Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Attacked by unknown virus - please help


  • This topic is locked This topic is locked
8 replies to this topic

#1 bughater

bughater

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 16 April 2014 - 10:15 PM

Dear experts, please help me with my bug issues per below (Eset nod32 AV4 is not able to clean completely). Many thanks,

 

4/16/2014 6:55:19 PM    Startup scanner                file          Operating memory » svchost.exe(1204)                probably a variant of Win32/Olmasco.O trojan         cleaned by deleting                       

4/16/2014 6:55:19 PM    Startup scanner                file          Operating memory » svchost.exe(1204)                probably a variant of Win32/Olmasco.O trojan         cleaned by deleting                       

4/16/2014 1:55:09 PM    Startup scanner                file          Operating memory » svchost.exe(1204)                probably a variant of Win32/Olmasco.O trojan         cleaned by deleting                       

4/16/2014 1:55:09 PM    Startup scanner                file          Operating memory » svchost.exe(1204)                probably a variant of Win32/Olmasco.O trojan         cleaned by deleting                       

4/16/2014 10:55:16 AM  Startup scanner                file          Operating memory » svchost.exe(1204)                probably a variant of Win32/Olmasco.O trojan         cleaned by deleting                       

4/16/2014 10:55:16 AM  Startup scanner                file          Operating memory » svchost.exe(1204)                probably a variant of Win32/Olmasco.O trojan         cleaned by deleting                       

4/16/2014 8:56:03 AM    Startup scanner                file          Operating memory » svchost.exe(1204)                probably a variant of Win32/Olmasco.O trojan         cleaned by deleting                       

4/16/2014 8:56:02 AM    Startup scanner                file          Operating memory » svchost.exe(1204)                probably a variant of Win32/Olmasco.O trojan         cleaned by deleting                       

4/15/2014 6:55:40 PM    Startup scanner                file          Operating memory » svchost.exe(1232)                probably a variant of Win32/Olmasco.O trojan         cleaned by deleting                       

4/15/2014 6:55:40 PM    Startup scanner                file          Operating memory » svchost.exe(1232)                probably a variant of Win32/Olmasco.O trojan         cleaned by deleting                       

4/15/2014 1:55:37 PM    Startup scanner                file          Operating memory » svchost.exe(1232)                probably a variant of Win32/Olmasco.O trojan         cleaned by deleting                       

4/15/2014 1:55:37 PM    Startup scanner                file          Operating memory » svchost.exe(1232)                probably a variant of Win32/Olmasco.O trojan         cleaned by deleting                       

4/15/2014 10:55:31 AM  Startup scanner                file          Operating memory » svchost.exe(1232)                probably a variant of Win32/Olmasco.O trojan         cleaned by deleting                       

4/15/2014 10:55:31 AM  Startup scanner                file          Operating memory » svchost.exe(1232)                probably a variant of Win32/Olmasco.O trojan         cleaned by deleting                       

4/15/2014 8:56:47 AM    Startup scanner                file          Operating memory » svchost.exe(1232)                probably a variant of Win32/Olmasco.O trojan         cleaned by deleting                       

4/15/2014 8:56:46 AM    Startup scanner                file          Operating memory » svchost.exe(1232)                probably a variant of Win32/Olmasco.O trojan         cleaned by deleting                       

4/14/2014 12:57:05 PM  Startup scanner                file          Operating memory » svchost.exe(1240)                probably a variant of Win32/Olmasco.O trojan         cleaned by deleting                       

4/14/2014 12:57:05 PM  Startup scanner                file          Operating memory » svchost.exe(1240)                probably a variant of Win32/Olmasco.O trojan         cleaned by deleting                       

4/14/2014 10:57:16 AM  Startup scanner                file          Operating memory » svchost.exe(1240)                probably a variant of Win32/Olmasco.O trojan         cleaned by deleting                       

4/14/2014 10:57:16 AM  Startup scanner                file          Operating memory » svchost.exe(1240)                probably a variant of Win32/Olmasco.O trojan         cleaned by deleting                       

4/14/2014 8:57:51 AM    Startup scanner                file          Operating memory » svchost.exe(1240)                probably a variant of Win32/Olmasco.O trojan         cleaned by deleting                       

4/14/2014 8:57:51 AM    Startup scanner                file          Operating memory » svchost.exe(1240)                probably a variant of Win32/Olmasco.O trojan         cleaned by deleting                       

4/13/2014 2:04:00 PM    Startup scanner                file          Operating memory » svchost.exe(1236)                probably a variant of Win32/Olmasco.O trojan         cleaned by deleting                       

4/13/2014 2:04:00 PM    Startup scanner                file          Operating memory » svchost.exe(1236)                probably a variant of Win32/Olmasco.O trojan         cleaned by deleting                       

4/13/2014 6:06:07 AM    Startup scanner                file          Operating memory » svchost.exe(1240)                probably a variant of Win32/Olmasco.O trojan         cleaned by deleting                       

4/13/2014 6:06:07 AM    Startup scanner                file          Operating memory » svchost.exe(1240)                probably a variant of Win32/Olmasco.O trojan         cleaned by deleting                       

4/12/2014 5:05:49 AM    Startup scanner                file          Operating memory » svchost.exe(1240)                probably a variant of Win32/Olmasco.O trojan         cleaned by deleting                       

4/12/2014 5:05:44 AM    Startup scanner                file          C:\Users\k\AppData\Roaming\Identities\WINF49C.exe                Win32/Delf.RZA trojan  cleaned by deleting - quarantined                           

4/12/2014 12:41:35 AM  Real-time file system protection               file          C:\Users\k\AppData\Local\Temp\fivxxxxle.exe                a variant of Win32/Injector.BBST trojan cleaned by deleting - quarantined            Event occurred on a new file created by the application: C:\Users\k\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9O6YEI4\55[1].mp3.

4/10/2014 1:38:15 PM    HTTP filter           file         

4/8/2014 2:55:29 PM       Startup scanner                file          C:\Users\k\AppData\Roaming\Macromedia\WIND7CF.exe         a variant of Win32/Kryptik.BYXO trojan     cleaned by deleting - quarantined                           

4/8/2014 11:54:51 AM    Startup scanner                file          Operating memory » WIND7CF.exe(2568)            a variant of Win32/Agent.QDL trojan              cleaned by deleting                       

4/7/2014 6:54:56 PM       Startup scanner                file          Operating memory » C:\Users\k\AppData\Local\Temp\vxxxxile.exe a variant of Win32/Injector.BBKW trojan               cleaned by deleting - quarantined                      

4/7/2014 6:54:54 PM       Startup scanner                file          Operating memory » hhhiii.exe(6168)    a variant of Win32/Agent.QDL trojan              cleaned by deleting                       

4/7/2014 1:43:53 PM       HTTP filter           file         web address not allowed

Blocked Object connection terminated - quarantined     Threat was detected upon access to web by the application: C:\Program Files\Java\jre6\bin\java.exe.


Edited by bughater, 16 April 2014 - 10:30 PM.


BC AdBot (Login to Remove)

 


#2 bughater

bughater
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 16 April 2014 - 10:24 PM

last log dated 4/7/2014 had a website which was not allowed by the post. It was probably the website that gave me the virus.

 

I previously posted this problem under Am I infected? what do i do? (see link here) and i tried Malwarebytes and ESET OnlineScan as advised, but they were not able to get rid of the virus. I also tried system recovery to the date right before the virus attacked and the virus still come back.

I did prepare the dds log but was afraid if i post it here, my computer will be vulnerable to more attacks.

All of this happened while i was research a parking ticket online and click on a link thought it was safe. The search result was adding salt to injury.

I am desperate, Please help!

Many thanks,


Edited by bughater, 16 April 2014 - 10:40 PM.


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,916 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:07 PM

Posted 17 April 2014 - 01:18 PM

Hello, my name is Elise and I'll assist you with this issue.
 
For now lets get some scans and see what we can find out about the infection.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 bughater

bughater
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 17 April 2014 - 10:52 PM

23:23:35.0153 0x1044  TDSS rootkit removing tool 3.0.0.31 Apr 11 2014 08:55:10
23:23:41.0521 0x1044  ============================================================
23:23:41.0521 0x1044  Current date / time: 2014/04/17 23:23:41.0521
23:23:41.0521 0x1044  SystemInfo:
23:23:41.0521 0x1044 
23:23:41.0521 0x1044  OS Version: 6.1.7601 ServicePack: 1.0
23:23:41.0521 0x1044  Product type: Workstation
23:23:41.0521 0x1044  ComputerName: Z
23:23:41.0522 0x1044  UserName: k
23:23:41.0522 0x1044  Windows directory: C:\Windows
23:23:41.0522 0x1044  System windows directory: C:\Windows
23:23:41.0522 0x1044  Processor architecture: Intel x86
23:23:41.0522 0x1044  Number of processors: 4
23:23:41.0522 0x1044  Page size: 0x1000
23:23:41.0522 0x1044  Boot type: Normal boot
23:23:41.0522 0x1044  ============================================================
23:23:42.0794 0x1044  KLMD registered as C:\Windows\system32\drivers\68106228.sys
23:23:42.0931 0x1044  System UUID: {A0D6FA57-5BEB-FAD4-2D11-DA07C54EB4CA}
23:23:43.0439 0x1044  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000020
23:23:43.0440 0x1044  ============================================================
23:23:43.0440 0x1044  \Device\Harddisk0\DR0:
23:23:43.0440 0x1044  MBR partitions:
23:23:43.0440 0x1044  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x12C9000
23:23:43.0440 0x1044  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12DD000, BlocksNum 0x24151000
23:23:43.0440 0x1044  ============================================================
23:23:43.0468 0x1044  C: <-> \Device\Harddisk0\DR0\Partition2
23:23:43.0468 0x1044  ============================================================
23:24:05.0196 0x1044  Initialize success
23:24:05.0196 0x1044  ============================================================
23:25:02.0994 0x1fe8  ============================================================
23:25:02.0994 0x1fe8  Scan started
23:25:02.0994 0x1fe8  Mode: Manual;
23:25:02.0994 0x1fe8  ============================================================
23:25:02.0994 0x1fe8  KSN ping started
23:25:05.0487 0x1fe8  KSN ping finished: true
23:25:06.0121 0x1fe8  ================ Scan system memory ========================
23:25:06.0122 0x1fe8  System memory - ok
23:25:06.0122 0x1fe8  ================ Scan services =============================
23:25:06.0274 0x1fe8  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:25:06.0279 0x1fe8  1394ohci - ok
23:25:06.0314 0x1fe8  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:25:06.0319 0x1fe8  ACPI - ok
23:25:06.0331 0x1fe8  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:25:06.0333 0x1fe8  AcpiPmi - ok
23:25:06.0446 0x1fe8  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:25:06.0449 0x1fe8  AdobeARMservice - ok
23:25:06.0490 0x1fe8  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
23:25:06.0510 0x1fe8  adp94xx - ok
23:25:06.0529 0x1fe8  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
23:25:06.0538 0x1fe8  adpahci - ok
23:25:06.0554 0x1fe8  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
23:25:06.0558 0x1fe8  adpu320 - ok
23:25:06.0576 0x1fe8  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:25:06.0579 0x1fe8  AeLookupSvc - ok
23:25:06.0623 0x1fe8  [ 7A841462AD4749F8A07B27AE8E8947B8, 029B0FBB42AC042EF13BD6AD66EC39104FA102553439DE56E7DC2EA02398E03F ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
23:25:06.0626 0x1fe8  AERTFilters - ok
23:25:06.0669 0x1fe8  [ 9EBBBA55060F786F0FCAA3893BFA2806, 2E5A0FA2995989E9391771024839F5AD040A041CEE56787286D8FC421E26FE90 ] AFD             C:\Windows\system32\drivers\afd.sys
23:25:06.0687 0x1fe8  AFD - ok
23:25:06.0710 0x1fe8  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
23:25:06.0712 0x1fe8  agp440 - ok
23:25:06.0731 0x1fe8  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
23:25:06.0734 0x1fe8  aic78xx - ok
23:25:06.0754 0x1fe8  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
23:25:06.0757 0x1fe8  ALG - ok
23:25:06.0770 0x1fe8  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:25:06.0772 0x1fe8  aliide - ok
23:25:06.0787 0x1fe8  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
23:25:06.0790 0x1fe8  amdagp - ok
23:25:06.0805 0x1fe8  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
23:25:06.0807 0x1fe8  amdide - ok
23:25:06.0822 0x1fe8  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
23:25:06.0825 0x1fe8  AmdK8 - ok
23:25:06.0840 0x1fe8  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:25:06.0843 0x1fe8  AmdPPM - ok
23:25:06.0861 0x1fe8  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:25:06.0864 0x1fe8  amdsata - ok
23:25:06.0882 0x1fe8  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
23:25:06.0887 0x1fe8  amdsbs - ok
23:25:06.0914 0x1fe8  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:25:06.0916 0x1fe8  amdxata - ok
23:25:06.0958 0x1fe8  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
23:25:06.0960 0x1fe8  AppID - ok
23:25:06.0976 0x1fe8  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:25:06.0978 0x1fe8  AppIDSvc - ok
23:25:07.0015 0x1fe8  [ FB1959012294D6AD43E5304DF65E3C26, CFE906B07FF71A178CF9C254B056C6F5A303DDC511F0E4E1E75808F1D5326495 ] Appinfo         C:\Windows\System32\appinfo.dll
23:25:07.0017 0x1fe8  Appinfo - ok
23:25:07.0041 0x1fe8  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
23:25:07.0046 0x1fe8  AppMgmt - ok
23:25:07.0060 0x1fe8  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
23:25:07.0063 0x1fe8  arc - ok
23:25:07.0077 0x1fe8  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
23:25:07.0081 0x1fe8  arcsas - ok
23:25:07.0165 0x1fe8  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:25:07.0192 0x1fe8  aspnet_state - ok
23:25:07.0223 0x1fe8  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:25:07.0225 0x1fe8  AsyncMac - ok
23:25:07.0241 0x1fe8  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
23:25:07.0242 0x1fe8  atapi - ok
23:25:07.0284 0x1fe8  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:25:07.0301 0x1fe8  AudioEndpointBuilder - ok
23:25:07.0315 0x1fe8  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
23:25:07.0323 0x1fe8  Audiosrv - ok
23:25:07.0351 0x1fe8  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:25:07.0354 0x1fe8  AxInstSV - ok
23:25:07.0377 0x1fe8  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
23:25:07.0396 0x1fe8  b06bdrv - ok
23:25:07.0421 0x1fe8  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
23:25:07.0429 0x1fe8  b57nd60x - ok
23:25:07.0459 0x1fe8  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
23:25:07.0462 0x1fe8  BDESVC - ok
23:25:07.0487 0x1fe8  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:25:07.0488 0x1fe8  Beep - ok
23:25:07.0542 0x1fe8  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
23:25:07.0560 0x1fe8  BFE - ok
23:25:07.0605 0x1fe8  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
23:25:07.0631 0x1fe8  BITS - ok
23:25:07.0641 0x1fe8  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:25:07.0643 0x1fe8  blbdrive - ok
23:25:07.0672 0x1fe8  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:25:07.0674 0x1fe8  bowser - ok
23:25:07.0725 0x1fe8  [ 104C980400850EA84F86CD31AE2EEECE, 5EE5A220DD58DF10E317FA0E5B1583DB09ADE44C99B75636BB6392AFBF00E5CF ] BPowMon         C:\Program Files\Broadcom\BPowMon\BPowMon.exe
23:25:07.0728 0x1fe8  BPowMon - ok
23:25:07.0735 0x1fe8  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:25:07.0737 0x1fe8  BrFiltLo - ok
23:25:07.0753 0x1fe8  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:25:07.0755 0x1fe8  BrFiltUp - ok
23:25:07.0789 0x1fe8  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
23:25:07.0792 0x1fe8  Browser - ok
23:25:07.0814 0x1fe8  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:25:07.0831 0x1fe8  Brserid - ok
23:25:07.0849 0x1fe8  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:25:07.0852 0x1fe8  BrSerWdm - ok
23:25:07.0861 0x1fe8  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:25:07.0863 0x1fe8  BrUsbMdm - ok
23:25:07.0888 0x1fe8  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:25:07.0893 0x1fe8  BrUsbSer - ok
23:25:07.0910 0x1fe8  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:25:07.0913 0x1fe8  BTHMODEM - ok
23:25:07.0943 0x1fe8  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
23:25:07.0946 0x1fe8  bthserv - ok
23:25:07.0969 0x1fe8  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:25:07.0970 0x1fe8  cdfs - ok
23:25:08.0006 0x1fe8  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:25:08.0010 0x1fe8  cdrom - ok
23:25:08.0043 0x1fe8  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:25:08.0046 0x1fe8  CertPropSvc - ok
23:25:08.0072 0x1fe8  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:25:08.0074 0x1fe8  circlass - ok
23:25:08.0092 0x1fe8  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
23:25:08.0107 0x1fe8  CLFS - ok
23:25:08.0145 0x1fe8  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:25:08.0148 0x1fe8  clr_optimization_v2.0.50727_32 - ok
23:25:08.0193 0x1fe8  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:25:08.0224 0x1fe8  clr_optimization_v4.0.30319_32 - ok
23:25:08.0251 0x1fe8  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:25:08.0253 0x1fe8  CmBatt - ok
23:25:08.0270 0x1fe8  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:25:08.0272 0x1fe8  cmdide - ok
23:25:08.0305 0x1fe8  [ 247B4CE2DAB1160CD422D532D5241E1F, CFE04DBE48B23B084C3F4C3D0F483B26F322E4693176D8739A412BE5D8BE597E ] CNG             C:\Windows\system32\Drivers\cng.sys
23:25:08.0322 0x1fe8  CNG - ok
23:25:08.0333 0x1fe8  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:25:08.0335 0x1fe8  Compbatt - ok
23:25:08.0358 0x1fe8  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
23:25:08.0360 0x1fe8  CompositeBus - ok
23:25:08.0366 0x1fe8  COMSysApp - ok
23:25:08.0381 0x1fe8  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
23:25:08.0383 0x1fe8  crcdisk - ok
23:25:08.0419 0x1fe8  [ 96C0E38905CFD788313BE8E11DAE3F2F, C6497C68942D8DC542A9C7D003ED14BDFBD74C33CD8240628CEF74E81D122D2B ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:25:08.0422 0x1fe8  CryptSvc - ok
23:25:08.0452 0x1fe8  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
23:25:08.0471 0x1fe8  CSC - ok
23:25:08.0512 0x1fe8  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
23:25:08.0522 0x1fe8  CscService - ok
23:25:08.0541 0x1fe8  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:25:08.0559 0x1fe8  DcomLaunch - ok
23:25:08.0586 0x1fe8  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
23:25:08.0591 0x1fe8  defragsvc - ok
23:25:08.0616 0x1fe8  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:25:08.0618 0x1fe8  DfsC - ok
23:25:08.0669 0x1fe8  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:25:08.0677 0x1fe8  Dhcp - ok
23:25:08.0699 0x1fe8  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
23:25:08.0701 0x1fe8  discache - ok
23:25:08.0731 0x1fe8  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
23:25:08.0733 0x1fe8  Disk - ok
23:25:08.0770 0x1fe8  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:25:08.0774 0x1fe8  Dnscache - ok
23:25:08.0809 0x1fe8  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:25:08.0825 0x1fe8  dot3svc - ok
23:25:08.0869 0x1fe8  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
23:25:08.0874 0x1fe8  DPS - ok
23:25:08.0899 0x1fe8  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:25:08.0901 0x1fe8  drmkaud - ok
23:25:08.0949 0x1fe8  [ 23F5D28378A160352BA8F817BD8C71CB, 11BF7B7E6276C28EFF74B8AF89B493CBB89B394D2A091708EDA15DA5C342FF19 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:25:08.0979 0x1fe8  DXGKrnl - ok
23:25:08.0998 0x1fe8  [ AF82DC664E3D8E2CBA3B95E68F6448A7, ECB82E04EF4D7B1A99E107C8BC000A059E0D1F1074C4C39EDA3C547148B7245C ] eamon           C:\Windows\system32\DRIVERS\eamon.sys
23:25:09.0001 0x1fe8  eamon - ok
23:25:09.0021 0x1fe8  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
23:25:09.0024 0x1fe8  EapHost - ok
23:25:09.0139 0x1fe8  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
23:25:09.0266 0x1fe8  ebdrv - ok
23:25:09.0310 0x1fe8  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] EFS             C:\Windows\System32\lsass.exe
23:25:09.0312 0x1fe8  EFS - ok
23:25:09.0327 0x1fe8  [ 686A799C1BF1B18941994DAF9F45DB06, 369DC0CED6364718F1EBB6C8882196ECF2AEB3EC0DB648096BB8D8A9F0527317 ] ehdrv           C:\Windows\system32\DRIVERS\ehdrv.sys
23:25:09.0331 0x1fe8  ehdrv - ok
23:25:09.0374 0x1fe8  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:25:09.0411 0x1fe8  ehRecvr - ok
23:25:09.0426 0x1fe8  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
23:25:09.0429 0x1fe8  ehSched - ok
23:25:09.0477 0x1fe8  [ 9329BA45C8B97485926A171E34C2ABB8, EFFA6FCB8759375B4089CCF61202A5C63243F4102872E64E3EB0A1BDC2727659 ] EhttpSrv        C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
23:25:09.0479 0x1fe8  EhttpSrv - ok
23:25:09.0513 0x1fe8  [ 3543C6195D5ED4EDA0316D3E1BA0E6EE, 160DFBCFFDF55F6B978332A304F985FB1D6B4DE7305D676F8CB426459CC2C872 ] ekrn            C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
23:25:09.0540 0x1fe8  ekrn - ok
23:25:09.0562 0x1fe8  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
23:25:09.0581 0x1fe8  elxstor - ok
23:25:09.0618 0x1fe8  [ 8700EADC8BDFA27D948FCC43EE0AE434, 684F2DC5B76F74FB685BBEE5BDABB81359D69837DFA550BDBE829A5641B93B9D ] epfwwfpr        C:\Windows\system32\DRIVERS\epfwwfpr.sys
23:25:09.0621 0x1fe8  epfwwfpr - ok
23:25:09.0641 0x1fe8  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:25:09.0642 0x1fe8  ErrDev - ok
23:25:09.0679 0x1fe8  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
23:25:09.0687 0x1fe8  EventSystem - ok
23:25:09.0710 0x1fe8  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
23:25:09.0715 0x1fe8  exfat - ok
23:25:09.0732 0x1fe8  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:25:09.0736 0x1fe8  fastfat - ok
23:25:09.0788 0x1fe8  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
23:25:09.0805 0x1fe8  Fax - ok
23:25:09.0820 0x1fe8  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:25:09.0822 0x1fe8  fdc - ok
23:25:09.0836 0x1fe8  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
23:25:09.0839 0x1fe8  fdPHost - ok
23:25:09.0848 0x1fe8  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:25:09.0850 0x1fe8  FDResPub - ok
23:25:09.0859 0x1fe8  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:25:09.0861 0x1fe8  FileInfo - ok
23:25:09.0870 0x1fe8  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:25:09.0872 0x1fe8  Filetrace - ok
23:25:09.0916 0x1fe8  [ 227846995AFEEFA70D328BF5334A86A5, B8EF22DE552B44E7DC352742C775BB6B4992B653AF4B66B231A60182CE7A7201 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:25:09.0941 0x1fe8  FLEXnet Licensing Service - ok
23:25:09.0957 0x1fe8  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:25:09.0959 0x1fe8  flpydisk - ok
23:25:09.0973 0x1fe8  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:25:09.0977 0x1fe8  FltMgr - ok
23:25:10.0022 0x1fe8  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074, BD0DB5D6B6DB46AD33028304D8A75C4C400637C7827D8BBA5A1534CAA8A45690 ] FontCache       C:\Windows\system32\FntCache.dll
23:25:10.0047 0x1fe8  FontCache - ok
23:25:10.0071 0x1fe8  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:25:10.0074 0x1fe8  FontCache3.0.0.0 - ok
23:25:10.0080 0x1fe8  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:25:10.0083 0x1fe8  FsDepends - ok
23:25:10.0111 0x1fe8  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:25:10.0113 0x1fe8  Fs_Rec - ok
23:25:10.0134 0x1fe8  [ 8A73E79089B282100B9393B644CB853B, 844DC5AADFABBD050B967904B796BA06BFD64C9112616EA26229D084F8B3AD41 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:25:10.0138 0x1fe8  fvevol - ok
23:25:10.0175 0x1fe8  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
23:25:10.0177 0x1fe8  gagp30kx - ok
23:25:10.0301 0x1fe8  [ 5EF279BEBFFCE145C3502E4F127AB882, 3BE86912D7A1AA24EBDB828C9053EB19A6CA1D1F33BD228E20B3E43846828939 ] GoogleDesktopManager C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
23:25:10.0353 0x1fe8  GoogleDesktopManager - ok
23:25:10.0422 0x1fe8  [ 097AAE27A78BC99E98A49F7234E4BA9C, 1422DA830045E77DF11732935FE7E3AC7F4FD4D1A574A054E1CCFD6A5923AAB3 ] GoToAssist      C:\Program Files\Citrix\GoToAssist\957\g2aservice.exe
23:25:10.0440 0x1fe8  GoToAssist - ok
23:25:10.0472 0x1fe8  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:25:10.0483 0x1fe8  gpsvc - ok
23:25:10.0498 0x1fe8  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:25:10.0500 0x1fe8  hcw85cir - ok
23:25:10.0542 0x1fe8  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
23:25:10.0546 0x1fe8  HDAudBus - ok
23:25:10.0554 0x1fe8  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
23:25:10.0556 0x1fe8  HidBatt - ok
23:25:10.0573 0x1fe8  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
23:25:10.0576 0x1fe8  HidBth - ok
23:25:10.0598 0x1fe8  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
23:25:10.0600 0x1fe8  HidIr - ok
23:25:10.0624 0x1fe8  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
23:25:10.0626 0x1fe8  hidserv - ok
23:25:10.0640 0x1fe8  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
23:25:10.0642 0x1fe8  HidUsb - ok
23:25:10.0670 0x1fe8  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:25:10.0674 0x1fe8  hkmsvc - ok
23:25:10.0709 0x1fe8  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:25:10.0715 0x1fe8  HomeGroupListener - ok
23:25:10.0742 0x1fe8  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:25:10.0748 0x1fe8  HomeGroupProvider - ok
23:25:10.0768 0x1fe8  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:25:10.0771 0x1fe8  HpSAMD - ok
23:25:10.0815 0x1fe8  [ 94D23D4F096F12CA42C2FE4196631F46, 9310B6D05D384A168358BEB2159A4B16E9D1E4BA421F5BBA5562F89AE432C661 ] HPSIService     C:\Windows\system32\HPSIsvc.exe
23:25:10.0818 0x1fe8  HPSIService - ok
23:25:10.0864 0x1fe8  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:25:10.0883 0x1fe8  HTTP - ok
23:25:10.0911 0x1fe8  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:25:10.0911 0x1fe8  hwpolicy - ok
23:25:10.0939 0x1fe8  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
23:25:10.0942 0x1fe8  i8042prt - ok
23:25:10.0982 0x1fe8  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:25:11.0001 0x1fe8  iaStorV - ok
23:25:11.0070 0x1fe8  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
23:25:11.0074 0x1fe8  IDriverT - ok
23:25:11.0132 0x1fe8  [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:25:11.0167 0x1fe8  idsvc - ok
23:25:11.0414 0x1fe8  [ 8266AE06DF974E5BA047B3E9E9E70B3F, 44E5A8EED802A1DDF3CCDB478A88A3AB3CF009F449FB11E0F94A28498342B4E2 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
23:25:11.0663 0x1fe8  igfx - ok
23:25:11.0712 0x1fe8  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
23:25:11.0714 0x1fe8  iirsp - ok
23:25:11.0763 0x1fe8  [ F95622F161474511B8D80D6B093AA610, F2320E25EB9B4AA9A8366BD3AA23EABEBE111A5610D3A62EBA47D90427D5BC26 ] IKEEXT          C:\Windows\System32\ikeext.dll
23:25:11.0788 0x1fe8  IKEEXT - ok
23:25:11.0870 0x1fe8  [ 94B1FF5D243D34B31380A2F79FC48959, 6D527F4779F9FC6855A65E21AC9B515E3B9CE69ACDF421C9ECECFDD9FB711432 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:25:11.0947 0x1fe8  IntcAzAudAddService - ok
23:25:11.0979 0x1fe8  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:25:11.0980 0x1fe8  intelide - ok
23:25:12.0013 0x1fe8  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:25:12.0016 0x1fe8  intelppm - ok
23:25:12.0043 0x1fe8  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:25:12.0046 0x1fe8  IPBusEnum - ok
23:25:12.0058 0x1fe8  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:25:12.0061 0x1fe8  IpFilterDriver - ok
23:25:12.0100 0x1fe8  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:25:12.0118 0x1fe8  iphlpsvc - ok
23:25:12.0137 0x1fe8  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:25:12.0140 0x1fe8  IPMIDRV - ok
23:25:12.0157 0x1fe8  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:25:12.0160 0x1fe8  IPNAT - ok
23:25:12.0180 0x1fe8  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:25:12.0182 0x1fe8  IRENUM - ok
23:25:12.0204 0x1fe8  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:25:12.0206 0x1fe8  isapnp - ok
23:25:12.0228 0x1fe8  [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:25:12.0235 0x1fe8  iScsiPrt - ok
23:25:12.0261 0x1fe8  [ 7EA81534E80570BDF6EE4A4248BBA4D6, 528ABF349BD9D54DFA8D6AC88B2CED0C80D70EEB8D445C223DD48CAEAF41FD3A ] k57nd60x        C:\Windows\system32\DRIVERS\k57nd60x.sys
23:25:12.0278 0x1fe8  k57nd60x - ok
23:25:12.0303 0x1fe8  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
23:25:12.0306 0x1fe8  kbdclass - ok
23:25:12.0332 0x1fe8  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
23:25:12.0334 0x1fe8  kbdhid - ok
23:25:12.0343 0x1fe8  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] KeyIso          C:\Windows\system32\lsass.exe
23:25:12.0345 0x1fe8  KeyIso - ok
23:25:12.0376 0x1fe8  [ B7895B4182C0D16F6EFADEB8081E8D36, BAC3BAD22207C8826125FD7721C96F2C7A238960FD9398A3D4573E14648E9DB9 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:25:12.0378 0x1fe8  KSecDD - ok
23:25:12.0414 0x1fe8  [ D30159AC9237519FBC62C6EC247D2D46, 10BDE041C95D0CCD3591ED497002043FEC3A5F732D7AE311FBA457E0FE16CE4B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:25:12.0417 0x1fe8  KSecPkg - ok
23:25:12.0452 0x1fe8  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:25:12.0470 0x1fe8  KtmRm - ok
23:25:12.0487 0x1fe8  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:25:12.0493 0x1fe8  LanmanServer - ok
23:25:12.0504 0x1fe8  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:25:12.0508 0x1fe8  LanmanWorkstation - ok
23:25:12.0519 0x1fe8  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:25:12.0521 0x1fe8  lltdio - ok
23:25:12.0545 0x1fe8  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:25:12.0551 0x1fe8  lltdsvc - ok
23:25:12.0562 0x1fe8  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:25:12.0565 0x1fe8  lmhosts - ok
23:25:12.0648 0x1fe8  [ 46945556080D95005DC909C82E1992C0, 16D75F0CF7CFE4859C9755CEDFF365F01513D8DB235DF4A9DE1D0B8C110FE761 ] LMIGuardianSvc  C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
23:25:12.0654 0x1fe8  LMIGuardianSvc - ok
23:25:12.0698 0x1fe8  [ 26E3BEC8F2F0CFAF9FFE4C7AEF1BC049, CFB86B860FF4F856DA75EB132E06B77C71DC5D994799C08EDC01F2CA8B47AB44 ] LMIInfo         C:\Program Files\LogMeIn\x86\RaInfo.sys
23:25:12.0700 0x1fe8  LMIInfo - ok
23:25:12.0727 0x1fe8  [ 6ECA0044A67C34B47613D1679B0D614F, D45B6D82466A9EE8732FA2776AA2B07F90372BDF6D91B84D1F73098A19DD2B41 ] LMIMaint        C:\Program Files\LogMeIn\x86\RaMaint.exe
23:25:12.0731 0x1fe8  LMIMaint - ok
23:25:12.0763 0x1fe8  [ 4477689E2D8AE6B78BA34C9AF4CC1ED1, 0BC8AF546901E6C20611C5250BD65ACD0C4A8613BD8F8835F0D4680B5777F051 ] lmimirr         C:\Windows\system32\DRIVERS\lmimirr.sys
23:25:12.0764 0x1fe8  lmimirr - ok
23:25:12.0780 0x1fe8  LMIRfsClientNP - ok
23:25:12.0795 0x1fe8  [ 3FAA563DDF853320F90259D455A01D79, D81B5FCC0CBCF9CE18E44A31071D357B12F5016159E24954E50E68D80C9F61B8 ] LMIRfsDriver    C:\Windows\system32\drivers\LMIRfsDriver.sys
23:25:12.0796 0x1fe8  LMIRfsDriver - ok
23:25:12.0834 0x1fe8  [ 432618FA75B61059D2C57D6A7E55147A, 0E7D771AE9F98667A68C8C07A664D70B71B78EC08D7FEA92AD979E1E049EC0B1 ] LogMeIn         C:\Program Files\LogMeIn\x86\LogMeIn.exe
23:25:12.0851 0x1fe8  LogMeIn - ok
23:25:12.0875 0x1fe8  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
23:25:12.0879 0x1fe8  LSI_FC - ok
23:25:12.0889 0x1fe8  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
23:25:12.0893 0x1fe8  LSI_SAS - ok
23:25:12.0909 0x1fe8  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:25:12.0911 0x1fe8  LSI_SAS2 - ok
23:25:12.0942 0x1fe8  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:25:12.0945 0x1fe8  LSI_SCSI - ok
23:25:12.0968 0x1fe8  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
23:25:12.0970 0x1fe8  luafv - ok
23:25:12.0997 0x1fe8  [ 0C6EA0109CFEDF441F06D031E9A8D1A9, 61C18F1DD1DC5719252564A60F9E0CBD0AD275C065C5B95F330921C582EA532F ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
23:25:13.0000 0x1fe8  MBAMProtector - ok
23:25:13.0090 0x1fe8  [ 0E08BDD7326E657D59DB40BAD23D8169, 428C6CCCC0BB540DFD35847776140D60C186B9D2D14F0ACCD1A4D42A8877BD98 ] MBAMScheduler   C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
23:25:13.0150 0x1fe8  MBAMScheduler - ok
23:25:13.0212 0x1fe8  [ A8E7F3DB083EB0839DFC1C763CDD2594, BDF416E360A52130B23B029C89E6406A97FB0516C52C7E63B94CAECEEB431A2E ] MBAMService     C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
23:25:13.0238 0x1fe8  MBAMService - ok
23:25:13.0273 0x1fe8  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:25:13.0277 0x1fe8  Mcx2Svc - ok
23:25:13.0287 0x1fe8  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
23:25:13.0289 0x1fe8  megasas - ok
23:25:13.0313 0x1fe8  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
23:25:13.0322 0x1fe8  MegaSR - ok
23:25:13.0345 0x1fe8  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
23:25:13.0348 0x1fe8  MMCSS - ok
23:25:13.0360 0x1fe8  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
23:25:13.0362 0x1fe8  Modem - ok
23:25:13.0382 0x1fe8  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:25:13.0384 0x1fe8  monitor - ok
23:25:13.0414 0x1fe8  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\drivers\mouclass.sys
23:25:13.0416 0x1fe8  mouclass - ok
23:25:13.0440 0x1fe8  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:25:13.0442 0x1fe8  mouhid - ok
23:25:13.0473 0x1fe8  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:25:13.0475 0x1fe8  mountmgr - ok
23:25:13.0525 0x1fe8  [ 825BF0E46B4470A463AEB641480C5FCA, 321F37EA5D2AF7E3F55399ABE94AC3788B90E254E4A6859059C6BB1C6BEF19D0 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:25:13.0529 0x1fe8  MozillaMaintenance - ok
23:25:13.0555 0x1fe8  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:25:13.0559 0x1fe8  mpio - ok
23:25:13.0575 0x1fe8  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:25:13.0578 0x1fe8  mpsdrv - ok
23:25:13.0620 0x1fe8  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:25:13.0646 0x1fe8  MpsSvc - ok
23:25:13.0681 0x1fe8  [ CEB46AB7C01C9F825F8CC6BABC18166A, AA98898204FC58878502C170FE6ED8BA681396DDD8BF3689D0C3642DEA87BEF8 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:25:13.0685 0x1fe8  MRxDAV - ok
23:25:13.0718 0x1fe8  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:25:13.0720 0x1fe8  mrxsmb - ok
23:25:13.0760 0x1fe8  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:25:13.0764 0x1fe8  mrxsmb10 - ok
23:25:13.0783 0x1fe8  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:25:13.0785 0x1fe8  mrxsmb20 - ok
23:25:13.0801 0x1fe8  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:25:13.0803 0x1fe8  msahci - ok
23:25:13.0828 0x1fe8  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:25:13.0831 0x1fe8  msdsm - ok
23:25:13.0850 0x1fe8  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
23:25:13.0856 0x1fe8  MSDTC - ok
23:25:13.0883 0x1fe8  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:25:13.0884 0x1fe8  Msfs - ok
23:25:13.0891 0x1fe8  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:25:13.0893 0x1fe8  mshidkmdf - ok
23:25:13.0915 0x1fe8  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:25:13.0917 0x1fe8  msisadrv - ok
23:25:13.0948 0x1fe8  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:25:13.0952 0x1fe8  MSiSCSI - ok
23:25:13.0956 0x1fe8  msiserver - ok
23:25:13.0980 0x1fe8  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:25:13.0982 0x1fe8  MSKSSRV - ok
23:25:13.0997 0x1fe8  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:25:13.0999 0x1fe8  MSPCLOCK - ok
23:25:14.0011 0x1fe8  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:25:14.0013 0x1fe8  MSPQM - ok
23:25:14.0032 0x1fe8  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:25:14.0036 0x1fe8  MsRPC - ok
23:25:14.0064 0x1fe8  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
23:25:14.0066 0x1fe8  mssmbios - ok
23:25:14.0080 0x1fe8  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:25:14.0082 0x1fe8  MSTEE - ok
23:25:14.0108 0x1fe8  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23:25:14.0110 0x1fe8  MTConfig - ok
23:25:14.0121 0x1fe8  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
23:25:14.0123 0x1fe8  Mup - ok
23:25:14.0163 0x1fe8  [ B9DF137953A5280EDDBD4A705CA093A2, 90CBBF734A27214D63499BDD71BCE94848F41F089D204B8FDB460DF5C1E128F2 ] mvusbews        C:\Windows\system32\Drivers\mvusbews.sys
23:25:14.0165 0x1fe8  mvusbews - ok
23:25:14.0199 0x1fe8  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
23:25:14.0216 0x1fe8  napagent - ok
23:25:14.0249 0x1fe8  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:25:14.0267 0x1fe8  NativeWifiP - ok
23:25:14.0317 0x1fe8  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:25:14.0343 0x1fe8  NDIS - ok
23:25:14.0357 0x1fe8  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:25:14.0359 0x1fe8  NdisCap - ok
23:25:14.0382 0x1fe8  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:25:14.0384 0x1fe8  NdisTapi - ok
23:25:14.0411 0x1fe8  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:25:14.0414 0x1fe8  Ndisuio - ok
23:25:14.0443 0x1fe8  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:25:14.0446 0x1fe8  NdisWan - ok
23:25:14.0456 0x1fe8  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:25:14.0459 0x1fe8  NDProxy - ok
23:25:14.0516 0x1fe8  [ 51C6D8BFBD4EA5B62A1BA7F4469250D3, 29ACA9D8A5426333F75858D9D3960A4DCDDA4ACC986B3E9E37D255E4FAECDB7C ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
23:25:14.0519 0x1fe8  Net Driver HPZ12 - ok
23:25:14.0529 0x1fe8  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:25:14.0530 0x1fe8  NetBIOS - ok
23:25:14.0561 0x1fe8  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:25:14.0566 0x1fe8  NetBT - ok
23:25:14.0576 0x1fe8  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] Netlogon        C:\Windows\system32\lsass.exe
23:25:14.0578 0x1fe8  Netlogon - ok
23:25:14.0606 0x1fe8  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
23:25:14.0623 0x1fe8  Netman - ok
23:25:14.0654 0x1fe8  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:25:14.0673 0x1fe8  NetMsmqActivator - ok
23:25:14.0689 0x1fe8  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:25:14.0691 0x1fe8  NetPipeActivator - ok
23:25:14.0704 0x1fe8  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
23:25:14.0714 0x1fe8  netprofm - ok
23:25:14.0722 0x1fe8  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:25:14.0725 0x1fe8  NetTcpActivator - ok
23:25:14.0731 0x1fe8  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:25:14.0734 0x1fe8  NetTcpPortSharing - ok
23:25:14.0768 0x1fe8  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
23:25:14.0770 0x1fe8  nfrd960 - ok
23:25:14.0799 0x1fe8  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:25:14.0805 0x1fe8  NlaSvc - ok
23:25:14.0820 0x1fe8  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:25:14.0821 0x1fe8  Npfs - ok
23:25:14.0834 0x1fe8  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
23:25:14.0837 0x1fe8  nsi - ok
23:25:14.0842 0x1fe8  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:25:14.0844 0x1fe8  nsiproxy - ok
23:25:14.0903 0x1fe8  [ 0D87503986BB3DFED58E343FE39DDE13, D7AECC693F418904C663C948854E0AB9B379D152EEC1FC565E095CCB6A4B6692 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:25:14.0938 0x1fe8  Ntfs - ok
23:25:14.0950 0x1fe8  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
23:25:14.0952 0x1fe8  Null - ok
23:25:14.0976 0x1fe8  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:25:14.0980 0x1fe8  nvraid - ok
23:25:15.0002 0x1fe8  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:25:15.0007 0x1fe8  nvstor - ok
23:25:15.0047 0x1fe8  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:25:15.0050 0x1fe8  nv_agp - ok
23:25:15.0087 0x1fe8  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:25:15.0090 0x1fe8  ohci1394 - ok
23:25:15.0133 0x1fe8  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:25:15.0138 0x1fe8  ose - ok
23:25:15.0293 0x1fe8  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:25:15.0413 0x1fe8  osppsvc - ok
23:25:15.0453 0x1fe8  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:25:15.0471 0x1fe8  p2pimsvc - ok
23:25:15.0496 0x1fe8  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:25:15.0515 0x1fe8  p2psvc - ok
23:25:15.0539 0x1fe8  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
23:25:15.0542 0x1fe8  Parport - ok
23:25:15.0572 0x1fe8  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:25:15.0574 0x1fe8  partmgr - ok
23:25:15.0591 0x1fe8  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
23:25:15.0592 0x1fe8  Parvdm - ok
23:25:15.0608 0x1fe8  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:25:15.0612 0x1fe8  PcaSvc - ok
23:25:15.0639 0x1fe8  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
23:25:15.0642 0x1fe8  pci - ok
23:25:15.0650 0x1fe8  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
23:25:15.0651 0x1fe8  pciide - ok
23:25:15.0671 0x1fe8  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:25:15.0677 0x1fe8  pcmcia - ok
23:25:15.0707 0x1fe8  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:25:15.0709 0x1fe8  pcw - ok
23:25:15.0742 0x1fe8  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:25:15.0762 0x1fe8  PEAUTH - ok
23:25:15.0806 0x1fe8  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
23:25:15.0839 0x1fe8  PeerDistSvc - ok
23:25:15.0918 0x1fe8  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
23:25:15.0968 0x1fe8  pla - ok
23:25:16.0000 0x1fe8  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:25:16.0017 0x1fe8  PlugPlay - ok
23:25:16.0040 0x1fe8  [ 79834AA2FBF9FE81EEBB229024F6F7FC, 4E243765C11AE9B5D003C3220B8AA0C4671B2627221D2323F80189CA3A307FEF ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
23:25:16.0043 0x1fe8  Pml Driver HPZ12 - ok
23:25:16.0064 0x1fe8  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:25:16.0067 0x1fe8  PNRPAutoReg - ok
23:25:16.0087 0x1fe8  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:25:16.0093 0x1fe8  PNRPsvc - ok
23:25:16.0124 0x1fe8  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:25:16.0141 0x1fe8  PolicyAgent - ok
23:25:16.0176 0x1fe8  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
23:25:16.0181 0x1fe8  Power - ok
23:25:16.0202 0x1fe8  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:25:16.0205 0x1fe8  PptpMiniport - ok
23:25:16.0217 0x1fe8  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
23:25:16.0219 0x1fe8  Processor - ok
23:25:16.0253 0x1fe8  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:25:16.0258 0x1fe8  ProfSvc - ok
23:25:16.0268 0x1fe8  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] ProtectedStorage C:\Windows\system32\lsass.exe
23:25:16.0269 0x1fe8  ProtectedStorage - ok
23:25:16.0296 0x1fe8  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:25:16.0300 0x1fe8  Psched - ok
23:25:16.0369 0x1fe8  [ C6DF3FF18D6ACB913C78C865DDED17D3, 78586F60DA18B6B92832EF9F041B39C3B23EDB6AE70239B859F82A12A6FFD292 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
23:25:16.0371 0x1fe8  QBCFMonitorService - ok
23:25:16.0431 0x1fe8  [ 6BEE1814470DC12FA20C53DFC3C97EBB, 91E8C22E54A090966E9B96395392B2C03A32DB1AF8DB2289E2EA9460F0A76C0F ] QBFCService     C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
23:25:16.0434 0x1fe8  QBFCService - ok
23:25:16.0529 0x1fe8  [ 78AFB70DBE365BD6140E6740792AC3EA, 32DBFDA80C62B6752BB17F5A3843314ED33F8B77760B5691F910AD632EE5DD0F ] QBVSS           C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
23:25:16.0596 0x1fe8  QBVSS - ok
23:25:16.0646 0x1fe8  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
23:25:16.0697 0x1fe8  ql2300 - ok
23:25:16.0716 0x1fe8  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
23:25:16.0720 0x1fe8  ql40xx - ok
23:25:16.0746 0x1fe8  QuickBooksDB18 - ok
23:25:16.0798 0x1fe8  QuickBooksDB19 - ok
23:25:16.0835 0x1fe8  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
23:25:16.0845 0x1fe8  QWAVE - ok
23:25:16.0866 0x1fe8  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:25:16.0868 0x1fe8  QWAVEdrv - ok
23:25:16.0880 0x1fe8  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:25:16.0883 0x1fe8  RasAcd - ok
23:25:16.0913 0x1fe8  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:25:16.0917 0x1fe8  RasAgileVpn - ok
23:25:16.0927 0x1fe8  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
23:25:16.0932 0x1fe8  RasAuto - ok
23:25:16.0941 0x1fe8  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:25:16.0945 0x1fe8  Rasl2tp - ok
23:25:16.0989 0x1fe8  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
23:25:17.0007 0x1fe8  RasMan - ok
23:25:17.0030 0x1fe8  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:25:17.0033 0x1fe8  RasPppoe - ok
23:25:17.0048 0x1fe8  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:25:17.0051 0x1fe8  RasSstp - ok
23:25:17.0078 0x1fe8  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:25:17.0083 0x1fe8  rdbss - ok
23:25:17.0094 0x1fe8  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:25:17.0096 0x1fe8  rdpbus - ok
23:25:17.0125 0x1fe8  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:25:17.0127 0x1fe8  RDPCDD - ok
23:25:17.0172 0x1fe8  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
23:25:17.0176 0x1fe8  RDPDR - ok
23:25:17.0201 0x1fe8  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:25:17.0203 0x1fe8  RDPENCDD - ok
23:25:17.0209 0x1fe8  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:25:17.0211 0x1fe8  RDPREFMP - ok
23:25:17.0244 0x1fe8  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:25:17.0249 0x1fe8  RDPWD - ok
23:25:17.0285 0x1fe8  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:25:17.0289 0x1fe8  rdyboost - ok
23:25:17.0309 0x1fe8  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:25:17.0313 0x1fe8  RemoteAccess - ok
23:25:17.0328 0x1fe8  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:25:17.0333 0x1fe8  RemoteRegistry - ok
23:25:17.0342 0x1fe8  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:25:17.0345 0x1fe8  RpcEptMapper - ok
23:25:17.0366 0x1fe8  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
23:25:17.0369 0x1fe8  RpcLocator - ok
23:25:17.0399 0x1fe8  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
23:25:17.0406 0x1fe8  RpcSs - ok
23:25:17.0422 0x1fe8  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:25:17.0425 0x1fe8  rspndr - ok
23:25:17.0450 0x1fe8  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
23:25:17.0451 0x1fe8  s3cap - ok
23:25:17.0459 0x1fe8  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] SamSs           C:\Windows\system32\lsass.exe
23:25:17.0461 0x1fe8  SamSs - ok
23:25:17.0497 0x1fe8  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:25:17.0501 0x1fe8  sbp2port - ok
23:25:17.0520 0x1fe8  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:25:17.0526 0x1fe8  SCardSvr - ok
23:25:17.0545 0x1fe8  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:25:17.0547 0x1fe8  scfilter - ok
23:25:17.0608 0x1fe8  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
23:25:17.0634 0x1fe8  Schedule - ok
23:25:17.0667 0x1fe8  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:25:17.0669 0x1fe8  SCPolicySvc - ok
23:25:17.0703 0x1fe8  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:25:17.0709 0x1fe8  SDRSVC - ok
23:25:17.0748 0x1fe8  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:25:17.0750 0x1fe8  secdrv - ok
23:25:17.0759 0x1fe8  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
23:25:17.0763 0x1fe8  seclogon - ok
23:25:17.0772 0x1fe8  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
23:25:17.0775 0x1fe8  SENS - ok
23:25:17.0794 0x1fe8  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:25:17.0798 0x1fe8  SensrSvc - ok
23:25:17.0802 0x1fe8  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:25:17.0804 0x1fe8  Serenum - ok
23:25:17.0818 0x1fe8  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:25:17.0821 0x1fe8  Serial - ok
23:25:17.0841 0x1fe8  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
23:25:17.0843 0x1fe8  sermouse - ok
23:25:17.0875 0x1fe8  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:25:17.0880 0x1fe8  SessionEnv - ok
23:25:17.0901 0x1fe8  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:25:17.0903 0x1fe8  sffdisk - ok
23:25:17.0915 0x1fe8  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:25:17.0917 0x1fe8  sffp_mmc - ok
23:25:17.0931 0x1fe8  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:25:17.0933 0x1fe8  sffp_sd - ok
23:25:17.0945 0x1fe8  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
23:25:17.0947 0x1fe8  sfloppy - ok
23:25:17.0973 0x1fe8  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:25:17.0991 0x1fe8  SharedAccess - ok
23:25:18.0025 0x1fe8  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:25:18.0042 0x1fe8  ShellHWDetection - ok
23:25:18.0076 0x1fe8  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
23:25:18.0078 0x1fe8  sisagp - ok
23:25:18.0105 0x1fe8  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:25:18.0107 0x1fe8  SiSRaid2 - ok
23:25:18.0116 0x1fe8  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
23:25:18.0119 0x1fe8  SiSRaid4 - ok
23:25:18.0142 0x1fe8  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:25:18.0145 0x1fe8  Smb - ok
23:25:18.0176 0x1fe8  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:25:18.0180 0x1fe8  SNMPTRAP - ok
23:25:18.0192 0x1fe8  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:25:18.0193 0x1fe8  spldr - ok
23:25:18.0251 0x1fe8  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
23:25:18.0259 0x1fe8  Spooler - ok
23:25:18.0387 0x1fe8  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
23:25:18.0484 0x1fe8  sppsvc - ok
23:25:18.0520 0x1fe8  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:25:18.0525 0x1fe8  sppuinotify - ok
23:25:18.0562 0x1fe8  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:25:18.0569 0x1fe8  srv - ok
23:25:18.0601 0x1fe8  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:25:18.0608 0x1fe8  srv2 - ok
23:25:18.0625 0x1fe8  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:25:18.0627 0x1fe8  srvnet - ok
23:25:18.0640 0x1fe8  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:25:18.0646 0x1fe8  SSDPSRV - ok
23:25:18.0659 0x1fe8  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:25:18.0664 0x1fe8  SstpSvc - ok
23:25:18.0681 0x1fe8  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
23:25:18.0683 0x1fe8  stexstor - ok
23:25:18.0721 0x1fe8  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
23:25:18.0740 0x1fe8  StiSvc - ok
23:25:18.0761 0x1fe8  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
23:25:18.0763 0x1fe8  storflt - ok
23:25:18.0782 0x1fe8  [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc         C:\Windows\system32\storsvc.dll
23:25:18.0785 0x1fe8  StorSvc - ok
23:25:18.0808 0x1fe8  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
23:25:18.0810 0x1fe8  storvsc - ok
23:25:18.0830 0x1fe8  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
23:25:18.0832 0x1fe8  swenum - ok
23:25:18.0850 0x1fe8  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
23:25:18.0868 0x1fe8  swprv - ok
23:25:18.0924 0x1fe8  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
23:25:18.0958 0x1fe8  SysMain - ok
23:25:18.0994 0x1fe8  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
23:25:18.0999 0x1fe8  TabletInputService - ok
23:25:19.0039 0x1fe8  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:25:19.0045 0x1fe8  TapiSrv - ok
23:25:19.0056 0x1fe8  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
23:25:19.0061 0x1fe8  TBS - ok
23:25:19.0120 0x1fe8  [ E23A56F843E2AEBBB209D0ACCA73C640, 41675C69EBB5A975EA6AFCD07D4BF1EB261FEF47EF2FA20AB4FE929165F7C611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:25:19.0154 0x1fe8  Tcpip - ok
23:25:19.0200 0x1fe8  [ E23A56F843E2AEBBB209D0ACCA73C640, 41675C69EBB5A975EA6AFCD07D4BF1EB261FEF47EF2FA20AB4FE929165F7C611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:25:19.0220 0x1fe8  TCPIP6 - ok
23:25:19.0253 0x1fe8  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:25:19.0256 0x1fe8  tcpipreg - ok
23:25:19.0285 0x1fe8  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:25:19.0287 0x1fe8  TDPIPE - ok
23:25:19.0317 0x1fe8  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:25:19.0318 0x1fe8  TDTCP - ok
23:25:19.0355 0x1fe8  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:25:19.0358 0x1fe8  tdx - ok
23:25:19.0369 0x1fe8  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
23:25:19.0372 0x1fe8  TermDD - ok
23:25:19.0418 0x1fe8  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
23:25:19.0435 0x1fe8  TermService - ok
23:25:19.0450 0x1fe8  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
23:25:19.0453 0x1fe8  Themes - ok
23:25:19.0470 0x1fe8  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
23:25:19.0472 0x1fe8  THREADORDER - ok
23:25:19.0485 0x1fe8  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
23:25:19.0489 0x1fe8  TrkWks - ok
23:25:19.0535 0x1fe8  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:25:19.0544 0x1fe8  TrustedInstaller - ok
23:25:19.0577 0x1fe8  [ 254BB140EEE3C59D6114C1A86B636877, EE09D62E90407A40278F2136F640DAB16A4E2BF57D4FB6E05F92CA9CC9CF57C0 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:25:19.0579 0x1fe8  tssecsrv - ok
23:25:19.0648 0x1fe8  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:25:19.0651 0x1fe8  TsUsbFlt - ok
23:25:19.0692 0x1fe8  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:25:19.0696 0x1fe8  tunnel - ok
23:25:19.0725 0x1fe8  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
23:25:19.0727 0x1fe8  uagp35 - ok
23:25:19.0762 0x1fe8  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:25:19.0768 0x1fe8  udfs - ok
23:25:19.0790 0x1fe8  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:25:19.0794 0x1fe8  UI0Detect - ok
23:25:19.0814 0x1fe8  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:25:19.0817 0x1fe8  uliagpkx - ok
23:25:19.0841 0x1fe8  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:25:19.0844 0x1fe8  umbus - ok
23:25:19.0869 0x1fe8  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
23:25:19.0871 0x1fe8  UmPass - ok
23:25:19.0910 0x1fe8  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
23:25:19.0916 0x1fe8  UmRdpService - ok
23:25:19.0932 0x1fe8  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
23:25:19.0950 0x1fe8  upnphost - ok
23:25:19.0973 0x1fe8  [ BD9C55D7023C5DE374507ACC7A14E2AC, 1DBAFF733DE5C1A6A2374B15BD94512A22D9C0F4DF91F997801340828333AF3C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:25:19.0976 0x1fe8  usbccgp - ok
23:25:20.0001 0x1fe8  [ 04EC7CEC62EC3B6D9354EEE93327FC82, 6CB41D8644618A5F701F6CA91FB65BB94AA83EA48992133B5262DC539B334B2E ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:25:20.0004 0x1fe8  usbcir - ok
23:25:20.0021 0x1fe8  [ F92DE757E4B7CE9C07C5E65423F3AE3B, B3FDEE4A8F1C7EC12405D99ACABC3E633FA4ED08D2A2AA871526ED7927A35A91 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
23:25:20.0023 0x1fe8  usbehci - ok
23:25:20.0054 0x1fe8  [ 8DC94AEC6A7E644A06135AE7506DC2E9, 3ACB621D57BC8691DBBCDEF27563AA6390370362F21AFA6E7BA35BC429E14590 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:25:20.0063 0x1fe8  usbhub - ok
23:25:20.0075 0x1fe8  [ E185D44FAC515A18D9DEDDC23C2CDF44, EF69D0253CC8F1D29929FD5E74F18737ECF5D238874B6E1505E2EAEE66D9D987 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:25:20.0077 0x1fe8  usbohci - ok
23:25:20.0097 0x1fe8  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:25:20.0099 0x1fe8  usbprint - ok
23:25:20.0114 0x1fe8  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:25:20.0118 0x1fe8  USBSTOR - ok
23:25:20.0133 0x1fe8  [ 68DF884CF41CDADA664BEB01DAF67E3D, 142781FE2FF93B269D8FA11D4C3F60967552A867E94533D94EF1C2D777A67872 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
23:25:20.0135 0x1fe8  usbuhci - ok
23:25:20.0144 0x1fe8  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
23:25:20.0147 0x1fe8  UxSms - ok
23:25:20.0159 0x1fe8  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] VaultSvc        C:\Windows\system32\lsass.exe
23:25:20.0161 0x1fe8  VaultSvc - ok
23:25:20.0175 0x1fe8  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:25:20.0177 0x1fe8  vdrvroot - ok
23:25:20.0219 0x1fe8  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
23:25:20.0238 0x1fe8  vds - ok
23:25:20.0253 0x1fe8  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:25:20.0255 0x1fe8  vga - ok
23:25:20.0276 0x1fe8  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:25:20.0278 0x1fe8  VgaSave - ok
23:25:20.0286 0x1fe8  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:25:20.0291 0x1fe8  vhdmp - ok
23:25:20.0311 0x1fe8  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
23:25:20.0313 0x1fe8  viaagp - ok
23:25:20.0342 0x1fe8  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
23:25:20.0344 0x1fe8  ViaC7 - ok
23:25:20.0370 0x1fe8  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:25:20.0372 0x1fe8  viaide - ok
23:25:20.0391 0x1fe8  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
23:25:20.0395 0x1fe8  vmbus - ok
23:25:20.0402 0x1fe8  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
23:25:20.0404 0x1fe8  VMBusHID - ok
23:25:20.0417 0x1fe8  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:25:20.0419 0x1fe8  volmgr - ok
23:25:20.0439 0x1fe8  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:25:20.0446 0x1fe8  volmgrx - ok
23:25:20.0461 0x1fe8  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:25:20.0465 0x1fe8  volsnap - ok
23:25:20.0493 0x1fe8  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
23:25:20.0497 0x1fe8  vsmraid - ok
23:25:20.0556 0x1fe8  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
23:25:20.0593 0x1fe8  VSS - ok
23:25:20.0609 0x1fe8  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
23:25:20.0611 0x1fe8  vwifibus - ok
23:25:20.0645 0x1fe8  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
23:25:20.0662 0x1fe8  W32Time - ok
23:25:20.0673 0x1fe8  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
23:25:20.0675 0x1fe8  WacomPen - ok
23:25:20.0696 0x1fe8  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:25:20.0699 0x1fe8  WANARP - ok
23:25:20.0704 0x1fe8  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:25:20.0705 0x1fe8  Wanarpv6 - ok
23:25:20.0787 0x1fe8  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
23:25:20.0854 0x1fe8  WatAdminSvc - ok
23:25:20.0895 0x1fe8  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
23:25:20.0945 0x1fe8  wbengine - ok
23:25:20.0962 0x1fe8  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:25:20.0969 0x1fe8  WbioSrvc - ok
23:25:21.0006 0x1fe8  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:25:21.0023 0x1fe8  wcncsvc - ok
23:25:21.0038 0x1fe8  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:25:21.0042 0x1fe8  WcsPlugInService - ok
23:25:21.0065 0x1fe8  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
23:25:21.0067 0x1fe8  Wd - ok
23:25:21.0105 0x1fe8  [ A840213F1ACDCC175B4D1D5AAEAC0D7A, B20F7CAEEA790290072BC170EBEEADB4C19E1C40DB0B3FE0D4A640D0D82300D6 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:25:21.0121 0x1fe8  Wdf01000 - ok
23:25:21.0155 0x1fe8  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:25:21.0160 0x1fe8  WdiServiceHost - ok
23:25:21.0166 0x1fe8  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:25:21.0169 0x1fe8  WdiSystemHost - ok
23:25:21.0203 0x1fe8  [ A9D880F97530D5B8FEE278923349929D, 6A293E2DB9B7C434EA8B4CD4861E11905D46BD60E014AE27B74DC8C4B2DDF834 ] WebClient       C:\Windows\System32\webclnt.dll
23:25:21.0220 0x1fe8  WebClient - ok
23:25:21.0231 0x1fe8  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:25:21.0237 0x1fe8  Wecsvc - ok
23:25:21.0250 0x1fe8  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:25:21.0254 0x1fe8  wercplsupport - ok
23:25:21.0272 0x1fe8  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
23:25:21.0276 0x1fe8  WerSvc - ok
23:25:21.0296 0x1fe8  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:25:21.0298 0x1fe8  WfpLwf - ok
23:25:21.0303 0x1fe8  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:25:21.0305 0x1fe8  WIMMount - ok
23:25:21.0365 0x1fe8  [ 3FAE8F94296001C32EAB62CD7D82E0FD, 180FAECC426CF8F46700C855022E5865D528B1A20686F96D11080AB2FE2E0430 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
23:25:21.0391 0x1fe8  WinDefend - ok
23:25:21.0401 0x1fe8  WinHttpAutoProxySvc - ok
23:25:21.0442 0x1fe8  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:25:21.0446 0x1fe8  Winmgmt - ok
23:25:21.0509 0x1fe8  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
23:25:21.0543 0x1fe8  WinRM - ok
23:25:21.0582 0x1fe8  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
23:25:21.0584 0x1fe8  WinUsb - ok
23:25:21.0624 0x1fe8  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:25:21.0660 0x1fe8  Wlansvc - ok
23:25:21.0684 0x1fe8  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
23:25:21.0685 0x1fe8  WmiAcpi - ok
23:25:21.0709 0x1fe8  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:25:21.0714 0x1fe8  wmiApSrv - ok
23:25:21.0758 0x1fe8  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
23:25:21.0848 0x1fe8  WMPNetworkSvc - ok
23:25:21.0870 0x1fe8  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:25:21.0897 0x1fe8  WPCSvc - ok
23:25:21.0937 0x1fe8  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:25:21.0942 0x1fe8  WPDBusEnum - ok
23:25:21.0962 0x1fe8  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:25:21.0964 0x1fe8  ws2ifsl - ok
23:25:21.0976 0x1fe8  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
23:25:21.0980 0x1fe8  wscsvc - ok
23:25:21.0985 0x1fe8  WSearch - ok
23:25:22.0066 0x1fe8  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:25:22.0117 0x1fe8  wuauserv - ok
23:25:22.0156 0x1fe8  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:25:22.0159 0x1fe8  WudfPf - ok
23:25:22.0198 0x1fe8  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:25:22.0203 0x1fe8  WUDFRd - ok
23:25:22.0244 0x1fe8  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:25:22.0249 0x1fe8  wudfsvc - ok
23:25:22.0261 0x1fe8  [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:25:22.0279 0x1fe8  WwanSvc - ok
23:25:22.0289 0x1fe8  ================ Scan global ===============================
23:25:22.0309 0x1fe8  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
23:25:22.0345 0x1fe8  [ 93F86C5CCC37D70EA09CE5E76F3E4338, E31BA56A460892C9CAE0A0EEA3DBD42192A187804E0C4773D43E07288197FE66 ] C:\Windows\system32\winsrv.dll
23:25:22.0362 0x1fe8  [ 93F86C5CCC37D70EA09CE5E76F3E4338, E31BA56A460892C9CAE0A0EEA3DBD42192A187804E0C4773D43E07288197FE66 ] C:\Windows\system32\winsrv.dll
23:25:22.0388 0x1fe8  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
23:25:22.0412 0x1fe8  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
23:25:22.0418 0x1fe8  [ Global ] - ok
23:25:22.0418 0x1fe8  ================ Scan MBR ==================================
23:25:22.0421 0x1fe8  [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
23:25:22.0607 0x1fe8  \Device\Harddisk0\DR0 - ok
23:25:22.0607 0x1fe8  ================ Scan VBR ==================================
23:25:22.0611 0x1fe8  [ 4BB72C2039D84B6816FBB417676CB2C1 ] \Device\Harddisk0\DR0\Partition1
23:25:22.0612 0x1fe8  \Device\Harddisk0\DR0\Partition1 - ok
23:25:22.0617 0x1fe8  [ 1A09CBD28CFE9C95433EB95BEBEFB685 ] \Device\Harddisk0\DR0\Partition2
23:25:22.0618 0x1fe8  \Device\Harddisk0\DR0\Partition2 - ok
23:25:22.0620 0x1fe8  Waiting for KSN requests completion. In queue: 328
23:25:23.0620 0x1fe8  Waiting for KSN requests completion. In queue: 22
23:25:24.0620 0x1fe8  Waiting for KSN requests completion. In queue: 22
23:25:25.0645 0x1fe8  AV detected via SS2: ESET NOD32 Antivirus 4.0, C:\Program Files\ESET\ESET NOD32 Antivirus\ecmd.exe ( 4.0.474.0 ), 0x41000 ( enabled : updated )
23:25:25.0658 0x1fe8  Win FW state via NFP2: enabled
23:25:28.0240 0x1fe8  ============================================================
23:25:28.0240 0x1fe8  Scan finished
23:25:28.0240 0x1fe8  ============================================================
23:25:28.0252 0x1bbc  Detected object count: 0
23:25:28.0252 0x1bbc  Actual detected object count: 0
23:26:01.0784 0x1d84  KLMD registered as C:\Windows\system32\drivers\58679167.sys
23:26:02.0843 0x1d84  Deinitialize success

 

 A SECOND SCAN WITH ALL OPTION CHECKED FOUND GOOGLEDESKTOP.EXT WHICH WAS COPIED TO QUARANTINE.

 

23:38:16.0578 0x0470  ============================================================
23:38:16.0578 0x0470  Scan finished
23:38:16.0578 0x0470  ============================================================
23:38:16.0585 0x0ff4  Detected object count: 1
23:38:16.0585 0x0ff4  Actual detected object count: 1
23:39:41.0399 0x0ff4  C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe - copied to quarantine
23:39:41.0650 0x0ff4  GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
23:45:19.0616 0x0fa4  Deinitialize success

 


Edited by bughater, 17 April 2014 - 11:31 PM.


#5 bughater

bughater
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 17 April 2014 - 11:22 PM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457
Run by k at 23:57:38 on 2014-04-17
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3037.1527 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Broadcom\BPowMon\BPowMon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\HPSIsvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\dllhost.exe
C:\Users\k\AppData\Local\Temp\nsu8E5C.tmp\nsF2F9.tmp
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\findstr.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [Google Update] "c:\users\k\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe  startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickBooksDB18] c:\program files\intuit\quickbooks 2008\qbdbmgrn.exe -n qb_llw7001_18 -qs -gd all -gk all -gp 4096 -gu all -ch 64m -c 32m  -x tcpip(broadcastlistener=no;port=10180) -ti 0 -ec simple -ct- -qi -qw  -tl 120 -oe c:\users\k\appdata\local\intuit\quickb~1\log\DBSTAR~1.LOG -y
mRun: [QuickBooksDB19] c:\progra~1\intuit\quickb~2\qbdbmgrn.exe -n qb_llw7001_19 -qs -gd all -gk all -gp 4096 -gu all -ch 128m -c 64m  -x tcpip(broadcastlistener=no;port=55333) -ti 0 -ec simple  -qi -qw  -tl 120 -oe c:\progra~2\intuit\quickb~2\DBSTAR~1.LOG -y
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: legalnoticecaption = Legal
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://vpn.silverhazepartners.com/NELX.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7B62F6EE-D046-11D3-9C5E-0060082627F7} - hxxps://smmail.mskcc.org/messenger/download/TWDownload.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007
TCP: NameServer = 192.168.1.2
TCP: Interfaces\{EEB2691B-008B-49DE-816A-F5F154EF2451} : DHCPNameServer = 192.168.1.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Notify: GoToAssist - c:\program files\citrix\gotoassist\957\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~1\GO36F4~1.DLL
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
IFEO: ehshell.exe - "c:\program files\logmein\x86\LogMeInSystray.exe" -MceShellRedirect
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\k\appdata\roaming\mozilla\firefox\profiles\1um2zpvb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\k\appdata\local\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\users\k\appdata\local\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2010-7-27 81920]
R2 BPowMon;Broadcom Power monitoring service;c:\program files\broadcom\bpowmon\BPowMon.exe [2009-8-17 79168]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-11-16 95896]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-9-20 99896]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2013-6-7 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2013-4-30 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2013-7-3 47640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-4-13 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-4-13 857912]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2010-7-27 273960]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-4-13 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-4-13 107736]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-4-13 51416]
R3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2011-9-20 17408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-15 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-16 1343400]
S4 QuickBooksDB18;QuickBooksDB18;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb18 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]
S4 QuickBooksDB19;QuickBooksDB19;c:\progra~1\intuit\quickb~2\qbdbmgrn.exe -hvquickbooksdb19 --> c:\progra~1\intuit\quickb~2\QBDBMgrN.exe -hvQuickBooksDB19 [?]
.
=============== Created Last 30 ================
.
2014-04-18 03:39:41 -------- d-----w- C:\TDSSKiller_Quarantine
2014-04-15 02:16:52 7969936 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{19a7ecd3-e79b-4c43-9ff8-26aa2baa3b63}\mpengine.dll
2014-04-14 02:15:45 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-14 02:15:19 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-14 02:15:19 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-14 02:15:19 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-14 02:15:18 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-04-14 02:14:52 -------- d-----w- c:\users\k\appdata\local\Programs
2014-04-07 17:44:46 -------- d-----w- c:\users\k\appdata\local\Unmedia
.
==================== Find3M  ====================
.
2014-04-13 14:02:37 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-04-13 14:02:37 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2014-04-13 14:02:36 85832 ----a-w- c:\windows\system32\LMIinit.dll
2014-04-13 14:02:36 31560 ----a-w- c:\windows\system32\LMIport.dll
2014-03-31 13:35:10 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-29 03:44:28 85832 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
.
============= FINISH:  0:00:13.18 ===============

Attached Files


Edited by bughater, 17 April 2014 - 11:23 PM.


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,916 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:07 PM

Posted 18 April 2014 - 02:03 AM

Doles ESET still detect Olmasco at this point?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 bughater

bughater
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 19 April 2014 - 02:16 PM

yes, the Eset still detect Olmasco by deleting Operating memory » svchost.exe.

This is indeed very bad infection!



#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,916 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:07 PM

Posted 19 April 2014 - 03:33 PM

Yes, lets do some extra testing here. :) Its unlikely ESET detects this without reason.

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1
  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.
This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,916 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:07 PM

Posted 01 May 2014 - 03:44 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users