Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfraud-C.generic infection removal help needed


  • This topic is locked This topic is locked
15 replies to this topic

#1 Markstein

Markstein

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 10 March 2014 - 08:22 PM

Hello,

 

I am cleaning up a friends laptop that had quite a lot of junk on it but I am stuck on removing what I am hoping is the last trojan/malware.

 

When I run SpyBot it continuously comes up with the following infection:

 

Smitfraud-C.generic

(SBI $5926A588) Executable

C:\Windows\svchost.exe

 

I am hoping someone can help me out which brings me here.

 

Computer information:

 

Windows 7 Home Premium x64 bit

 

Steps I have done to clean the computer so far:

 

Ran CCleaner to remove all unneeded temp files, etc.

Uninstalled unneeded programs

Ran CCleaner again and also cleaned all registry issues it found

Installed Avast antivirus (free)

Using Avast I did a quick scan, full scan and boot-time scan

Ran Malwarebytes and removed all issues it found

Ran Spybot and "fixed" all problems it found

 

All programs used above are up to date

As stated before however the infection still shows in Spybot and Malwarebytes after several attempts at cleaning it.

 

The following are my DDS logs (attached as well)

 

Thank you for your help with this!

 

_________________________________________________________________________

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Owner at 17:54:18 on 2014-03-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2807.1437 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
-netsvcs
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [Adobe] rundll32.exe "C:\Users\Owner\AppData\Local\Apple\Adobe\ygfewpsdr.dll",CreateInstance
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{95C6A70C-A638-4FA5-9C60-3D2434D55CA4} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{95C6A70C-A638-4FA5-9C60-3D2434D55CA4}\27565646 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{95C6A70C-A638-4FA5-9C60-3D2434D55CA4}\3756365727964797 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{95C6A70C-A638-4FA5-9C60-3D2434D55CA4}\461667562343 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{95C6A70C-A638-4FA5-9C60-3D2434D55CA4}\861607079746169737 : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-11 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-5-11 207904]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-5-11 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-5-11 421704]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-5-11 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-3-1 50344]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-5-3 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-5-13 867712]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2011-1-17 39528]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-2 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-5-2 244624]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-6-28 255744]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-2 2320920]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-3-1 80184]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-5-3 135560]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-5-3 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-5-3 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-3 287232]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-15 384040]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-2 111616]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-5-2 243712]
S3 swiwdmbus;Sierra Wireless USB Composite Bus;C:\Windows\System32\drivers\swiwdmbusx64.sys [2011-11-3 102656]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\System32\drivers\swnc8ua3.sys [2011-11-3 240640]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\System32\drivers\swumxa3.sys [2011-11-3 210944]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-29 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-03-05 06:00:26 20480 ----a-w- C:\Windows\svchost.exe
2014-03-03 00:25:22 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-03-03 00:25:22 366592 ----a-w- C:\Windows\System32\qdvd.dll
2014-03-02 19:26:40 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-03-02 19:26:40 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2014-03-02 17:23:49 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-02 17:23:49 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-02 17:13:15 -------- d-----w- C:\Windows\Migration
2014-03-02 05:27:49 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-03-02 05:27:49 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-03-02 05:27:48 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-03-02 05:27:48 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-03-02 05:21:52 878080 ----a-w- C:\Windows\System32\advapi32.dll
2014-03-02 05:13:06 -------- d-----w- C:\ProgramData\Oracle
2014-03-02 05:12:45 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-02 03:16:57 -------- d-----w- C:\Users\Owner\AppData\Roaming\AVAST Software
2014-03-02 03:11:28 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2014-03-02 03:11:26 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2014-03-02 03:09:13 335360 ----a-w- C:\Windows\System32\msieftp.dll
2014-03-02 03:09:04 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2014-03-02 03:08:47 80184 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-03-02 03:08:21 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2014-03-02 03:08:21 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2014-03-02 03:08:02 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2014-03-02 03:08:02 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2014-03-02 03:07:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-03-02 03:07:53 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-03-02 03:06:26 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-03-02 03:06:26 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-03-02 03:06:25 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-03-02 03:06:25 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-03-02 03:06:07 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-03-02 03:06:00 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2014-03-02 03:06:00 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2014-03-02 03:04:11 1930752 ----a-w- C:\Windows\System32\authui.dll
2014-03-02 03:04:10 197120 ----a-w- C:\Windows\System32\credui.dll
2014-03-02 03:04:10 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2014-03-02 03:04:10 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2014-03-02 03:04:09 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2014-03-02 03:04:09 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2014-03-02 03:01:22 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-03-02 03:01:21 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-03-02 03:01:18 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-03-02 03:01:09 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-03-02 03:01:09 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-03-02 03:01:06 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-03-02 03:01:06 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-03-02 03:00:46 150016 ----a-w- C:\Windows\System32\wshom.ocx
2014-03-02 03:00:46 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2014-03-02 03:00:43 156160 ----a-w- C:\Windows\System32\cscript.exe
2014-03-02 03:00:42 202752 ----a-w- C:\Windows\System32\scrrun.dll
2014-03-02 03:00:42 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2014-03-02 03:00:41 168960 ----a-w- C:\Windows\System32\wscript.exe
2014-03-02 03:00:41 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2014-03-02 03:00:40 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2014-03-02 02:59:26 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2014-03-02 02:59:25 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2014-03-02 02:59:25 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2014-03-02 02:59:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2014-03-02 02:59:24 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
.
==================== Find3M  ====================
.
2014-03-02 05:21:52 859648 ----a-w- C:\Windows\System32\tdh.dll
2014-03-02 03:36:18 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-02 03:36:18 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-02 03:08:23 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-03-02 03:08:23 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-03-02 03:08:23 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-03-02 03:08:18 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-03-02 03:08:11 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-03-02 03:08:02 43152 ----a-w- C:\Windows\avastSS.scr
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
.
============= FINISH: 17:54:55.29 ===============

Attached Files


Edited by Markstein, 10 March 2014 - 08:26 PM.


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 11 March 2014 - 02:55 AM

Hello,

please run the following scans:


Step 1

Please download TDSSKiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

 

 

 

Step 2

Please download Farbar Recovery Scan Tool and save it to your Desktop.

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 Markstein

Markstein
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 11 March 2014 - 07:52 PM

Hi there and thanks for your help! Following are the logs as requested:

 

TDSS Killer logs (which found 2 threats)

 

17:34:52.0005 0x0c78  TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
17:35:08.0313 0x0c78  ============================================================
17:35:08.0314 0x0c78  Current date / time: 2014/03/11 17:35:08.0313
17:35:08.0314 0x0c78  SystemInfo:
17:35:08.0314 0x0c78  
17:35:08.0314 0x0c78  OS Version: 6.1.7601 ServicePack: 1.0
17:35:08.0314 0x0c78  Product type: Workstation
17:35:08.0314 0x0c78  ComputerName: OWNER-PC
17:35:08.0314 0x0c78  UserName: Owner
17:35:08.0314 0x0c78  Windows directory: C:\Windows
17:35:08.0314 0x0c78  System windows directory: C:\Windows
17:35:08.0314 0x0c78  Running under WOW64
17:35:08.0314 0x0c78  Processor architecture: Intel x64
17:35:08.0314 0x0c78  Number of processors: 4
17:35:08.0314 0x0c78  Page size: 0x1000
17:35:08.0314 0x0c78  Boot type: Normal boot
17:35:08.0314 0x0c78  ============================================================
17:35:10.0093 0x0c78  KLMD registered as C:\Windows\system32\drivers\42956349.sys
17:35:10.0357 0x0c78  System UUID: {7674FB53-6CE7-6528-F956-A66EB68B0A2B}
17:35:11.0169 0x0c78  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:35:11.0198 0x0c78  ============================================================
17:35:11.0198 0x0c78  \Device\Harddisk0\DR0:
17:35:11.0198 0x0c78  MBR partitions:
17:35:11.0198 0x0c78  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
17:35:11.0198 0x0c78  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x235FB800
17:35:11.0198 0x0c78  ============================================================
17:35:11.0400 0x0c78  C: <-> \Device\Harddisk0\DR0\Partition2
17:35:11.0400 0x0c78  ============================================================
17:35:11.0400 0x0c78  Initialize success
17:35:11.0400 0x0c78  ============================================================
17:36:08.0640 0x09d8  ============================================================
17:36:08.0640 0x09d8  Scan started
17:36:08.0640 0x09d8  Mode: Manual; SigCheck; TDLFS; 
17:36:08.0640 0x09d8  ============================================================
17:36:08.0640 0x09d8  KSN ping started
17:36:23.0619 0x09d8  KSN ping finished: true
17:36:24.0387 0x09d8  ================ Scan system memory ========================
17:36:24.0387 0x09d8  System memory - ok
17:36:24.0388 0x09d8  ================ Scan services =============================
17:36:24.0974 0x09d8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:36:25.0137 0x09d8  1394ohci - ok
17:36:25.0184 0x09d8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:36:25.0208 0x09d8  ACPI - ok
17:36:25.0248 0x09d8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:36:25.0269 0x09d8  AcpiPmi - ok
17:36:25.0402 0x09d8  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:36:25.0436 0x09d8  AdobeARMservice - ok
17:36:25.0671 0x09d8  [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:36:25.0696 0x09d8  AdobeFlashPlayerUpdateSvc - ok
17:36:25.0777 0x09d8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:36:25.0842 0x09d8  adp94xx - ok
17:36:25.0923 0x09d8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:36:25.0976 0x09d8  adpahci - ok
17:36:26.0064 0x09d8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:36:26.0098 0x09d8  adpu320 - ok
17:36:26.0193 0x09d8  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:36:26.0264 0x09d8  AeLookupSvc - ok
17:36:26.0348 0x09d8  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
17:36:26.0403 0x09d8  AFD - ok
17:36:26.0439 0x09d8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
17:36:26.0454 0x09d8  agp440 - ok
17:36:26.0471 0x09d8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
17:36:26.0516 0x09d8  ALG - ok
17:36:26.0573 0x09d8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:36:26.0593 0x09d8  aliide - ok
17:36:26.0649 0x09d8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
17:36:26.0669 0x09d8  amdide - ok
17:36:26.0732 0x09d8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:36:26.0779 0x09d8  AmdK8 - ok
17:36:26.0833 0x09d8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
17:36:26.0867 0x09d8  AmdPPM - ok
17:36:26.0914 0x09d8  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:36:26.0945 0x09d8  amdsata - ok
17:36:27.0008 0x09d8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
17:36:27.0039 0x09d8  amdsbs - ok
17:36:27.0053 0x09d8  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:36:27.0067 0x09d8  amdxata - ok
17:36:27.0102 0x09d8  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
17:36:27.0166 0x09d8  AppID - ok
17:36:27.0225 0x09d8  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:36:27.0288 0x09d8  AppIDSvc - ok
17:36:27.0372 0x09d8  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
17:36:27.0424 0x09d8  Appinfo - ok
17:36:27.0491 0x09d8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
17:36:27.0517 0x09d8  arc - ok
17:36:27.0545 0x09d8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:36:27.0561 0x09d8  arcsas - ok
17:36:27.0719 0x09d8  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:36:27.0753 0x09d8  aspnet_state - ok
17:36:27.0831 0x09d8  [ 0ACC3F49015E628590CA4372322EB46B, EB4E22EB4E840261168AF750E878E7A28CC080A89CEF77B5037C2897C40D1DE3 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
17:36:28.0170 0x09d8  aswMonFlt - ok
17:36:28.0206 0x09d8  [ 679712B7A353EE665B9301592164A172, CA3C918106A355BAFD0833BB493DF2CCBC2D0F90CA7EBF5E27CC088C7170B0E0 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
17:36:28.0222 0x09d8  aswRdr - ok
17:36:28.0267 0x09d8  [ C04F7B373881009D7994D9BF55D24AB4, 5DEEA804F4F9862024F40A204E88DBCFFBDD2DC87CA86145E3FB649CFCCDC624 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
17:36:28.0296 0x09d8  aswRvrt - ok
17:36:28.0348 0x09d8  [ 43599E630DFC30AD4E6A2B4B269EB1C0, DA6C7FDC1F6A57117B17F697A94190CC0BB9E32B8CBB4F8C042AA461361CC74C ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
17:36:28.0410 0x09d8  aswSnx - ok
17:36:28.0452 0x09d8  [ F22DE5F5BA8ADA0A861441B624B51EB5, 58EF9FB3328B6B470F3652DBCE8ACEDAEE6839AC393889A02052298CA204689B ] aswSP           C:\Windows\system32\drivers\aswSP.sys
17:36:28.0476 0x09d8  aswSP - ok
17:36:28.0499 0x09d8  [ FD3EA14ADF6216BDF4030DB2EFD43D96, 2D3009008AAE93285301B5844DC214D6B05ECB05D37AE08895D8E7187A0BB619 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
17:36:28.0513 0x09d8  aswStm - ok
17:36:28.0539 0x09d8  [ 367CF04C38DFF33368FCDBBF71C96297, B533833A9592FCE2B665B7E98AACC8D699845B14B7473710A333FC1E0AC0BB2F ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
17:36:28.0555 0x09d8  aswTdi - ok
17:36:28.0577 0x09d8  [ 90399625F341AB76BA4B85A5E860EB1F, 92DD461B14240222F451F971642844A4DAD9DF4FFEAA8F12D16EA117822BEEF3 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
17:36:28.0595 0x09d8  aswVmm - ok
17:36:28.0615 0x09d8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:36:28.0674 0x09d8  AsyncMac - ok
17:36:28.0738 0x09d8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
17:36:28.0764 0x09d8  atapi - ok
17:36:28.0919 0x09d8  [ E642491F64E58CD5BC8FB8B347DCF65F, D457175EF3A0552CEA3DA78E7116D54BC2BF157857A8B764597B51FB4E29C033 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
17:36:29.0057 0x09d8  athr - ok
17:36:29.0134 0x09d8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:36:29.0223 0x09d8  AudioEndpointBuilder - ok
17:36:29.0247 0x09d8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:36:29.0307 0x09d8  AudioSrv - ok
17:36:29.0398 0x09d8  [ CC42F104172B4A62793083D380867317, 0B09823419B328E29EB9FFBD033B3295590E414F31E7B37F11F62BD4B7EBAF06 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:36:29.0426 0x09d8  avast! Antivirus - ok
17:36:29.0511 0x09d8  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:36:29.0574 0x09d8  AxInstSV - ok
17:36:29.0640 0x09d8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
17:36:29.0685 0x09d8  b06bdrv - ok
17:36:29.0722 0x09d8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:36:29.0818 0x09d8  b57nd60a - ok
17:36:29.0870 0x09d8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:36:29.0911 0x09d8  BDESVC - ok
17:36:29.0960 0x09d8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:36:30.0030 0x09d8  Beep - ok
17:36:30.0138 0x09d8  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
17:36:30.0213 0x09d8  BFE - ok
17:36:30.0313 0x09d8  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
17:36:30.0441 0x09d8  BITS - ok
17:36:30.0506 0x09d8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
17:36:30.0553 0x09d8  blbdrive - ok
17:36:30.0590 0x09d8  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:36:30.0638 0x09d8  bowser - ok
17:36:30.0700 0x09d8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
17:36:30.0737 0x09d8  BrFiltLo - ok
17:36:30.0771 0x09d8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
17:36:30.0794 0x09d8  BrFiltUp - ok
17:36:30.0835 0x09d8  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
17:36:30.0868 0x09d8  Browser - ok
17:36:30.0890 0x09d8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:36:30.0929 0x09d8  Brserid - ok
17:36:30.0945 0x09d8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:36:30.0976 0x09d8  BrSerWdm - ok
17:36:30.0999 0x09d8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:36:31.0019 0x09d8  BrUsbMdm - ok
17:36:31.0049 0x09d8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:36:31.0068 0x09d8  BrUsbSer - ok
17:36:31.0088 0x09d8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:36:31.0112 0x09d8  BTHMODEM - ok
17:36:31.0153 0x09d8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
17:36:31.0211 0x09d8  bthserv - ok
17:36:31.0279 0x09d8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:36:31.0344 0x09d8  cdfs - ok
17:36:31.0375 0x09d8  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:36:31.0431 0x09d8  cdrom - ok
17:36:31.0480 0x09d8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
17:36:31.0537 0x09d8  CertPropSvc - ok
17:36:31.0599 0x09d8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
17:36:31.0651 0x09d8  circlass - ok
17:36:31.0707 0x09d8  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
17:36:31.0731 0x09d8  CLFS - ok
17:36:31.0817 0x09d8  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:36:31.0846 0x09d8  clr_optimization_v2.0.50727_32 - ok
17:36:31.0881 0x09d8  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:36:31.0897 0x09d8  clr_optimization_v2.0.50727_64 - ok
17:36:31.0996 0x09d8  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:36:32.0036 0x09d8  clr_optimization_v4.0.30319_32 - ok
17:36:32.0058 0x09d8  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:36:32.0077 0x09d8  clr_optimization_v4.0.30319_64 - ok
17:36:32.0116 0x09d8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
17:36:32.0150 0x09d8  CmBatt - ok
17:36:32.0171 0x09d8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:36:32.0190 0x09d8  cmdide - ok
17:36:32.0245 0x09d8  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
17:36:32.0291 0x09d8  CNG - ok
17:36:32.0302 0x09d8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
17:36:32.0315 0x09d8  Compbatt - ok
17:36:32.0327 0x09d8  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:36:32.0360 0x09d8  CompositeBus - ok
17:36:32.0376 0x09d8  COMSysApp - ok
17:36:32.0396 0x09d8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:36:32.0409 0x09d8  crcdisk - ok
17:36:32.0441 0x09d8  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:36:32.0472 0x09d8  CryptSvc - ok
17:36:32.0583 0x09d8  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:36:32.0679 0x09d8  cvhsvc - ok
17:36:32.0761 0x09d8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:36:32.0830 0x09d8  DcomLaunch - ok
17:36:32.0890 0x09d8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
17:36:32.0944 0x09d8  defragsvc - ok
17:36:32.0965 0x09d8  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:36:33.0019 0x09d8  DfsC - ok
17:36:33.0086 0x09d8  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:36:33.0137 0x09d8  Dhcp - ok
17:36:33.0169 0x09d8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
17:36:33.0213 0x09d8  discache - ok
17:36:33.0250 0x09d8  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
17:36:33.0264 0x09d8  Disk - ok
17:36:33.0306 0x09d8  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:36:33.0329 0x09d8  Dnscache - ok
17:36:33.0400 0x09d8  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:36:33.0461 0x09d8  dot3svc - ok
17:36:33.0510 0x09d8  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
17:36:33.0565 0x09d8  DPS - ok
17:36:33.0627 0x09d8  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:36:33.0669 0x09d8  drmkaud - ok
17:36:33.0749 0x09d8  [ 9CF46FDF163E06B83D03FF929EF2296C, 40BB0226361DEC2E6CBFE79CA092083986BD3D94564ED5F3E54CA2EE9A756837 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
17:36:33.0770 0x09d8  DsiWMIService - ok
17:36:33.0835 0x09d8  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:36:33.0941 0x09d8  DXGKrnl - ok
17:36:33.0969 0x09d8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
17:36:34.0024 0x09d8  EapHost - ok
17:36:34.0378 0x09d8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
17:36:34.0573 0x09d8  ebdrv - ok
17:36:34.0614 0x09d8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\Windows\System32\lsass.exe
17:36:34.0649 0x09d8  EFS - ok
17:36:34.0740 0x09d8  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:36:34.0806 0x09d8  ehRecvr - ok
17:36:34.0845 0x09d8  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
17:36:34.0866 0x09d8  ehSched - ok
17:36:34.0938 0x09d8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:36:34.0972 0x09d8  elxstor - ok
17:36:35.0204 0x09d8  [ 2AEE0416C54A1A86D035366DE192B2F0, DBDCAFB139ACD9FBD61000371D0AE41783CC9B2F821A8345F3F061E61692CD44 ] ePowerSvc       C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
17:36:35.0244 0x09d8  ePowerSvc - ok
17:36:35.0258 0x09d8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:36:35.0289 0x09d8  ErrDev - ok
17:36:35.0386 0x09d8  [ 0975BF32399A24117E317B5BF1D5D0AA, 850217D920BB6E524C08C11A9806B8B148E9CF6CEBED9481BF7C9F07BCA918D5 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
17:36:35.0421 0x09d8  ETD - ok
17:36:35.0463 0x09d8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
17:36:35.0604 0x09d8  EventSystem - ok
17:36:35.0625 0x09d8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
17:36:35.0672 0x09d8  exfat - ok
17:36:35.0718 0x09d8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:36:35.0773 0x09d8  fastfat - ok
17:36:35.0819 0x09d8  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
17:36:35.0874 0x09d8  Fax - ok
17:36:35.0904 0x09d8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
17:36:35.0930 0x09d8  fdc - ok
17:36:35.0949 0x09d8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
17:36:35.0992 0x09d8  fdPHost - ok
17:36:36.0005 0x09d8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:36:36.0047 0x09d8  FDResPub - ok
17:36:36.0076 0x09d8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:36:36.0090 0x09d8  FileInfo - ok
17:36:36.0103 0x09d8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:36:36.0153 0x09d8  Filetrace - ok
17:36:36.0174 0x09d8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
17:36:36.0189 0x09d8  flpydisk - ok
17:36:36.0217 0x09d8  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:36:36.0238 0x09d8  FltMgr - ok
17:36:36.0338 0x09d8  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
17:36:36.0414 0x09d8  FontCache - ok
17:36:36.0468 0x09d8  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:36:36.0493 0x09d8  FontCache3.0.0.0 - ok
17:36:36.0525 0x09d8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:36:36.0540 0x09d8  FsDepends - ok
17:36:36.0581 0x09d8  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:36:36.0596 0x09d8  Fs_Rec - ok
17:36:36.0626 0x09d8  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:36:36.0650 0x09d8  fvevol - ok
17:36:36.0677 0x09d8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:36:36.0693 0x09d8  gagp30kx - ok
17:36:36.0748 0x09d8  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:36:36.0828 0x09d8  gpsvc - ok
17:36:36.0878 0x09d8  [ F95126E44EBA95A30FB0E4CE6E916015, D7B8E3AD510983994A3F4F099387CE5FAAAB1AF3E5E264CB80AF176D00A2D519 ] GREGService     C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
17:36:36.0901 0x09d8  GREGService - ok
17:36:36.0995 0x09d8  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:36:37.0023 0x09d8  gupdate - ok
17:36:37.0059 0x09d8  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:36:37.0083 0x09d8  gupdatem - ok
17:36:37.0122 0x09d8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:36:37.0157 0x09d8  hcw85cir - ok
17:36:37.0196 0x09d8  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:36:37.0246 0x09d8  HdAudAddService - ok
17:36:37.0261 0x09d8  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:36:37.0289 0x09d8  HDAudBus - ok
17:36:37.0337 0x09d8  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\drivers\HECIx64.sys
17:36:37.0364 0x09d8  HECIx64 - ok
17:36:37.0380 0x09d8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
17:36:37.0419 0x09d8  HidBatt - ok
17:36:37.0447 0x09d8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:36:37.0493 0x09d8  HidBth - ok
17:36:37.0541 0x09d8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
17:36:37.0578 0x09d8  HidIr - ok
17:36:37.0625 0x09d8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
17:36:37.0707 0x09d8  hidserv - ok
17:36:37.0781 0x09d8  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
17:36:37.0809 0x09d8  HidUsb - ok
17:36:37.0865 0x09d8  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:36:37.0930 0x09d8  hkmsvc - ok
17:36:37.0956 0x09d8  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:36:37.0987 0x09d8  HomeGroupListener - ok
17:36:38.0011 0x09d8  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:36:38.0052 0x09d8  HomeGroupProvider - ok
17:36:38.0095 0x09d8  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:36:38.0110 0x09d8  HpSAMD - ok
17:36:38.0154 0x09d8  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:36:38.0239 0x09d8  HTTP - ok
17:36:38.0251 0x09d8  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:36:38.0263 0x09d8  hwpolicy - ok
17:36:38.0301 0x09d8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:36:38.0322 0x09d8  i8042prt - ok
17:36:38.0383 0x09d8  [ 1384872112E8E7FD5786ECEB8BDDF4C9, DC7844691740805A94F2901F8CB56F1591AF4F0F9C6D92D6B8595F89E6FA5F02 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
17:36:38.0407 0x09d8  iaStor - ok
17:36:38.0472 0x09d8  [ 6B24D1C3096DE796D15571079EA5E98C, 89566A7BDEDA7A663110F72B6301998651937E1E3E541EAB054169CEC8C7353F ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
17:36:38.0483 0x09d8  IAStorDataMgrSvc - ok
17:36:38.0526 0x09d8  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:36:38.0554 0x09d8  iaStorV - ok
17:36:38.0643 0x09d8  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:36:38.0698 0x09d8  idsvc - ok
17:36:38.0726 0x09d8  IEEtwCollectorService - ok
17:36:39.0545 0x09d8  [ F4F91789C7C7A159CE8215C1F69F2A85, E60155402FB647B55EAD6B090204A1AA497294D473A7CCF850BB21C0DCCCB49C ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
17:36:40.0137 0x09d8  igfx - ok
17:36:40.0221 0x09d8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:36:40.0248 0x09d8  iirsp - ok
17:36:40.0327 0x09d8  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
17:36:40.0392 0x09d8  IKEEXT - ok
17:36:40.0438 0x09d8  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
17:36:40.0468 0x09d8  Impcd - ok
17:36:40.0590 0x09d8  [ 235362D403D9D677514649D88DB31914, 522F5BA88169ADEC1EEB595BFBBCD6417DF38CD93A0D2B2FD0AF4C907FF6D965 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:36:40.0719 0x09d8  IntcAzAudAddService - ok
17:36:40.0790 0x09d8  [ 03C74719D48056A1078F3A51CEB76BAA, 34BCC73EE4D65E1F282208C243C54BBD8458DB50FA893DE3306E1A1E73D05B1A ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
17:36:40.0834 0x09d8  IntcDAud - ok
17:36:40.0861 0x09d8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:36:40.0874 0x09d8  intelide - ok
17:36:40.0909 0x09d8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:36:40.0935 0x09d8  intelppm - ok
17:36:40.0976 0x09d8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:36:41.0044 0x09d8  IPBusEnum - ok
17:36:41.0067 0x09d8  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:36:41.0124 0x09d8  IpFilterDriver - ok
17:36:41.0183 0x09d8  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:36:41.0249 0x09d8  iphlpsvc - ok
17:36:41.0268 0x09d8  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:36:41.0294 0x09d8  IPMIDRV - ok
17:36:41.0319 0x09d8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:36:41.0377 0x09d8  IPNAT - ok
17:36:41.0404 0x09d8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:36:41.0450 0x09d8  IRENUM - ok
17:36:41.0503 0x09d8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:36:41.0531 0x09d8  isapnp - ok
17:36:41.0610 0x09d8  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:36:41.0641 0x09d8  iScsiPrt - ok
17:36:41.0695 0x09d8  [ 37E053A2CF8F0082B689ED74106E0CEC, 431D3A3212152A76878C9CA347056B62B2A5A3E0211C4D930639C426EE73A0B7 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
17:36:41.0718 0x09d8  k57nd60a - ok
17:36:41.0755 0x09d8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:36:41.0770 0x09d8  kbdclass - ok
17:36:41.0794 0x09d8  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:36:41.0838 0x09d8  kbdhid - ok
17:36:41.0858 0x09d8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\Windows\system32\lsass.exe
17:36:41.0882 0x09d8  KeyIso - ok
17:36:41.0917 0x09d8  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:36:41.0936 0x09d8  KSecDD - ok
17:36:42.0009 0x09d8  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:36:42.0041 0x09d8  KSecPkg - ok
17:36:42.0097 0x09d8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:36:42.0161 0x09d8  ksthunk - ok
17:36:42.0206 0x09d8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:36:42.0274 0x09d8  KtmRm - ok
17:36:42.0323 0x09d8  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:36:42.0383 0x09d8  LanmanServer - ok
17:36:42.0406 0x09d8  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:36:42.0464 0x09d8  LanmanWorkstation - ok
17:36:42.0522 0x09d8  [ B705C7097F9A0EC941D02DCE7C7D426C, 1A137BEA25BF7BA1EF190212CD6E556B53293D6388E9F7E790BF53F641F3CF89 ] Live Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
17:36:42.0550 0x09d8  Live Updater Service - ok
17:36:42.0576 0x09d8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:36:42.0627 0x09d8  lltdio - ok
17:36:42.0746 0x09d8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:36:42.0837 0x09d8  lltdsvc - ok
17:36:42.0847 0x09d8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:36:42.0891 0x09d8  lmhosts - ok
17:36:42.0960 0x09d8  [ DBC1136A62BD4DECC3632DF650284C2E, 2D6344357D21A9062019C7DDF3DB440ABC724CDA925471BBFA8CCAC65E6A2C80 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
17:36:42.0987 0x09d8  LMS - ok
17:36:43.0015 0x09d8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:36:43.0033 0x09d8  LSI_FC - ok
17:36:43.0064 0x09d8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:36:43.0081 0x09d8  LSI_SAS - ok
17:36:43.0098 0x09d8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
17:36:43.0114 0x09d8  LSI_SAS2 - ok
17:36:43.0132 0x09d8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:36:43.0150 0x09d8  LSI_SCSI - ok
17:36:43.0180 0x09d8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
17:36:43.0240 0x09d8  luafv - ok
17:36:43.0287 0x09d8  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:36:43.0328 0x09d8  Mcx2Svc - ok
17:36:43.0337 0x09d8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
17:36:43.0355 0x09d8  megasas - ok
17:36:43.0394 0x09d8  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
17:36:43.0415 0x09d8  MegaSR - ok
17:36:43.0430 0x09d8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
17:36:43.0489 0x09d8  MMCSS - ok
17:36:43.0511 0x09d8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
17:36:43.0561 0x09d8  Modem - ok
17:36:43.0580 0x09d8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:36:43.0650 0x09d8  monitor - ok
17:36:43.0679 0x09d8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:36:43.0694 0x09d8  mouclass - ok
17:36:43.0728 0x09d8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:36:43.0764 0x09d8  mouhid - ok
17:36:43.0798 0x09d8  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:36:43.0831 0x09d8  mountmgr - ok
17:36:43.0872 0x09d8  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:36:43.0890 0x09d8  mpio - ok
17:36:43.0902 0x09d8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:36:43.0947 0x09d8  mpsdrv - ok
17:36:44.0006 0x09d8  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:36:44.0084 0x09d8  MpsSvc - ok
17:36:44.0121 0x09d8  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:36:44.0139 0x09d8  MRxDAV - ok
17:36:44.0180 0x09d8  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:36:44.0214 0x09d8  mrxsmb - ok
17:36:44.0321 0x09d8  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:36:44.0358 0x09d8  mrxsmb10 - ok
17:36:44.0389 0x09d8  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:36:44.0407 0x09d8  mrxsmb20 - ok
17:36:44.0428 0x09d8  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:36:44.0443 0x09d8  msahci - ok
17:36:44.0532 0x09d8  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:36:44.0559 0x09d8  msdsm - ok
17:36:44.0577 0x09d8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
17:36:44.0613 0x09d8  MSDTC - ok
17:36:44.0632 0x09d8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:36:44.0674 0x09d8  Msfs - ok
17:36:44.0693 0x09d8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:36:44.0734 0x09d8  mshidkmdf - ok
17:36:44.0747 0x09d8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:36:44.0760 0x09d8  msisadrv - ok
17:36:44.0822 0x09d8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:36:44.0905 0x09d8  MSiSCSI - ok
17:36:44.0909 0x09d8  msiserver - ok
17:36:44.0937 0x09d8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:36:44.0995 0x09d8  MSKSSRV - ok
17:36:45.0016 0x09d8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:36:45.0058 0x09d8  MSPCLOCK - ok
17:36:45.0062 0x09d8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:36:45.0119 0x09d8  MSPQM - ok
17:36:45.0143 0x09d8  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:36:45.0167 0x09d8  MsRPC - ok
17:36:45.0178 0x09d8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:36:45.0192 0x09d8  mssmbios - ok
17:36:45.0220 0x09d8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:36:45.0269 0x09d8  MSTEE - ok
17:36:45.0283 0x09d8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
17:36:45.0299 0x09d8  MTConfig - ok
17:36:45.0335 0x09d8  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
17:36:45.0350 0x09d8  Mup - ok
17:36:45.0390 0x09d8  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
17:36:45.0463 0x09d8  napagent - ok
17:36:45.0543 0x09d8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:36:45.0632 0x09d8  NativeWifiP - ok
17:36:45.0717 0x09d8  [ 9D1CCE440552500DED3A62F9D779CDB4, C6B3B1C891A8BA3F91CC1EC21919C4F80F4C9CAF88971AB6CA11F09820601EBD ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
17:36:45.0743 0x09d8  NAUpdate - ok
17:36:45.0866 0x09d8  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:36:45.0907 0x09d8  NDIS - ok
17:36:45.0951 0x09d8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:36:46.0021 0x09d8  NdisCap - ok
17:36:46.0042 0x09d8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:36:46.0083 0x09d8  NdisTapi - ok
17:36:46.0095 0x09d8  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:36:46.0137 0x09d8  Ndisuio - ok
17:36:46.0157 0x09d8  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:36:46.0216 0x09d8  NdisWan - ok
17:36:46.0233 0x09d8  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:36:46.0274 0x09d8  NDProxy - ok
17:36:46.0311 0x09d8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:36:46.0364 0x09d8  NetBIOS - ok
17:36:46.0393 0x09d8  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:36:46.0441 0x09d8  NetBT - ok
17:36:46.0458 0x09d8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\Windows\system32\lsass.exe
17:36:46.0494 0x09d8  Netlogon - ok
17:36:46.0528 0x09d8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
17:36:46.0603 0x09d8  Netman - ok
17:36:46.0652 0x09d8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:36:46.0673 0x09d8  NetMsmqActivator - ok
17:36:46.0685 0x09d8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:36:46.0703 0x09d8  NetPipeActivator - ok
17:36:46.0734 0x09d8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
17:36:46.0798 0x09d8  netprofm - ok
17:36:46.0807 0x09d8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:36:46.0824 0x09d8  NetTcpActivator - ok
17:36:46.0831 0x09d8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:36:46.0849 0x09d8  NetTcpPortSharing - ok
17:36:46.0892 0x09d8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:36:46.0906 0x09d8  nfrd960 - ok
17:36:46.0947 0x09d8  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:36:47.0000 0x09d8  NlaSvc - ok
17:36:47.0016 0x09d8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:36:47.0060 0x09d8  Npfs - ok
17:36:47.0111 0x09d8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
17:36:47.0181 0x09d8  nsi - ok
17:36:47.0225 0x09d8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:36:47.0289 0x09d8  nsiproxy - ok
17:36:47.0377 0x09d8  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:36:47.0512 0x09d8  Ntfs - ok
17:36:47.0589 0x09d8  [ 9A308FCDCCA98A15B6F62D36A272160E, 3991F70D42C1949067ED48CF4EB815E06360B077F6A2369AC76BF0892C3C33EE ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
17:36:47.0625 0x09d8  NTI IScheduleSvc - ok
17:36:47.0651 0x09d8  [ 64DDD0DEE976302F4BD93E5EFCC2F013, 19F54B4549999EF96FAE1B2B97973F281304843ADE0CF5823574453AB41E3E9C ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
17:36:47.0666 0x09d8  NTIDrvr - ok
17:36:47.0676 0x09d8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
17:36:47.0743 0x09d8  Null - ok
17:36:47.0788 0x09d8  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:36:47.0808 0x09d8  nvraid - ok
17:36:47.0826 0x09d8  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:36:47.0844 0x09d8  nvstor - ok
17:36:47.0873 0x09d8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:36:47.0891 0x09d8  nv_agp - ok
17:36:47.0903 0x09d8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:36:47.0935 0x09d8  ohci1394 - ok
17:36:47.0994 0x09d8  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:36:48.0012 0x09d8  ose - ok
17:36:48.0378 0x09d8  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:36:48.0605 0x09d8  osppsvc - ok
17:36:48.0682 0x09d8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:36:48.0722 0x09d8  p2pimsvc - ok
17:36:48.0754 0x09d8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
17:36:48.0793 0x09d8  p2psvc - ok
17:36:48.0827 0x09d8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
17:36:48.0850 0x09d8  Parport - ok
17:36:48.0880 0x09d8  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:36:48.0897 0x09d8  partmgr - ok
17:36:48.0916 0x09d8  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:36:48.0959 0x09d8  PcaSvc - ok
17:36:48.0988 0x09d8  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
17:36:49.0007 0x09d8  pci - ok
17:36:49.0036 0x09d8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
17:36:49.0050 0x09d8  pciide - ok
17:36:49.0072 0x09d8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:36:49.0092 0x09d8  pcmcia - ok
17:36:49.0108 0x09d8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:36:49.0123 0x09d8  pcw - ok
17:36:49.0149 0x09d8  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:36:49.0244 0x09d8  PEAUTH - ok
17:36:49.0406 0x09d8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:36:49.0440 0x09d8  PerfHost - ok
17:36:49.0572 0x09d8  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
17:36:49.0678 0x09d8  pla - ok
17:36:49.0733 0x09d8  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:36:49.0770 0x09d8  PlugPlay - ok
17:36:49.0797 0x09d8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:36:49.0831 0x09d8  PNRPAutoReg - ok
17:36:49.0850 0x09d8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:36:49.0877 0x09d8  PNRPsvc - ok
17:36:49.0997 0x09d8  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:36:50.0074 0x09d8  PolicyAgent - ok
17:36:50.0119 0x09d8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
17:36:50.0184 0x09d8  Power - ok
17:36:50.0229 0x09d8  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:36:50.0301 0x09d8  PptpMiniport - ok
17:36:50.0321 0x09d8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
17:36:50.0369 0x09d8  Processor - ok
17:36:50.0425 0x09d8  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:36:50.0464 0x09d8  ProfSvc - ok
17:36:50.0480 0x09d8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
17:36:50.0506 0x09d8  ProtectedStorage - ok
17:36:50.0528 0x09d8  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:36:50.0597 0x09d8  Psched - ok
17:36:50.0682 0x09d8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:36:50.0766 0x09d8  ql2300 - ok
17:36:50.0795 0x09d8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:36:50.0812 0x09d8  ql40xx - ok
17:36:50.0836 0x09d8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
17:36:50.0882 0x09d8  QWAVE - ok
17:36:50.0899 0x09d8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:36:50.0929 0x09d8  QWAVEdrv - ok
17:36:50.0942 0x09d8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:36:50.0995 0x09d8  RasAcd - ok
17:36:51.0026 0x09d8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:36:51.0072 0x09d8  RasAgileVpn - ok
17:36:51.0091 0x09d8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
17:36:51.0191 0x09d8  RasAuto - ok
17:36:51.0217 0x09d8  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:36:51.0274 0x09d8  Rasl2tp - ok
17:36:51.0306 0x09d8  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
17:36:51.0359 0x09d8  RasMan - ok
17:36:51.0370 0x09d8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:36:51.0423 0x09d8  RasPppoe - ok
17:36:51.0454 0x09d8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:36:51.0508 0x09d8  RasSstp - ok
17:36:51.0540 0x09d8  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:36:51.0593 0x09d8  rdbss - ok
17:36:51.0616 0x09d8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
17:36:51.0670 0x09d8  rdpbus - ok
17:36:51.0690 0x09d8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:36:51.0733 0x09d8  RDPCDD - ok
17:36:51.0758 0x09d8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:36:51.0812 0x09d8  RDPENCDD - ok
17:36:51.0831 0x09d8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:36:51.0872 0x09d8  RDPREFMP - ok
17:36:51.0916 0x09d8  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:36:51.0937 0x09d8  RDPWD - ok
17:36:51.0973 0x09d8  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:36:51.0993 0x09d8  rdyboost - ok
17:36:52.0023 0x09d8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:36:52.0072 0x09d8  RemoteAccess - ok
17:36:52.0099 0x09d8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:36:52.0146 0x09d8  RemoteRegistry - ok
17:36:52.0185 0x09d8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:36:52.0244 0x09d8  RpcEptMapper - ok
17:36:52.0269 0x09d8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
17:36:52.0294 0x09d8  RpcLocator - ok
17:36:52.0336 0x09d8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
17:36:52.0394 0x09d8  RpcSs - ok
17:36:52.0426 0x09d8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:36:52.0470 0x09d8  rspndr - ok
17:36:52.0535 0x09d8  [ 0E3DCF76F11DC431B088A2DFD7265CDA, 7FCC8A9C28B8B2E9EC6AB9FFF7354929838134F61DB9D5BB96C5F6A7ABDC6B6A ] RSUSBSTOR       C:\Windows\System32\Drivers\RtsUStor.sys
17:36:52.0569 0x09d8  RSUSBSTOR - ok
17:36:52.0580 0x09d8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\Windows\system32\lsass.exe
17:36:52.0604 0x09d8  SamSs - ok
17:36:52.0620 0x09d8  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:36:52.0636 0x09d8  sbp2port - ok
17:36:52.0690 0x09d8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:36:52.0740 0x09d8  SCardSvr - ok
17:36:52.0769 0x09d8  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:36:52.0812 0x09d8  scfilter - ok
17:36:52.0900 0x09d8  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
17:36:52.0982 0x09d8  Schedule - ok
17:36:53.0036 0x09d8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:36:53.0096 0x09d8  SCPolicySvc - ok
17:36:53.0152 0x09d8  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:36:53.0196 0x09d8  SDRSVC - ok
17:36:53.0227 0x09d8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:36:53.0287 0x09d8  secdrv - ok
17:36:53.0299 0x09d8  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
17:36:53.0342 0x09d8  seclogon - ok
17:36:53.0356 0x09d8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
17:36:53.0400 0x09d8  SENS - ok
17:36:53.0422 0x09d8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:36:53.0454 0x09d8  SensrSvc - ok
17:36:53.0480 0x09d8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
17:36:53.0524 0x09d8  Serenum - ok
17:36:53.0555 0x09d8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
17:36:53.0586 0x09d8  Serial - ok
17:36:53.0611 0x09d8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:36:53.0645 0x09d8  sermouse - ok
17:36:53.0698 0x09d8  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
17:36:53.0761 0x09d8  SessionEnv - ok
17:36:53.0776 0x09d8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:36:53.0815 0x09d8  sffdisk - ok
17:36:53.0831 0x09d8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:36:53.0871 0x09d8  sffp_mmc - ok
17:36:53.0891 0x09d8  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:36:53.0926 0x09d8  sffp_sd - ok
17:36:53.0947 0x09d8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:36:53.0996 0x09d8  sfloppy - ok
17:36:54.0052 0x09d8  [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
17:36:54.0103 0x09d8  Sftfs - ok
17:36:54.0239 0x09d8  [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:36:54.0272 0x09d8  sftlist - ok
17:36:54.0293 0x09d8  [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:36:54.0318 0x09d8  Sftplay - ok
17:36:54.0348 0x09d8  [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:36:54.0362 0x09d8  Sftredir - ok
17:36:54.0381 0x09d8  [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
17:36:54.0395 0x09d8  Sftvol - ok
17:36:54.0429 0x09d8  [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:36:54.0450 0x09d8  sftvsa - ok
17:36:54.0508 0x09d8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:36:54.0574 0x09d8  SharedAccess - ok
17:36:54.0656 0x09d8  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:36:54.0734 0x09d8  ShellHWDetection - ok
17:36:54.0761 0x09d8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
17:36:54.0775 0x09d8  SiSRaid2 - ok
17:36:54.0793 0x09d8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:36:54.0809 0x09d8  SiSRaid4 - ok
17:36:54.0840 0x09d8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:36:54.0902 0x09d8  Smb - ok
17:36:54.0959 0x09d8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:36:55.0018 0x09d8  SNMPTRAP - ok
17:36:55.0029 0x09d8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:36:55.0045 0x09d8  spldr - ok
17:36:55.0170 0x09d8  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
17:36:55.0212 0x09d8  Spooler - ok
17:36:55.0375 0x09d8  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
17:36:55.0599 0x09d8  sppsvc - ok
17:36:55.0628 0x09d8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:36:55.0673 0x09d8  sppuinotify - ok
17:36:55.0740 0x09d8  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:36:55.0779 0x09d8  srv - ok
17:36:55.0802 0x09d8  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:36:55.0832 0x09d8  srv2 - ok
17:36:55.0857 0x09d8  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:36:55.0876 0x09d8  srvnet - ok
17:36:55.0902 0x09d8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:36:55.0954 0x09d8  SSDPSRV - ok
17:36:55.0969 0x09d8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:36:56.0014 0x09d8  SstpSvc - ok
17:36:56.0045 0x09d8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
17:36:56.0058 0x09d8  stexstor - ok
17:36:56.0106 0x09d8  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
17:36:56.0141 0x09d8  StillCam - ok
17:36:56.0198 0x09d8  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
17:36:56.0261 0x09d8  stisvc - ok
17:36:56.0276 0x09d8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:36:56.0290 0x09d8  swenum - ok
17:36:56.0348 0x09d8  [ C89FFA6A0B7723F2FB72A734934A4425, 6B21543D06D5198164BA562288388E28E7F8DD1117D178F014C05BAA3140AFBA ] swiwdmbus       C:\Windows\system32\DRIVERS\swiwdmbusx64.sys
17:36:56.0377 0x09d8  swiwdmbus - ok
17:36:56.0414 0x09d8  [ EE03EF452EE06ED2539E2F80959144AF, 0A09058F6ABA3EAAF23616CC37932040B00A1CBDE854FFF484DA3EF32E823908 ] SWNC8UA3        C:\Windows\system32\DRIVERS\swnc8ua3.sys
17:36:56.0440 0x09d8  SWNC8UA3 - ok
17:36:56.0529 0x09d8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
17:36:56.0628 0x09d8  swprv - ok
17:36:56.0652 0x09d8  [ F6CEB2FF475265197D4407E87FF68701, 5FB5E1815343AE623D28CCDFB6D53718C2C34911CB18B9A46E703F9ADBEF5DB7 ] SWUMXA3         C:\Windows\system32\DRIVERS\swumxa3.sys
17:36:56.0677 0x09d8  SWUMXA3 - ok
17:36:56.0782 0x09d8  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
17:36:56.0919 0x09d8  SysMain - ok
17:36:56.0936 0x09d8  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:36:56.0963 0x09d8  TabletInputService - ok
17:36:56.0984 0x09d8  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:36:57.0049 0x09d8  TapiSrv - ok
17:36:57.0069 0x09d8  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
17:36:57.0115 0x09d8  TBS - ok
17:36:57.0317 0x09d8  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:36:57.0389 0x09d8  Tcpip - ok
17:36:57.0469 0x09d8  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:36:57.0535 0x09d8  TCPIP6 - ok
17:36:57.0569 0x09d8  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:36:57.0600 0x09d8  tcpipreg - ok
17:36:57.0617 0x09d8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:36:57.0649 0x09d8  TDPIPE - ok
17:36:57.0680 0x09d8  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:36:57.0697 0x09d8  TDTCP - ok
17:36:57.0717 0x09d8  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:36:57.0762 0x09d8  tdx - ok
17:36:57.0780 0x09d8  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:36:57.0794 0x09d8  TermDD - ok
17:36:57.0848 0x09d8  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
17:36:57.0952 0x09d8  TermService - ok
17:36:57.0971 0x09d8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
17:36:57.0994 0x09d8  Themes - ok
17:36:58.0030 0x09d8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
17:36:58.0075 0x09d8  THREADORDER - ok
17:36:58.0087 0x09d8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
17:36:58.0137 0x09d8  TrkWks - ok
17:36:58.0181 0x09d8  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:36:58.0240 0x09d8  TrustedInstaller - ok
17:36:58.0272 0x09d8  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:36:58.0287 0x09d8  tssecsrv - ok
17:36:58.0311 0x09d8  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:36:58.0329 0x09d8  TsUsbFlt - ok
17:36:58.0345 0x09d8  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
17:36:58.0396 0x09d8  TsUsbGD - ok
17:36:58.0427 0x09d8  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:36:58.0480 0x09d8  tunnel - ok
17:36:58.0503 0x09d8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:36:58.0517 0x09d8  uagp35 - ok
17:36:58.0530 0x09d8  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00, 4646712B3F3AF6188DBCE1A95D92261E8B15E9583FE5DD538EC884F48B51759D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
17:36:58.0542 0x09d8  UBHelper - ok
17:36:58.0558 0x09d8  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:36:58.0623 0x09d8  udfs - ok
17:36:58.0662 0x09d8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:36:58.0682 0x09d8  UI0Detect - ok
17:36:58.0711 0x09d8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:36:58.0726 0x09d8  uliagpkx - ok
17:36:58.0743 0x09d8  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:36:58.0780 0x09d8  umbus - ok
17:36:58.0808 0x09d8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
17:36:58.0829 0x09d8  UmPass - ok
17:36:59.0034 0x09d8  [ 7466809E6DA561D60C2F1CE8EDE3C73F, A3185049282A51B17C3DA839AF7E90F1CD395B2FB5587514EB2D65CB22854E2C ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
17:36:59.0134 0x09d8  UNS - ok
17:36:59.0209 0x09d8  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
17:36:59.0278 0x09d8  upnphost - ok
17:36:59.0332 0x09d8  [ 43228F8EDD1B0BCDD3145AD246E63D39, 108D8793E9F94C0A0E895398599B359121751F2E7BAA8B7BD24838AEF646726D ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
17:36:59.0346 0x09d8  USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
17:37:02.0464 0x09d8  Detect skipped due to KSN trusted
17:37:02.0464 0x09d8  USBAAPL64 - ok
17:37:02.0546 0x09d8  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
17:37:02.0592 0x09d8  usbaudio - ok
17:37:02.0637 0x09d8  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:37:02.0658 0x09d8  usbccgp - ok
17:37:02.0712 0x09d8  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:37:02.0743 0x09d8  usbcir - ok
17:37:02.0765 0x09d8  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
17:37:02.0790 0x09d8  usbehci - ok
17:37:02.0821 0x09d8  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:37:02.0858 0x09d8  usbhub - ok
17:37:02.0869 0x09d8  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:37:02.0894 0x09d8  usbohci - ok
17:37:02.0924 0x09d8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
17:37:02.0992 0x09d8  usbprint - ok
17:37:03.0025 0x09d8  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:37:03.0059 0x09d8  USBSTOR - ok
17:37:03.0073 0x09d8  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:37:03.0090 0x09d8  usbuhci - ok
17:37:03.0144 0x09d8  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
17:37:03.0166 0x09d8  usbvideo - ok
17:37:03.0194 0x09d8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
17:37:03.0251 0x09d8  UxSms - ok
17:37:03.0279 0x09d8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\Windows\system32\lsass.exe
17:37:03.0314 0x09d8  VaultSvc - ok
17:37:03.0364 0x09d8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:37:03.0391 0x09d8  vdrvroot - ok
17:37:03.0430 0x09d8  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
17:37:03.0512 0x09d8  vds - ok
17:37:03.0552 0x09d8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:37:03.0574 0x09d8  vga - ok
17:37:03.0592 0x09d8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:37:03.0653 0x09d8  VgaSave - ok
17:37:03.0718 0x09d8  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:37:03.0744 0x09d8  vhdmp - ok
17:37:03.0772 0x09d8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:37:03.0787 0x09d8  viaide - ok
17:37:03.0805 0x09d8  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:37:03.0821 0x09d8  volmgr - ok
17:37:03.0844 0x09d8  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:37:03.0868 0x09d8  volmgrx - ok
17:37:03.0880 0x09d8  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:37:03.0900 0x09d8  volsnap - ok
17:37:03.0927 0x09d8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:37:03.0947 0x09d8  vsmraid - ok
17:37:04.0058 0x09d8  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
17:37:04.0185 0x09d8  VSS - ok
17:37:04.0209 0x09d8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:37:04.0245 0x09d8  vwifibus - ok
17:37:04.0274 0x09d8  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:37:04.0315 0x09d8  vwififlt - ok
17:37:04.0340 0x09d8  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
17:37:04.0362 0x09d8  vwifimp - ok
17:37:04.0444 0x09d8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
17:37:04.0510 0x09d8  W32Time - ok
17:37:04.0570 0x09d8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:37:04.0612 0x09d8  WacomPen - ok
17:37:04.0640 0x09d8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:37:04.0687 0x09d8  WANARP - ok
17:37:04.0699 0x09d8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:37:04.0740 0x09d8  Wanarpv6 - ok
17:37:04.0820 0x09d8  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
17:37:04.0925 0x09d8  WatAdminSvc - ok
17:37:05.0109 0x09d8  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
17:37:05.0190 0x09d8  wbengine - ok
17:37:05.0216 0x09d8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:37:05.0245 0x09d8  WbioSrvc - ok
17:37:05.0340 0x09d8  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:37:05.0392 0x09d8  wcncsvc - ok
17:37:05.0407 0x09d8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:37:05.0424 0x09d8  WcsPlugInService - ok
17:37:05.0451 0x09d8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
17:37:05.0465 0x09d8  Wd - ok
17:37:05.0611 0x09d8  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:37:05.0652 0x09d8  Wdf01000 - ok
17:37:05.0668 0x09d8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:37:05.0702 0x09d8  WdiServiceHost - ok
17:37:05.0708 0x09d8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:37:05.0734 0x09d8  WdiSystemHost - ok
17:37:05.0802 0x09d8  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
17:37:05.0844 0x09d8  WebClient - ok
17:37:05.0868 0x09d8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:37:05.0946 0x09d8  Wecsvc - ok
17:37:05.0980 0x09d8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:37:06.0027 0x09d8  wercplsupport - ok
17:37:06.0054 0x09d8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:37:06.0099 0x09d8  WerSvc - ok
17:37:06.0138 0x09d8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:37:06.0180 0x09d8  WfpLwf - ok
17:37:06.0203 0x09d8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:37:06.0216 0x09d8  WIMMount - ok
17:37:06.0270 0x09d8  WinDefend - ok
17:37:06.0295 0x09d8  WinHttpAutoProxySvc - ok
17:37:06.0379 0x09d8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:37:06.0449 0x09d8  Winmgmt - ok
17:37:06.0545 0x09d8  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
17:37:06.0682 0x09d8  WinRM - ok
17:37:06.0747 0x09d8  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:37:06.0785 0x09d8  WinUsb - ok
17:37:06.0832 0x09d8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:37:06.0909 0x09d8  Wlansvc - ok
17:37:06.0972 0x09d8  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:37:06.0996 0x09d8  wlcrasvc - ok
17:37:07.0120 0x09d8  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:37:07.0220 0x09d8  wlidsvc - ok
17:37:07.0262 0x09d8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
17:37:07.0308 0x09d8  WmiAcpi - ok
17:37:07.0361 0x09d8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:37:07.0405 0x09d8  wmiApSrv - ok
17:37:07.0409 0x09d8  WMPNetworkSvc - ok
17:37:07.0436 0x09d8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:37:07.0459 0x09d8  WPCSvc - ok
17:37:07.0484 0x09d8  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:37:07.0507 0x09d8  WPDBusEnum - ok
17:37:07.0538 0x09d8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:37:07.0606 0x09d8  ws2ifsl - ok
17:37:07.0622 0x09d8  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
17:37:07.0670 0x09d8  wscsvc - ok
17:37:07.0674 0x09d8  WSearch - ok
17:37:07.0788 0x09d8  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:37:07.0946 0x09d8  wuauserv - ok
17:37:08.0007 0x09d8  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:37:08.0068 0x09d8  WudfPf - ok
17:37:08.0107 0x09d8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:37:08.0137 0x09d8  WUDFRd - ok
17:37:08.0176 0x09d8  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:37:08.0214 0x09d8  wudfsvc - ok
17:37:08.0245 0x09d8  [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:37:08.0300 0x09d8  WwanSvc - ok
17:37:08.0325 0x09d8  ================ Scan global ===============================
17:37:08.0350 0x09d8  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
17:37:08.0381 0x09d8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
17:37:08.0403 0x09d8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
17:37:08.0454 0x09d8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
17:37:08.0505 0x09d8  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
17:37:08.0522 0x09d8  [ Global ] - ok
17:37:08.0523 0x09d8  ================ Scan MBR ==================================
17:37:08.0546 0x09d8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:37:08.0566 0x09d8  Suspicious mbr (Forged): \Device\Harddisk0\DR0
17:37:08.0710 0x09d8  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c ( 0 )
17:37:08.0710 0x09d8  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
17:37:11.0707 0x09d8  \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )
17:37:11.0707 0x09d8  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:37:14.0614 0x09d8  ================ Scan VBR ==================================
17:37:14.0640 0x09d8  [ 57C38867F219B853FC13089D4B5C9B4F ] \Device\Harddisk0\DR0\Partition1
17:37:14.0717 0x09d8  \Device\Harddisk0\DR0\Partition1 - ok
17:37:14.0742 0x09d8  [ E9D15D3EC3BBF4EEA597E9384ABE5820 ] \Device\Harddisk0\DR0\Partition2
17:37:14.0805 0x09d8  \Device\Harddisk0\DR0\Partition2 - ok
17:37:14.0885 0x09d8  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2013.292 ), 0x41000 ( enabled : updated )
17:37:14.0913 0x09d8  Win FW state via NFP2: enabled
17:37:17.0847 0x09d8  ============================================================
17:37:17.0847 0x09d8  Scan finished
17:37:17.0847 0x09d8  ============================================================
17:37:17.0866 0x043c  Detected object count: 2
17:37:17.0866 0x043c  Actual detected object count: 2
17:38:05.0286 0x043c  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user
17:38:05.0286 0x043c  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip 
17:38:05.0287 0x043c  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:38:05.0287 0x043c  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
 
 


#4 Markstein

Markstein
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 11 March 2014 - 07:53 PM

FRST logs

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
Ran by Owner (administrator) on OWNER-PC on 11-03-2014 17:45:01
Running from C:\Users\Owner\Desktop\New folder\farbar
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
() \\.\globalrootC:\Windows\svchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [860040 2011-01-05] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe [258304 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-03-01] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [Adobe] - rundll32.exe "C:\Users\Owner\AppData\Local\Apple\Adobe\ygfewpsdr.dll",CreateInstance <===== ATTENTION
HKU\S-1-5-19\...\Run: [Adobe] - rundll32.exe "C:\Users\Owner\AppData\Local\Apple\Adobe\ygfewpsdr.dll",CreateInstance <===== ATTENTION
HKU\S-1-5-20\...\Run: [Adobe] - rundll32.exe "C:\Users\Owner\AppData\Local\Apple\Adobe\ygfewpsdr.dll",CreateInstance <===== ATTENTION
HKU\S-1-5-21-3779763097-815708489-3500938347-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3779763097-815708489-3500938347-1000\...\MountPoints2: {1fce2e14-7d6d-11e0-ae7e-806e6f6e6963} - D:\install.EXE id= ver=1.0.0.0
HKU\S-1-5-21-3779763097-815708489-3500938347-1000\...\MountPoints2: {5f7b324c-066e-11e1-9c9a-90004e155ca9} - E:\WIN\setup.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
SearchScopes: HKLM-x32 - DefaultScope {E36E5FD6-05B8-42D2-9C2C-9CFFA22148F3} URL = 
SearchScopes: HKCU - DefaultScope {57A8A330-31FE-4945-8CCB-CCE285FF82D8} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {57A8A330-31FE-4945-8CCB-CCE285FF82D8} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
CHR Plugin: (Unity Player) - C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-20]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-20]
CHR Extension: (avast! Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-05-10]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-20]
CHR HKCU\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Owner\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2011-12-20]
CHR HKCU\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - C:\Users\Owner\AppData\Local\CRE\neebgdeaohaofdhldpobdpfocdonmgki.crx [2011-12-20]
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Owner\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2011-12-20]
CHR HKLM-x32\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - C:\Users\Owner\AppData\Local\CRE\neebgdeaohaofdhldpobdpfocdonmgki.crx [2011-12-20]
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-01] (AVAST Software)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-03-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-03-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-03-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-03-01] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-03-01] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-03-01] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 swiwdmbus; C:\Windows\System32\DRIVERS\swiwdmbusx64.sys [102656 2010-06-21] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [240640 2010-06-21] (Sierra Wireless Inc.)
S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [210944 2010-06-21] (Sierra Wireless Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-11 17:44 - 2014-03-11 17:45 - 00000000 ____D () C:\FRST
2014-03-11 17:32 - 2014-03-11 17:34 - 00000000 ____D () C:\Users\Owner\Desktop\New folder
2014-03-10 17:55 - 2014-03-10 17:56 - 00019355 _____ () C:\Users\Owner\Desktop\dds.txt
2014-03-10 17:55 - 2014-03-10 17:56 - 00005004 _____ () C:\Users\Owner\Desktop\attach.txt
2014-03-10 17:53 - 2014-03-10 17:53 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
2014-03-04 23:00 - 2009-07-13 18:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\svchost.exe
2014-03-04 19:27 - 2014-03-04 19:27 - 00000348 _____ () C:\Windows\PFRO.log
2014-03-04 19:19 - 2014-03-11 17:27 - 00000336 _____ () C:\Windows\setupact.log
2014-03-04 19:19 - 2014-03-04 19:19 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-04 19:01 - 2014-03-04 19:17 - 00000429 _____ () C:\Users\Owner\Documents\text.txt
2014-03-02 17:25 - 2012-05-04 04:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-03-02 17:25 - 2012-05-04 02:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-03-02 17:18 - 2014-03-02 17:18 - 00000000 ____D () C:\ProgramData\Intel
2014-03-02 12:45 - 2009-06-10 14:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140302-114520.backup
2014-03-02 12:43 - 2014-03-02 21:27 - 00000688 _____ () C:\Windows\wininit.ini
2014-03-02 12:26 - 2014-03-10 17:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-02 12:26 - 2014-03-02 12:28 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-03-02 12:26 - 2014-03-02 12:26 - 00001265 _____ () C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
2014-03-02 10:23 - 2013-12-21 02:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-02 10:23 - 2013-12-21 01:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-02 10:22 - 2014-02-06 05:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-02 10:22 - 2014-02-06 04:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-02 10:22 - 2014-02-06 04:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-02 10:22 - 2014-02-06 04:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-02 10:22 - 2014-02-06 04:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-02 10:22 - 2014-02-06 04:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-02 10:22 - 2014-02-06 03:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-02 10:22 - 2014-02-06 03:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-02 10:22 - 2014-02-06 03:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-02 10:22 - 2014-02-06 03:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-02 10:22 - 2014-02-06 03:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-02 10:22 - 2014-02-06 03:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-02 10:22 - 2014-02-06 03:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-02 10:22 - 2014-02-06 03:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-02 10:22 - 2014-02-06 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-02 10:22 - 2014-02-06 03:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-02 10:22 - 2014-02-06 03:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-02 10:22 - 2014-02-06 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-02 10:22 - 2014-02-06 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-02 10:22 - 2014-02-06 02:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-02 10:22 - 2014-02-06 02:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-02 10:22 - 2014-02-06 02:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-02 10:22 - 2014-02-06 02:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-02 10:22 - 2014-02-06 02:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-02 10:22 - 2014-02-06 02:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-02 10:22 - 2014-02-06 02:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-02 10:22 - 2014-02-06 02:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-02 10:22 - 2014-02-06 02:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-02 10:22 - 2014-02-06 02:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-02 10:22 - 2014-02-06 02:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-02 10:22 - 2014-02-06 02:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-02 10:22 - 2014-02-06 02:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-02 10:22 - 2014-02-06 02:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-02 10:22 - 2014-02-06 02:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-02 10:22 - 2014-02-06 01:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-02 10:22 - 2014-02-06 01:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-02 10:22 - 2014-02-06 01:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-02 10:22 - 2014-02-06 01:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-02 10:22 - 2014-02-06 01:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-01 22:27 - 2013-05-09 22:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-03-01 22:27 - 2013-05-09 22:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-03-01 22:27 - 2013-05-09 21:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-03-01 22:27 - 2013-05-09 21:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-03-01 22:25 - 2013-10-14 19:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-03-01 22:23 - 2014-03-01 22:23 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-03-01 22:23 - 2014-03-01 22:23 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-03-01 22:23 - 2014-03-01 22:23 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-03-01 22:23 - 2014-03-01 22:23 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-03-01 22:23 - 2014-03-01 22:23 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-03-01 22:23 - 2014-03-01 22:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-03-01 22:23 - 2014-03-01 22:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-03-01 22:21 - 2014-03-01 22:21 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-03-01 22:21 - 2014-03-01 22:21 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-03-01 22:21 - 2014-03-01 22:21 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-03-01 22:21 - 2014-03-01 22:21 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-03-01 22:21 - 2014-03-01 22:21 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-03-01 22:21 - 2014-03-01 22:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-03-01 22:13 - 2014-03-01 22:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-01 22:12 - 2013-12-18 22:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-01 22:12 - 2013-12-18 22:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-01 22:12 - 2013-12-18 22:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-01 22:12 - 2013-12-18 22:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-01 22:11 - 2014-03-01 22:12 - 00005765 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-01 20:37 - 2014-03-01 20:37 - 00020464 _____ () C:\Users\Owner\Documents\cc_20140301_193716.reg
2014-03-01 20:36 - 2014-03-01 20:36 - 00199852 _____ () C:\Users\Owner\Documents\reg_backup3-1-14.reg
2014-03-01 20:26 - 2014-03-01 20:26 - 04765152 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup411.exe
2014-03-01 20:16 - 2014-03-01 20:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-03-01 20:11 - 2013-10-05 13:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-03-01 20:11 - 2013-10-05 12:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-03-01 20:09 - 2013-10-29 19:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-03-01 20:09 - 2013-10-29 19:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-03-01 20:08 - 2014-03-01 20:08 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-01 20:08 - 2013-12-31 16:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-03-01 20:08 - 2013-12-31 16:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-03-01 20:08 - 2013-11-23 11:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-03-01 20:08 - 2013-11-23 10:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-03-01 20:08 - 2013-10-18 19:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-03-01 20:08 - 2013-10-18 18:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-03-01 20:07 - 2013-11-11 19:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-01 20:07 - 2013-11-11 19:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-03-01 20:06 - 2013-12-05 19:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-01 20:06 - 2013-12-05 19:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-03-01 20:06 - 2013-12-05 19:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-03-01 20:06 - 2013-12-05 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-03-01 20:06 - 2013-12-03 19:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-03-01 20:06 - 2013-12-03 19:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-03-01 20:06 - 2013-11-26 04:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-03-01 20:05 - 2013-12-03 19:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-03-01 20:05 - 2013-12-03 19:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-03-01 20:05 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-03-01 20:05 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-03-01 20:05 - 2013-12-03 19:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-03-01 20:05 - 2013-12-03 19:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-03-01 20:05 - 2013-12-03 19:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-03-01 20:05 - 2013-12-03 19:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-03-01 20:05 - 2013-12-03 19:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-03-01 20:05 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-03-01 20:05 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-03-01 20:05 - 2013-12-03 19:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-03-01 20:05 - 2013-12-03 18:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-03-01 20:05 - 2013-12-03 18:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-03-01 20:05 - 2013-12-03 18:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-03-01 20:05 - 2013-12-03 18:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-03-01 20:04 - 2013-10-03 19:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-03-01 20:04 - 2013-10-03 19:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-03-01 20:04 - 2013-10-03 19:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-03-01 20:04 - 2013-10-03 18:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-03-01 20:04 - 2013-10-03 18:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-03-01 20:04 - 2013-10-03 18:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-03-01 20:02 - 2013-11-26 18:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-03-01 20:02 - 2013-11-26 18:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-03-01 20:02 - 2013-11-26 18:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-03-01 20:02 - 2013-11-26 18:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-03-01 20:02 - 2013-11-26 18:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-03-01 20:02 - 2013-11-26 18:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-03-01 20:02 - 2013-11-26 18:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-03-01 20:02 - 2013-10-03 19:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-03-01 20:02 - 2013-10-03 18:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-03-01 20:02 - 2013-09-27 18:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-03-01 20:02 - 2013-09-24 19:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-03-01 20:02 - 2013-09-24 19:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-03-01 20:02 - 2013-09-24 19:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-03-01 20:02 - 2013-09-24 19:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-03-01 20:02 - 2013-09-24 19:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-03-01 20:02 - 2013-09-24 19:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-03-01 20:02 - 2013-09-24 19:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-03-01 20:02 - 2013-09-24 19:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-03-01 20:02 - 2013-09-24 18:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-03-01 20:02 - 2013-09-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-03-01 20:02 - 2013-09-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-03-01 20:02 - 2013-09-24 18:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-03-01 20:02 - 2013-09-24 18:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-03-01 20:02 - 2013-07-04 05:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-03-01 20:01 - 2013-12-24 16:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-01 20:01 - 2013-12-24 15:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-01 20:01 - 2013-11-26 03:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-01 20:01 - 2013-11-26 01:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-01 20:01 - 2013-11-22 15:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-01 20:01 - 2013-10-02 19:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-03-01 20:01 - 2013-10-02 19:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-03-01 20:00 - 2013-10-11 19:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-03-01 20:00 - 2013-10-11 19:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-03-01 20:00 - 2013-10-11 19:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-03-01 20:00 - 2013-10-11 19:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-03-01 20:00 - 2013-10-11 18:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-03-01 20:00 - 2013-10-11 18:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-03-01 20:00 - 2013-10-11 18:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-03-01 20:00 - 2013-10-11 18:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-03-01 19:59 - 2013-10-11 19:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-03-01 19:59 - 2013-10-11 19:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-03-01 19:59 - 2013-10-11 19:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-03-01 19:59 - 2013-10-11 19:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-03-01 19:59 - 2013-10-11 19:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
 
==================== One Month Modified Files and Folders =======
 
2014-03-11 17:45 - 2014-03-11 17:44 - 00000000 ____D () C:\FRST
2014-03-11 17:44 - 2011-07-09 20:33 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-11 17:36 - 2012-12-29 22:43 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 17:36 - 2012-12-29 22:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-11 17:36 - 2012-04-10 18:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 17:36 - 2011-08-04 01:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 17:35 - 2013-09-09 20:35 - 01503886 _____ () C:\Windows\WindowsUpdate.log
2014-03-11 17:34 - 2014-03-11 17:32 - 00000000 ____D () C:\Users\Owner\Desktop\New folder
2014-03-11 17:34 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-11 17:34 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-11 17:32 - 2009-07-13 22:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-11 17:27 - 2014-03-04 19:19 - 00000336 _____ () C:\Windows\setupact.log
2014-03-11 17:27 - 2011-07-09 20:33 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-11 17:27 - 2009-07-13 22:08 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-11 17:27 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-10 17:56 - 2014-03-10 17:55 - 00019355 _____ () C:\Users\Owner\Desktop\dds.txt
2014-03-10 17:56 - 2014-03-10 17:55 - 00005004 _____ () C:\Users\Owner\Desktop\attach.txt
2014-03-10 17:53 - 2014-03-10 17:53 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
2014-03-10 17:33 - 2014-03-02 12:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-10 17:22 - 2013-05-11 19:03 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-04 19:27 - 2014-03-04 19:27 - 00000348 _____ () C:\Windows\PFRO.log
2014-03-04 19:19 - 2014-03-04 19:19 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-04 19:17 - 2014-03-04 19:01 - 00000429 _____ () C:\Users\Owner\Documents\text.txt
2014-03-04 19:03 - 2013-05-11 19:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-04 18:23 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-03-04 18:21 - 2011-07-29 10:25 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SoftGrid Client
2014-03-04 17:48 - 2011-10-08 14:57 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-02 21:27 - 2014-03-02 12:43 - 00000688 _____ () C:\Windows\wininit.ini
2014-03-02 17:35 - 2011-08-25 17:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\Unity
2014-03-02 17:18 - 2014-03-02 17:18 - 00000000 ____D () C:\ProgramData\Intel
2014-03-02 17:16 - 2011-05-02 23:37 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-03-02 16:58 - 2011-07-11 02:04 - 00000000 ____D () C:\Program Files (x86)\Pidgin
2014-03-02 16:56 - 2007-07-11 18:49 - 00000000 ____D () C:\Windows\Panther
2014-03-02 12:43 - 2013-05-10 20:45 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-02 12:28 - 2014-03-02 12:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-03-02 12:26 - 2014-03-02 12:26 - 00001265 _____ () C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
2014-03-02 10:24 - 2011-07-29 10:25 - 00776014 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-02 02:30 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-03-01 22:44 - 2011-06-29 05:49 - 00001420 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-01 22:43 - 2011-08-04 01:04 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-03-01 22:43 - 2009-07-13 21:45 - 00277128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-01 22:41 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-03-01 22:25 - 2013-09-09 20:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-01 22:23 - 2014-03-01 22:23 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-03-01 22:23 - 2014-03-01 22:23 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-03-01 22:23 - 2014-03-01 22:23 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-03-01 22:23 - 2014-03-01 22:23 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-03-01 22:23 - 2014-03-01 22:23 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-03-01 22:23 - 2014-03-01 22:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-03-01 22:23 - 2014-03-01 22:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-03-01 22:21 - 2014-03-01 22:21 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-03-01 22:21 - 2014-03-01 22:21 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-03-01 22:21 - 2014-03-01 22:21 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-03-01 22:21 - 2014-03-01 22:21 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-03-01 22:21 - 2014-03-01 22:21 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-03-01 22:21 - 2014-03-01 22:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-03-01 22:13 - 2014-03-01 22:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-01 22:12 - 2014-03-01 22:11 - 00005765 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-01 22:12 - 2013-09-02 17:58 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-01 22:09 - 2011-08-04 01:05 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-03-01 20:37 - 2014-03-01 20:37 - 00020464 _____ () C:\Users\Owner\Documents\cc_20140301_193716.reg
2014-03-01 20:36 - 2014-03-01 20:36 - 00199852 _____ () C:\Users\Owner\Documents\reg_backup3-1-14.reg
2014-03-01 20:26 - 2014-03-01 20:26 - 04765152 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup411.exe
2014-03-01 20:26 - 2013-05-10 20:45 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-01 20:26 - 2013-05-10 20:45 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-01 20:26 - 2012-07-30 00:38 - 00000000 ____D () C:\Windows\Minidump
2014-03-01 20:16 - 2014-03-01 20:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-03-01 20:10 - 2013-05-11 19:03 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-01 20:08 - 2014-03-01 20:08 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-01 20:08 - 2013-05-11 19:03 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-01 20:08 - 2013-05-11 19:03 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-01 20:08 - 2013-05-11 19:03 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-01 20:08 - 2013-05-11 19:03 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-01 20:08 - 2013-05-11 19:03 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-01 20:08 - 2013-05-11 19:03 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-01 20:08 - 2013-05-11 19:03 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-01 20:08 - 2013-05-11 19:03 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-01 19:53 - 2013-05-10 21:52 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-01 19:52 - 2013-05-11 19:03 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-02-17 16:39 - 2011-07-09 20:33 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-17 16:39 - 2011-07-09 20:33 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-15 17:27 - 2011-06-29 05:47 - 00000000 ____D () C:\Users\Owner
2014-02-15 17:26 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
 
ZeroAccess:
C:\Windows\Installer\{d3f95fdc-d608-53b9-7290-401c855429a7}
 
ZeroAccess:
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{d3f95fdc-d608-53b9-7290-401c855429a7}
C:\Windows\svchost.exe
ATTENTION ====> Check for partition/boot infection.
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
TDL4: custom:26000022 <===== ATTENTION!
 
 
LastRegBack: 2014-03-10 18:56
 
==================== End Of Log ============================
 
Addition.txt log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2014
Ran by Owner at 2014-03-11 17:45:36
Running from C:\Users\Owner\Desktop\New folder\farbar
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3817.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.3817.50 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Disney Toontown Online (HKLM-x32\...\Disney Toontown Online) (Version:  - Walt Disney Internet Group)
ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gateway MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Gateway Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3009 - Gateway Incorporated)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3016 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.04.3501 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0806.2010 - Gateway Incorporated)
Gateway Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 1.0.1901 - CyberLink Corp.)
Gateway Social Networks (x32 Version: 1.0.1901 - CyberLink Corp.) Hidden
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Gateway Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{7D220A57-969F-4D09-9297-D48195A8ABDD}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Gateway Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Gateway)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero Control Center 10 (x32 Version: 10.2.11100.1.1 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.18100.8.8 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.5.10200 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Video Web Camera (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1523 - CyberLink Corp.)
Video Web Camera (x32 Version: 1.0.1523 - CyberLink Corp.) Hidden
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3103 - Gateway Incorporated)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
02-03-2014 05:11:03 Installed Java 7 Update 51
02-03-2014 05:18:18 Windows Update
02-03-2014 11:00:12 Windows Update
02-03-2014 17:11:21 Windows Update
02-03-2014 17:22:05 Windows Update
03-03-2014 00:14:19 Windows Update
03-03-2014 00:25:28 Windows Update
05-03-2014 02:02:08 Removed iTunes
05-03-2014 02:04:20 Removed Bonjour
05-03-2014 02:04:46 Removed Apple Software Update
05-03-2014 02:05:40 Removed Apple Application Support
05-03-2014 02:06:48 Removed Apple Mobile Device Support
 
==================== Hosts content: ==========================
 
2009-07-13 19:34 - 2014-03-02 12:45 - 00450712 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {11FC62CD-E571-445C-806B-212C45BFE543} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3779763097-815708489-3500938347-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {2D5AE3BE-DDFA-42DE-A4F4-75535DC3EF25} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {4BA77A7C-3DA8-444A-B71D-C852417628B9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {55529449-9922-4A84-9B06-6FDB4CD1BBFC} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3779763097-815708489-3500938347-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {CA2E5F0E-C805-44AE-B9E4-2E828C45E0CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-09] (Google Inc.)
Task: {E3A54382-5116-4478-B1D1-2E680C6F6658} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-09] (Google Inc.)
Task: {EB8DEB67-6E19-40D0-B2AE-4669FDE1C921} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-01] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-01-10 22:12 - 2012-01-10 22:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-03-10 17:23 - 2014-03-10 13:55 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14031003\algo.dll
2014-03-11 17:28 - 2014-03-11 09:06 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14031103\algo.dll
2010-06-28 15:20 - 2010-06-28 15:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
2010-06-28 15:12 - 2010-06-28 15:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\ACE.dll
2011-05-03 00:21 - 2009-05-19 23:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-03-01 20:07 - 2014-03-01 20:07 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-04 17:48 - 2014-03-01 19:35 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2014-03-04 17:48 - 2014-03-01 19:35 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
2014-03-04 17:48 - 2014-03-01 19:35 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
2014-03-04 17:48 - 2014-03-01 19:35 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-04 17:48 - 2014-03-01 19:35 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-04 17:48 - 2014-03-01 19:35 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
2014-03-01 23:05 - 2014-03-01 23:05 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\29335dc88d799664dcd97362bcb687e9\IsdiInterop.ni.dll
2011-05-02 23:38 - 2010-04-13 09:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-03-04 17:48 - 2014-03-01 19:35 - 13632840 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: WinDefend => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Best Buy pc app => C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/11/2014 05:27:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/11/2014 06:55:58 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (03/11/2014 06:25:47 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/10/2014 06:58:07 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (03/10/2014 05:21:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/04/2014 10:59:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/04/2014 08:01:23 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (03/04/2014 07:28:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/04/2014 07:19:21 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/04/2014 07:19:21 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (03/04/2014 07:19:21 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/04/2014 07:19:21 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
 
Error: (03/04/2014 07:06:39 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service failed to start due to the following error: 
%%1053
 
Error: (03/04/2014 07:06:39 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
 
Error: (03/02/2014 10:39:50 AM) (Source: Service Control Manager) (User: )
Description: The Windows Time service terminated with the following error: 
%%1115
 
Error: (03/01/2014 10:46:29 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{95C6A70C-A638-4FA5-9C60-3D2434D55CA4}.
The backup browser is stopping.
 
Error: (03/01/2014 10:19:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2872339).
 
Error: (03/01/2014 10:19:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2882822).
 
Error: (03/01/2014 10:07:27 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{95C6A70C-A638-4FA5-9C60-3D2434D55CA4}.
The backup browser is stopping.
 
Error: (03/01/2014 09:54:31 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{95C6A70C-A638-4FA5-9C60-3D2434D55CA4}.
The backup browser is stopping.
 
 
Microsoft Office Sessions:
=========================
Error: (03/11/2014 05:27:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/11/2014 06:55:58 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8
 
Error: (03/11/2014 06:25:47 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/10/2014 06:58:07 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8
 
Error: (03/10/2014 05:21:51 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/04/2014 10:59:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/04/2014 08:01:23 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8
 
Error: (03/04/2014 07:28:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/04/2014 07:19:21 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/04/2014 07:19:21 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 51%
Total physical RAM: 2806.71 MB
Available physical RAM: 1366.99 MB
Total Pagefile: 5611.59 MB
Available Pagefile: 3782.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (Gateway) (Fixed) (Total:282.99 GB) (Free:238.05 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 5359DA5C)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 12 March 2014 - 03:19 AM

Hi,

let's remove the bootkit:


Start TDSSKiller.exe again with administrator privileges.
  • Set the parameters like in the first scan and click on Start scan.
  • This time select for the threat Rootkit.Boot.Pihar.c (and only for that!) the option Cure (or Delete).
  • Click on Continue and allow the reboot.
  • Copy and paste the log file (C:\TDSSKiller.<version_date_time>_log.txt) of this run in your next reply.


#6 Markstein

Markstein
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 12 March 2014 - 08:25 AM

I ran the scan as suggested again and when clicking on Cure, Avast jumped in and quarantined 6 viruses (just a FYI). Following are the logs after reboot:

 

06:06:11.0768 0x0b1c  TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
06:06:41.0786 0x0b1c  ============================================================
06:06:41.0786 0x0b1c  Current date / time: 2014/03/12 06:06:41.0786
06:06:41.0786 0x0b1c  SystemInfo:
06:06:41.0786 0x0b1c  
06:06:41.0786 0x0b1c  OS Version: 6.1.7601 ServicePack: 1.0
06:06:41.0786 0x0b1c  Product type: Workstation
06:06:41.0786 0x0b1c  ComputerName: OWNER-PC
06:06:41.0787 0x0b1c  UserName: Owner
06:06:41.0787 0x0b1c  Windows directory: C:\Windows
06:06:41.0787 0x0b1c  System windows directory: C:\Windows
06:06:41.0787 0x0b1c  Running under WOW64
06:06:41.0787 0x0b1c  Processor architecture: Intel x64
06:06:41.0787 0x0b1c  Number of processors: 4
06:06:41.0787 0x0b1c  Page size: 0x1000
06:06:41.0787 0x0b1c  Boot type: Normal boot
06:06:41.0787 0x0b1c  ============================================================
06:06:42.0093 0x0b1c  KLMD registered as C:\Windows\system32\drivers\53226482.sys
06:06:42.0389 0x0b1c  System UUID: {7674FB53-6CE7-6528-F956-A66EB68B0A2B}
06:06:42.0935 0x0b1c  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
06:06:42.0943 0x0b1c  ============================================================
06:06:42.0943 0x0b1c  \Device\Harddisk0\DR0:
06:06:42.0943 0x0b1c  MBR partitions:
06:06:42.0943 0x0b1c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
06:06:42.0943 0x0b1c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x235FB800
06:06:42.0943 0x0b1c  ============================================================
06:06:42.0995 0x0b1c  C: <-> \Device\Harddisk0\DR0\Partition2
06:06:43.0008 0x0b1c  ============================================================
06:06:43.0008 0x0b1c  Initialize success
06:06:43.0008 0x0b1c  ============================================================
06:07:38.0597 0x0ad0  ============================================================
06:07:38.0597 0x0ad0  Scan started
06:07:38.0597 0x0ad0  Mode: Manual; SigCheck; TDLFS; 
06:07:38.0597 0x0ad0  ============================================================
06:07:38.0597 0x0ad0  KSN ping started
06:07:52.0488 0x0ad0  KSN ping finished: true
06:07:52.0816 0x0ad0  ================ Scan system memory ========================
06:07:52.0816 0x0ad0  System memory - ok
06:07:52.0816 0x0ad0  ================ Scan services =============================
06:07:53.0021 0x0ad0  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
06:07:53.0113 0x0ad0  1394ohci - ok
06:07:53.0154 0x0ad0  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
06:07:53.0177 0x0ad0  ACPI - ok
06:07:53.0218 0x0ad0  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
06:07:53.0265 0x0ad0  AcpiPmi - ok
06:07:53.0406 0x0ad0  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
06:07:53.0437 0x0ad0  AdobeARMservice - ok
06:07:53.0629 0x0ad0  [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
06:07:53.0668 0x0ad0  AdobeFlashPlayerUpdateSvc - ok
06:07:53.0746 0x0ad0  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
06:07:53.0826 0x0ad0  adp94xx - ok
06:07:53.0901 0x0ad0  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
06:07:53.0943 0x0ad0  adpahci - ok
06:07:54.0012 0x0ad0  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
06:07:54.0044 0x0ad0  adpu320 - ok
06:07:54.0084 0x0ad0  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
06:07:54.0145 0x0ad0  AeLookupSvc - ok
06:07:54.0219 0x0ad0  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
06:07:54.0286 0x0ad0  AFD - ok
06:07:54.0321 0x0ad0  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
06:07:54.0339 0x0ad0  agp440 - ok
06:07:54.0363 0x0ad0  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
06:07:54.0412 0x0ad0  ALG - ok
06:07:54.0454 0x0ad0  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
06:07:54.0473 0x0ad0  aliide - ok
06:07:54.0486 0x0ad0  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
06:07:54.0505 0x0ad0  amdide - ok
06:07:54.0535 0x0ad0  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
06:07:54.0574 0x0ad0  AmdK8 - ok
06:07:54.0591 0x0ad0  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
06:07:54.0631 0x0ad0  AmdPPM - ok
06:07:54.0673 0x0ad0  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
06:07:54.0708 0x0ad0  amdsata - ok
06:07:54.0743 0x0ad0  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
06:07:54.0771 0x0ad0  amdsbs - ok
06:07:54.0790 0x0ad0  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
06:07:54.0803 0x0ad0  amdxata - ok
06:07:54.0839 0x0ad0  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
06:07:54.0913 0x0ad0  AppID - ok
06:07:54.0940 0x0ad0  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
06:07:55.0039 0x0ad0  AppIDSvc - ok
06:07:55.0074 0x0ad0  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
06:07:55.0106 0x0ad0  Appinfo - ok
06:07:55.0137 0x0ad0  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
06:07:55.0153 0x0ad0  arc - ok
06:07:55.0182 0x0ad0  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
06:07:55.0198 0x0ad0  arcsas - ok
06:07:55.0322 0x0ad0  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
06:07:55.0359 0x0ad0  aspnet_state - ok
06:07:55.0413 0x0ad0  [ 0ACC3F49015E628590CA4372322EB46B, EB4E22EB4E840261168AF750E878E7A28CC080A89CEF77B5037C2897C40D1DE3 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
06:07:55.0442 0x0ad0  aswMonFlt - ok
06:07:55.0476 0x0ad0  [ 679712B7A353EE665B9301592164A172, CA3C918106A355BAFD0833BB493DF2CCBC2D0F90CA7EBF5E27CC088C7170B0E0 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
06:07:55.0506 0x0ad0  aswRdr - ok
06:07:55.0524 0x0ad0  [ C04F7B373881009D7994D9BF55D24AB4, 5DEEA804F4F9862024F40A204E88DBCFFBDD2DC87CA86145E3FB649CFCCDC624 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
06:07:55.0538 0x0ad0  aswRvrt - ok
06:07:55.0587 0x0ad0  [ 43599E630DFC30AD4E6A2B4B269EB1C0, DA6C7FDC1F6A57117B17F697A94190CC0BB9E32B8CBB4F8C042AA461361CC74C ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
06:07:55.0649 0x0ad0  aswSnx - ok
06:07:55.0688 0x0ad0  [ F22DE5F5BA8ADA0A861441B624B51EB5, 58EF9FB3328B6B470F3652DBCE8ACEDAEE6839AC393889A02052298CA204689B ] aswSP           C:\Windows\system32\drivers\aswSP.sys
06:07:55.0712 0x0ad0  aswSP - ok
06:07:55.0746 0x0ad0  [ FD3EA14ADF6216BDF4030DB2EFD43D96, 2D3009008AAE93285301B5844DC214D6B05ECB05D37AE08895D8E7187A0BB619 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
06:07:55.0776 0x0ad0  aswStm - ok
06:07:55.0809 0x0ad0  [ 367CF04C38DFF33368FCDBBF71C96297, B533833A9592FCE2B665B7E98AACC8D699845B14B7473710A333FC1E0AC0BB2F ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
06:07:55.0829 0x0ad0  aswTdi - ok
06:07:55.0868 0x0ad0  [ 90399625F341AB76BA4B85A5E860EB1F, 92DD461B14240222F451F971642844A4DAD9DF4FFEAA8F12D16EA117822BEEF3 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
06:07:55.0887 0x0ad0  aswVmm - ok
06:07:55.0906 0x0ad0  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
06:07:56.0004 0x0ad0  AsyncMac - ok
06:07:56.0040 0x0ad0  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
06:07:56.0053 0x0ad0  atapi - ok
06:07:56.0215 0x0ad0  [ E642491F64E58CD5BC8FB8B347DCF65F, D457175EF3A0552CEA3DA78E7116D54BC2BF157857A8B764597B51FB4E29C033 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
06:07:56.0318 0x0ad0  athr - ok
06:07:56.0385 0x0ad0  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
06:07:56.0484 0x0ad0  AudioEndpointBuilder - ok
06:07:56.0505 0x0ad0  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
06:07:56.0565 0x0ad0  AudioSrv - ok
06:07:56.0656 0x0ad0  [ CC42F104172B4A62793083D380867317, 0B09823419B328E29EB9FFBD033B3295590E414F31E7B37F11F62BD4B7EBAF06 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
06:07:56.0681 0x0ad0  avast! Antivirus - ok
06:07:56.0712 0x0ad0  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
06:07:56.0761 0x0ad0  AxInstSV - ok
06:07:56.0826 0x0ad0  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
06:07:56.0887 0x0ad0  b06bdrv - ok
06:07:56.0924 0x0ad0  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
06:07:56.0975 0x0ad0  b57nd60a - ok
06:07:57.0014 0x0ad0  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
06:07:57.0044 0x0ad0  BDESVC - ok
06:07:57.0062 0x0ad0  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
06:07:57.0133 0x0ad0  Beep - ok
06:07:57.0190 0x0ad0  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
06:07:57.0252 0x0ad0  BFE - ok
06:07:57.0298 0x0ad0  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
06:07:57.0398 0x0ad0  BITS - ok
06:07:57.0430 0x0ad0  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
06:07:57.0446 0x0ad0  blbdrive - ok
06:07:57.0469 0x0ad0  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
06:07:57.0501 0x0ad0  bowser - ok
06:07:57.0525 0x0ad0  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
06:07:57.0546 0x0ad0  BrFiltLo - ok
06:07:57.0563 0x0ad0  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
06:07:57.0583 0x0ad0  BrFiltUp - ok
06:07:57.0626 0x0ad0  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
06:07:57.0672 0x0ad0  Browser - ok
06:07:57.0703 0x0ad0  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
06:07:57.0775 0x0ad0  Brserid - ok
06:07:57.0791 0x0ad0  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
06:07:57.0825 0x0ad0  BrSerWdm - ok
06:07:57.0846 0x0ad0  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
06:07:57.0885 0x0ad0  BrUsbMdm - ok
06:07:57.0907 0x0ad0  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
06:07:57.0939 0x0ad0  BrUsbSer - ok
06:07:57.0959 0x0ad0  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
06:07:57.0987 0x0ad0  BTHMODEM - ok
06:07:58.0034 0x0ad0  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
06:07:58.0095 0x0ad0  bthserv - ok
06:07:58.0113 0x0ad0  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
06:07:58.0157 0x0ad0  cdfs - ok
06:07:58.0189 0x0ad0  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
06:07:58.0224 0x0ad0  cdrom - ok
06:07:58.0235 0x0ad0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
06:07:58.0291 0x0ad0  CertPropSvc - ok
06:07:58.0302 0x0ad0  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
06:07:58.0322 0x0ad0  circlass - ok
06:07:58.0350 0x0ad0  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
06:07:58.0374 0x0ad0  CLFS - ok
06:07:58.0442 0x0ad0  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:07:58.0463 0x0ad0  clr_optimization_v2.0.50727_32 - ok
06:07:58.0496 0x0ad0  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:07:58.0509 0x0ad0  clr_optimization_v2.0.50727_64 - ok
06:07:58.0598 0x0ad0  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:07:58.0634 0x0ad0  clr_optimization_v4.0.30319_32 - ok
06:07:58.0651 0x0ad0  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
06:07:58.0670 0x0ad0  clr_optimization_v4.0.30319_64 - ok
06:07:58.0709 0x0ad0  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
06:07:58.0741 0x0ad0  CmBatt - ok
06:07:58.0763 0x0ad0  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
06:07:58.0777 0x0ad0  cmdide - ok
06:07:58.0845 0x0ad0  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
06:07:58.0903 0x0ad0  CNG - ok
06:07:58.0916 0x0ad0  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
06:07:58.0929 0x0ad0  Compbatt - ok
06:07:58.0942 0x0ad0  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
06:07:58.0973 0x0ad0  CompositeBus - ok
06:07:58.0991 0x0ad0  COMSysApp - ok
06:07:59.0011 0x0ad0  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
06:07:59.0025 0x0ad0  crcdisk - ok
06:07:59.0067 0x0ad0  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
06:07:59.0096 0x0ad0  CryptSvc - ok
06:07:59.0232 0x0ad0  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
06:07:59.0268 0x0ad0  cvhsvc - ok
06:07:59.0307 0x0ad0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
06:07:59.0400 0x0ad0  DcomLaunch - ok
06:07:59.0438 0x0ad0  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
06:07:59.0512 0x0ad0  defragsvc - ok
06:07:59.0546 0x0ad0  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
06:07:59.0602 0x0ad0  DfsC - ok
06:07:59.0647 0x0ad0  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
06:07:59.0708 0x0ad0  Dhcp - ok
06:07:59.0739 0x0ad0  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
06:07:59.0808 0x0ad0  discache - ok
06:07:59.0842 0x0ad0  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
06:07:59.0857 0x0ad0  Disk - ok
06:07:59.0898 0x0ad0  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
06:07:59.0943 0x0ad0  Dnscache - ok
06:07:59.0992 0x0ad0  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
06:08:00.0081 0x0ad0  dot3svc - ok
06:08:00.0113 0x0ad0  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
06:08:00.0169 0x0ad0  DPS - ok
06:08:00.0220 0x0ad0  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
06:08:00.0264 0x0ad0  drmkaud - ok
06:08:00.0350 0x0ad0  [ 9CF46FDF163E06B83D03FF929EF2296C, 40BB0226361DEC2E6CBFE79CA092083986BD3D94564ED5F3E54CA2EE9A756837 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
06:08:00.0393 0x0ad0  DsiWMIService - ok
06:08:00.0464 0x0ad0  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
06:08:00.0521 0x0ad0  DXGKrnl - ok
06:08:00.0550 0x0ad0  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
06:08:00.0604 0x0ad0  EapHost - ok
06:08:00.0805 0x0ad0  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
06:08:00.0974 0x0ad0  ebdrv - ok
06:08:01.0017 0x0ad0  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\Windows\System32\lsass.exe
06:08:01.0042 0x0ad0  EFS - ok
06:08:01.0131 0x0ad0  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
06:08:01.0208 0x0ad0  ehRecvr - ok
06:08:01.0226 0x0ad0  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
06:08:01.0247 0x0ad0  ehSched - ok
06:08:01.0297 0x0ad0  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
06:08:01.0332 0x0ad0  elxstor - ok
06:08:01.0465 0x0ad0  [ 2AEE0416C54A1A86D035366DE192B2F0, DBDCAFB139ACD9FBD61000371D0AE41783CC9B2F821A8345F3F061E61692CD44 ] ePowerSvc       C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
06:08:01.0504 0x0ad0  ePowerSvc - ok
06:08:01.0516 0x0ad0  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
06:08:01.0548 0x0ad0  ErrDev - ok
06:08:01.0611 0x0ad0  [ 0975BF32399A24117E317B5BF1D5D0AA, 850217D920BB6E524C08C11A9806B8B148E9CF6CEBED9481BF7C9F07BCA918D5 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
06:08:01.0634 0x0ad0  ETD - ok
06:08:01.0676 0x0ad0  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
06:08:01.0751 0x0ad0  EventSystem - ok
06:08:01.0772 0x0ad0  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
06:08:01.0820 0x0ad0  exfat - ok
06:08:01.0866 0x0ad0  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
06:08:01.0949 0x0ad0  fastfat - ok
06:08:02.0019 0x0ad0  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
06:08:02.0076 0x0ad0  Fax - ok
06:08:02.0108 0x0ad0  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
06:08:02.0156 0x0ad0  fdc - ok
06:08:02.0175 0x0ad0  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
06:08:02.0240 0x0ad0  fdPHost - ok
06:08:02.0253 0x0ad0  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
06:08:02.0303 0x0ad0  FDResPub - ok
06:08:02.0335 0x0ad0  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
06:08:02.0348 0x0ad0  FileInfo - ok
06:08:02.0362 0x0ad0  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
06:08:02.0426 0x0ad0  Filetrace - ok
06:08:02.0444 0x0ad0  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
06:08:02.0462 0x0ad0  flpydisk - ok
06:08:02.0487 0x0ad0  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
06:08:02.0508 0x0ad0  FltMgr - ok
06:08:02.0595 0x0ad0  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
06:08:02.0674 0x0ad0  FontCache - ok
06:08:02.0727 0x0ad0  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
06:08:02.0749 0x0ad0  FontCache3.0.0.0 - ok
06:08:02.0763 0x0ad0  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
06:08:02.0779 0x0ad0  FsDepends - ok
06:08:02.0818 0x0ad0  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
06:08:02.0832 0x0ad0  Fs_Rec - ok
06:08:02.0874 0x0ad0  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
06:08:02.0897 0x0ad0  fvevol - ok
06:08:02.0914 0x0ad0  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
06:08:02.0930 0x0ad0  gagp30kx - ok
06:08:02.0982 0x0ad0  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
06:08:03.0067 0x0ad0  gpsvc - ok
06:08:03.0125 0x0ad0  [ F95126E44EBA95A30FB0E4CE6E916015, D7B8E3AD510983994A3F4F099387CE5FAAAB1AF3E5E264CB80AF176D00A2D519 ] GREGService     C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
06:08:03.0146 0x0ad0  GREGService - ok
06:08:03.0231 0x0ad0  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:08:03.0255 0x0ad0  gupdate - ok
06:08:03.0297 0x0ad0  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:08:03.0312 0x0ad0  gupdatem - ok
06:08:03.0348 0x0ad0  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
06:08:03.0383 0x0ad0  hcw85cir - ok
06:08:03.0413 0x0ad0  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
06:08:03.0473 0x0ad0  HdAudAddService - ok
06:08:03.0498 0x0ad0  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
06:08:03.0526 0x0ad0  HDAudBus - ok
06:08:03.0572 0x0ad0  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\drivers\HECIx64.sys
06:08:03.0585 0x0ad0  HECIx64 - ok
06:08:03.0606 0x0ad0  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
06:08:03.0641 0x0ad0  HidBatt - ok
06:08:03.0672 0x0ad0  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
06:08:03.0705 0x0ad0  HidBth - ok
06:08:03.0744 0x0ad0  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
06:08:03.0766 0x0ad0  HidIr - ok
06:08:03.0783 0x0ad0  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
06:08:03.0848 0x0ad0  hidserv - ok
06:08:03.0884 0x0ad0  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
06:08:03.0902 0x0ad0  HidUsb - ok
06:08:03.0924 0x0ad0  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
06:08:03.0990 0x0ad0  hkmsvc - ok
06:08:04.0015 0x0ad0  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
06:08:04.0058 0x0ad0  HomeGroupListener - ok
06:08:04.0093 0x0ad0  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
06:08:04.0135 0x0ad0  HomeGroupProvider - ok
06:08:04.0177 0x0ad0  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
06:08:04.0194 0x0ad0  HpSAMD - ok
06:08:04.0294 0x0ad0  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
06:08:04.0392 0x0ad0  HTTP - ok
06:08:04.0410 0x0ad0  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
06:08:04.0423 0x0ad0  hwpolicy - ok
06:08:04.0438 0x0ad0  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
06:08:04.0458 0x0ad0  i8042prt - ok
06:08:04.0535 0x0ad0  [ 1384872112E8E7FD5786ECEB8BDDF4C9, DC7844691740805A94F2901F8CB56F1591AF4F0F9C6D92D6B8595F89E6FA5F02 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
06:08:04.0560 0x0ad0  iaStor - ok
06:08:04.0631 0x0ad0  [ 6B24D1C3096DE796D15571079EA5E98C, 89566A7BDEDA7A663110F72B6301998651937E1E3E541EAB054169CEC8C7353F ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
06:08:04.0652 0x0ad0  IAStorDataMgrSvc - ok
06:08:04.0700 0x0ad0  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
06:08:04.0742 0x0ad0  iaStorV - ok
06:08:04.0827 0x0ad0  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
06:08:04.0879 0x0ad0  idsvc - ok
06:08:04.0908 0x0ad0  IEEtwCollectorService - ok
06:08:05.0383 0x0ad0  [ F4F91789C7C7A159CE8215C1F69F2A85, E60155402FB647B55EAD6B090204A1AA497294D473A7CCF850BB21C0DCCCB49C ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
06:08:05.0975 0x0ad0  igfx - ok
06:08:06.0035 0x0ad0  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
06:08:06.0063 0x0ad0  iirsp - ok
06:08:06.0151 0x0ad0  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
06:08:06.0229 0x0ad0  IKEEXT - ok
06:08:06.0274 0x0ad0  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
06:08:06.0305 0x0ad0  Impcd - ok
06:08:06.0434 0x0ad0  [ 235362D403D9D677514649D88DB31914, 522F5BA88169ADEC1EEB595BFBBCD6417DF38CD93A0D2B2FD0AF4C907FF6D965 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
06:08:06.0537 0x0ad0  IntcAzAudAddService - ok
06:08:06.0574 0x0ad0  [ 03C74719D48056A1078F3A51CEB76BAA, 34BCC73EE4D65E1F282208C243C54BBD8458DB50FA893DE3306E1A1E73D05B1A ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
06:08:06.0598 0x0ad0  IntcDAud - ok
06:08:06.0642 0x0ad0  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
06:08:06.0669 0x0ad0  intelide - ok
06:08:06.0701 0x0ad0  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
06:08:06.0736 0x0ad0  intelppm - ok
06:08:06.0779 0x0ad0  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
06:08:06.0841 0x0ad0  IPBusEnum - ok
06:08:06.0859 0x0ad0  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:08:06.0901 0x0ad0  IpFilterDriver - ok
06:08:06.0972 0x0ad0  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
06:08:07.0033 0x0ad0  iphlpsvc - ok
06:08:07.0049 0x0ad0  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
06:08:07.0088 0x0ad0  IPMIDRV - ok
06:08:07.0112 0x0ad0  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
06:08:07.0170 0x0ad0  IPNAT - ok
06:08:07.0197 0x0ad0  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
06:08:07.0226 0x0ad0  IRENUM - ok
06:08:07.0239 0x0ad0  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
06:08:07.0257 0x0ad0  isapnp - ok
06:08:07.0284 0x0ad0  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
06:08:07.0305 0x0ad0  iScsiPrt - ok
06:08:07.0354 0x0ad0  [ 37E053A2CF8F0082B689ED74106E0CEC, 431D3A3212152A76878C9CA347056B62B2A5A3E0211C4D930639C426EE73A0B7 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
06:08:07.0378 0x0ad0  k57nd60a - ok
06:08:07.0403 0x0ad0  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
06:08:07.0418 0x0ad0  kbdclass - ok
06:08:07.0442 0x0ad0  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
06:08:07.0473 0x0ad0  kbdhid - ok
06:08:07.0483 0x0ad0  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\Windows\system32\lsass.exe
06:08:07.0501 0x0ad0  KeyIso - ok
06:08:07.0545 0x0ad0  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
06:08:07.0572 0x0ad0  KSecDD - ok
06:08:07.0587 0x0ad0  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
06:08:07.0605 0x0ad0  KSecPkg - ok
06:08:07.0623 0x0ad0  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
06:08:07.0678 0x0ad0  ksthunk - ok
06:08:07.0718 0x0ad0  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
06:08:07.0788 0x0ad0  KtmRm - ok
06:08:07.0854 0x0ad0  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
06:08:07.0957 0x0ad0  LanmanServer - ok
06:08:08.0001 0x0ad0  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
06:08:08.0077 0x0ad0  LanmanWorkstation - ok
06:08:08.0146 0x0ad0  [ B705C7097F9A0EC941D02DCE7C7D426C, 1A137BEA25BF7BA1EF190212CD6E556B53293D6388E9F7E790BF53F641F3CF89 ] Live Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
06:08:08.0175 0x0ad0  Live Updater Service - ok
06:08:08.0213 0x0ad0  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
06:08:08.0266 0x0ad0  lltdio - ok
06:08:08.0299 0x0ad0  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
06:08:08.0366 0x0ad0  lltdsvc - ok
06:08:08.0395 0x0ad0  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
06:08:08.0437 0x0ad0  lmhosts - ok
06:08:08.0499 0x0ad0  [ DBC1136A62BD4DECC3632DF650284C2E, 2D6344357D21A9062019C7DDF3DB440ABC724CDA925471BBFA8CCAC65E6A2C80 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
06:08:08.0532 0x0ad0  LMS - ok
06:08:08.0563 0x0ad0  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
06:08:08.0580 0x0ad0  LSI_FC - ok
06:08:08.0601 0x0ad0  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
06:08:08.0617 0x0ad0  LSI_SAS - ok
06:08:08.0635 0x0ad0  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
06:08:08.0650 0x0ad0  LSI_SAS2 - ok
06:08:08.0658 0x0ad0  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
06:08:08.0674 0x0ad0  LSI_SCSI - ok
06:08:08.0695 0x0ad0  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
06:08:08.0752 0x0ad0  luafv - ok
06:08:08.0804 0x0ad0  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
06:08:08.0852 0x0ad0  Mcx2Svc - ok
06:08:08.0873 0x0ad0  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
06:08:08.0889 0x0ad0  megasas - ok
06:08:08.0921 0x0ad0  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
06:08:08.0946 0x0ad0  MegaSR - ok
06:08:08.0978 0x0ad0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
06:08:09.0057 0x0ad0  MMCSS - ok
06:08:09.0071 0x0ad0  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
06:08:09.0140 0x0ad0  Modem - ok
06:08:09.0151 0x0ad0  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
06:08:09.0179 0x0ad0  monitor - ok
06:08:09.0204 0x0ad0  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
06:08:09.0219 0x0ad0  mouclass - ok
06:08:09.0253 0x0ad0  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
06:08:09.0290 0x0ad0  mouhid - ok
06:08:09.0324 0x0ad0  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
06:08:09.0342 0x0ad0  mountmgr - ok
06:08:09.0387 0x0ad0  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
06:08:09.0408 0x0ad0  mpio - ok
06:08:09.0429 0x0ad0  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
06:08:09.0479 0x0ad0  mpsdrv - ok
06:08:09.0640 0x0ad0  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
06:08:09.0745 0x0ad0  MpsSvc - ok
06:08:09.0780 0x0ad0  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
06:08:09.0800 0x0ad0  MRxDAV - ok
06:08:09.0827 0x0ad0  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
06:08:09.0862 0x0ad0  mrxsmb - ok
06:08:09.0899 0x0ad0  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:08:09.0925 0x0ad0  mrxsmb10 - ok
06:08:09.0949 0x0ad0  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:08:09.0969 0x0ad0  mrxsmb20 - ok
06:08:09.0998 0x0ad0  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
06:08:10.0013 0x0ad0  msahci - ok
06:08:10.0044 0x0ad0  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
06:08:10.0062 0x0ad0  msdsm - ok
06:08:10.0081 0x0ad0  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
06:08:10.0117 0x0ad0  MSDTC - ok
06:08:10.0158 0x0ad0  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
06:08:10.0202 0x0ad0  Msfs - ok
06:08:10.0219 0x0ad0  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
06:08:10.0278 0x0ad0  mshidkmdf - ok
06:08:10.0295 0x0ad0  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
06:08:10.0307 0x0ad0  msisadrv - ok
06:08:10.0335 0x0ad0  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
06:08:10.0396 0x0ad0  MSiSCSI - ok
06:08:10.0400 0x0ad0  msiserver - ok
06:08:10.0429 0x0ad0  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
06:08:10.0488 0x0ad0  MSKSSRV - ok
06:08:10.0497 0x0ad0  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
06:08:10.0538 0x0ad0  MSPCLOCK - ok
06:08:10.0547 0x0ad0  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
06:08:10.0600 0x0ad0  MSPQM - ok
06:08:10.0625 0x0ad0  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
06:08:10.0648 0x0ad0  MsRPC - ok
06:08:10.0671 0x0ad0  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
06:08:10.0683 0x0ad0  mssmbios - ok
06:08:10.0701 0x0ad0  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
06:08:10.0750 0x0ad0  MSTEE - ok
06:08:10.0765 0x0ad0  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
06:08:10.0779 0x0ad0  MTConfig - ok
06:08:10.0794 0x0ad0  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
06:08:10.0808 0x0ad0  Mup - ok
06:08:10.0849 0x0ad0  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
06:08:10.0920 0x0ad0  napagent - ok
06:08:10.0978 0x0ad0  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
06:08:11.0021 0x0ad0  NativeWifiP - ok
06:08:11.0093 0x0ad0  [ 9D1CCE440552500DED3A62F9D779CDB4, C6B3B1C891A8BA3F91CC1EC21919C4F80F4C9CAF88971AB6CA11F09820601EBD ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
06:08:11.0123 0x0ad0  NAUpdate - ok
06:08:11.0206 0x0ad0  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
06:08:11.0268 0x0ad0  NDIS - ok
06:08:11.0287 0x0ad0  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
06:08:11.0331 0x0ad0  NdisCap - ok
06:08:11.0356 0x0ad0  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
06:08:11.0397 0x0ad0  NdisTapi - ok
06:08:11.0409 0x0ad0  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
06:08:11.0464 0x0ad0  Ndisuio - ok
06:08:11.0482 0x0ad0  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
06:08:11.0543 0x0ad0  NdisWan - ok
06:08:11.0558 0x0ad0  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
06:08:11.0599 0x0ad0  NDProxy - ok
06:08:11.0614 0x0ad0  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
06:08:11.0667 0x0ad0  NetBIOS - ok
06:08:11.0685 0x0ad0  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
06:08:11.0734 0x0ad0  NetBT - ok
06:08:11.0761 0x0ad0  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\Windows\system32\lsass.exe
06:08:11.0776 0x0ad0  Netlogon - ok
06:08:11.0861 0x0ad0  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
06:08:11.0990 0x0ad0  Netman - ok
06:08:12.0065 0x0ad0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:08:12.0096 0x0ad0  NetMsmqActivator - ok
06:08:12.0118 0x0ad0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:08:12.0135 0x0ad0  NetPipeActivator - ok
06:08:12.0151 0x0ad0  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
06:08:12.0224 0x0ad0  netprofm - ok
06:08:12.0232 0x0ad0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:08:12.0249 0x0ad0  NetTcpActivator - ok
06:08:12.0256 0x0ad0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:08:12.0272 0x0ad0  NetTcpPortSharing - ok
06:08:12.0306 0x0ad0  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
06:08:12.0335 0x0ad0  nfrd960 - ok
06:08:12.0372 0x0ad0  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
06:08:12.0415 0x0ad0  NlaSvc - ok
06:08:12.0430 0x0ad0  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
06:08:12.0476 0x0ad0  Npfs - ok
06:08:12.0512 0x0ad0  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
06:08:12.0557 0x0ad0  nsi - ok
06:08:12.0572 0x0ad0  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
06:08:12.0622 0x0ad0  nsiproxy - ok
06:08:12.0720 0x0ad0  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
06:08:12.0835 0x0ad0  Ntfs - ok
06:08:12.0891 0x0ad0  [ 9A308FCDCCA98A15B6F62D36A272160E, 3991F70D42C1949067ED48CF4EB815E06360B077F6A2369AC76BF0892C3C33EE ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
06:08:12.0916 0x0ad0  NTI IScheduleSvc - ok
06:08:12.0931 0x0ad0  [ 64DDD0DEE976302F4BD93E5EFCC2F013, 19F54B4549999EF96FAE1B2B97973F281304843ADE0CF5823574453AB41E3E9C ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
06:08:12.0942 0x0ad0  NTIDrvr - ok
06:08:12.0956 0x0ad0  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
06:08:13.0002 0x0ad0  Null - ok
06:08:13.0046 0x0ad0  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
06:08:13.0064 0x0ad0  nvraid - ok
06:08:13.0083 0x0ad0  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
06:08:13.0102 0x0ad0  nvstor - ok
06:08:13.0132 0x0ad0  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
06:08:13.0149 0x0ad0  nv_agp - ok
06:08:13.0161 0x0ad0  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
06:08:13.0181 0x0ad0  ohci1394 - ok
06:08:13.0245 0x0ad0  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:08:13.0273 0x0ad0  ose - ok
06:08:13.0566 0x0ad0  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
06:08:13.0803 0x0ad0  osppsvc - ok
06:08:13.0894 0x0ad0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
06:08:13.0962 0x0ad0  p2pimsvc - ok
06:08:14.0004 0x0ad0  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
06:08:14.0060 0x0ad0  p2psvc - ok
06:08:14.0096 0x0ad0  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
06:08:14.0117 0x0ad0  Parport - ok
06:08:14.0149 0x0ad0  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
06:08:14.0165 0x0ad0  partmgr - ok
06:08:14.0185 0x0ad0  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
06:08:14.0231 0x0ad0  PcaSvc - ok
06:08:14.0247 0x0ad0  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
06:08:14.0268 0x0ad0  pci - ok
06:08:14.0306 0x0ad0  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
06:08:14.0320 0x0ad0  pciide - ok
06:08:14.0342 0x0ad0  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
06:08:14.0365 0x0ad0  pcmcia - ok
06:08:14.0377 0x0ad0  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
06:08:14.0391 0x0ad0  pcw - ok
06:08:14.0419 0x0ad0  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
06:08:14.0516 0x0ad0  PEAUTH - ok
06:08:14.0598 0x0ad0  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
06:08:14.0645 0x0ad0  PerfHost - ok
06:08:14.0717 0x0ad0  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
06:08:14.0820 0x0ad0  pla - ok
06:08:14.0912 0x0ad0  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
06:08:14.0962 0x0ad0  PlugPlay - ok
06:08:14.0977 0x0ad0  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
06:08:15.0006 0x0ad0  PNRPAutoReg - ok
06:08:15.0030 0x0ad0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
06:08:15.0057 0x0ad0  PNRPsvc - ok
06:08:15.0102 0x0ad0  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
06:08:15.0178 0x0ad0  PolicyAgent - ok
06:08:15.0200 0x0ad0  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
06:08:15.0258 0x0ad0  Power - ok
06:08:15.0295 0x0ad0  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
06:08:15.0346 0x0ad0  PptpMiniport - ok
06:08:15.0368 0x0ad0  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
06:08:15.0401 0x0ad0  Processor - ok
06:08:15.0439 0x0ad0  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
06:08:15.0478 0x0ad0  ProfSvc - ok
06:08:15.0495 0x0ad0  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
06:08:15.0513 0x0ad0  ProtectedStorage - ok
06:08:15.0543 0x0ad0  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
06:08:15.0609 0x0ad0  Psched - ok
06:08:15.0668 0x0ad0  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
06:08:15.0772 0x0ad0  ql2300 - ok
06:08:15.0810 0x0ad0  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
06:08:15.0825 0x0ad0  ql40xx - ok
06:08:15.0861 0x0ad0  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
06:08:15.0894 0x0ad0  QWAVE - ok
06:08:15.0914 0x0ad0  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
06:08:15.0954 0x0ad0  QWAVEdrv - ok
06:08:15.0968 0x0ad0  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
06:08:16.0021 0x0ad0  RasAcd - ok
06:08:16.0052 0x0ad0  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
06:08:16.0098 0x0ad0  RasAgileVpn - ok
06:08:16.0117 0x0ad0  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
06:08:16.0175 0x0ad0  RasAuto - ok
06:08:16.0198 0x0ad0  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
06:08:16.0259 0x0ad0  Rasl2tp - ok
06:08:16.0287 0x0ad0  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
06:08:16.0342 0x0ad0  RasMan - ok
06:08:16.0362 0x0ad0  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
06:08:16.0416 0x0ad0  RasPppoe - ok
06:08:16.0436 0x0ad0  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
06:08:16.0486 0x0ad0  RasSstp - ok
06:08:16.0521 0x0ad0  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
06:08:16.0575 0x0ad0  rdbss - ok
06:08:16.0597 0x0ad0  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
06:08:16.0634 0x0ad0  rdpbus - ok
06:08:16.0661 0x0ad0  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
06:08:16.0706 0x0ad0  RDPCDD - ok
06:08:16.0718 0x0ad0  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
06:08:16.0771 0x0ad0  RDPENCDD - ok
06:08:16.0801 0x0ad0  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
06:08:16.0848 0x0ad0  RDPREFMP - ok
06:08:16.0886 0x0ad0  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
06:08:16.0908 0x0ad0  RDPWD - ok
06:08:16.0943 0x0ad0  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
06:08:16.0963 0x0ad0  rdyboost - ok
06:08:16.0993 0x0ad0  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
06:08:17.0058 0x0ad0  RemoteAccess - ok
06:08:17.0080 0x0ad0  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
06:08:17.0129 0x0ad0  RemoteRegistry - ok
06:08:17.0144 0x0ad0  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
06:08:17.0202 0x0ad0  RpcEptMapper - ok
06:08:17.0229 0x0ad0  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
06:08:17.0258 0x0ad0  RpcLocator - ok
06:08:17.0296 0x0ad0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
06:08:17.0355 0x0ad0  RpcSs - ok
06:08:17.0385 0x0ad0  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
06:08:17.0436 0x0ad0  rspndr - ok
06:08:17.0506 0x0ad0  [ 0E3DCF76F11DC431B088A2DFD7265CDA, 7FCC8A9C28B8B2E9EC6AB9FFF7354929838134F61DB9D5BB96C5F6A7ABDC6B6A ] RSUSBSTOR       C:\Windows\System32\Drivers\RtsUStor.sys
06:08:17.0551 0x0ad0  RSUSBSTOR - ok
06:08:17.0562 0x0ad0  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\Windows\system32\lsass.exe
06:08:17.0581 0x0ad0  SamSs - ok
06:08:17.0602 0x0ad0  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
06:08:17.0622 0x0ad0  sbp2port - ok
06:08:17.0684 0x0ad0  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
06:08:17.0740 0x0ad0  SCardSvr - ok
06:08:17.0750 0x0ad0  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
06:08:17.0807 0x0ad0  scfilter - ok
06:08:17.0858 0x0ad0  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
06:08:17.0985 0x0ad0  Schedule - ok
06:08:18.0017 0x0ad0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
06:08:18.0059 0x0ad0  SCPolicySvc - ok
06:08:18.0073 0x0ad0  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
06:08:18.0095 0x0ad0  SDRSVC - ok
06:08:18.0131 0x0ad0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
06:08:18.0206 0x0ad0  secdrv - ok
06:08:18.0225 0x0ad0  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
06:08:18.0268 0x0ad0  seclogon - ok
06:08:18.0282 0x0ad0  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
06:08:18.0337 0x0ad0  SENS - ok
06:08:18.0346 0x0ad0  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
06:08:18.0381 0x0ad0  SensrSvc - ok
06:08:18.0406 0x0ad0  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
06:08:18.0438 0x0ad0  Serenum - ok
06:08:18.0459 0x0ad0  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
06:08:18.0479 0x0ad0  Serial - ok
06:08:18.0515 0x0ad0  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
06:08:18.0548 0x0ad0  sermouse - ok
06:08:18.0579 0x0ad0  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
06:08:18.0642 0x0ad0  SessionEnv - ok
06:08:18.0658 0x0ad0  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
06:08:18.0675 0x0ad0  sffdisk - ok
06:08:18.0690 0x0ad0  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
06:08:18.0718 0x0ad0  sffp_mmc - ok
06:08:18.0723 0x0ad0  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
06:08:18.0745 0x0ad0  sffp_sd - ok
06:08:18.0762 0x0ad0  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
06:08:18.0783 0x0ad0  sfloppy - ok
06:08:18.0850 0x0ad0  [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
06:08:18.0907 0x0ad0  Sftfs - ok
06:08:19.0006 0x0ad0  [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
06:08:19.0045 0x0ad0  sftlist - ok
06:08:19.0073 0x0ad0  [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
06:08:19.0094 0x0ad0  Sftplay - ok
06:08:19.0129 0x0ad0  [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
06:08:19.0143 0x0ad0  Sftredir - ok
06:08:19.0151 0x0ad0  [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
06:08:19.0165 0x0ad0  Sftvol - ok
06:08:19.0215 0x0ad0  [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
06:08:19.0245 0x0ad0  sftvsa - ok
06:08:19.0290 0x0ad0  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
06:08:19.0362 0x0ad0  SharedAccess - ok
06:08:19.0416 0x0ad0  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
06:08:19.0497 0x0ad0  ShellHWDetection - ok
06:08:19.0520 0x0ad0  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
06:08:19.0534 0x0ad0  SiSRaid2 - ok
06:08:19.0563 0x0ad0  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
06:08:19.0579 0x0ad0  SiSRaid4 - ok
06:08:19.0610 0x0ad0  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
06:08:19.0660 0x0ad0  Smb - ok
06:08:19.0695 0x0ad0  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
06:08:19.0724 0x0ad0  SNMPTRAP - ok
06:08:19.0743 0x0ad0  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
06:08:19.0757 0x0ad0  spldr - ok
06:08:19.0805 0x0ad0  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
06:08:19.0858 0x0ad0  Spooler - ok
06:08:20.0002 0x0ad0  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
06:08:20.0236 0x0ad0  sppsvc - ok
06:08:20.0276 0x0ad0  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
06:08:20.0325 0x0ad0  sppuinotify - ok
06:08:20.0365 0x0ad0  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
06:08:20.0411 0x0ad0  srv - ok
06:08:20.0439 0x0ad0  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
06:08:20.0483 0x0ad0  srv2 - ok
06:08:20.0505 0x0ad0  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
06:08:20.0526 0x0ad0  srvnet - ok
06:08:20.0551 0x0ad0  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
06:08:20.0609 0x0ad0  SSDPSRV - ok
06:08:20.0628 0x0ad0  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
06:08:20.0674 0x0ad0  SstpSvc - ok
06:08:20.0704 0x0ad0  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
06:08:20.0730 0x0ad0  stexstor - ok
06:08:20.0776 0x0ad0  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
06:08:20.0796 0x0ad0  StillCam - ok
06:08:20.0849 0x0ad0  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
06:08:20.0903 0x0ad0  stisvc - ok
06:08:20.0913 0x0ad0  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
06:08:20.0925 0x0ad0  swenum - ok
06:08:20.0986 0x0ad0  [ C89FFA6A0B7723F2FB72A734934A4425, 6B21543D06D5198164BA562288388E28E7F8DD1117D178F014C05BAA3140AFBA ] swiwdmbus       C:\Windows\system32\DRIVERS\swiwdmbusx64.sys
06:08:21.0015 0x0ad0  swiwdmbus - ok
06:08:21.0062 0x0ad0  [ EE03EF452EE06ED2539E2F80959144AF, 0A09058F6ABA3EAAF23616CC37932040B00A1CBDE854FFF484DA3EF32E823908 ] SWNC8UA3        C:\Windows\system32\DRIVERS\swnc8ua3.sys
06:08:21.0099 0x0ad0  SWNC8UA3 - ok
06:08:21.0143 0x0ad0  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
06:08:21.0243 0x0ad0  swprv - ok
06:08:21.0267 0x0ad0  [ F6CEB2FF475265197D4407E87FF68701, 5FB5E1815343AE623D28CCDFB6D53718C2C34911CB18B9A46E703F9ADBEF5DB7 ] SWUMXA3         C:\Windows\system32\DRIVERS\swumxa3.sys
06:08:21.0289 0x0ad0  SWUMXA3 - ok
06:08:21.0354 0x0ad0  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
06:08:21.0466 0x0ad0  SysMain - ok
06:08:21.0484 0x0ad0  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
06:08:21.0509 0x0ad0  TabletInputService - ok
06:08:21.0532 0x0ad0  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
06:08:21.0597 0x0ad0  TapiSrv - ok
06:08:21.0617 0x0ad0  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
06:08:21.0661 0x0ad0  TBS - ok
06:08:21.0767 0x0ad0  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
06:08:21.0867 0x0ad0  Tcpip - ok
06:08:21.0990 0x0ad0  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
06:08:22.0049 0x0ad0  TCPIP6 - ok
06:08:22.0096 0x0ad0  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
06:08:22.0129 0x0ad0  tcpipreg - ok
06:08:22.0154 0x0ad0  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
06:08:22.0187 0x0ad0  TDPIPE - ok
06:08:22.0217 0x0ad0  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
06:08:22.0246 0x0ad0  TDTCP - ok
06:08:22.0265 0x0ad0  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
06:08:22.0315 0x0ad0  tdx - ok
06:08:22.0339 0x0ad0  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
06:08:22.0353 0x0ad0  TermDD - ok
06:08:22.0421 0x0ad0  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
06:08:22.0512 0x0ad0  TermService - ok
06:08:22.0530 0x0ad0  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
06:08:22.0554 0x0ad0  Themes - ok
06:08:22.0589 0x0ad0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
06:08:22.0636 0x0ad0  THREADORDER - ok
06:08:22.0646 0x0ad0  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
06:08:22.0709 0x0ad0  TrkWks - ok
06:08:22.0762 0x0ad0  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
06:08:22.0825 0x0ad0  TrustedInstaller - ok
06:08:22.0853 0x0ad0  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
06:08:22.0879 0x0ad0  tssecsrv - ok
06:08:22.0915 0x0ad0  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
06:08:22.0933 0x0ad0  TsUsbFlt - ok
06:08:22.0960 0x0ad0  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
06:08:22.0988 0x0ad0  TsUsbGD - ok
06:08:23.0031 0x0ad0  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
06:08:23.0096 0x0ad0  tunnel - ok
06:08:23.0117 0x0ad0  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
06:08:23.0131 0x0ad0  uagp35 - ok
06:08:23.0145 0x0ad0  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00, 4646712B3F3AF6188DBCE1A95D92261E8B15E9583FE5DD538EC884F48B51759D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
06:08:23.0156 0x0ad0  UBHelper - ok
06:08:23.0174 0x0ad0  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
06:08:23.0238 0x0ad0  udfs - ok
06:08:23.0277 0x0ad0  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
06:08:23.0295 0x0ad0  UI0Detect - ok
06:08:23.0325 0x0ad0  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
06:08:23.0340 0x0ad0  uliagpkx - ok
06:08:23.0369 0x0ad0  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
06:08:23.0395 0x0ad0  umbus - ok
06:08:23.0411 0x0ad0  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
06:08:23.0445 0x0ad0  UmPass - ok
06:08:23.0609 0x0ad0  [ 7466809E6DA561D60C2F1CE8EDE3C73F, A3185049282A51B17C3DA839AF7E90F1CD395B2FB5587514EB2D65CB22854E2C ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
06:08:23.0709 0x0ad0  UNS - ok
06:08:23.0758 0x0ad0  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
06:08:23.0830 0x0ad0  upnphost - ok
06:08:23.0892 0x0ad0  [ 43228F8EDD1B0BCDD3145AD246E63D39, 108D8793E9F94C0A0E895398599B359121751F2E7BAA8B7BD24838AEF646726D ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
06:08:23.0917 0x0ad0  USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
06:08:27.0033 0x0ad0  Detect skipped due to KSN trusted
06:08:27.0033 0x0ad0  USBAAPL64 - ok
06:08:27.0105 0x0ad0  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
06:08:27.0180 0x0ad0  usbaudio - ok
06:08:27.0207 0x0ad0  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
06:08:27.0241 0x0ad0  usbccgp - ok
06:08:27.0281 0x0ad0  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
06:08:27.0325 0x0ad0  usbcir - ok
06:08:27.0358 0x0ad0  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
06:08:27.0399 0x0ad0  usbehci - ok
06:08:27.0428 0x0ad0  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
06:08:27.0471 0x0ad0  usbhub - ok
06:08:27.0484 0x0ad0  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
06:08:27.0510 0x0ad0  usbohci - ok
06:08:27.0539 0x0ad0  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
06:08:27.0575 0x0ad0  usbprint - ok
06:08:27.0606 0x0ad0  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:08:27.0641 0x0ad0  USBSTOR - ok
06:08:27.0654 0x0ad0  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
06:08:27.0672 0x0ad0  usbuhci - ok
06:08:27.0726 0x0ad0  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
06:08:27.0756 0x0ad0  usbvideo - ok
06:08:27.0799 0x0ad0  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
06:08:27.0866 0x0ad0  UxSms - ok
06:08:27.0894 0x0ad0  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\Windows\system32\lsass.exe
06:08:27.0909 0x0ad0  VaultSvc - ok
06:08:27.0945 0x0ad0  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
06:08:27.0959 0x0ad0  vdrvroot - ok
06:08:27.0987 0x0ad0  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
06:08:28.0090 0x0ad0  vds - ok
06:08:28.0110 0x0ad0  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
06:08:28.0132 0x0ad0  vga - ok
06:08:28.0150 0x0ad0  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
06:08:28.0206 0x0ad0  VgaSave - ok
06:08:28.0226 0x0ad0  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
06:08:28.0245 0x0ad0  vhdmp - ok
06:08:28.0264 0x0ad0  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
06:08:28.0277 0x0ad0  viaide - ok
06:08:28.0296 0x0ad0  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
06:08:28.0311 0x0ad0  volmgr - ok
06:08:28.0335 0x0ad0  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
06:08:28.0358 0x0ad0  volmgrx - ok
06:08:28.0371 0x0ad0  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
06:08:28.0392 0x0ad0  volsnap - ok
06:08:28.0408 0x0ad0  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
06:08:28.0425 0x0ad0  vsmraid - ok
06:08:28.0497 0x0ad0  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
06:08:28.0621 0x0ad0  VSS - ok
06:08:28.0645 0x0ad0  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
06:08:28.0670 0x0ad0  vwifibus - ok
06:08:28.0698 0x0ad0  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
06:08:28.0731 0x0ad0  vwififlt - ok
06:08:28.0754 0x0ad0  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
06:08:28.0779 0x0ad0  vwifimp - ok
06:08:28.0816 0x0ad0  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
06:08:28.0875 0x0ad0  W32Time - ok
06:08:28.0905 0x0ad0  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
06:08:28.0952 0x0ad0  WacomPen - ok
06:08:28.0987 0x0ad0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
06:08:29.0036 0x0ad0  WANARP - ok
06:08:29.0043 0x0ad0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
06:08:29.0087 0x0ad0  Wanarpv6 - ok
06:08:29.0184 0x0ad0  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
06:08:29.0258 0x0ad0  WatAdminSvc - ok
06:08:29.0372 0x0ad0  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
06:08:29.0503 0x0ad0  wbengine - ok
06:08:29.0530 0x0ad0  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
06:08:29.0560 0x0ad0  WbioSrvc - ok
06:08:29.0584 0x0ad0  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
06:08:29.0630 0x0ad0  wcncsvc - ok
06:08:29.0643 0x0ad0  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
06:08:29.0661 0x0ad0  WcsPlugInService - ok
06:08:29.0698 0x0ad0  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
06:08:29.0711 0x0ad0  Wd - ok
06:08:29.0763 0x0ad0  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
06:08:29.0818 0x0ad0  Wdf01000 - ok
06:08:29.0848 0x0ad0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
06:08:29.0883 0x0ad0  WdiServiceHost - ok
06:08:29.0888 0x0ad0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
06:08:29.0914 0x0ad0  WdiSystemHost - ok
06:08:29.0938 0x0ad0  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
06:08:29.0963 0x0ad0  WebClient - ok
06:08:29.0981 0x0ad0  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
06:08:30.0047 0x0ad0  Wecsvc - ok
06:08:30.0072 0x0ad0  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
06:08:30.0119 0x0ad0  wercplsupport - ok
06:08:30.0134 0x0ad0  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
06:08:30.0192 0x0ad0  WerSvc - ok
06:08:30.0241 0x0ad0  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
06:08:30.0301 0x0ad0  WfpLwf - ok
06:08:30.0317 0x0ad0  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
06:08:30.0329 0x0ad0  WIMMount - ok
06:08:30.0352 0x0ad0  WinDefend - ok
06:08:30.0373 0x0ad0  WinHttpAutoProxySvc - ok
06:08:30.0448 0x0ad0  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
06:08:30.0510 0x0ad0  Winmgmt - ok
06:08:30.0617 0x0ad0  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
06:08:30.0750 0x0ad0  WinRM - ok
06:08:30.0817 0x0ad0  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
06:08:30.0855 0x0ad0  WinUsb - ok
06:08:30.0920 0x0ad0  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
06:08:31.0001 0x0ad0  Wlansvc - ok
06:08:31.0062 0x0ad0  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
06:08:31.0089 0x0ad0  wlcrasvc - ok
06:08:31.0206 0x0ad0  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
06:08:31.0319 0x0ad0  wlidsvc - ok
06:08:31.0365 0x0ad0  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
06:08:31.0414 0x0ad0  WmiAcpi - ok
06:08:31.0452 0x0ad0  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
06:08:31.0488 0x0ad0  wmiApSrv - ok
06:08:31.0518 0x0ad0  WMPNetworkSvc - ok
06:08:31.0539 0x0ad0  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
06:08:31.0558 0x0ad0  WPCSvc - ok
06:08:31.0575 0x0ad0  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
06:08:31.0599 0x0ad0  WPDBusEnum - ok
06:08:31.0630 0x0ad0  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
06:08:31.0687 0x0ad0  ws2ifsl - ok
06:08:31.0702 0x0ad0  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
06:08:31.0747 0x0ad0  wscsvc - ok
06:08:31.0751 0x0ad0  WSearch - ok
06:08:31.0901 0x0ad0  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
06:08:32.0017 0x0ad0  wuauserv - ok
06:08:32.0054 0x0ad0  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
06:08:32.0084 0x0ad0  WudfPf - ok
06:08:32.0129 0x0ad0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
06:08:32.0162 0x0ad0  WUDFRd - ok
06:08:32.0190 0x0ad0  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
06:08:32.0227 0x0ad0  wudfsvc - ok
06:08:32.0265 0x0ad0  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
06:08:32.0310 0x0ad0  WwanSvc - ok
06:08:32.0328 0x0ad0  ================ Scan global ===============================
06:08:32.0353 0x0ad0  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
06:08:32.0399 0x0ad0  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
06:08:32.0445 0x0ad0  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
06:08:32.0490 0x0ad0  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
06:08:32.0543 0x0ad0  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
06:08:32.0569 0x0ad0  [ Global ] - ok
06:08:32.0570 0x0ad0  ================ Scan MBR ==================================
06:08:32.0582 0x0ad0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
06:08:32.0582 0x0ad0  Suspicious mbr (Forged): \Device\Harddisk0\DR0
06:08:32.0679 0x0ad0  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c ( 0 )
06:08:32.0679 0x0ad0  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
06:08:35.0744 0x0ad0  \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )
06:08:35.0744 0x0ad0  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
06:08:38.0641 0x0ad0  ================ Scan VBR ==================================
06:08:38.0646 0x0ad0  [ 57C38867F219B853FC13089D4B5C9B4F ] \Device\Harddisk0\DR0\Partition1
06:08:38.0698 0x0ad0  \Device\Harddisk0\DR0\Partition1 - ok
06:08:38.0703 0x0ad0  [ E9D15D3EC3BBF4EEA597E9384ABE5820 ] \Device\Harddisk0\DR0\Partition2
06:08:38.0741 0x0ad0  \Device\Harddisk0\DR0\Partition2 - ok
06:08:38.0808 0x0ad0  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2013.292 ), 0x41000 ( enabled : updated )
06:08:38.0818 0x0ad0  Win FW state via NFP2: enabled
06:08:41.0781 0x0ad0  ============================================================
06:08:41.0782 0x0ad0  Scan finished
06:08:41.0782 0x0ad0  ============================================================
06:08:41.0795 0x0e28  Detected object count: 2
06:08:41.0795 0x0e28  Actual detected object count: 2
06:09:37.0144 0x0e28  \Device\Harddisk0\DR0\# - copied to quarantine
06:09:37.0150 0x0e28  \Device\Harddisk0\DR0 - copied to quarantine
06:09:37.0207 0x0e28  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
06:09:37.0347 0x0e28  \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
06:09:44.0280 0x0e28  \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
06:09:44.0557 0x0e28  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
06:09:46.0706 0x0e28  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
06:09:46.0828 0x0e28  \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
06:09:46.0829 0x0e28  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
06:09:46.0830 0x0e28  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
06:09:46.0833 0x0e28  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
06:09:48.0822 0x0e28  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
06:09:48.0932 0x0e28  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
06:09:48.0935 0x0e28  \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
06:09:48.0937 0x0e28  \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
06:09:49.0068 0x0e28  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
06:09:49.0071 0x0e28  \Device\Harddisk0\DR0 - ok
06:09:49.0280 0x0e28  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 
06:09:49.0281 0x0e28  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
06:09:49.0281 0x0e28  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
06:09:49.0363 0x0e28  KLMD registered as C:\Windows\system32\drivers\56211926.sys
06:10:51.0686 0x0c1c  Deinitialize success

Edited by Markstein, 12 March 2014 - 08:26 AM.


#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 12 March 2014 - 08:42 AM

Very good. Now repeat the process for TDSS File System:


Start TDSSKiller.exe again with administrator privileges.
  • Set the parameters like in the first scan and click on Start scan.
  • This time select for the threat TDSS File System (and only for that) the option Cure (or Delete).
  • Click on Continue and allow the reboot.
  • Copy and paste the log file (C:\TDSSKiller.<version_date_time>_log.txt) of this run in your next reply.


#8 Markstein

Markstein
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 12 March 2014 - 09:03 AM

This time I was not prompted to reboot. Avast did jump in as well again. I need to leave for work but will reply again when I get home. Thanks again for the help! Following are the logs:

 

06:55:14.0676 0x1228  TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
06:55:19.0606 0x1228  ============================================================
06:55:19.0606 0x1228  Current date / time: 2014/03/12 06:55:19.0606
06:55:19.0606 0x1228  SystemInfo:
06:55:19.0606 0x1228  
06:55:19.0606 0x1228  OS Version: 6.1.7601 ServicePack: 1.0
06:55:19.0606 0x1228  Product type: Workstation
06:55:19.0606 0x1228  ComputerName: OWNER-PC
06:55:19.0606 0x1228  UserName: Owner
06:55:19.0606 0x1228  Windows directory: C:\Windows
06:55:19.0606 0x1228  System windows directory: C:\Windows
06:55:19.0606 0x1228  Running under WOW64
06:55:19.0606 0x1228  Processor architecture: Intel x64
06:55:19.0606 0x1228  Number of processors: 4
06:55:19.0606 0x1228  Page size: 0x1000
06:55:19.0606 0x1228  Boot type: Normal boot
06:55:19.0606 0x1228  ============================================================
06:55:21.0977 0x1228  KLMD registered as C:\Windows\system32\drivers\05587774.sys
06:55:22.0164 0x1228  System UUID: {7674FB53-6CE7-6528-F956-A66EB68B0A2B}
06:55:22.0897 0x1228  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
06:55:22.0913 0x1228  ============================================================
06:55:22.0913 0x1228  \Device\Harddisk0\DR0:
06:55:22.0913 0x1228  MBR partitions:
06:55:22.0913 0x1228  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
06:55:22.0913 0x1228  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x235FB800
06:55:22.0913 0x1228  ============================================================
06:55:22.0944 0x1228  C: <-> \Device\Harddisk0\DR0\Partition2
06:55:22.0944 0x1228  ============================================================
06:55:22.0944 0x1228  Initialize success
06:55:22.0944 0x1228  ============================================================
06:55:38.0685 0x12a4  ============================================================
06:55:38.0685 0x12a4  Scan started
06:55:38.0685 0x12a4  Mode: Manual; SigCheck; TDLFS; 
06:55:38.0685 0x12a4  ============================================================
06:55:38.0685 0x12a4  KSN ping started
06:55:53.0661 0x12a4  KSN ping finished: true
06:55:53.0910 0x12a4  ================ Scan system memory ========================
06:55:53.0910 0x12a4  System memory - ok
06:55:53.0910 0x12a4  ================ Scan services =============================
06:55:54.0113 0x12a4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
06:55:54.0269 0x12a4  1394ohci - ok
06:55:54.0300 0x12a4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
06:55:54.0331 0x12a4  ACPI - ok
06:55:54.0378 0x12a4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
06:55:54.0425 0x12a4  AcpiPmi - ok
06:55:54.0612 0x12a4  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
06:55:54.0643 0x12a4  AdobeARMservice - ok
06:55:54.0815 0x12a4  [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
06:55:54.0846 0x12a4  AdobeFlashPlayerUpdateSvc - ok
06:55:54.0924 0x12a4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
06:55:54.0987 0x12a4  adp94xx - ok
06:55:55.0033 0x12a4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
06:55:55.0049 0x12a4  adpahci - ok
06:55:55.0080 0x12a4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
06:55:55.0096 0x12a4  adpu320 - ok
06:55:55.0111 0x12a4  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
06:55:55.0174 0x12a4  AeLookupSvc - ok
06:55:55.0252 0x12a4  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
06:55:55.0330 0x12a4  AFD - ok
06:55:55.0361 0x12a4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
06:55:55.0392 0x12a4  agp440 - ok
06:55:55.0408 0x12a4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
06:55:55.0439 0x12a4  ALG - ok
06:55:55.0501 0x12a4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
06:55:55.0517 0x12a4  aliide - ok
06:55:55.0533 0x12a4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
06:55:55.0564 0x12a4  amdide - ok
06:55:55.0595 0x12a4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
06:55:55.0626 0x12a4  AmdK8 - ok
06:55:55.0735 0x12a4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
06:55:55.0782 0x12a4  AmdPPM - ok
06:55:55.0829 0x12a4  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
06:55:55.0845 0x12a4  amdsata - ok
06:55:55.0876 0x12a4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
06:55:55.0907 0x12a4  amdsbs - ok
06:55:55.0923 0x12a4  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
06:55:55.0938 0x12a4  amdxata - ok
06:55:55.0969 0x12a4  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
06:55:56.0047 0x12a4  AppID - ok
06:55:56.0079 0x12a4  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
06:55:56.0141 0x12a4  AppIDSvc - ok
06:55:56.0157 0x12a4  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
06:55:56.0188 0x12a4  Appinfo - ok
06:55:56.0219 0x12a4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
06:55:56.0235 0x12a4  arc - ok
06:55:56.0266 0x12a4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
06:55:56.0281 0x12a4  arcsas - ok
06:55:56.0422 0x12a4  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
06:55:56.0484 0x12a4  aspnet_state - ok
06:55:56.0562 0x12a4  [ 0ACC3F49015E628590CA4372322EB46B, EB4E22EB4E840261168AF750E878E7A28CC080A89CEF77B5037C2897C40D1DE3 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
06:55:56.0609 0x12a4  aswMonFlt - ok
06:55:56.0656 0x12a4  [ 679712B7A353EE665B9301592164A172, CA3C918106A355BAFD0833BB493DF2CCBC2D0F90CA7EBF5E27CC088C7170B0E0 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
06:55:56.0671 0x12a4  aswRdr - ok
06:55:56.0718 0x12a4  [ C04F7B373881009D7994D9BF55D24AB4, 5DEEA804F4F9862024F40A204E88DBCFFBDD2DC87CA86145E3FB649CFCCDC624 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
06:55:56.0749 0x12a4  aswRvrt - ok
06:55:56.0796 0x12a4  [ 43599E630DFC30AD4E6A2B4B269EB1C0, DA6C7FDC1F6A57117B17F697A94190CC0BB9E32B8CBB4F8C042AA461361CC74C ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
06:55:56.0827 0x12a4  aswSnx - ok
06:55:56.0890 0x12a4  [ F22DE5F5BA8ADA0A861441B624B51EB5, 58EF9FB3328B6B470F3652DBCE8ACEDAEE6839AC393889A02052298CA204689B ] aswSP           C:\Windows\system32\drivers\aswSP.sys
06:55:56.0921 0x12a4  aswSP - ok
06:55:56.0952 0x12a4  [ FD3EA14ADF6216BDF4030DB2EFD43D96, 2D3009008AAE93285301B5844DC214D6B05ECB05D37AE08895D8E7187A0BB619 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
06:55:56.0983 0x12a4  aswStm - ok
06:55:56.0999 0x12a4  [ 367CF04C38DFF33368FCDBBF71C96297, B533833A9592FCE2B665B7E98AACC8D699845B14B7473710A333FC1E0AC0BB2F ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
06:55:57.0015 0x12a4  aswTdi - ok
06:55:57.0030 0x12a4  [ 90399625F341AB76BA4B85A5E860EB1F, 92DD461B14240222F451F971642844A4DAD9DF4FFEAA8F12D16EA117822BEEF3 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
06:55:57.0046 0x12a4  aswVmm - ok
06:55:57.0077 0x12a4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
06:55:57.0155 0x12a4  AsyncMac - ok
06:55:57.0202 0x12a4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
06:55:57.0217 0x12a4  atapi - ok
06:55:57.0342 0x12a4  [ E642491F64E58CD5BC8FB8B347DCF65F, D457175EF3A0552CEA3DA78E7116D54BC2BF157857A8B764597B51FB4E29C033 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
06:55:57.0405 0x12a4  athr - ok
06:55:57.0483 0x12a4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
06:55:57.0592 0x12a4  AudioEndpointBuilder - ok
06:55:57.0607 0x12a4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
06:55:57.0670 0x12a4  AudioSrv - ok
06:55:57.0779 0x12a4  [ CC42F104172B4A62793083D380867317, 0B09823419B328E29EB9FFBD033B3295590E414F31E7B37F11F62BD4B7EBAF06 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
06:55:57.0810 0x12a4  avast! Antivirus - ok
06:55:57.0826 0x12a4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
06:55:57.0873 0x12a4  AxInstSV - ok
06:55:57.0935 0x12a4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
06:55:57.0997 0x12a4  b06bdrv - ok
06:55:58.0029 0x12a4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
06:55:58.0091 0x12a4  b57nd60a - ok
06:55:58.0122 0x12a4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
06:55:58.0153 0x12a4  BDESVC - ok
06:55:58.0169 0x12a4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
06:55:58.0247 0x12a4  Beep - ok
06:55:58.0294 0x12a4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
06:55:58.0356 0x12a4  BFE - ok
06:55:58.0403 0x12a4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
06:55:58.0512 0x12a4  BITS - ok
06:55:58.0543 0x12a4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
06:55:58.0575 0x12a4  blbdrive - ok
06:55:58.0606 0x12a4  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
06:55:58.0653 0x12a4  bowser - ok
06:55:58.0715 0x12a4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
06:55:58.0746 0x12a4  BrFiltLo - ok
06:55:58.0762 0x12a4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
06:55:58.0777 0x12a4  BrFiltUp - ok
06:55:58.0824 0x12a4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
06:55:58.0887 0x12a4  Browser - ok
06:55:58.0902 0x12a4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
06:55:58.0965 0x12a4  Brserid - ok
06:55:58.0996 0x12a4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
06:55:59.0027 0x12a4  BrSerWdm - ok
06:55:59.0043 0x12a4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
06:55:59.0089 0x12a4  BrUsbMdm - ok
06:55:59.0089 0x12a4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
06:55:59.0121 0x12a4  BrUsbSer - ok
06:55:59.0136 0x12a4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
06:55:59.0167 0x12a4  BTHMODEM - ok
06:55:59.0199 0x12a4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
06:55:59.0261 0x12a4  bthserv - ok
06:55:59.0277 0x12a4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
06:55:59.0323 0x12a4  cdfs - ok
06:55:59.0355 0x12a4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
06:55:59.0386 0x12a4  cdrom - ok
06:55:59.0401 0x12a4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
06:55:59.0448 0x12a4  CertPropSvc - ok
06:55:59.0479 0x12a4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
06:55:59.0511 0x12a4  circlass - ok
06:55:59.0542 0x12a4  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
06:55:59.0557 0x12a4  CLFS - ok
06:55:59.0635 0x12a4  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:55:59.0667 0x12a4  clr_optimization_v2.0.50727_32 - ok
06:55:59.0698 0x12a4  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:55:59.0745 0x12a4  clr_optimization_v2.0.50727_64 - ok
06:55:59.0838 0x12a4  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:55:59.0994 0x12a4  clr_optimization_v4.0.30319_32 - ok
06:56:00.0010 0x12a4  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
06:56:00.0057 0x12a4  clr_optimization_v4.0.30319_64 - ok
06:56:00.0088 0x12a4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
06:56:00.0135 0x12a4  CmBatt - ok
06:56:00.0166 0x12a4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
06:56:00.0181 0x12a4  cmdide - ok
06:56:00.0244 0x12a4  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
06:56:00.0306 0x12a4  CNG - ok
06:56:00.0322 0x12a4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
06:56:00.0322 0x12a4  Compbatt - ok
06:56:00.0337 0x12a4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
06:56:00.0369 0x12a4  CompositeBus - ok
06:56:00.0384 0x12a4  COMSysApp - ok
06:56:00.0415 0x12a4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
06:56:00.0415 0x12a4  crcdisk - ok
06:56:00.0462 0x12a4  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
06:56:00.0493 0x12a4  CryptSvc - ok
06:56:00.0634 0x12a4  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
06:56:00.0712 0x12a4  cvhsvc - ok
06:56:00.0821 0x12a4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
06:56:00.0930 0x12a4  DcomLaunch - ok
06:56:00.0961 0x12a4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
06:56:01.0024 0x12a4  defragsvc - ok
06:56:01.0039 0x12a4  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
06:56:01.0102 0x12a4  DfsC - ok
06:56:01.0133 0x12a4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
06:56:01.0180 0x12a4  Dhcp - ok
06:56:01.0211 0x12a4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
06:56:01.0289 0x12a4  discache - ok
06:56:01.0320 0x12a4  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
06:56:01.0336 0x12a4  Disk - ok
06:56:01.0367 0x12a4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
06:56:01.0414 0x12a4  Dnscache - ok
06:56:01.0445 0x12a4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
06:56:01.0523 0x12a4  dot3svc - ok
06:56:01.0539 0x12a4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
06:56:01.0601 0x12a4  DPS - ok
06:56:01.0648 0x12a4  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
06:56:01.0679 0x12a4  drmkaud - ok
06:56:01.0773 0x12a4  [ 9CF46FDF163E06B83D03FF929EF2296C, 40BB0226361DEC2E6CBFE79CA092083986BD3D94564ED5F3E54CA2EE9A756837 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
06:56:01.0804 0x12a4  DsiWMIService - ok
06:56:01.0882 0x12a4  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
06:56:01.0929 0x12a4  DXGKrnl - ok
06:56:01.0960 0x12a4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
06:56:02.0007 0x12a4  EapHost - ok
06:56:02.0163 0x12a4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
06:56:02.0334 0x12a4  ebdrv - ok
06:56:02.0365 0x12a4  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\Windows\System32\lsass.exe
06:56:02.0397 0x12a4  EFS - ok
06:56:02.0475 0x12a4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
06:56:02.0537 0x12a4  ehRecvr - ok
06:56:02.0553 0x12a4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
06:56:02.0584 0x12a4  ehSched - ok
06:56:02.0662 0x12a4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
06:56:02.0755 0x12a4  elxstor - ok
06:56:02.0880 0x12a4  [ 2AEE0416C54A1A86D035366DE192B2F0, DBDCAFB139ACD9FBD61000371D0AE41783CC9B2F821A8345F3F061E61692CD44 ] ePowerSvc       C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
06:56:02.0927 0x12a4  ePowerSvc - ok
06:56:02.0943 0x12a4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
06:56:02.0974 0x12a4  ErrDev - ok
06:56:03.0036 0x12a4  [ 0975BF32399A24117E317B5BF1D5D0AA, 850217D920BB6E524C08C11A9806B8B148E9CF6CEBED9481BF7C9F07BCA918D5 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
06:56:03.0067 0x12a4  ETD - ok
06:56:03.0130 0x12a4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
06:56:03.0208 0x12a4  EventSystem - ok
06:56:03.0239 0x12a4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
06:56:03.0286 0x12a4  exfat - ok
06:56:03.0317 0x12a4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
06:56:03.0379 0x12a4  fastfat - ok
06:56:03.0426 0x12a4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
06:56:03.0489 0x12a4  Fax - ok
06:56:03.0520 0x12a4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
06:56:03.0551 0x12a4  fdc - ok
06:56:03.0567 0x12a4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
06:56:03.0629 0x12a4  fdPHost - ok
06:56:03.0691 0x12a4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
06:56:03.0769 0x12a4  FDResPub - ok
06:56:03.0801 0x12a4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
06:56:03.0816 0x12a4  FileInfo - ok
06:56:03.0832 0x12a4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
06:56:03.0879 0x12a4  Filetrace - ok
06:56:03.0925 0x12a4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
06:56:03.0957 0x12a4  flpydisk - ok
06:56:03.0972 0x12a4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
06:56:04.0003 0x12a4  FltMgr - ok
06:56:04.0066 0x12a4  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
06:56:04.0128 0x12a4  FontCache - ok
06:56:04.0175 0x12a4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
06:56:04.0206 0x12a4  FontCache3.0.0.0 - ok
06:56:04.0222 0x12a4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
06:56:04.0237 0x12a4  FsDepends - ok
06:56:04.0284 0x12a4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
06:56:04.0315 0x12a4  Fs_Rec - ok
06:56:04.0362 0x12a4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
06:56:04.0393 0x12a4  fvevol - ok
06:56:04.0425 0x12a4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
06:56:04.0440 0x12a4  gagp30kx - ok
06:56:04.0503 0x12a4  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
06:56:04.0596 0x12a4  gpsvc - ok
06:56:04.0643 0x12a4  [ F95126E44EBA95A30FB0E4CE6E916015, D7B8E3AD510983994A3F4F099387CE5FAAAB1AF3E5E264CB80AF176D00A2D519 ] GREGService     C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
06:56:04.0674 0x12a4  GREGService - ok
06:56:04.0783 0x12a4  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:56:04.0815 0x12a4  gupdate - ok
06:56:04.0846 0x12a4  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:56:04.0877 0x12a4  gupdatem - ok
06:56:04.0908 0x12a4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
06:56:04.0939 0x12a4  hcw85cir - ok
06:56:04.0971 0x12a4  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
06:56:05.0049 0x12a4  HdAudAddService - ok
06:56:05.0080 0x12a4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
06:56:05.0111 0x12a4  HDAudBus - ok
06:56:05.0158 0x12a4  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\drivers\HECIx64.sys
06:56:05.0189 0x12a4  HECIx64 - ok
06:56:05.0205 0x12a4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
06:56:05.0236 0x12a4  HidBatt - ok
06:56:05.0267 0x12a4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
06:56:05.0298 0x12a4  HidBth - ok
06:56:05.0314 0x12a4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
06:56:05.0329 0x12a4  HidIr - ok
06:56:05.0345 0x12a4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
06:56:05.0407 0x12a4  hidserv - ok
06:56:05.0454 0x12a4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
06:56:05.0485 0x12a4  HidUsb - ok
06:56:05.0532 0x12a4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
06:56:05.0610 0x12a4  hkmsvc - ok
06:56:05.0626 0x12a4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
06:56:05.0657 0x12a4  HomeGroupListener - ok
06:56:05.0688 0x12a4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
06:56:05.0719 0x12a4  HomeGroupProvider - ok
06:56:05.0766 0x12a4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
06:56:05.0782 0x12a4  HpSAMD - ok
06:56:05.0844 0x12a4  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
06:56:05.0938 0x12a4  HTTP - ok
06:56:05.0953 0x12a4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
06:56:05.0969 0x12a4  hwpolicy - ok
06:56:05.0985 0x12a4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
06:56:06.0000 0x12a4  i8042prt - ok
06:56:06.0078 0x12a4  [ 1384872112E8E7FD5786ECEB8BDDF4C9, DC7844691740805A94F2901F8CB56F1591AF4F0F9C6D92D6B8595F89E6FA5F02 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
06:56:06.0109 0x12a4  iaStor - ok
06:56:06.0172 0x12a4  [ 6B24D1C3096DE796D15571079EA5E98C, 89566A7BDEDA7A663110F72B6301998651937E1E3E541EAB054169CEC8C7353F ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
06:56:06.0187 0x12a4  IAStorDataMgrSvc - ok
06:56:06.0250 0x12a4  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
06:56:06.0281 0x12a4  iaStorV - ok
06:56:06.0375 0x12a4  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
06:56:06.0421 0x12a4  idsvc - ok
06:56:06.0453 0x12a4  IEEtwCollectorService - ok
06:56:06.0874 0x12a4  [ F4F91789C7C7A159CE8215C1F69F2A85, E60155402FB647B55EAD6B090204A1AA497294D473A7CCF850BB21C0DCCCB49C ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
06:56:07.0529 0x12a4  igfx - ok
06:56:07.0591 0x12a4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
06:56:07.0607 0x12a4  iirsp - ok
06:56:07.0654 0x12a4  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
06:56:07.0794 0x12a4  IKEEXT - ok
06:56:07.0857 0x12a4  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
06:56:07.0888 0x12a4  Impcd - ok
06:56:08.0059 0x12a4  [ 235362D403D9D677514649D88DB31914, 522F5BA88169ADEC1EEB595BFBBCD6417DF38CD93A0D2B2FD0AF4C907FF6D965 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
06:56:08.0137 0x12a4  IntcAzAudAddService - ok
06:56:08.0169 0x12a4  [ 03C74719D48056A1078F3A51CEB76BAA, 34BCC73EE4D65E1F282208C243C54BBD8458DB50FA893DE3306E1A1E73D05B1A ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
06:56:08.0200 0x12a4  IntcDAud - ok
06:56:08.0247 0x12a4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
06:56:08.0262 0x12a4  intelide - ok
06:56:08.0309 0x12a4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
06:56:08.0340 0x12a4  intelppm - ok
06:56:08.0371 0x12a4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
06:56:08.0434 0x12a4  IPBusEnum - ok
06:56:08.0465 0x12a4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:56:08.0512 0x12a4  IpFilterDriver - ok
06:56:08.0559 0x12a4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
06:56:08.0605 0x12a4  iphlpsvc - ok
06:56:08.0621 0x12a4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
06:56:08.0668 0x12a4  IPMIDRV - ok
06:56:08.0683 0x12a4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
06:56:08.0746 0x12a4  IPNAT - ok
06:56:08.0793 0x12a4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
06:56:08.0824 0x12a4  IRENUM - ok
06:56:08.0839 0x12a4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
06:56:08.0855 0x12a4  isapnp - ok
06:56:08.0886 0x12a4  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
06:56:08.0902 0x12a4  iScsiPrt - ok
06:56:08.0949 0x12a4  [ 37E053A2CF8F0082B689ED74106E0CEC, 431D3A3212152A76878C9CA347056B62B2A5A3E0211C4D930639C426EE73A0B7 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
06:56:08.0964 0x12a4  k57nd60a - ok
06:56:08.0995 0x12a4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
06:56:09.0011 0x12a4  kbdclass - ok
06:56:09.0027 0x12a4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
06:56:09.0058 0x12a4  kbdhid - ok
06:56:09.0089 0x12a4  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\Windows\system32\lsass.exe
06:56:09.0105 0x12a4  KeyIso - ok
06:56:09.0136 0x12a4  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
06:56:09.0151 0x12a4  KSecDD - ok
06:56:09.0167 0x12a4  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
06:56:09.0198 0x12a4  KSecPkg - ok
06:56:09.0214 0x12a4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
06:56:09.0261 0x12a4  ksthunk - ok
06:56:09.0307 0x12a4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
06:56:09.0370 0x12a4  KtmRm - ok
06:56:09.0448 0x12a4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
06:56:09.0557 0x12a4  LanmanServer - ok
06:56:09.0588 0x12a4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
06:56:09.0651 0x12a4  LanmanWorkstation - ok
06:56:09.0729 0x12a4  [ B705C7097F9A0EC941D02DCE7C7D426C, 1A137BEA25BF7BA1EF190212CD6E556B53293D6388E9F7E790BF53F641F3CF89 ] Live Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
06:56:09.0760 0x12a4  Live Updater Service - ok
06:56:09.0791 0x12a4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
06:56:09.0838 0x12a4  lltdio - ok
06:56:09.0869 0x12a4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
06:56:09.0931 0x12a4  lltdsvc - ok
06:56:09.0947 0x12a4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
06:56:09.0994 0x12a4  lmhosts - ok
06:56:10.0056 0x12a4  [ DBC1136A62BD4DECC3632DF650284C2E, 2D6344357D21A9062019C7DDF3DB440ABC724CDA925471BBFA8CCAC65E6A2C80 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
06:56:10.0087 0x12a4  LMS - ok
06:56:10.0134 0x12a4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
06:56:10.0165 0x12a4  LSI_FC - ok
06:56:10.0181 0x12a4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
06:56:10.0197 0x12a4  LSI_SAS - ok
06:56:10.0228 0x12a4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
06:56:10.0243 0x12a4  LSI_SAS2 - ok
06:56:10.0243 0x12a4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
06:56:10.0259 0x12a4  LSI_SCSI - ok
06:56:10.0275 0x12a4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
06:56:10.0337 0x12a4  luafv - ok
06:56:10.0368 0x12a4  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
06:56:10.0399 0x12a4  Mcx2Svc - ok
06:56:10.0415 0x12a4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
06:56:10.0431 0x12a4  megasas - ok
06:56:10.0462 0x12a4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
06:56:10.0477 0x12a4  MegaSR - ok
06:56:10.0493 0x12a4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
06:56:10.0540 0x12a4  MMCSS - ok
06:56:10.0555 0x12a4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
06:56:10.0618 0x12a4  Modem - ok
06:56:10.0633 0x12a4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
06:56:10.0665 0x12a4  monitor - ok
06:56:10.0727 0x12a4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
06:56:10.0758 0x12a4  mouclass - ok
06:56:10.0789 0x12a4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
06:56:10.0821 0x12a4  mouhid - ok
06:56:10.0852 0x12a4  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
06:56:10.0867 0x12a4  mountmgr - ok
06:56:10.0883 0x12a4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
06:56:10.0899 0x12a4  mpio - ok
06:56:10.0930 0x12a4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
06:56:10.0977 0x12a4  mpsdrv - ok
06:56:11.0055 0x12a4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
06:56:11.0148 0x12a4  MpsSvc - ok
06:56:11.0179 0x12a4  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
06:56:11.0195 0x12a4  MRxDAV - ok
06:56:11.0226 0x12a4  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
06:56:11.0257 0x12a4  mrxsmb - ok
06:56:11.0304 0x12a4  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:56:11.0320 0x12a4  mrxsmb10 - ok
06:56:11.0351 0x12a4  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:56:11.0367 0x12a4  mrxsmb20 - ok
06:56:11.0398 0x12a4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
06:56:11.0413 0x12a4  msahci - ok
06:56:11.0445 0x12a4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
06:56:11.0460 0x12a4  msdsm - ok
06:56:11.0476 0x12a4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
06:56:11.0507 0x12a4  MSDTC - ok
06:56:11.0538 0x12a4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
06:56:11.0585 0x12a4  Msfs - ok
06:56:11.0601 0x12a4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
06:56:11.0647 0x12a4  mshidkmdf - ok
06:56:11.0679 0x12a4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
06:56:11.0694 0x12a4  msisadrv - ok
06:56:11.0741 0x12a4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
06:56:11.0803 0x12a4  MSiSCSI - ok
06:56:11.0803 0x12a4  msiserver - ok
06:56:11.0835 0x12a4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
06:56:11.0897 0x12a4  MSKSSRV - ok
06:56:11.0913 0x12a4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
06:56:11.0944 0x12a4  MSPCLOCK - ok
06:56:11.0944 0x12a4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
06:56:11.0991 0x12a4  MSPQM - ok
06:56:12.0022 0x12a4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
06:56:12.0037 0x12a4  MsRPC - ok
06:56:12.0053 0x12a4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
06:56:12.0069 0x12a4  mssmbios - ok
06:56:12.0084 0x12a4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
06:56:12.0131 0x12a4  MSTEE - ok
06:56:12.0147 0x12a4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
06:56:12.0178 0x12a4  MTConfig - ok
06:56:12.0209 0x12a4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
06:56:12.0209 0x12a4  Mup - ok
06:56:12.0271 0x12a4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
06:56:12.0365 0x12a4  napagent - ok
06:56:12.0443 0x12a4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
06:56:12.0490 0x12a4  NativeWifiP - ok
06:56:12.0568 0x12a4  [ 9D1CCE440552500DED3A62F9D779CDB4, C6B3B1C891A8BA3F91CC1EC21919C4F80F4C9CAF88971AB6CA11F09820601EBD ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
06:56:12.0583 0x12a4  NAUpdate - ok
06:56:12.0677 0x12a4  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
06:56:12.0786 0x12a4  NDIS - ok
06:56:12.0802 0x12a4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
06:56:12.0849 0x12a4  NdisCap - ok
06:56:12.0880 0x12a4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
06:56:12.0927 0x12a4  NdisTapi - ok
06:56:12.0927 0x12a4  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
06:56:12.0973 0x12a4  Ndisuio - ok
06:56:12.0989 0x12a4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
06:56:13.0051 0x12a4  NdisWan - ok
06:56:13.0067 0x12a4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
06:56:13.0114 0x12a4  NDProxy - ok
06:56:13.0129 0x12a4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
06:56:13.0176 0x12a4  NetBIOS - ok
06:56:13.0192 0x12a4  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
06:56:13.0239 0x12a4  NetBT - ok
06:56:13.0270 0x12a4  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\Windows\system32\lsass.exe
06:56:13.0285 0x12a4  Netlogon - ok
06:56:13.0317 0x12a4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
06:56:13.0379 0x12a4  Netman - ok
06:56:13.0441 0x12a4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:56:13.0504 0x12a4  NetMsmqActivator - ok
06:56:13.0504 0x12a4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:56:13.0519 0x12a4  NetPipeActivator - ok
06:56:13.0535 0x12a4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
06:56:13.0629 0x12a4  netprofm - ok
06:56:13.0629 0x12a4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:56:13.0644 0x12a4  NetTcpActivator - ok
06:56:13.0660 0x12a4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:56:13.0675 0x12a4  NetTcpPortSharing - ok
06:56:13.0722 0x12a4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
06:56:13.0722 0x12a4  nfrd960 - ok
06:56:13.0753 0x12a4  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
06:56:13.0800 0x12a4  NlaSvc - ok
06:56:13.0816 0x12a4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
06:56:13.0863 0x12a4  Npfs - ok
06:56:13.0894 0x12a4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
06:56:13.0941 0x12a4  nsi - ok
06:56:13.0956 0x12a4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
06:56:14.0003 0x12a4  nsiproxy - ok
06:56:14.0081 0x12a4  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
06:56:14.0175 0x12a4  Ntfs - ok
06:56:14.0253 0x12a4  [ 9A308FCDCCA98A15B6F62D36A272160E, 3991F70D42C1949067ED48CF4EB815E06360B077F6A2369AC76BF0892C3C33EE ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
06:56:14.0299 0x12a4  NTI IScheduleSvc - ok
06:56:14.0315 0x12a4  [ 64DDD0DEE976302F4BD93E5EFCC2F013, 19F54B4549999EF96FAE1B2B97973F281304843ADE0CF5823574453AB41E3E9C ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
06:56:14.0315 0x12a4  NTIDrvr - ok
06:56:14.0331 0x12a4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
06:56:14.0377 0x12a4  Null - ok
06:56:14.0409 0x12a4  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
06:56:14.0424 0x12a4  nvraid - ok
06:56:14.0455 0x12a4  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
06:56:14.0471 0x12a4  nvstor - ok
06:56:14.0502 0x12a4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
06:56:14.0518 0x12a4  nv_agp - ok
06:56:14.0533 0x12a4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
06:56:14.0549 0x12a4  ohci1394 - ok
06:56:14.0611 0x12a4  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:56:14.0643 0x12a4  ose - ok
06:56:14.0908 0x12a4  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
06:56:15.0157 0x12a4  osppsvc - ok
06:56:15.0204 0x12a4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
06:56:15.0282 0x12a4  p2pimsvc - ok
06:56:15.0329 0x12a4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
06:56:15.0376 0x12a4  p2psvc - ok
06:56:15.0407 0x12a4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
06:56:15.0423 0x12a4  Parport - ok
06:56:15.0454 0x12a4  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
06:56:15.0485 0x12a4  partmgr - ok
06:56:15.0501 0x12a4  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
06:56:15.0547 0x12a4  PcaSvc - ok
06:56:15.0563 0x12a4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
06:56:15.0579 0x12a4  pci - ok
06:56:15.0610 0x12a4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
06:56:15.0641 0x12a4  pciide - ok
06:56:15.0688 0x12a4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
06:56:15.0703 0x12a4  pcmcia - ok
06:56:15.0719 0x12a4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
06:56:15.0735 0x12a4  pcw - ok
06:56:15.0766 0x12a4  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
06:56:15.0828 0x12a4  PEAUTH - ok
06:56:15.0906 0x12a4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
06:56:15.0969 0x12a4  PerfHost - ok
06:56:16.0062 0x12a4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
06:56:16.0140 0x12a4  pla - ok
06:56:16.0218 0x12a4  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
06:56:16.0265 0x12a4  PlugPlay - ok
06:56:16.0281 0x12a4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
06:56:16.0312 0x12a4  PNRPAutoReg - ok
06:56:16.0327 0x12a4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
06:56:16.0359 0x12a4  PNRPsvc - ok
06:56:16.0421 0x12a4  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
06:56:16.0530 0x12a4  PolicyAgent - ok
06:56:16.0546 0x12a4  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
06:56:16.0593 0x12a4  Power - ok
06:56:16.0639 0x12a4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
06:56:16.0749 0x12a4  PptpMiniport - ok
06:56:16.0764 0x12a4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
06:56:16.0795 0x12a4  Processor - ok
06:56:16.0842 0x12a4  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
06:56:16.0889 0x12a4  ProfSvc - ok
06:56:16.0905 0x12a4  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
06:56:16.0920 0x12a4  ProtectedStorage - ok
06:56:16.0951 0x12a4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
06:56:17.0014 0x12a4  Psched - ok
06:56:17.0107 0x12a4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
06:56:17.0170 0x12a4  ql2300 - ok
06:56:17.0217 0x12a4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
06:56:17.0232 0x12a4  ql40xx - ok
06:56:17.0279 0x12a4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
06:56:17.0357 0x12a4  QWAVE - ok
06:56:17.0373 0x12a4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
06:56:17.0404 0x12a4  QWAVEdrv - ok
06:56:17.0419 0x12a4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
06:56:17.0482 0x12a4  RasAcd - ok
06:56:17.0513 0x12a4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
06:56:17.0544 0x12a4  RasAgileVpn - ok
06:56:17.0575 0x12a4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
06:56:17.0622 0x12a4  RasAuto - ok
06:56:17.0638 0x12a4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
06:56:17.0700 0x12a4  Rasl2tp - ok
06:56:17.0747 0x12a4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
06:56:17.0856 0x12a4  RasMan - ok
06:56:17.0887 0x12a4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
06:56:17.0934 0x12a4  RasPppoe - ok
06:56:17.0950 0x12a4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
06:56:18.0012 0x12a4  RasSstp - ok
06:56:18.0059 0x12a4  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
06:56:18.0168 0x12a4  rdbss - ok
06:56:18.0184 0x12a4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
06:56:18.0199 0x12a4  rdpbus - ok
06:56:18.0215 0x12a4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
06:56:18.0262 0x12a4  RDPCDD - ok
06:56:18.0277 0x12a4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
06:56:18.0340 0x12a4  RDPENCDD - ok
06:56:18.0355 0x12a4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
06:56:18.0402 0x12a4  RDPREFMP - ok
06:56:18.0433 0x12a4  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
06:56:18.0465 0x12a4  RDPWD - ok
06:56:18.0511 0x12a4  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
06:56:18.0527 0x12a4  rdyboost - ok
06:56:18.0558 0x12a4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
06:56:18.0621 0x12a4  RemoteAccess - ok
06:56:18.0652 0x12a4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
06:56:18.0699 0x12a4  RemoteRegistry - ok
06:56:18.0761 0x12a4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
06:56:18.0839 0x12a4  RpcEptMapper - ok
06:56:18.0870 0x12a4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
06:56:18.0917 0x12a4  RpcLocator - ok
06:56:18.0948 0x12a4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
06:56:19.0011 0x12a4  RpcSs - ok
06:56:19.0057 0x12a4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
06:56:19.0104 0x12a4  rspndr - ok
06:56:19.0151 0x12a4  [ 0E3DCF76F11DC431B088A2DFD7265CDA, 7FCC8A9C28B8B2E9EC6AB9FFF7354929838134F61DB9D5BB96C5F6A7ABDC6B6A ] RSUSBSTOR       C:\Windows\System32\Drivers\RtsUStor.sys
06:56:19.0198 0x12a4  RSUSBSTOR - ok
06:56:19.0198 0x12a4  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\Windows\system32\lsass.exe
06:56:19.0229 0x12a4  SamSs - ok
06:56:19.0245 0x12a4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
06:56:19.0260 0x12a4  sbp2port - ok
06:56:19.0323 0x12a4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
06:56:19.0369 0x12a4  SCardSvr - ok
06:56:19.0385 0x12a4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
06:56:19.0447 0x12a4  scfilter - ok
06:56:19.0494 0x12a4  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
06:56:19.0603 0x12a4  Schedule - ok
06:56:19.0650 0x12a4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
06:56:19.0697 0x12a4  SCPolicySvc - ok
06:56:19.0713 0x12a4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
06:56:19.0744 0x12a4  SDRSVC - ok
06:56:19.0775 0x12a4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
06:56:19.0822 0x12a4  secdrv - ok
06:56:19.0853 0x12a4  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
06:56:19.0884 0x12a4  seclogon - ok
06:56:19.0900 0x12a4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
06:56:19.0962 0x12a4  SENS - ok
06:56:19.0962 0x12a4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
06:56:19.0993 0x12a4  SensrSvc - ok
06:56:20.0009 0x12a4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
06:56:20.0040 0x12a4  Serenum - ok
06:56:20.0071 0x12a4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
06:56:20.0087 0x12a4  Serial - ok
06:56:20.0118 0x12a4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
06:56:20.0165 0x12a4  sermouse - ok
06:56:20.0181 0x12a4  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
06:56:20.0243 0x12a4  SessionEnv - ok
06:56:20.0274 0x12a4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
06:56:20.0290 0x12a4  sffdisk - ok
06:56:20.0305 0x12a4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
06:56:20.0337 0x12a4  sffp_mmc - ok
06:56:20.0337 0x12a4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
06:56:20.0368 0x12a4  sffp_sd - ok
06:56:20.0383 0x12a4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
06:56:20.0415 0x12a4  sfloppy - ok
06:56:20.0477 0x12a4  [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
06:56:20.0508 0x12a4  Sftfs - ok
06:56:20.0586 0x12a4  [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
06:56:20.0633 0x12a4  sftlist - ok
06:56:20.0649 0x12a4  [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
06:56:20.0664 0x12a4  Sftplay - ok
06:56:20.0727 0x12a4  [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
06:56:20.0758 0x12a4  Sftredir - ok
06:56:20.0773 0x12a4  [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
06:56:20.0789 0x12a4  Sftvol - ok
06:56:20.0836 0x12a4  [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
06:56:20.0867 0x12a4  sftvsa - ok
06:56:20.0929 0x12a4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
06:56:21.0007 0x12a4  SharedAccess - ok
06:56:21.0054 0x12a4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
06:56:21.0117 0x12a4  ShellHWDetection - ok
06:56:21.0148 0x12a4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
06:56:21.0163 0x12a4  SiSRaid2 - ok
06:56:21.0195 0x12a4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
06:56:21.0210 0x12a4  SiSRaid4 - ok
06:56:21.0241 0x12a4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
06:56:21.0288 0x12a4  Smb - ok
06:56:21.0335 0x12a4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
06:56:21.0366 0x12a4  SNMPTRAP - ok
06:56:21.0382 0x12a4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
06:56:21.0397 0x12a4  spldr - ok
06:56:21.0460 0x12a4  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
06:56:21.0522 0x12a4  Spooler - ok
06:56:21.0663 0x12a4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
06:56:21.0912 0x12a4  sppsvc - ok
06:56:21.0928 0x12a4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
06:56:21.0975 0x12a4  sppuinotify - ok
06:56:22.0006 0x12a4  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
06:56:22.0037 0x12a4  srv - ok
06:56:22.0068 0x12a4  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
06:56:22.0115 0x12a4  srv2 - ok
06:56:22.0131 0x12a4  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
06:56:22.0162 0x12a4  srvnet - ok
06:56:22.0193 0x12a4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
06:56:22.0255 0x12a4  SSDPSRV - ok
06:56:22.0271 0x12a4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
06:56:22.0318 0x12a4  SstpSvc - ok
06:56:22.0349 0x12a4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
06:56:22.0365 0x12a4  stexstor - ok
06:56:22.0411 0x12a4  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
06:56:22.0427 0x12a4  StillCam - ok
06:56:22.0489 0x12a4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
06:56:22.0552 0x12a4  stisvc - ok
06:56:22.0583 0x12a4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
06:56:22.0583 0x12a4  swenum - ok
06:56:22.0630 0x12a4  [ C89FFA6A0B7723F2FB72A734934A4425, 6B21543D06D5198164BA562288388E28E7F8DD1117D178F014C05BAA3140AFBA ] swiwdmbus       C:\Windows\system32\DRIVERS\swiwdmbusx64.sys
06:56:22.0677 0x12a4  swiwdmbus - ok
06:56:22.0739 0x12a4  [ EE03EF452EE06ED2539E2F80959144AF, 0A09058F6ABA3EAAF23616CC37932040B00A1CBDE854FFF484DA3EF32E823908 ] SWNC8UA3        C:\Windows\system32\DRIVERS\swnc8ua3.sys
06:56:22.0770 0x12a4  SWNC8UA3 - ok
06:56:22.0817 0x12a4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
06:56:22.0911 0x12a4  swprv - ok
06:56:22.0942 0x12a4  [ F6CEB2FF475265197D4407E87FF68701, 5FB5E1815343AE623D28CCDFB6D53718C2C34911CB18B9A46E703F9ADBEF5DB7 ] SWUMXA3         C:\Windows\system32\DRIVERS\swumxa3.sys
06:56:22.0973 0x12a4  SWUMXA3 - ok
06:56:23.0035 0x12a4  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
06:56:23.0145 0x12a4  SysMain - ok
06:56:23.0160 0x12a4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
06:56:23.0191 0x12a4  TabletInputService - ok
06:56:23.0207 0x12a4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
06:56:23.0269 0x12a4  TapiSrv - ok
06:56:23.0301 0x12a4  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
06:56:23.0332 0x12a4  TBS - ok
06:56:23.0441 0x12a4  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
06:56:23.0519 0x12a4  Tcpip - ok
06:56:23.0581 0x12a4  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
06:56:23.0644 0x12a4  TCPIP6 - ok
06:56:23.0691 0x12a4  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
06:56:23.0722 0x12a4  tcpipreg - ok
06:56:23.0737 0x12a4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
06:56:23.0769 0x12a4  TDPIPE - ok
06:56:23.0800 0x12a4  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
06:56:23.0831 0x12a4  TDTCP - ok
06:56:23.0862 0x12a4  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
06:56:23.0925 0x12a4  tdx - ok
06:56:23.0940 0x12a4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
06:56:23.0956 0x12a4  TermDD - ok
06:56:24.0003 0x12a4  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
06:56:24.0096 0x12a4  TermService - ok
06:56:24.0112 0x12a4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
06:56:24.0143 0x12a4  Themes - ok
06:56:24.0174 0x12a4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
06:56:24.0221 0x12a4  THREADORDER - ok
06:56:24.0252 0x12a4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
06:56:24.0315 0x12a4  TrkWks - ok
06:56:24.0361 0x12a4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
06:56:24.0424 0x12a4  TrustedInstaller - ok
06:56:24.0455 0x12a4  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
06:56:24.0471 0x12a4  tssecsrv - ok
06:56:24.0486 0x12a4  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
06:56:24.0502 0x12a4  TsUsbFlt - ok
06:56:24.0533 0x12a4  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
06:56:24.0564 0x12a4  TsUsbGD - ok
06:56:24.0611 0x12a4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
06:56:24.0673 0x12a4  tunnel - ok
06:56:24.0689 0x12a4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
06:56:24.0705 0x12a4  uagp35 - ok
06:56:24.0720 0x12a4  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00, 4646712B3F3AF6188DBCE1A95D92261E8B15E9583FE5DD538EC884F48B51759D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
06:56:24.0736 0x12a4  UBHelper - ok
06:56:24.0751 0x12a4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
06:56:24.0814 0x12a4  udfs - ok
06:56:24.0845 0x12a4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
06:56:24.0861 0x12a4  UI0Detect - ok
06:56:24.0876 0x12a4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
06:56:24.0892 0x12a4  uliagpkx - ok
06:56:24.0923 0x12a4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
06:56:24.0954 0x12a4  umbus - ok
06:56:24.0970 0x12a4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
06:56:25.0001 0x12a4  UmPass - ok
06:56:25.0141 0x12a4  [ 7466809E6DA561D60C2F1CE8EDE3C73F, A3185049282A51B17C3DA839AF7E90F1CD395B2FB5587514EB2D65CB22854E2C ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
06:56:25.0266 0x12a4  UNS - ok
06:56:25.0329 0x12a4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
06:56:25.0407 0x12a4  upnphost - ok
06:56:25.0438 0x12a4  [ 43228F8EDD1B0BCDD3145AD246E63D39, 108D8793E9F94C0A0E895398599B359121751F2E7BAA8B7BD24838AEF646726D ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
06:56:25.0453 0x12a4  USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
06:56:28.0527 0x12a4  Detect skipped due to KSN trusted
06:56:28.0527 0x12a4  USBAAPL64 - ok
06:56:28.0605 0x12a4  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
06:56:28.0651 0x12a4  usbaudio - ok
06:56:28.0667 0x12a4  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
06:56:28.0714 0x12a4  usbccgp - ok
06:56:28.0745 0x12a4  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
06:56:28.0823 0x12a4  usbcir - ok
06:56:28.0839 0x12a4  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
06:56:28.0885 0x12a4  usbehci - ok
06:56:28.0917 0x12a4  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
06:56:28.0963 0x12a4  usbhub - ok
06:56:28.0979 0x12a4  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
06:56:28.0995 0x12a4  usbohci - ok
06:56:29.0026 0x12a4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
06:56:29.0073 0x12a4  usbprint - ok
06:56:29.0104 0x12a4  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:56:29.0135 0x12a4  USBSTOR - ok
06:56:29.0151 0x12a4  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
06:56:29.0166 0x12a4  usbuhci - ok
06:56:29.0229 0x12a4  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
06:56:29.0291 0x12a4  usbvideo - ok
06:56:29.0322 0x12a4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
06:56:29.0369 0x12a4  UxSms - ok
06:56:29.0400 0x12a4  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\Windows\system32\lsass.exe
06:56:29.0400 0x12a4  VaultSvc - ok
06:56:29.0463 0x12a4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
06:56:29.0494 0x12a4  vdrvroot - ok
06:56:29.0525 0x12a4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
06:56:29.0603 0x12a4  vds - ok
06:56:29.0650 0x12a4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
06:56:29.0665 0x12a4  vga - ok
06:56:29.0697 0x12a4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
06:56:29.0759 0x12a4  VgaSave - ok
06:56:29.0790 0x12a4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
06:56:29.0806 0x12a4  vhdmp - ok
06:56:29.0837 0x12a4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
06:56:29.0853 0x12a4  viaide - ok
06:56:29.0868 0x12a4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
06:56:29.0884 0x12a4  volmgr - ok
06:56:29.0915 0x12a4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
06:56:29.0931 0x12a4  volmgrx - ok
06:56:29.0946 0x12a4  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
06:56:29.0962 0x12a4  volsnap - ok
06:56:29.0993 0x12a4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
06:56:30.0009 0x12a4  vsmraid - ok
06:56:30.0102 0x12a4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
06:56:30.0258 0x12a4  VSS - ok
06:56:30.0274 0x12a4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
06:56:30.0305 0x12a4  vwifibus - ok
06:56:30.0336 0x12a4  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
06:56:30.0367 0x12a4  vwififlt - ok
06:56:30.0383 0x12a4  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
06:56:30.0414 0x12a4  vwifimp - ok
06:56:30.0445 0x12a4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
06:56:30.0508 0x12a4  W32Time - ok
06:56:30.0539 0x12a4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
06:56:30.0570 0x12a4  WacomPen - ok
06:56:30.0601 0x12a4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
06:56:30.0648 0x12a4  WANARP - ok
06:56:30.0664 0x12a4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
06:56:30.0695 0x12a4  Wanarpv6 - ok
06:56:30.0804 0x12a4  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
06:56:30.0867 0x12a4  WatAdminSvc - ok
06:56:31.0147 0x12a4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
06:56:31.0241 0x12a4  wbengine - ok
06:56:31.0257 0x12a4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
06:56:31.0288 0x12a4  WbioSrvc - ok
06:56:31.0319 0x12a4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
06:56:31.0366 0x12a4  wcncsvc - ok
06:56:31.0381 0x12a4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
06:56:31.0397 0x12a4  WcsPlugInService - ok
06:56:31.0413 0x12a4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
06:56:31.0428 0x12a4  Wd - ok
06:56:31.0506 0x12a4  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
06:56:31.0584 0x12a4  Wdf01000 - ok
06:56:31.0631 0x12a4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
06:56:31.0662 0x12a4  WdiServiceHost - ok
06:56:31.0678 0x12a4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
06:56:31.0709 0x12a4  WdiSystemHost - ok
06:56:31.0803 0x12a4  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
06:56:31.0849 0x12a4  WebClient - ok
06:56:31.0865 0x12a4  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
06:56:31.0927 0x12a4  Wecsvc - ok
06:56:31.0943 0x12a4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
06:56:31.0990 0x12a4  wercplsupport - ok
06:56:32.0021 0x12a4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
06:56:32.0068 0x12a4  WerSvc - ok
06:56:32.0130 0x12a4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
06:56:32.0193 0x12a4  WfpLwf - ok
06:56:32.0208 0x12a4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
06:56:32.0224 0x12a4  WIMMount - ok
06:56:32.0239 0x12a4  WinDefend - ok
06:56:32.0255 0x12a4  WinHttpAutoProxySvc - ok
06:56:32.0317 0x12a4  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
06:56:32.0395 0x12a4  Winmgmt - ok
06:56:32.0692 0x12a4  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
06:56:32.0863 0x12a4  WinRM - ok
06:56:32.0941 0x12a4  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
06:56:32.0973 0x12a4  WinUsb - ok
06:56:33.0035 0x12a4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
06:56:33.0160 0x12a4  Wlansvc - ok
06:56:33.0222 0x12a4  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
06:56:33.0222 0x12a4  wlcrasvc - ok
06:56:33.0347 0x12a4  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
06:56:33.0487 0x12a4  wlidsvc - ok
06:56:33.0534 0x12a4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
06:56:33.0581 0x12a4  WmiAcpi - ok
06:56:33.0612 0x12a4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
06:56:33.0659 0x12a4  wmiApSrv - ok
06:56:33.0690 0x12a4  WMPNetworkSvc - ok
06:56:33.0721 0x12a4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
06:56:33.0753 0x12a4  WPCSvc - ok
06:56:33.0784 0x12a4  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
06:56:33.0846 0x12a4  WPDBusEnum - ok
06:56:33.0877 0x12a4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
06:56:33.0940 0x12a4  ws2ifsl - ok
06:56:33.0955 0x12a4  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
06:56:34.0002 0x12a4  wscsvc - ok
06:56:34.0002 0x12a4  WSearch - ok
06:56:34.0127 0x12a4  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
06:56:34.0267 0x12a4  wuauserv - ok
06:56:34.0330 0x12a4  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
06:56:34.0361 0x12a4  WudfPf - ok
06:56:34.0408 0x12a4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
06:56:34.0439 0x12a4  WUDFRd - ok
06:56:34.0470 0x12a4  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
06:56:34.0501 0x12a4  wudfsvc - ok
06:56:34.0548 0x12a4  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
06:56:34.0564 0x12a4  WwanSvc - ok
06:56:34.0595 0x12a4  ================ Scan global ===============================
06:56:34.0611 0x12a4  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
06:56:34.0657 0x12a4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
06:56:34.0689 0x12a4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
06:56:34.0751 0x12a4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
06:56:34.0798 0x12a4  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
06:56:34.0829 0x12a4  [ Global ] - ok
06:56:34.0829 0x12a4  ================ Scan MBR ==================================
06:56:34.0845 0x12a4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
06:56:35.0781 0x12a4  \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )
06:56:35.0781 0x12a4  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
06:56:38.0760 0x12a4  ================ Scan VBR ==================================
06:56:38.0791 0x12a4  [ 57C38867F219B853FC13089D4B5C9B4F ] \Device\Harddisk0\DR0\Partition1
06:56:38.0932 0x12a4  \Device\Harddisk0\DR0\Partition1 - ok
06:56:38.0963 0x12a4  [ E9D15D3EC3BBF4EEA597E9384ABE5820 ] \Device\Harddisk0\DR0\Partition2
06:56:39.0057 0x12a4  \Device\Harddisk0\DR0\Partition2 - ok
06:56:39.0057 0x12a4  Waiting for KSN requests completion. In queue: 61
06:56:40.0071 0x12a4  Waiting for KSN requests completion. In queue: 61
06:56:41.0085 0x12a4  Waiting for KSN requests completion. In queue: 61
06:56:42.0161 0x12a4  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2013.292 ), 0x41000 ( enabled : updated )
06:56:42.0192 0x12a4  Win FW state via NFP2: enabled
06:56:45.0156 0x12a4  ============================================================
06:56:45.0156 0x12a4  Scan finished
06:56:45.0156 0x12a4  ============================================================
06:56:45.0156 0x1298  Detected object count: 1
06:56:45.0156 0x1298  Actual detected object count: 1
06:57:40.0895 0x1298  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
06:57:40.0926 0x1298  \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
06:57:44.0733 0x1298  \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
06:57:44.0808 0x1298  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
06:57:44.0844 0x1298  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
06:57:44.0872 0x1298  \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
06:57:44.0872 0x1298  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
06:57:44.0872 0x1298  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
06:57:44.0882 0x1298  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
06:57:44.0902 0x1298  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
06:57:44.0917 0x1298  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
06:57:44.0934 0x1298  \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
06:57:44.0935 0x1298  \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
06:57:44.0955 0x1298  \Device\Harddisk0\DR0\TDLFS - deleted
06:57:44.0955 0x1298  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete 
06:58:35.0613 0x124c  Deinitialize success


#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 12 March 2014 - 09:13 AM

All right. :)
Let's continue:


Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#10 Markstein

Markstein
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 12 March 2014 - 08:46 PM

Combofix ran. (Please note that I did get a message from Combofix that Avast Antivirus and Avast Antispyware were running and may conflict even though I stopped Avast in Windows Services as well as shutting down any Avast realtime shields permanently The scan seemed to have completed successfully despite the warning). Following are the Combofix logs:
 

ComboFix 14-03-10.01 - Owner 03/12/2014  18:10:16.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2807.1579 [GMT -7:00]
Running from: c:\users\Owner\Desktop\New folder\combo fix\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-13 to 2014-03-13  )))))))))))))))))))))))))))))))
.
.
2014-03-13 01:19 . 2014-03-13 01:19 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-03-13 01:19 . 2014-03-13 01:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-12 13:09 . 2014-03-12 13:57 -------- d-----w- C:\TDSSKiller_Quarantine
2014-03-12 00:44 . 2014-03-12 00:46 -------- d-----w- C:\FRST
2014-03-12 00:34 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-12 00:34 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 00:34 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-12 00:34 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-03 00:25 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2014-03-03 00:25 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-03-03 00:18 . 2014-03-03 00:18 -------- d-----w- c:\programdata\Intel
2014-03-02 19:26 . 2014-03-11 00:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-03-02 19:26 . 2014-03-02 19:28 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2014-03-02 17:23 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-03-02 17:23 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-03-02 17:13 . 2014-03-02 17:13 -------- d-----w- c:\windows\Migration
2014-03-02 05:27 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-03-02 05:27 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-03-02 05:27 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-03-02 05:27 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-03-02 05:27 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-03-02 05:25 . 2013-10-15 02:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-03-02 05:21 . 2014-03-02 05:21 878080 ----a-w- c:\windows\system32\advapi32.dll
2014-03-02 05:13 . 2014-03-02 05:13 -------- d-----w- c:\programdata\Oracle
2014-03-02 05:12 . 2014-03-02 05:12 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-03-02 05:12 . 2013-12-19 05:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-02 03:16 . 2014-03-02 03:16 -------- d-----w- c:\users\Owner\AppData\Roaming\AVAST Software
2014-03-02 03:11 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2014-03-02 03:11 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2014-03-02 03:09 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2014-03-02 03:09 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2014-03-02 03:08 . 2014-03-02 03:08 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-03-02 03:08 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-03-02 03:08 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2014-03-02 03:08 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2014-03-02 03:08 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2014-03-02 03:07 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-03-02 03:07 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-03-02 03:06 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-03-02 03:06 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-03-02 03:06 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-03-02 03:06 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-03-02 03:06 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-03-02 03:06 . 2013-12-04 02:16 658432 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-03-02 03:06 . 2013-12-04 02:16 626176 ----a-w- c:\windows\system32\RMActivate.exe
2014-03-02 03:04 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll
2014-03-02 03:04 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2014-03-02 03:04 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll
2014-03-02 03:04 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2014-03-02 03:04 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2014-03-02 03:04 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll
2014-03-02 03:01 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-03-02 03:01 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-03-02 03:01 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-03-02 03:01 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-03-02 03:01 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-03-02 03:01 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-03-02 03:00 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2014-03-02 03:00 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2014-03-02 03:00 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2014-03-02 03:00 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2014-03-02 03:00 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2014-03-02 03:00 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2014-03-02 03:00 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2014-03-02 03:00 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2014-03-02 02:59 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-03-02 02:59 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2014-03-02 02:59 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2014-03-02 02:59 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2014-03-02 02:59 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 00:36 . 2012-04-11 01:38 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 00:36 . 2011-08-04 08:05 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-02 05:21 . 2014-03-02 05:21 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-02 03:08 . 2013-05-12 02:03 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-02 03:08 . 2013-05-12 02:03 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-02 03:08 . 2013-05-12 02:03 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-02 03:08 . 2013-05-12 02:03 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-03-02 03:08 . 2013-05-12 02:03 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-03-02 03:08 . 2013-05-12 02:03 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-02 03:08 . 2013-05-12 02:03 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-03-02 03:08 . 2013-05-12 02:03 43152 ----a-w- c:\windows\avastSS.scr
2014-02-05 03:09 . 2011-06-29 13:33 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-01-22 14:52 . 2013-05-12 02:03 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2010-06-28 258304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-02 3767096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 swiwdmbus;Sierra Wireless USB Composite Bus;c:\windows\system32\DRIVERS\swiwdmbusx64.sys;c:\windows\SYSNATIVE\DRIVERS\swiwdmbusx64.sys [x]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys;c:\windows\SYSNATIVE\DRIVERS\swnc8ua3.sys [x]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys;c:\windows\SYSNATIVE\DRIVERS\swumxa3.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-05 00:45 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 00:36]
.
2014-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 03:33]
.
2014-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 03:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-02 03:08 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 23:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 23:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 23:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 23:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 23:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 23:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2011-01-05 860040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-Run-Adobe - c:\users\Owner\AppData\Local\Apple\Adobe\ygfewpsdr.dll
SafeBoot-95312012.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{5911488E-9D1E-40EC-8CBB-06B231CC153F}"=hex:51,66,7a,6c,4c,1d,38,12,e0,4b,02,
   5d,2c,d3,82,05,f3,ad,45,f2,34,92,51,2b
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
   eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
   06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
   69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,
   6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b
"{70C6E9DE-F30E-4A40-8A6F-9572C2328320}"=hex:51,66,7a,6c,4c,1d,38,12,b0,ea,d5,
   74,3c,bd,2e,0f,f5,79,d6,32,c7,6c,c7,34
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}"=hex:51,66,7a,6c,4c,1d,38,12,92,9a,85,
   b0,57,58,7a,01,de,dd,87,e2,a1,ff,7a,f8
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{D2D09FE0-F451-45F7-A617-FABF9130C4D6}"=hex:51,66,7a,6c,4c,1d,38,12,8e,9c,c3,
   d6,63,ba,99,00,d9,01,b9,ff,94,6e,80,c2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
   f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:53,a6,63,a7,6a,7f,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-12  18:29:08
ComboFix-quarantined-files.txt  2014-03-13 01:29
.
Pre-Run: 255,542,026,240 bytes free
Post-Run: 255,407,321,088 bytes free
.
- - End Of File - - B3FFC97629F96413EAB54AD340BA7DB7

Edited by Markstein, 12 March 2014 - 08:47 PM.


#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 13 March 2014 - 03:05 AM

Good. How is the computer running now? What problems and symptoms are still present?


Step 1

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#12 Markstein

Markstein
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 13 March 2014 - 09:12 PM

The computer hasn't really had too many issues other than being really slow but the speed has increased since I cleaned a lot of garbage off before posting here. Hoping it may be a bit faster now that more junk is being removed. I do see there are some questionable items from ESET. Any thoughts on these?
 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=29c04481d7257c439ba763076ec1d9e6
# engine=17431
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-13 02:45:02
# local_time=2014-03-13 07:45:02 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777214 85 77 73737 74283 0 0
# compatibility_mode=5893 16776574 100 94 15014108 146265352 0 0
# scanned=138052
# found=12
# cleaned=0
# scan_time=5231
sh=0599C87261EED7B72F718B7F7F1D18C76C84073C ft=1 fh=2e4d5b6eacfb8fc8 vn="probably a variant of MSIL/DomaIQ.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe.vir"
sh=5E6A03871B397414C36AF1E1359FE014C7761B74 ft=1 fh=ee8c5e224a6823f5 vn="a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application" ac=I fn="C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Gateway Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe"
sh=F281E8D97D77A6578BF8EA9290BEF4BBE02EF3FE ft=1 fh=25399a82da0a3c13 vn="Win64/Olmarik.AK trojan" ac=I fn="C:\TDSSKiller_Quarantine\12.03.2014_06.06.41\mbr0000\tdlfs0000\tsk0000.dta"
sh=F281E8D97D77A6578BF8EA9290BEF4BBE02EF3FE ft=1 fh=25399a82da0a3c13 vn="Win64/Olmarik.AK trojan" ac=I fn="C:\TDSSKiller_Quarantine\12.03.2014_06.55.19\tdlfs0000\tsk0000.dta"
sh=3113662D84508DD67BCEDA10E4F08903300B8485 ft=0 fh=0000000000000000 vn="Win32/BHO.OEI trojan" ac=I fn="C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Default\aadgdgdhggdcgcdedadcdidhdedhgedf\ContentScript.js"
sh=3243192F53EB72D45AC6A60313451A2C35BA2B0A ft=1 fh=fecd84fb2025a438 vn="a variant of Win32/Adware.Gamevance.DD potentially unwanted application" ac=I fn="C:\Users\Owner\Downloads\ArcadeCandyGames (1).exe"
sh=3243192F53EB72D45AC6A60313451A2C35BA2B0A ft=1 fh=fecd84fb2025a438 vn="a variant of Win32/Adware.Gamevance.DD potentially unwanted application" ac=I fn="C:\Users\Owner\Downloads\ArcadeCandyGames (2).exe"
sh=3243192F53EB72D45AC6A60313451A2C35BA2B0A ft=1 fh=fecd84fb2025a438 vn="a variant of Win32/Adware.Gamevance.DD potentially unwanted application" ac=I fn="C:\Users\Owner\Downloads\ArcadeCandyGames (3).exe"
sh=3243192F53EB72D45AC6A60313451A2C35BA2B0A ft=1 fh=fecd84fb2025a438 vn="a variant of Win32/Adware.Gamevance.DD potentially unwanted application" ac=I fn="C:\Users\Owner\Downloads\ArcadeCandyGames (4).exe"
sh=3243192F53EB72D45AC6A60313451A2C35BA2B0A ft=1 fh=fecd84fb2025a438 vn="a variant of Win32/Adware.Gamevance.DD potentially unwanted application" ac=I fn="C:\Users\Owner\Downloads\ArcadeCandyGames.exe"
sh=59C75B45AC46FAC8C4018205544938C46B1BA631 ft=1 fh=ab462a0af6e69b03 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Owner\Downloads\ccsetup405.exe"
sh=C662A89E2318810A6012EF702A9C39F6E0AC3B36 ft=1 fh=e8789dd77b481b56 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Owner\Downloads\ccsetup411.exe"


FRTS Log ========================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
Ran by Owner (administrator) on OWNER-PC on 13-03-2014 18:59:20
Running from C:\Users\Owner\Desktop\New folder\farbar
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [860040 2011-01-05] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe [258304 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-03-01] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3779763097-815708489-3500938347-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {E36E5FD6-05B8-42D2-9C2C-9CFFA22148F3} URL = 
SearchScopes: HKCU - DefaultScope {57A8A330-31FE-4945-8CCB-CCE285FF82D8} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {57A8A330-31FE-4945-8CCB-CCE285FF82D8} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
CHR Plugin: (Unity Player) - C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-20]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-20]
CHR Extension: (avast! Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-05-10]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-20]
CHR HKCU\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Owner\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2011-12-20]
CHR HKCU\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - C:\Users\Owner\AppData\Local\CRE\neebgdeaohaofdhldpobdpfocdonmgki.crx [2011-12-20]
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Owner\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2011-12-20]
CHR HKLM-x32\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - C:\Users\Owner\AppData\Local\CRE\neebgdeaohaofdhldpobdpfocdonmgki.crx [2011-12-20]
 
==================== Services (Whitelisted) =================
 
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-01] (AVAST Software)
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-03-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-03-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-03-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-03-01] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-03-01] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-03-01] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 swiwdmbus; C:\Windows\System32\DRIVERS\swiwdmbusx64.sys [102656 2010-06-21] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [240640 2010-06-21] (Sierra Wireless Inc.)
S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [210944 2010-06-21] (Sierra Wireless Inc.)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-13 06:14 - 2014-03-13 06:14 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-12 18:29 - 2014-03-12 18:29 - 00026531 _____ () C:\ComboFix.txt
2014-03-12 18:08 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-12 18:08 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-12 18:08 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-12 18:08 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-12 18:08 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-12 18:08 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-12 18:08 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-12 18:08 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-12 17:59 - 2014-03-12 18:29 - 00000000 ____D () C:\Qoobox
2014-03-12 17:58 - 2014-03-12 18:26 - 00000000 ____D () C:\Windows\erdnt
2014-03-12 06:09 - 2014-03-12 06:57 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-11 17:44 - 2014-03-13 18:59 - 00000000 ____D () C:\FRST
2014-03-11 17:35 - 2014-02-28 23:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-11 17:35 - 2014-02-28 22:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-11 17:35 - 2014-02-28 22:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-11 17:35 - 2014-02-28 21:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-11 17:35 - 2014-02-28 21:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-11 17:35 - 2014-02-28 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-11 17:35 - 2014-02-28 21:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-11 17:35 - 2014-02-28 21:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-11 17:35 - 2014-02-28 21:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-11 17:35 - 2014-02-28 21:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-11 17:35 - 2014-02-28 21:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-11 17:35 - 2014-02-28 21:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-11 17:35 - 2014-02-28 21:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-11 17:35 - 2014-02-28 21:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-11 17:35 - 2014-02-28 21:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-11 17:35 - 2014-02-28 21:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-11 17:35 - 2014-02-28 21:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-11 17:35 - 2014-02-28 20:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-11 17:35 - 2014-02-28 20:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-11 17:35 - 2014-02-28 20:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-11 17:35 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-11 17:35 - 2014-02-28 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-11 17:35 - 2014-02-28 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-11 17:35 - 2014-02-28 20:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-11 17:35 - 2014-02-28 20:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-11 17:35 - 2014-02-28 20:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-11 17:35 - 2014-02-28 20:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-11 17:35 - 2014-02-28 20:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-11 17:35 - 2014-02-28 20:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-11 17:35 - 2014-02-28 20:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-11 17:35 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-11 17:35 - 2014-02-28 20:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-11 17:35 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-11 17:35 - 2014-02-28 20:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-11 17:35 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-11 17:35 - 2014-02-28 19:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-11 17:35 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-11 17:35 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-11 17:35 - 2014-02-28 19:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-11 17:35 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-11 17:35 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-11 17:35 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-11 17:35 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-11 17:35 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-11 17:34 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-11 17:34 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-11 17:34 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-11 17:34 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 17:32 - 2014-03-13 06:13 - 00000000 ____D () C:\Users\Owner\Desktop\New folder
2014-03-10 17:55 - 2014-03-10 17:56 - 00019355 _____ () C:\Users\Owner\Desktop\dds.txt
2014-03-10 17:55 - 2014-03-10 17:56 - 00005004 _____ () C:\Users\Owner\Desktop\attach.txt
2014-03-10 17:53 - 2014-03-10 17:53 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
2014-03-04 19:27 - 2014-03-04 19:27 - 00000348 _____ () C:\Windows\PFRO.log
2014-03-04 19:19 - 2014-03-12 17:52 - 00000560 _____ () C:\Windows\setupact.log
2014-03-04 19:19 - 2014-03-04 19:19 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-04 19:01 - 2014-03-04 19:17 - 00000429 _____ () C:\Users\Owner\Documents\text.txt
2014-03-02 17:25 - 2012-05-04 04:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-03-02 17:25 - 2012-05-04 02:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-03-02 17:18 - 2014-03-02 17:18 - 00000000 ____D () C:\ProgramData\Intel
2014-03-02 12:45 - 2009-06-10 14:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140302-114520.backup
2014-03-02 12:26 - 2014-03-10 17:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-02 12:26 - 2014-03-02 12:28 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-03-02 12:26 - 2014-03-02 12:26 - 00001265 _____ () C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
2014-03-02 10:23 - 2013-12-21 02:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-02 10:23 - 2013-12-21 01:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-01 22:27 - 2013-05-09 22:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-03-01 22:27 - 2013-05-09 22:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-03-01 22:27 - 2013-05-09 21:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-03-01 22:27 - 2013-05-09 21:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-03-01 22:25 - 2013-10-14 19:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-03-01 22:23 - 2014-03-01 22:23 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-03-01 22:23 - 2014-03-01 22:23 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-03-01 22:23 - 2014-03-01 22:23 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-03-01 22:23 - 2014-03-01 22:23 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-03-01 22:23 - 2014-03-01 22:23 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-03-01 22:23 - 2014-03-01 22:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-03-01 22:23 - 2014-03-01 22:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-03-01 22:21 - 2014-03-01 22:21 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-03-01 22:21 - 2014-03-01 22:21 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-03-01 22:21 - 2014-03-01 22:21 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-03-01 22:21 - 2014-03-01 22:21 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-03-01 22:21 - 2014-03-01 22:21 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-03-01 22:21 - 2014-03-01 22:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-03-01 22:13 - 2014-03-01 22:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-01 22:12 - 2013-12-18 22:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-01 22:12 - 2013-12-18 22:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-01 22:12 - 2013-12-18 22:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-01 22:12 - 2013-12-18 22:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-01 22:11 - 2014-03-01 22:12 - 00005765 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-01 20:37 - 2014-03-01 20:37 - 00020464 _____ () C:\Users\Owner\Documents\cc_20140301_193716.reg
2014-03-01 20:36 - 2014-03-01 20:36 - 00199852 _____ () C:\Users\Owner\Documents\reg_backup3-1-14.reg
2014-03-01 20:26 - 2014-03-01 20:26 - 04765152 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup411.exe
2014-03-01 20:16 - 2014-03-01 20:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-03-01 20:11 - 2013-10-05 13:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-03-01 20:11 - 2013-10-05 12:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-03-01 20:09 - 2013-10-29 19:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-03-01 20:09 - 2013-10-29 19:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-03-01 20:08 - 2014-03-01 20:08 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-01 20:08 - 2013-12-31 16:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-03-01 20:08 - 2013-12-31 16:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-03-01 20:08 - 2013-11-23 11:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-03-01 20:08 - 2013-11-23 10:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-03-01 20:08 - 2013-10-18 19:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-03-01 20:08 - 2013-10-18 18:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-03-01 20:07 - 2013-11-11 19:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-01 20:07 - 2013-11-11 19:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-03-01 20:06 - 2013-12-05 19:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-01 20:06 - 2013-12-05 19:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-03-01 20:06 - 2013-12-05 19:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-03-01 20:06 - 2013-12-05 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-03-01 20:06 - 2013-12-03 19:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-03-01 20:06 - 2013-12-03 19:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-03-01 20:06 - 2013-11-26 04:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-03-01 20:05 - 2013-12-03 19:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-03-01 20:05 - 2013-12-03 19:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-03-01 20:05 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-03-01 20:05 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-03-01 20:05 - 2013-12-03 19:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-03-01 20:05 - 2013-12-03 19:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-03-01 20:05 - 2013-12-03 19:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-03-01 20:05 - 2013-12-03 19:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-03-01 20:05 - 2013-12-03 19:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-03-01 20:05 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-03-01 20:05 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-03-01 20:05 - 2013-12-03 19:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-03-01 20:05 - 2013-12-03 18:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-03-01 20:05 - 2013-12-03 18:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-03-01 20:05 - 2013-12-03 18:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-03-01 20:05 - 2013-12-03 18:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-03-01 20:04 - 2013-10-03 19:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-03-01 20:04 - 2013-10-03 19:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-03-01 20:04 - 2013-10-03 19:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-03-01 20:04 - 2013-10-03 18:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-03-01 20:04 - 2013-10-03 18:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-03-01 20:04 - 2013-10-03 18:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-03-01 20:02 - 2013-11-26 18:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-03-01 20:02 - 2013-11-26 18:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-03-01 20:02 - 2013-11-26 18:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-03-01 20:02 - 2013-11-26 18:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-03-01 20:02 - 2013-11-26 18:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-03-01 20:02 - 2013-11-26 18:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-03-01 20:02 - 2013-11-26 18:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-03-01 20:02 - 2013-10-03 19:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-03-01 20:02 - 2013-10-03 18:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-03-01 20:02 - 2013-09-27 18:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-03-01 20:02 - 2013-09-24 19:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-03-01 20:02 - 2013-09-24 19:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-03-01 20:02 - 2013-09-24 19:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-03-01 20:02 - 2013-09-24 19:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-03-01 20:02 - 2013-09-24 19:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-03-01 20:02 - 2013-09-24 19:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-03-01 20:02 - 2013-09-24 19:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-03-01 20:02 - 2013-09-24 19:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-03-01 20:02 - 2013-09-24 18:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-03-01 20:02 - 2013-09-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-03-01 20:02 - 2013-09-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-03-01 20:02 - 2013-09-24 18:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-03-01 20:02 - 2013-09-24 18:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-03-01 20:02 - 2013-07-04 05:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-03-01 20:01 - 2013-12-24 16:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-01 20:01 - 2013-12-24 15:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-01 20:01 - 2013-11-26 01:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-01 20:01 - 2013-11-22 15:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-01 20:01 - 2013-10-02 19:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-03-01 20:01 - 2013-10-02 19:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-03-01 20:00 - 2013-10-11 19:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-03-01 20:00 - 2013-10-11 19:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-03-01 20:00 - 2013-10-11 19:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-03-01 20:00 - 2013-10-11 19:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-03-01 20:00 - 2013-10-11 18:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-03-01 20:00 - 2013-10-11 18:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-03-01 20:00 - 2013-10-11 18:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-03-01 20:00 - 2013-10-11 18:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-03-01 19:59 - 2013-10-11 19:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-03-01 19:59 - 2013-10-11 19:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-03-01 19:59 - 2013-10-11 19:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-03-01 19:59 - 2013-10-11 19:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-03-01 19:59 - 2013-10-11 19:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
 
==================== One Month Modified Files and Folders =======
 
2014-03-13 18:59 - 2014-03-11 17:44 - 00000000 ____D () C:\FRST
2014-03-13 18:44 - 2011-07-09 20:33 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-13 18:36 - 2012-12-29 22:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-13 15:44 - 2011-07-09 20:33 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-13 06:35 - 2013-09-09 20:35 - 01646043 _____ () C:\Windows\WindowsUpdate.log
2014-03-13 06:14 - 2014-03-13 06:14 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-13 06:13 - 2014-03-11 17:32 - 00000000 ____D () C:\Users\Owner\Desktop\New folder
2014-03-12 18:29 - 2014-03-12 18:29 - 00026531 _____ () C:\ComboFix.txt
2014-03-12 18:29 - 2014-03-12 17:59 - 00000000 ____D () C:\Qoobox
2014-03-12 18:29 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-03-12 18:26 - 2014-03-12 17:58 - 00000000 ____D () C:\Windows\erdnt
2014-03-12 18:19 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-12 17:59 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-12 17:59 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-12 17:56 - 2009-07-13 22:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-12 17:52 - 2014-03-04 19:19 - 00000560 _____ () C:\Windows\setupact.log
2014-03-12 17:52 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-12 06:57 - 2014-03-12 06:09 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-12 03:21 - 2013-05-11 19:03 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-12 03:20 - 2009-07-13 21:45 - 00277128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 03:19 - 2013-03-24 10:14 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 03:19 - 2011-05-02 23:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-11 17:36 - 2012-12-29 22:43 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 17:36 - 2012-04-10 18:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 17:36 - 2011-08-04 01:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 17:27 - 2009-07-13 22:08 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-10 17:56 - 2014-03-10 17:55 - 00019355 _____ () C:\Users\Owner\Desktop\dds.txt
2014-03-10 17:56 - 2014-03-10 17:55 - 00005004 _____ () C:\Users\Owner\Desktop\attach.txt
2014-03-10 17:53 - 2014-03-10 17:53 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
2014-03-10 17:33 - 2014-03-02 12:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-04 19:27 - 2014-03-04 19:27 - 00000348 _____ () C:\Windows\PFRO.log
2014-03-04 19:19 - 2014-03-04 19:19 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-04 19:17 - 2014-03-04 19:01 - 00000429 _____ () C:\Users\Owner\Documents\text.txt
2014-03-04 19:03 - 2013-05-11 19:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-04 18:23 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-03-04 18:21 - 2011-07-29 10:25 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SoftGrid Client
2014-03-04 17:48 - 2011-10-08 14:57 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-02 17:35 - 2011-08-25 17:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\Unity
2014-03-02 17:18 - 2014-03-02 17:18 - 00000000 ____D () C:\ProgramData\Intel
2014-03-02 17:16 - 2011-05-02 23:37 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-03-02 16:58 - 2011-07-11 02:04 - 00000000 ____D () C:\Program Files (x86)\Pidgin
2014-03-02 16:56 - 2007-07-11 18:49 - 00000000 ____D () C:\Windows\Panther
2014-03-02 12:43 - 2013-05-10 20:45 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-02 12:28 - 2014-03-02 12:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-03-02 12:26 - 2014-03-02 12:26 - 00001265 _____ () C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
2014-03-02 10:24 - 2011-07-29 10:25 - 00776014 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-02 02:30 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-03-01 22:44 - 2011-06-29 05:49 - 00001420 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-01 22:43 - 2011-08-04 01:04 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-03-01 22:41 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-03-01 22:25 - 2013-09-09 20:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-01 22:23 - 2014-03-01 22:23 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-03-01 22:23 - 2014-03-01 22:23 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-03-01 22:23 - 2014-03-01 22:23 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-03-01 22:23 - 2014-03-01 22:23 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-03-01 22:23 - 2014-03-01 22:23 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-03-01 22:23 - 2014-03-01 22:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-03-01 22:23 - 2014-03-01 22:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-03-01 22:23 - 2014-03-01 22:23 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-03-01 22:23 - 2014-03-01 22:23 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-03-01 22:21 - 2014-03-01 22:21 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-03-01 22:21 - 2014-03-01 22:21 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-03-01 22:21 - 2014-03-01 22:21 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-03-01 22:21 - 2014-03-01 22:21 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-03-01 22:21 - 2014-03-01 22:21 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-03-01 22:21 - 2014-03-01 22:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-03-01 22:21 - 2014-03-01 22:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-03-01 22:13 - 2014-03-01 22:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-01 22:12 - 2014-03-01 22:11 - 00005765 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-01 22:12 - 2013-09-02 17:58 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-01 22:09 - 2011-08-04 01:05 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-03-01 20:37 - 2014-03-01 20:37 - 00020464 _____ () C:\Users\Owner\Documents\cc_20140301_193716.reg
2014-03-01 20:36 - 2014-03-01 20:36 - 00199852 _____ () C:\Users\Owner\Documents\reg_backup3-1-14.reg
2014-03-01 20:26 - 2014-03-01 20:26 - 04765152 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup411.exe
2014-03-01 20:26 - 2013-05-10 20:45 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-01 20:26 - 2013-05-10 20:45 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-01 20:26 - 2012-07-30 00:38 - 00000000 ____D () C:\Windows\Minidump
2014-03-01 20:16 - 2014-03-01 20:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-03-01 20:10 - 2013-05-11 19:03 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-01 20:08 - 2014-03-01 20:08 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-01 20:08 - 2013-05-11 19:03 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-01 20:08 - 2013-05-11 19:03 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-01 20:08 - 2013-05-11 19:03 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-01 20:08 - 2013-05-11 19:03 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-01 20:08 - 2013-05-11 19:03 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-01 20:08 - 2013-05-11 19:03 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-01 20:08 - 2013-05-11 19:03 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-01 20:08 - 2013-05-11 19:03 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-01 19:53 - 2013-05-10 21:52 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-01 19:52 - 2013-05-11 19:03 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-02-28 23:05 - 2014-03-11 17:35 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-28 22:17 - 2014-03-11 17:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-28 22:16 - 2014-03-11 17:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-28 21:58 - 2014-03-11 17:35 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 21:52 - 2014-03-11 17:35 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-28 21:51 - 2014-03-11 17:35 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-28 21:42 - 2014-03-11 17:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-28 21:40 - 2014-03-11 17:35 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-28 21:37 - 2014-03-11 17:35 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-28 21:33 - 2014-03-11 17:35 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-28 21:33 - 2014-03-11 17:35 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-28 21:32 - 2014-03-11 17:35 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-28 21:30 - 2014-03-11 17:35 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-28 21:23 - 2014-03-11 17:35 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-28 21:17 - 2014-03-11 17:35 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 21:11 - 2014-03-11 17:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-28 21:02 - 2014-03-11 17:35 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 20:54 - 2014-03-11 17:35 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 20:52 - 2014-03-11 17:35 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 20:51 - 2014-03-11 17:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 20:47 - 2014-03-11 17:35 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 20:43 - 2014-03-11 17:35 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 20:43 - 2014-03-11 17:35 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 20:42 - 2014-03-11 17:35 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 20:40 - 2014-03-11 17:35 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 20:38 - 2014-03-11 17:35 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 20:37 - 2014-03-11 17:35 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 20:35 - 2014-03-11 17:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 20:18 - 2014-03-11 17:35 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 20:16 - 2014-03-11 17:35 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 20:14 - 2014-03-11 17:35 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 20:10 - 2014-03-11 17:35 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 20:03 - 2014-03-11 17:35 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 20:00 - 2014-03-11 17:35 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 19:57 - 2014-03-11 17:35 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 19:38 - 2014-03-11 17:35 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 19:32 - 2014-03-11 17:35 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 19:27 - 2014-03-11 17:35 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 19:25 - 2014-03-11 17:35 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 19:25 - 2014-03-11 17:35 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-17 16:39 - 2011-07-09 20:33 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-17 16:39 - 2011-07-09 20:33 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-15 17:27 - 2011-06-29 05:47 - 00000000 ____D () C:\Users\Owner
2014-02-15 17:26 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
 
ZeroAccess:
C:\Windows\Installer\{d3f95fdc-d608-53b9-7290-401c855429a7}
 
ZeroAccess:
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{d3f95fdc-d608-53b9-7290-401c855429a7}
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-10 18:56
 
==================== End Of Log ============================


#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 14 March 2014 - 02:53 AM

The files that ESET has found are nothing to worry about. The entries that are malware are already quarantined. The rest is just some remnants and installers that are bundled with adware.


Please download this attached Attached File  fixlist.txt   1.04KB   2 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • I don't need the log.

 

 

 

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Rename Combofix.exe in Uninstall.exe and execute it with a double click. (Beware that file extensions might be hidden. So don't add a double extension Uninstall.exe.exe.)
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

 

 

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


Edited by aharonov, 14 March 2014 - 02:53 AM.


#14 Markstein

Markstein
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 14 March 2014 - 08:21 PM

Thanks aharonov for your help! The computer seems good to go. My friend should be happy. I will give him this link and have him buy you a beer (if he doesn't I will but he owes me a beer too!).

 

Thanks again for your help and introducing me to tools I didn't know of as well!



#15 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 15 March 2014 - 03:39 AM

You're welcome. :)
Take care!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users