358E4F59AF9C3ABCD9396FB6 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:36:55.0406 0x06b0  Ntfs - ok
12:36:55.0453 0x06b0  [ DD5D684975352B85B52E3FD5347C20CB, BB03C50D5178643550C024130E20FD9A023AE110B3C85A2D6E18FB8DBB3A12E4 ] Null            C:\Windows\system32\drivers\Null.sys
12:36:55.0484 0x06b0  Null - ok
12:36:55.0531 0x06b0  [ 2C040B7ADA5B06F6FACADAC8514AA034, EF32F7C411090230ED1D95B2D01E8464DCC89D72EFD94BBC8DF6856D00B1A783 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:36:55.0578 0x06b0  nvraid - ok
12:36:55.0593 0x06b0  [ F7EA0FE82842D05EDA3EFDD376DBFDBA, 0ED0543A5331C0D8BBFD1BE3174482ED1B3EE70CA41CE8CE5C81977C37B3D129 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:36:55.0593 0x06b0  nvstor - ok
12:36:55.0609 0x06b0  [ 19067CA93075EF4823E3938A686F532F, 81339372E90CE9E2594461146A82B62452CF9DB3FF53381D30F6922059EDCF99 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:36:55.0609 0x06b0  nv_agp - ok
12:36:55.0625 0x06b0  NwlnkFlt - ok
12:36:55.0625 0x06b0  NwlnkFwd - ok
12:36:55.0640 0x06b0  [ 1B30103FDE512915A9214B108B6E7A9C, C572D3DCB2058A0619D165D4EFC389AFB6C93CDD70D80C29ED34C6397C88356B ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
12:36:55.0671 0x06b0  ohci1394 - ok
12:36:55.0734 0x06b0  [ 430F35C5592D253F43A26B4F5A523DBF, 0FE1E4BDBFF3DE8B363521C41D8EC56BD4504C129B155ED95731D43DA125B9BB ] p2pimsvc        C:\Windows\system32\p2psvc.dll
12:36:55.0765 0x06b0  p2pimsvc - ok
12:36:55.0812 0x06b0  [ 430F35C5592D253F43A26B4F5A523DBF, 0FE1E4BDBFF3DE8B363521C41D8EC56BD4504C129B155ED95731D43DA125B9BB ] p2psvc          C:\Windows\system32\p2psvc.dll
12:36:55.0843 0x06b0  p2psvc - ok
12:36:55.0874 0x06b0  [ AECD57F94C887F58919F307C35498EA0, CD8E8B54A445EF0DC485D5F221588875C98328596F64EE03B2D8BD0B860504FB ] Parport         C:\Windows\system32\drivers\parport.sys
12:36:55.0921 0x06b0  Parport - ok
12:36:55.0937 0x06b0  [ 5AB40C36894F4C06BDAB0C9A2FBA282D, AD3F5BC00EC03250F103BB854DD94A98D2F1BE283C1C985B4E8DDB6D56B9BC15 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:36:55.0937 0x06b0  partmgr - ok
12:36:55.0952 0x06b0  [ 9AB157B374192FF276C1628FBDBA2B0E, E63E2EE1ABEEC5234F4F1318757EDB4A7567057B1DF1A2414C8698D47062B6AC ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:36:55.0952 0x06b0  PcaSvc - ok
12:36:55.0983 0x06b0  [ 2A5B2A51559066EA84742909B5B2CD69, 62ACE27DD439D28FA0FA9A701443A25EDF9BC390BBB25332FC04BF3377795053 ] pci             C:\Windows\system32\drivers\pci.sys
12:36:55.0983 0x06b0  pci - ok
12:36:56.0061 0x06b0  [ 8D618C829034479985A9ED56106CC732, 9F3773A5184064092920FA2C88CCF5BFE44C63573B443E67230C4F596B7884C2 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:36:56.0061 0x06b0  pciide - ok
12:36:56.0124 0x06b0  [ 037661F3D7C507C9993B7010CEEE6288, A7B415675B14FD755D0167BBA458A902AA9ABFC4343A1B887289D31DE8A55285 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:36:56.0171 0x06b0  pcmcia - ok
12:36:56.0249 0x06b0  [ 58865916F53592A61549B04941BFD80D, 3511AF2EFD06636E144C36ECA8C7AA1A33C269EDB10A6D879AA25D9E11359AA9 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:36:56.0327 0x06b0  PEAUTH - ok
12:36:56.0576 0x06b0  [ 0ED8727EA0172860F47258456C06CAEA, 3CDAA1044E412EC4303CEABD36A8C7BADA2D6C6692E09B8FE440709E3F4F0166 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:36:56.0592 0x06b0  PerfHost - ok
12:36:56.0670 0x06b0  [ E9E68C1A0F25CF4A7AC966EEA74EE89E, 6C6903A856C29AD690FDA1B74ADB2222C3453FBE2B364245FA61D53C77C586C0 ] pla             C:\Windows\system32\pla.dll
12:36:56.0810 0x06b0  pla - ok
12:36:56.0904 0x06b0  [ 5AAA0C5534B05ED49919FCD9DBD11A5B, E12044443B0495274D422A851878CC96CAA3C37EA9D4F7C500BE45DFF1060FAA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:36:56.0950 0x06b0  PlugPlay - ok
12:36:57.0028 0x06b0  [ 430F35C5592D253F43A26B4F5A523DBF, 0FE1E4BDBFF3DE8B363521C41D8EC56BD4504C129B155ED95731D43DA125B9BB ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
12:36:57.0122 0x06b0  PNRPAutoReg - ok
12:36:57.0153 0x06b0  [ 430F35C5592D253F43A26B4F5A523DBF, 0FE1E4BDBFF3DE8B363521C41D8EC56BD4504C129B155ED95731D43DA125B9BB ] PNRPsvc         C:\Windows\system32\p2psvc.dll
12:36:57.0200 0x06b0  PNRPsvc - ok
12:36:57.0294 0x06b0  [ 93EDFB7BE39DC47645069B4890B2CE7E, 2276D637C2E231DB7029E02F0402AC6983128AAF90E7999CD9A2F118DBE453F9 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:36:57.0340 0x06b0  PolicyAgent - ok
12:36:57.0372 0x06b0  [ F5739F2C6DB2534C384AD5150808E8F5, CCA899B2D3477219E1424A7162AEF367AD9B8FF88E4782DAC6C74EC70247C552 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:36:57.0403 0x06b0  PptpMiniport - ok
12:36:57.0418 0x06b0  [ 5080E59ECEE0BC923F14018803AA7A01, 2E201511821AECCF056962399AFA3533ED765A3E7FD30E7B38A6D13837367E69 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:36:57.0450 0x06b0  Processor - ok
12:36:57.0481 0x06b0  [ B21FE10DAD3AB59E78DF7AA3FBF41E70, 11CFACDEDE7FB6FA100E4611CAC32AFDCA556D4BDF674943695FACC44E11EA2C ] ProfSvc         C:\Windows\system32\profsvc.dll
12:36:57.0512 0x06b0  ProfSvc - ok
12:36:57.0684 0x06b0  [ 1B461E9F6DB0EF829B4369F47A24BBEC, E90462284688FA593CD5632DEE45255D2759A58DF4D17AE830A64B686E7A700D ] ProtectedStorage C:\Windows\system32\lsass.exe
12:36:57.0684 0x06b0  ProtectedStorage - ok
12:36:57.0699 0x06b0  [ CE3AECB2BF2C377380EE028864841F4E, 94CA9C573E91695DDFB93FDBCFD0F58FE4460A443E1BE0A678FC02FC096C145B ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
12:36:57.0730 0x06b0  PSched - ok
12:36:57.0808 0x06b0  [ 0B83F4E681062F3839BE2EC1D98FD94A, 47E1B8014C59981693F5544872AF00383528AAEF0C6FE9AE8C45A6359EFB067D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:36:57.0980 0x06b0  ql2300 - ok
12:36:58.0011 0x06b0  [ E1C80F8D4D1E39EF9595809C1369BF2A, 5C18F8366049C690FC8AA4A992AA0765A6607F72E0EF889A5F3757E59FB1C143 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:36:58.0011 0x06b0  ql40xx - ok
12:36:58.0042 0x06b0  [ 90574842C3DA781E279061A3EFF91F07, F87DE7355DAA4FACF2126A0427C08BAAD9E647E0B02EE5447746BE969B28DA8D ] QWAVE           C:\Windows\system32\qwave.dll
12:36:58.0074 0x06b0  QWAVE - ok
12:36:58.0105 0x06b0  [ E8D76EDAB77EC9C634C27B8EAC33ADC5, 171A3C5D5C3C5845C3BF9A4BCD88E744B025C910AC2F528D0E7D66F173FF0BED ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:36:58.0120 0x06b0  QWAVEdrv - ok
12:36:58.0136 0x06b0  [ 1013B3B663A56D3DDD784F581C1BD005, 36B83F234C2D6A6112BC8B5EF0AB5075EE98AC0BED702C37E4C1C3D17EB49956 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:36:58.0152 0x06b0  RasAcd - ok
12:36:58.0183 0x06b0  [ B2AE18F847D07F0044404DDF7CB04497, 24B1D5E1D0621160640264656E3D447C611DEE1B0EE308971EF85F0AC3D9F7DD ] RasAuto         C:\Windows\System32\rasauto.dll
12:36:58.0214 0x06b0  RasAuto - ok
12:36:58.0230 0x06b0  [ 3B9085F91EF00ABD15A6F36570E90E12, 9FE715633828ECED7D9BA050F212AA2AE305023CB9ECF86E5C4029D2906F953B ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:36:58.0261 0x06b0  Rasl2tp - ok
12:36:58.0276 0x06b0  [ 2A63D46B01685FD4BE9778CA3C231C2D, 5FE84104BBACE5BBC22AC6A30B67E1E707383E0B17AD1D27C11FE9B9E6B0F192 ] RasMan          C:\Windows\System32\rasmans.dll
12:36:58.0308 0x06b0  RasMan - ok
12:36:58.0323 0x06b0  [ 2CE1703C27196094FB6E4C6E439F2C21, CA15FC617DA68697BE06E9262D5D1291211C9BAC125BAC4842A740D88627B283 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:36:58.0354 0x06b0  RasPppoe - ok
12:36:58.0370 0x06b0  [ FCD04FA67E8B40FA0AD361DD38593942, 380292419783FA5B8BEE0CEF66CED3B5CF740FF41F50902FA99611367C0533BE ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:36:58.0401 0x06b0  RasSstp - ok
12:36:58.0417 0x06b0  [ 33FA5B6136D92EE0F53F021C79091300, BEF7E6D07ACF2011D512B267FAED0D9F5165DA5F7DA646396523DEFDF0C21E18 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:36:58.0448 0x06b0  rdbss - ok
12:36:58.0479 0x06b0  [ 603900CC05F6BE65CCBF373800AF3716, 83B010D51D1087673CF15FD0A992FD91CC910A073FEA9A8F20F6124B6E5489F2 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:36:58.0495 0x06b0  RDPCDD - ok
12:36:58.0588 0x06b0  [ C045D1FB111C28DF0D1BE8D4BDA22C06, 572986C93B982387EE94797A1EDE1C6C444B0F1078AC8201099452BFA021458F ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
12:36:58.0635 0x06b0  rdpdr - ok
12:36:58.0635 0x06b0  [ CAB9421DAF3D97B33D0D055858E2C3AB, 66C353CD310A91FAB0D0871ACCE71110595B63536560D0331DA70B1E33AC45BE ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:36:58.0666 0x06b0  RDPENCDD - ok
12:36:58.0682 0x06b0  [ 7747082F672AA2846235C9CEA42E2E72, F675464466311DEE6B4EC07B4F734120DEAF4CA32AD6BB02D3C1D4C7D3CBE710 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:36:58.0713 0x06b0  RDPWD - ok
12:36:58.0744 0x06b0  [ C612B9557DA73F70D41F8A6FBC8E5344, D7D11F202066F848FBD3F26D9FF915C7F3D68F30631393B2049F3AC5A40FD108 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:36:58.0776 0x06b0  RemoteAccess - ok
12:36:58.0807 0x06b0  [ 416C611369CBE49074B89CEE2F83ABEF, 238F1F5C532344E63EA23891657E30B00EB4D091C3B485432ED7E814C1026D4F ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:36:58.0838 0x06b0  RemoteRegistry - ok
12:36:58.0854 0x06b0  [ F46C457840D4B7A4DAAFEE739CE04102, 94E946036240B3BAFF17C4A49745E29E492ABBC7BE5110741B212DF4D7F45B84 ] RpcLocator      C:\Windows\system32\locator.exe
12:36:58.0854 0x06b0  RpcLocator - ok
12:36:58.0900 0x06b0  [ FF27BE0BA7B3C48D5C99AFCB56D436C2, 273A28980125B149BFD41B3AF290A4ED4FBB85BECF36CD33F4870D0E1BDACDE9 ] RpcSs           C:\Windows\system32\rpcss.dll
12:36:58.0947 0x06b0  RpcSs - ok
12:36:58.0963 0x06b0  [ 22A9CB08B1A6707C1550C6BF099AAE73, 46A9D40A03DC0B6C93274C0C1CDB132B2339E76E77CAB0F12AEDAD4C31822B91 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:36:58.0994 0x06b0  rspndr - ok
12:36:58.0994 0x06b0  [ 1B461E9F6DB0EF829B4369F47A24BBEC, E90462284688FA593CD5632DEE45255D2759A58DF4D17AE830A64B686E7A700D ] SamSs           C:\Windows\system32\lsass.exe
12:36:58.0994 0x06b0  SamSs - ok
12:36:59.0025 0x06b0  [ CD9C693589C60AD59BBBCFB0E524E01B, F9EBD4FF4C712A563B1120D123012E41105D31402BE45D6F8C8DA71155D64ECB ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:36:59.0025 0x06b0  sbp2port - ok
12:36:59.0041 0x06b0  [ F024D560FEA06F8B56D673849EB89AE6, 0D7D9642363C05750D068A3A484D268D1BAA56A87D7D7C521EACCD45A5863EC2 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:36:59.0072 0x06b0  SCardSvr - ok
12:36:59.0119 0x06b0  [ C74C6C01353D87AAFE1193B426D667B0, 468528CB3B6802760C88E0470B82C6DD3E9F3D76056AE238647585A080CA2B69 ] Schedule        C:\Windows\system32\schedsvc.dll
12:36:59.0181 0x06b0  Schedule - ok
12:36:59.0197 0x06b0  [ EDFFFC8B6AFB609BF33DBE0A900426B6, 069E51698CADB01800CD4D1D98010B809652A93647670EC612373D154FA1E9CC ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:36:59.0212 0x06b0  SCPolicySvc - ok
12:36:59.0243 0x06b0  [ 4FF71B076A7760FE75EA5AE2D0EE0018, DDDBC9530120F8C1AB449076F6F06F74354149B4C458E6682F957628EE795DE8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:36:59.0243 0x06b0  SDRSVC - ok
12:36:59.0275 0x06b0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:36:59.0337 0x06b0  secdrv - ok
12:36:59.0353 0x06b0  [ 5ACDCBC67FCF894A1815B9F96D704490, FE0247A8BEDB860EBD46A9D49C641D0B9AA24EE34132CDDADC9F5A605238FDA7 ] seclogon        C:\Windows\system32\seclogon.dll
12:36:59.0368 0x06b0  seclogon - ok
12:36:59.0431 0x06b0  [ 90973A64B96CD647FF81C79443618EED, 1D3CB7F724B7EADA6443DF07B258EE7FB7FEC92C2A7A9D3C57F6A220EF0DDDC4 ] SENS            C:\Windows\System32\sens.dll
12:36:59.0446 0x06b0  SENS - ok
12:36:59.0477 0x06b0  [ 2449316316411D65BD2C761A6FFB2CE2, A428D3B4E113D3CB6DD87CC52CF71E179189A9A9E326B39FB50C7B3155A41A88 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:36:59.0555 0x06b0  Serenum - ok
12:36:59.0571 0x06b0  [ 4B438170BE2FC8E0BD35EE87A960F84F, A585E17607DCB3E79518BC9914C7030C39B30A1B5B5B32137DABA32FF7079858 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:36:59.0633 0x06b0  Serial - ok
12:36:59.0649 0x06b0  [ A842F04833684BCEEA7336211BE478DF, 9D964AEA237C44898098AC9C2D043F00C66EDA7D73C381D616737C01A9D0FF45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:36:59.0696 0x06b0  sermouse - ok
12:36:59.0727 0x06b0  [ A8E4A4407A09F35DCCC3771AF590B0C4, F56ECE42CE81098FCCBCDFBBF006C3FB9EDD29C62F03C4EAE012EE690669481B ] SessionEnv      C:\Windows\system32\sessenv.dll
12:36:59.0758 0x06b0  SessionEnv - ok
12:36:59.0774 0x06b0  [ 14D4B4465193A87C127933978E8C4106, A5C3F2F09E9A0715529B05AC1020EF0F432121E129447795257087E0D6A812FC ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:36:59.0805 0x06b0  sffdisk - ok
12:36:59.0821 0x06b0  [ 7073AEE3F82F3D598E3825962AA98AB2, 82A959A0970CBA8CC16D44736ED12158E59E138484F3F53EBDD3A4C02DA3700D ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:36:59.0836 0x06b0  sffp_mmc - ok
12:36:59.0852 0x06b0  [ 35E59EBE4A01A0532ED67975161C7B82, 4F4296B8903FCD06439CC8BF93C703852E523834F09CF9121FDA729A988AF11B ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:36:59.0883 0x06b0  sffp_sd - ok
12:36:59.0914 0x06b0  [ 6B7838C94135768BD455CBDC23E39E5F, 868E054ED546479DEAD7C2834C7AB080820522C16F5B4BEF0F3B279A33ABA9C8 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:36:59.0961 0x06b0  sfloppy - ok
12:36:59.0992 0x06b0  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34, 9659C7B5046DE2C0416A74FDE6F798C3E78D38327CB71BAE49D57A8347A9097D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:37:00.0070 0x06b0  SharedAccess - ok
12:37:00.0101 0x06b0  [ EB3114330236CF030E8EDF62881BAF67, 7F5EC4BE25AD165A30BB1210FA4CB22D45F64010B9D4BA30804130A0E52BDAD5 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:37:00.0133 0x06b0  ShellHWDetection - ok
12:37:00.0148 0x06b0  [ 7A5DE502AEB719D4594C6471060A78B3, E8E16DF8AFFC230FBB1A5938925D464A1BA776184B8C020B37669EE2105DB9F2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
12:37:00.0164 0x06b0  SiSRaid2 - ok
12:37:00.0195 0x06b0  [ 3A2F769FAB9582BC720E11EA1DFB184D, 83EEBCE37E8709FCE15FB44F546C727C56064ED49B73A471EA33480573558419 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:37:00.0211 0x06b0  SiSRaid4 - ok
12:37:00.0367 0x06b0  [ A301D2CEFB4747DFE0C24425DCBE0B78, 1F6863002B67D130C60C713C804CE907619B8E0A32A5654958898303DC3D6297 ] slsvc           C:\Windows\system32\SLsvc.exe
12:37:00.0507 0x06b0  slsvc - ok
12:37:00.0538 0x06b0  [ F5DDF7C0AF85EB72CB295171F8C3CB35, AD52F3BEF6B20C9901024BA7AB30BDFC38408304EA3A3A9ADD72FDAF1166EC39 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
12:37:00.0569 0x06b0  SLUINotify - ok
12:37:00.0601 0x06b0  [ 41EB2E8E005FEEDCAFCE301983EFF932, 53A40A9B6EE1E95641DFA81498504C97CA50E3F344AC0DF368E9DC1A8B208F3D ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:37:00.0632 0x06b0  Smb - ok
12:37:00.0647 0x06b0  [ F8F47F38909823B1AF28D60B96340CFF, EFD948EE09F22F9F373A98BA6D9BC519FD9244986E4BE7B2BACD92D3C145AD1D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:37:00.0663 0x06b0  SNMPTRAP - ok
12:37:00.0679 0x06b0  [ F9CB0672162F7F04248E2B82C1FF4617, 0C7CF505FE72FE06CAEE085500DF1F41AADFEA31F6026B1AB8D9450351E858BB ] spldr           C:\Windows\system32\drivers\spldr.sys
12:37:00.0679 0x06b0  spldr - ok
12:37:00.0710 0x06b0  [ E6519A9E756D74DC51C697BA62162F51, A7A26F54BD74A557B12D4EDD8FECC0742A50E2EDA9FB04C1B59152543960D623 ] Spooler         C:\Windows\System32\spoolsv.exe
12:37:00.0741 0x06b0  Spooler - ok
12:37:00.0788 0x06b0  [ B02F20D0D581496B826E21F8572C62B0, C1CF372F2D8D291564BCCB543A36DD01E7EE78CA23CC3B56BB2155D5B06ADD70 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:37:00.0928 0x06b0  srv - ok
12:37:00.0959 0x06b0  [ 68DCD148225F40EF1CDF6CFC115CB6FE, FF024C72119D89619ECFC41501694C030B27FF527C9434D1FFDCD77B4CB0B732 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:37:00.0991 0x06b0  srv2 - ok
12:37:01.0037 0x06b0  [ 4D0858B640CDBCBA671C5439A8EF45CB, 15FD4E95C706CABA5278C5FC6EB8CB4D880F769EFD4956BB6D8C782D8CF05974 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:37:01.0069 0x06b0  srvnet - ok
12:37:01.0084 0x06b0  [ 192C74646EC5725AEF3F80D19FF75F6A, 8F24FF139A46B1F837356B9D682526107D7BADCFA510842FEACB6F06C02D93D9 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:37:01.0147 0x06b0  SSDPSRV - ok
12:37:01.0349 0x06b0  [ 2EE3FA0308E6185BA64A9A7F2E74332B, EC6A15281685E6CDEADABDFD08C4AF980AD3B404C945EB121D7F90AFCA3D6849 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:37:01.0458 0x06b0  SstpSvc - ok
12:37:01.0552 0x06b0  [ F14F7D7D68A66777FB999D5D0F21138D, 02D84EF557A9D407ADCCF74DBD0E9D13E33B6F2D7C564386CD7412C3814ADD5C ] stisvc          C:\Windows\System32\wiaservc.dll
12:37:01.0614 0x06b0  stisvc - ok
12:37:01.0630 0x06b0  [ 8A851CA908B8B974F89C50D2E18D4F0C, 27EA13E50B5B72ABF6C5B7B7D34A7154A12BB27B1C1B2EEFCAA36A96010DB4DC ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:37:01.0646 0x06b0  swenum - ok
12:37:01.0692 0x06b0  [ DA34D6EB4A3154C0BEBAEB0A2483EF3E, B101B4C551F112F486F26FD222116FA08ADDB9804ABDFF6288826049AEE39D7A ] swprv           C:\Windows\System32\swprv.dll
12:37:01.0786 0x06b0  swprv - ok
12:37:01.0942 0x06b0  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B, 0227EAF144BC35AA4FF2535E8C9974C0609B7634EE45F4166B9F88F79B17BBF1 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
12:37:01.0958 0x06b0  Symc8xx - ok
12:37:01.0973 0x06b0  [ A909667976D3BCCD1DF813FED517D837, 0874DD4C1CA7AE2E519EBB45433BC9F11A574408F5D2F9E23A340CA76512F5CE ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
12:37:01.0973 0x06b0  Sym_hi - ok
12:37:01.0989 0x06b0  [ 36887B56EC2D98B9C362F6AE4DE5B7B0, 7349FABACB633A9EEE3D4E241A5F443C28D23CC87F21EAAB3F1711644AA21D7C ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
12:37:01.0989 0x06b0  Sym_u3 - ok
12:37:02.0145 0x06b0  [ BEA0D5521ED21DF8F6FFEED86DAEDE7B, E13E998787C3B6822A45C3544AB3FD1DEC60311D93C1CA0977049324F6B3820D ] SysMain         C:\Windows\system32\sysmain.dll
12:37:02.0238 0x06b0  SysMain - ok
12:37:02.0270 0x06b0  [ 005CE42567F9113A3BCCB3B20073B029, B1831D71410AD6E7DEB59D26BF6D2D07D2F6112936D6A6FDA57E9296ADA4076D ] TabletInputService C:\Windows\System32\TabSvc.dll
12:37:02.0285 0x06b0  TabletInputService - ok
12:37:02.0301 0x06b0  [ 52091001CAF20AE84CF47023EE21B4BB, DBF5ED374CFE2B597C2179E7DD70641BF69B5B1083EE7403DCE9CEE0315C2F65 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:37:02.0332 0x06b0  TapiSrv - ok
12:37:02.0363 0x06b0  [ CDBE8D7C1E201B911CDC346D06617FB5, 16D5965E32A109DA38D77F4B6281081569D78371B2F522DE51100967F8776C7A ] TBS             C:\Windows\System32\tbssvc.dll
12:37:02.0379 0x06b0  TBS - ok
12:37:02.0426 0x06b0  [ 7A1183FBB802F5ABAD7FA18BC67E0858, B85669A805BA49266D1306FA2011795C51BD7047662D7A5540C1D09F550AB1C3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:37:02.0472 0x06b0  Tcpip - ok
12:37:02.0535 0x06b0  [ 7A1183FBB802F5ABAD7FA18BC67E0858, B85669A805BA49266D1306FA2011795C51BD7047662D7A5540C1D09F550AB1C3 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
12:37:02.0582 0x06b0  Tcpip6 - ok
12:37:02.0613 0x06b0  [ C29D4B3B08AD0B7E8564814E4FF6A57B, ABB547D4CA8BCAAED15AC2BA1B2760DE2E94CB3A108E543B402F0034601515A0 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:37:02.0628 0x06b0  tcpipreg - ok
12:37:02.0644 0x06b0  [ 1D8BF4AAA5FB7A2761475781DC1195BC, A28E972E9331BAD685D4C786FDE221565E0AD3E222B24B9182B7FA916BFCD9C8 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:37:02.0660 0x06b0  TDPIPE - ok
12:37:02.0675 0x06b0  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1, 42A408E82D4017D27D3B0BBBA02BF4B21DEC060C89849785ED65962D18029B65 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:37:02.0706 0x06b0  TDTCP - ok
12:37:02.0722 0x06b0  [ 8C39C72E0E853DE04748C0337D9B9216, 40A709FEC9A32DB9A2FDC217F4A21134BC184DABA1AB8BE71768559FD6D4136B ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:37:02.0753 0x06b0  tdx - ok
12:37:02.0753 0x06b0  [ 3F0EBF6EE609F2A276C0D5FAF244EC90, 4D5FEE6DCDCB8864F623D5E19BECCB6ECAFA0DBD8C37152FE81B0011EF4343A6 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:37:02.0753 0x06b0  TermDD - ok
12:37:02.0784 0x06b0  [ F870A5589D6A94B426EFB13689023946, C02AC39DEEB89DA115C13914A018FFF471093850EDBAF904D7BD45C107F3F18E ] TermService     C:\Windows\System32\termsrv.dll
12:37:02.0831 0x06b0  TermService - ok
12:37:02.0847 0x06b0  [ EB3114330236CF030E8EDF62881BAF67, 7F5EC4BE25AD165A30BB1210FA4CB22D45F64010B9D4BA30804130A0E52BDAD5 ] Themes          C:\Windows\system32\shsvcs.dll
12:37:02.0894 0x06b0  Themes - ok
12:37:02.0894 0x06b0  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] THREADORDER     C:\Windows\system32\mmcss.dll
12:37:02.0925 0x06b0  THREADORDER - ok
12:37:02.0956 0x06b0  [ F4689F05AF472A651A7B1B7B02D200E7, 3D34B8879DBC69013D1A87A3F47B8A622A60B57F2E962E9F5925C5A01F44640F ] TrkWks          C:\Windows\System32\trkwks.dll
12:37:02.0987 0x06b0  TrkWks - ok
12:37:03.0034 0x06b0  [ AC6FF1DF22ED90BAD6417EE5A4C6E2F0, B5114E2DF7C1E994EA53B08F761DD5C84E1EE57B574C6ADAD103BEC464887A4C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:37:03.0065 0x06b0  TrustedInstaller - ok
12:37:03.0081 0x06b0  [ 9E5409CD17C8BEF193AAD498F3BC2CB8, 7CCBDA9D2B34996F19714F108837F9BF10E9DCB93EBCE24451FD01C073D6BE12 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:37:03.0112 0x06b0  tssecsrv - ok
12:37:03.0143 0x06b0  [ 89EC74A9E602D16A75A4170511029B3C, AACD82A6F5FE31FF1315F5CA69E5EB6BD172DD86610F0641177CCC131B542034 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
12:37:03.0159 0x06b0  tunmp - ok
12:37:03.0174 0x06b0  [ F6A4FBA7C03AC2EFD00F3301C0C1E067, 6C1A1620A244A3F0F25EABF40969C28FC1CFE98CE0FF330574DE2FF2A797FE54 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:37:03.0190 0x06b0  tunnel - ok
12:37:03.0221 0x06b0  [ FEC266EF401966311744BD0F359F7F56, 6EE0223AEFA7A81BEB155FC0CD4421C2BEBCDCBC9663C23064B0445101114BF8 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:37:03.0237 0x06b0  uagp35 - ok
12:37:03.0252 0x06b0  [ ECA6629E33F122AFFF18A2AB7C3EB033, 1E2C126DECCCEA2AFFBFE57DEA5CEBB72002697BAA1885DE2515EAA072B39E94 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:37:03.0284 0x06b0  udfs - ok
12:37:03.0315 0x06b0  [ 060507C4113391394478F6953A79EEDC, 5D0AE5F1184165289DC8E8CD493607FCB68512CF90F748E3BFD2250655D784D4 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:37:03.0330 0x06b0  UI0Detect - ok
12:37:03.0346 0x06b0  [ 4EC9447AC3AB462647F60E547208CA00, F304125321B1ECA915EDDBDB6A71EAEF3123DCB5604C9497D72F12E0C1BD5315 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:37:03.0362 0x06b0  uliagpkx - ok
12:37:03.0377 0x06b0  [ 697F0446134CDC8F99E69306184FBBB4, A741882B8FE403E3A5DECED5D4A2254B14AF40ACECD4DAA3D00D71C2205C2C5F ] uliahci         C:\Windows\system32\drivers\uliahci.sys
12:37:03.0393 0x06b0  uliahci - ok
12:37:03.0408 0x06b0  [ 31707F09846056651EA2C37858F5DDB0, A619AC4B32EA77AC29458894614870086C4DDB81525ADBCFF1AB8970FC5C257A ] UlSata          C:\Windows\system32\drivers\ulsata.sys
12:37:03.0424 0x06b0  UlSata - ok
12:37:03.0440 0x06b0  [ 85E5E43ED5B48C8376281BAB519271B7, DBDA4216553F7C5EA0C579346D0A638E62766D5B8FCB1BFF3149BB37BBF978D3 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
12:37:03.0455 0x06b0  ulsata2 - ok
12:37:03.0455 0x06b0  [ 46E9A994C4FED537DD951F60B86AD3F4, 256F93ED3BD43B50F0D4489164D959F95AB070CC25A80A46355D2B387D336224 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:37:03.0486 0x06b0  umbus - ok
12:37:03.0502 0x06b0  [ 7093799FF80E9DECA0680D2E3535BE60, 1CBFCCA84CB9212176BF5A1D32334BD54E58A2668A4746252738800468AD4AD4 ] upnphost        C:\Windows\System32\upnphost.dll
12:37:03.0564 0x06b0  upnphost - ok
12:37:03.0596 0x06b0  [ 07E3498FC60834219D2356293DA0FECC, EBFC4AD49F110CD9135F3C0385204A2A31A8DAF654D016BA03FE1DC4F7C184DA ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:37:03.0658 0x06b0  usbccgp - ok
12:37:03.0689 0x06b0  [ 9247F7E0B65852C1F6631480984D6ED2, E3360A0EE891B8BADEF5FF53F796C79D6AD218961087F866E451F3B6F278672A ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:37:03.0736 0x06b0  usbcir - ok
12:37:03.0767 0x06b0  [ DA6D8D8ED0A53C63AC6F4BD40FE83FBE, B233209143118B7A5C65FDB0FF45864173CDAC1B6B686849E05C5DE492452372 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:37:03.0798 0x06b0  usbehci - ok
12:37:03.0830 0x06b0  [ 99045369AE3216216573D0775FD7ED56, 9CDBCF35C9127824E8EB87006E6AB0BE33AAA1BE429879384A5DD44A8950C5E0 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:37:03.0892 0x06b0  usbhub - ok
12:37:03.0923 0x06b0  [ 540B622DA0949695C40CDC9D5D497A8B, 2390308ABE02AB169B708F05C17F753EBF2B2FEE57629CA8919E9420157A06FF ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
12:37:03.0954 0x06b0  usbohci - ok
12:37:03.0954 0x06b0  [ ACFEE697AF477021BB3EC78C5431FED2, DE529549074E7CA1601D889D62CFF45F00741EB584F9F2091D61527944334C2A ] usbprint        C:\Windows\system32\drivers\usbprint.sys
12:37:04.0001 0x06b0  usbprint - ok
12:37:04.0001 0x06b0  USBSTOR - ok
12:37:04.0017 0x06b0  [ B2872CBF9F47316ABD0E0C74A1ABA507, E9FB3EEA1D834A035675E22A3224E4E278C4D304F6511822D83250409D62BD3A ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
12:37:04.0048 0x06b0  usbuhci - ok
12:37:04.0063 0x06b0  [ 9190F03C82547AFA87367F1CECA88F3B, E1DD21F87A9D149E0C10146C96D0B655FE4D7418984C45FCC17FDD6233F5CEA1 ] UxSms           C:\Windows\System32\uxsms.dll
12:37:04.0079 0x06b0  UxSms - ok
12:37:04.0110 0x06b0  [ C15A4A550CBA7B9F1F68B72528E04CE1, B1C480ADD2E068E1662783D9C2653D45301F404E6C65942BEDAD45935B0FADAE ] vds             C:\Windows\System32\vds.exe
12:37:04.0157 0x06b0  vds - ok
12:37:04.0173 0x06b0  [ 916B94BCF1E09873FFF2D5FB11767BBC, 072007FED4EF30C4D7AF8628CBEB2AC99EEAD99D7AB533E90E3748E3D4F11C28 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:37:04.0204 0x06b0  vga - ok
12:37:04.0219 0x06b0  [ B83AB16B51FEDA65DD81B8C59D114D63, 97D39AA763037752D87216B83896AFD2AD6DFEBB3BCDCED7A9ABFE5706B804C5 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:37:04.0251 0x06b0  VgaSave - ok
12:37:04.0282 0x06b0  [ 8294B6C3FDB6C33F24E150DE647ECDAA, FEBD9536EF61F700DFD5D9CB815808C8415D5B23590B3CE17B12D84F4670EA4D ] viaide          C:\Windows\system32\drivers\viaide.sys
12:37:04.0282 0x06b0  viaide - ok
12:37:04.0297 0x06b0  [ 793D9B32A1C462C91F6F70358283AC97, 0B037004FCDCCACD453969B76434FAAC1516E990359D5983F0A2BB910406322B ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:37:04.0297 0x06b0  volmgr - ok
12:37:04.0329 0x06b0  [ 5AA217DA5DC4FF5B9AC9AB86563B3223, 306A43A4E87CBC2B16FD398022DFB5DF05B8C062B3D1F1533E6684DF9069C3F2 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:37:04.0344 0x06b0  volmgrx - ok
12:37:04.0360 0x06b0  [ DE4307412D98050239026E56A7DFF3C0, F7D30DE55ED26483DBC84261E1EAA8C4A4485EBAF16A57DF1E14595A4992BF4D ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:37:04.0375 0x06b0  volsnap - ok
12:37:04.0391 0x06b0  [ A68F455ED2673835209318DD61BFBB0E, 8B2B255E8E2F8B415F7AC0F7F4C423F639DD47737F7CEE0F7C816D9A6893C5F7 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:37:04.0407 0x06b0  vsmraid - ok
12:37:04.0469 0x06b0  [ 186BD53F8A408AD20F5A056C05678629, 455D72554244B5EDFC0892EC509DB568FDE5C78562355049C06531B82CBB0DB4 ] VSS             C:\Windows\system32\vssvc.exe
12:37:04.0547 0x06b0  VSS - ok
12:37:04.0578 0x06b0  [ BA29F34A61CB55C0DEE29E787542EDF4, D24B72676663588EBFB20C6C5196963E1514643A8BA655FA412BE365952A7F39 ] W32Time         C:\Windows\system32\w32time.dll
12:37:04.0672 0x06b0  W32Time - ok
12:37:04.0734 0x06b0  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7, D682FBF78CF987609AF35A019E7C90CBE02800D7DFC272FFDD71D82AA362FA7A ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:37:04.0765 0x06b0  WacomPen - ok
12:37:04.0781 0x06b0  [ AEA75207E443C8623C36B8D03596F84F, 0447EE2EFDD681C51E44DCBB041E81A0D54CF99A3B85B91408565852754408AF ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
12:37:04.0843 0x06b0  Wanarp - ok
12:37:04.0843 0x06b0  [ AEA75207E443C8623C36B8D03596F84F, 0447EE2EFDD681C51E44DCBB041E81A0D54CF99A3B85B91408565852754408AF ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:37:04.0875 0x06b0  Wanarpv6 - ok
12:37:04.0906 0x06b0  [ 055449247C490E24B968B44FE8A969EB, 7E48C1307FA403D9C618DF4087DC5C2B077C2215AA592F3E78461D1FB49D184C ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:37:04.0968 0x06b0  wcncsvc - ok
12:37:05.0015 0x06b0  [ EA4B369560E986F19D93F45A881484AC, B61411D64901C9CB8C80402CD1E8808F5A0FACA38206C8D584C7C1019F5ADF5A ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:37:05.0046 0x06b0  WcsPlugInService - ok
12:37:05.0062 0x06b0  [ 0C17A0816F65B89E362E682AD5E7266E, 6233213D07B234056A1EC6FE1166A65371645269132B428FF3A29DDC0000301A ] Wd              C:\Windows\system32\drivers\wd.sys
12:37:05.0062 0x06b0  Wd - ok
12:37:05.0109 0x06b0  [ D02E7E4567DA1E7582FBF6A91144B0DF, 04053B988801235AB6C5616AA616B6EC43E3F36882327589524B88DE19B14EF9 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:37:05.0155 0x06b0  Wdf01000 - ok
12:37:05.0171 0x06b0  [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:37:05.0202 0x06b0  WdiServiceHost - ok
12:37:05.0249 0x06b0  [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:37:05.0280 0x06b0  WdiSystemHost - ok
12:37:05.0405 0x06b0  [ 3D4AB55F8178FD0CD3CA45CD0EC9CF5B, C139A7C93E72EA25AEFBB75A0D31994F2E77412D40B39938033DF91187E43D76 ] WebClient       C:\Windows\System32\webclnt.dll
12:37:05.0436 0x06b0  WebClient - ok
12:37:05.0467 0x06b0  [ BD9A749F36710FFA02E0E530F7451936, B57A80CA9D689C0122771205F16E1458BEAC7A68B9C2B492FE5EF329FD0DFAFE ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:37:05.0514 0x06b0  Wecsvc - ok
12:37:05.0577 0x06b0  [ 9C980351D7E96288EA0C23AE232BD065, BA627B04C4259716B451F421F5310A69D8DE9407DE496AA0489139125E9DC16A ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:37:05.0623 0x06b0  wercplsupport - ok
12:37:05.0655 0x06b0  [ 66B9ECEBC46683F47EDC06333C075FEF, 35C33596D97DB65DE0A687644E9AD924AD5FCBAFD83FE4D23E7E58EF4BC4CC87 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:37:05.0686 0x06b0  WerSvc - ok
12:37:05.0717 0x06b0  WinDefend - ok
12:37:05.0717 0x06b0  WinHttpAutoProxySvc - ok
12:37:05.0873 0x06b0  [ AC98F38FEAB066A8F983D54FF3F4FD4C, EBB0CCAFBAC4C710654BFA1911BF1108249EE3A7166E35A22D76F8D8158374A9 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:37:05.0904 0x06b0  Winmgmt - ok
12:37:05.0967 0x06b0  [ AEB6C5200FD5517F06076AF0EE4538E1, F83428554443E9A7E74955F99D7DCA03BD07E3343619E9D46E7892128666A4C3 ] WinRM           C:\Windows\system32\WsmSvc.dll
12:37:06.0060 0x06b0  WinRM - ok
12:37:06.0294 0x06b0  [ 05477E53B7B529435026F705B4235324, CD850811CC8EB5A7C7F670BC7C63C5025416670A4131AF17A41E50B5A8E0792F ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:37:06.0325 0x06b0  Wlansvc - ok
12:37:06.0372 0x06b0  [ E18AEBAAA5A773FE11AA2C70F65320F5, 9E2F6FC0F46D0EEEBF4BC1E3D8800B3D268079ABF8EDDD70CD21B789883D7390 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
12:37:06.0388 0x06b0  WmiAcpi - ok
12:37:06.0434 0x06b0  [ D303322DD577C3DEDA1251ED2E7A496C, EA8EBC677A1D3774BC2CF711D0F98AED056BD70980DC4469B050BFBDB8DD1E0D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:37:06.0481 0x06b0  wmiApSrv - ok
12:37:06.0559 0x06b0  WMPNetworkSvc - ok
12:37:06.0590 0x06b0  [ CBC156C913F099E6680D1DF9307DB7A8, FD8B227F445679E31048CA41442A978A98F267FED96E22C235F63C72AEEE2AB0 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:37:06.0606 0x06b0  WPCSvc - ok
12:37:06.0622 0x06b0  [ A27C8F92D84E2DDC151978E4692C978E, B0CFB3DA19827E170E6A29AD023C29D70F73EF648CE1344A5E0AFD2002287024 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:37:06.0637 0x06b0  WPDBusEnum - ok
12:37:06.0653 0x06b0  [ 8A900348370E359B6BFF6A550E4649E1, 3EAD0B951EAF8E940ED6A79FAAAB7D22ACCF3985795F80206A3A07161D319B39 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:37:06.0684 0x06b0  ws2ifsl - ok
12:37:06.0700 0x06b0  [ CB8EA6D95949384925CCFCA21CC6DFD8, 45E6D221FB92B88F287D855DFFFEBD7027C5A6C0BA14D60D2E2A12CAD8A58EF5 ] wscsvc          C:\Windows\System32\wscsvc.dll
12:37:06.0700 0x06b0  wscsvc - ok
12:37:06.0715 0x06b0  WSearch - ok
12:37:06.0793 0x06b0  [ 69F2BC7B46E3E15C8EC688F42A65B57F, 3D3169B191E49379E18C331E36479C142F1DDF7F0DEFC705D9C308555DF4B120 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:37:06.0902 0x06b0  wuauserv - ok
12:37:06.0934 0x06b0  [ 6CBD51FF913C851D56ED9DC7F2A27DDE, 736C66A944F3D37464052211B2728AD53D31CB631CD33B9E094C00D76BF17399 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:37:06.0965 0x06b0  wudfsvc - ok
12:37:07.0012 0x06b0  [ 07F7285220307AAFB755D890295F0F9A, 101654B40D61DF19D302611B3C1441C72ADAC3ED9318EFE91E8854B19123ACE0 ] yukonx64        C:\Windows\system32\DRIVERS\yk60x64.sys
12:37:07.0074 0x06b0  yukonx64 - ok
12:37:07.0074 0x06b0  ================ Scan global ===============================
12:37:07.0090 0x06b0  [ 060DC3A7A9A2626031EB23D90151428D, 4AADA06E83603E9D4894D6CFC8DADB018307B384F438C809D4BC8E22BD937C3B ] C:\Windows\system32\basesrv.dll
12:37:07.0121 0x06b0  [ A9C654098A5CA39618DA9D022A6691B8, 6BEA0C1333527B099D70865EFE4730DF492B21425BBFA50B20879EF3D753C3A7 ] C:\Windows\system32\winsrv.dll
12:37:07.0152 0x06b0  [ A9C654098A5CA39618DA9D022A6691B8, 6BEA0C1333527B099D70865EFE4730DF492B21425BBFA50B20879EF3D753C3A7 ] C:\Windows\system32\winsrv.dll
12:37:07.0199 0x06b0  [ DFAC660F0F139276CC9299812DE42719, 359D060560EB3A6920812E31B82F7BB4333830269E62F2B62180640893E8330D ] C:\Windows\system32\services.exe
12:37:07.0214 0x06b0  [ Global ] - ok
12:37:07.0214 0x06b0  ================ Scan MBR ==================================
12:37:07.0214 0x06b0  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk2\DR2
12:37:07.0433 0x06b0  \Device\Harddisk2\DR2 - ok
12:37:07.0448 0x06b0  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
12:37:07.0667 0x06b0  \Device\Harddisk0\DR0 - ok
12:37:07.0667 0x06b0  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
12:37:07.0682 0x06b0  \Device\Harddisk1\DR1 - ok
12:37:07.0682 0x06b0  ================ Scan VBR ==================================
12:37:07.0698 0x06b0  [ B29A15C02433CB2750A6982FE8F12AFA ] \Device\Harddisk2\DR2\Partition1
12:37:07.0714 0x06b0  \Device\Harddisk2\DR2\Partition1 - ok
12:37:07.0714 0x06b0  [ 85B028911CB67A9AE954C7015E602BCD ] \Device\Harddisk0\DR0\Partition1
12:37:07.0760 0x06b0  \Device\Harddisk0\DR0\Partition1 - ok
12:37:07.0760 0x06b0  [ 684549B053B747C464C03C747565AE0E ] \Device\Harddisk1\DR1\Partition1
12:37:07.0760 0x06b0  \Device\Harddisk1\DR1\Partition1 - ok
12:37:07.0760 0x06b0  Waiting for KSN requests completion. In queue: 264
12:37:08.0774 0x06b0  Waiting for KSN requests completion. In queue: 264
12:37:09.0788 0x06b0  Waiting for KSN requests completion. In queue: 264
12:37:10.0833 0x06b0  Win FW state via NFP2: enabled
12:37:13.0376 0x06b0  ============================================================
12:37:13.0376 0x06b0  Scan finished
12:37:13.0376 0x06b0  ============================================================
12:37:13.0376 0x07a4  Detected object count: 0
12:37:13.0376 0x07a4  Actual detected object count: 0
12:38:05.0580 0x0bf0  Deinitialize success

-
--
---
---- > The second log you asked for, this was a quick scan btw..
---
--
-

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-03-02 12:42:44
-----------------------------
12:42:44.068    OS Version: Windows x64 6.0.6001 Service Pack 1
12:42:44.068    Number of processors: 4 586 0x203
12:42:44.068    ComputerName: TehB0x  UserName: Jaimz
12:42:47.110    Initialize success
12:44:25.623    AVAST engine defs: 14030102
12:45:17.208    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-7
12:45:17.208    Disk 0 Vendor: WDC_WD6401AALS-00E3A0 05.01D05 Size: 610480MB BusType: 3
12:45:17.208    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T1L0-8
12:45:17.208    Disk 1 Vendor: OCZ-VECTOR 2.0 Size: 122104MB BusType: 3
12:45:17.208    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-3
12:45:17.224    Disk 2 Vendor: WDC_WD1500HLFS-01G6U0 04.04V01 Size: 143089MB BusType: 3
12:45:17.723    Disk 0 MBR read successfully
12:45:17.723    Disk 0 MBR scan
12:45:17.723    Disk 0 Windows VISTA default MBR code
12:45:17.754    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       610478 MB offset 2048
12:45:17.879    Disk 0 scanning C:\Windows\system32\drivers
12:45:22.808    Service scanning
12:45:34.725    Modules scanning
12:45:34.725    Disk 0 trace - called modules:
12:45:34.741    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
12:45:34.741    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ca9790]
12:45:34.741    3 CLASSPNP.SYS[fffffa6000dc6b3a] -> nt!IofCallDriver -> [0xfffffa8007a0a520]
12:45:34.756    5 acpi.sys[fffffa60008f6ff6] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T0L0-7[0xfffffa8007a06940]
12:45:36.051    AVAST engine scan C:\Windows
12:45:37.439    AVAST engine scan C:\Windows\system32
12:47:08.801    AVAST engine scan C:\Windows\system32\drivers
12:47:23.433    AVAST engine scan C:\Users\Jaimz
12:47:38.766    AVAST engine scan C:\ProgramData
12:47:43.929    Scan finished successfully
12:47:59.044    Disk 0 MBR has been saved successfully to "C:\Users\Jaimz\Desktop\MBR.dat"
12:47:59.044    The log file has been saved successfully to "C:\Users\Jaimz\Desktop\aswMBR.txt"

-

--

---

---- >  Last, but, not least.. RogueKiller log.

---

--

-

RogueKiller V8.8.10 _x64_ [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6001 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jaimz [Admin rights]
Mode : Scan -- Date : 03/02/2014 12:53:43
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost
::1             localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD6401AALS-00E3A0 ATA Device +++++
--- User ---
[MBR] c1e36d67210956defed4efb3e8d1a897
[BSP] 527b9b9e4bee3c05d32724b2e67be83f : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610478 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) OCZ-VECTOR ATA Device +++++
--- User ---
[MBR] 7993eb37e3c7d74ff1e45d339dabcae8
[BSP] 64037f6c5921b83b0ac9fed1f54e4a1a : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 122102 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) WDC WD1500HLFS-01G6U0 ATA Device +++++
--- User ---
[MBR] 53c2d1576e00f0ac304b1fe5c57b363e
[BSP] f82d3ad70bae228da7fbdc451809a77d : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 143087 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_03022014_125343.txt >>

Attached Files

  • Attached File  MBR.zip   543bytes   0 downloads


#8 SeekerOfAnswers

SeekerOfAnswers
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 02 March 2014 - 01:11 PM

t541hs.jpgsl4py9.jpg



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:47 PM

Posted 02 March 2014 - 01:47 PM

Download this program to your desktop.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

Tweaking.com - Windows Repair
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC & MS Jet
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair


#10 SeekerOfAnswers

SeekerOfAnswers
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 02 March 2014 - 07:33 PM

That was the longest pc tool I've ever used.. 6 hours to run it twice.. Twice because I wasn't sure I did it correctly the first time =/
What's next lol

Edit::

As soon as computer was restarted the virus was busy changing settings back the way it wanted them..

15n5c9i.jpg


Edited by SeekerOfAnswers, 02 March 2014 - 07:38 PM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:47 PM

Posted 03 March 2014 - 09:18 AM

The mdat.txt file is part of the Repair tool you used.

The Searchindexer may need to be repaired.

Run the SFC.Exe

How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833

#12 SeekerOfAnswers

SeekerOfAnswers
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 03 March 2014 - 09:40 AM

Well.. I Formatted Again, cuz I've Been Digging. lemme Go AheaD SAy, Idc Abt Saving The OS.. I Just Want The Bug Gone. SoFar I've Been Able To Clear It From My HDD By Writing The Mbr Over Then Formatting. However, The Bug Keeps Coming Back.. I Know Its In Memory Somewhere, Just Not SuRe Where. I'm Typing On My Phone Atm Cuz I'm Just Abt To Pop The Battery Out Of My MobO And Let It Sit For A Few.

OneThing Though, I've Looked Into The Registry.. This Virus Is WOW, It Has Everything From A Very complex Password Cracker to , As I Suspected, The Ability To Infect Smart Phones. What The Registry Told Me, Though, IS That It Loads IntoMemory And Firmware Of Almost Everything. IDk Where To Start.

Any Chance You'd Be Able To Look ThIsRegistry OverForMe? Maybe CoMe UpWith An IdeaOr Two

Btw, The Virus Is Also On My Phone. That's Why My post IsGonna Look silly

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:47 PM

Posted 03 March 2014 - 09:45 AM


Do you have /see a random folder in your \temp folder?
\Temp\sxpnrvm\sftrhbm\wow64.dll

===
Can you give me the name of the file(s) or folder(s) names associated with WOW?

#14 SeekerOfAnswers

SeekerOfAnswers
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 03 March 2014 - 09:52 AM

I don't recall but I'll look as soon as I get my computer booted back up.

it does create a lot of log files some of those were in my temp folder

just realized I had voice to text bet this is a lot easier to read

by the way when I said it was wow I didn't mean that was literally named wow

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:47 PM

Posted 03 March 2014 - 01:49 PM

Post boh logs created by this tool.
I will see what is in the \temp folder.

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users