Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/Sirefef trojan


  • This topic is locked This topic is locked
16 replies to this topic

#1 norms

norms

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington State
  • Local time:05:25 PM

Posted 15 May 2014 - 11:15 AM

ESET keeps popping up with a warning that I have been infected with the Win32/Sirefef Trojan.  I have tried Mawarebytes, TDDS Killer, Rogue Killer and still get this warning from ESET.  Any help would be appreciated.  Thanks.



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:25 PM

Posted 15 May 2014 - 12:07 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
 
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.
  • IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.
     
    Having said that....   YBCQLm4.gif   Let's get going!!  
    ----------
     
    Do you happen to have the logs that were made by both TDSSKiller and Malwarebytes?  If so, please post those.  :)

    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #3 norms

    norms
    • Topic Starter

    • Members
    • 72 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Washington State
    • Local time:05:25 PM

    Posted 15 May 2014 - 05:29 PM

    Sorry, the only one  I have is from Malwarebytes

     

    Not quite sure how to retrieve the scan results from yesterday from TDSSKiller.  All it wants to do is perform another scan.

     

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 5/14/2014
    Scan Time: 9:32:41 PM
    Logfile: log.txt
    Administrator: Yes

    Version: 2.00.1.1004
    Malware Database: v2014.05.14.11
    Rootkit Database: v2014.03.27.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Chameleon: Disabled

    OS: Windows Vista Service Pack 2
    CPU: x86
    File System: NTFS
    User: Simpson

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 237627
    Time Elapsed: 8 min, 29 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Shuriken: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 6
    PUP.Optional.Softonic, C:\temp\SoftonicDownloader_for_free-mp4-mp3-converter.exe, Quarantined, [5003a2af502be6503cc3e81bd928f808],
    PUP.Optional.Freemium.A, C:\temp\CandyInstaller.exe, Quarantined, [dc77a9a8e19a52e4e4364dd9758c34cc],
    PUP.Optional.Freemium.A, C:\Users\Simpson\AppData\Local\Temp\ICReinstall_CandyInstaller.exe, Quarantined, [3e15dc75f08b43f367b3ce5806fb28d8],
    PUP.Optional.OpenCandy, C:\Users\Simpson\AppData\Local\Temp\nsv9CCD.tmp\OCSetupHlp.dll, Quarantined, [67ec7bd6e794bb7b1afce18bbe46827e],
    PUP.Optional.SweetPacks.A, C:\Users\Simpson\AppData\Local\Temp\is1598539481\zgInstaller.exe, Quarantined, [ada6c78a6f0cd066f6eb887d5ca507f9],
    PUP.Optional.Installcore, C:\Users\Simpson\AppData\Local\Temp\is530454878\86626436_stp\HomePageDLL.dll, Quarantined, [51024a0749327eb84fb7e73a1de74cb4],

    Physical Sectors: 0
    (No malicious items detected)

    (end)



    #4 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:07:25 PM

    Posted 15 May 2014 - 07:50 PM

    Thanks!!  :)

     

    Go ahead and run a new scan with TDSSKiller and post the new log. 


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #5 norms

    norms
    • Topic Starter

    • Members
    • 72 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Washington State
    • Local time:05:25 PM

    Posted 15 May 2014 - 08:53 PM

    Sorry, I feel ignorant but I see no way to copy the results from the "report" In TDSKiller after I select it.  I get no copy option with a right click and I don't see any option for copy in the "report" screen.  Minimal options.



    #6 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:07:25 PM

    Posted 16 May 2014 - 06:25 AM

    No worries....go to your C:\ folder and look to see if there are any TDSSKiller .txt files there.  If there are, post those please.  If not, we will try something else.


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #7 norms

    norms
    • Topic Starter

    • Members
    • 72 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Washington State
    • Local time:05:25 PM

    Posted 16 May 2014 - 01:27 PM

    Yup, there it was.  Here ya go.

     

     

    22:53:37.0542 0x13f0  TDSS rootkit removing tool 3.0.0.34 Apr 29 2014 18:20:10
    22:53:49.0707 0x13f0  ============================================================
    22:53:49.0707 0x13f0  Current date / time: 2014/05/14 22:53:49.0707
    22:53:49.0707 0x13f0  SystemInfo:
    22:53:49.0707 0x13f0 
    22:53:49.0707 0x13f0  OS Version: 6.0.6002 ServicePack: 2.0
    22:53:49.0708 0x13f0  Product type: Workstation
    22:53:49.0708 0x13f0  ComputerName: SIMPSON-PC
    22:53:49.0708 0x13f0  UserName: Simpson
    22:53:49.0708 0x13f0  Windows directory: C:\Windows
    22:53:49.0708 0x13f0  System windows directory: C:\Windows
    22:53:49.0708 0x13f0  Processor architecture: Intel x86
    22:53:49.0708 0x13f0  Number of processors: 2
    22:53:49.0708 0x13f0  Page size: 0x1000
    22:53:49.0708 0x13f0  Boot type: Normal boot
    22:53:49.0709 0x13f0  ============================================================
    22:53:51.0684 0x13f0  KLMD registered as C:\Windows\system32\drivers\22729692.sys
    22:53:52.0028 0x13f0  System UUID: {F679BCBF-6458-CB84-C2F5-342B1A12EC86}
    22:53:52.0611 0x13f0  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    22:53:52.0624 0x13f0  ============================================================
    22:53:52.0624 0x13f0  \Device\Harddisk0\DR0:
    22:53:52.0625 0x13f0  MBR partitions:
    22:53:52.0625 0x13f0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xCEC2FC1
    22:53:52.0625 0x13f0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xCEC3000, BlocksNum 0xDB4800
    22:53:52.0625 0x13f0  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xDC79800, BlocksNum 0x31A800
    22:53:52.0625 0x13f0  ============================================================
    22:53:52.0634 0x13f0  C: <-> \Device\Harddisk0\DR0\Partition1
    22:53:52.0693 0x13f0  D: <-> \Device\Harddisk0\DR0\Partition2
    22:53:52.0728 0x13f0  E: <-> \Device\Harddisk0\DR0\Partition3
    22:53:52.0728 0x13f0  ============================================================
    22:53:52.0728 0x13f0  Initialize success
    22:53:52.0728 0x13f0  ============================================================
    22:54:31.0048 0x0b70  ============================================================
    22:54:31.0048 0x0b70  Scan started
    22:54:31.0048 0x0b70  Mode: Manual;
    22:54:31.0048 0x0b70  ============================================================
    22:54:31.0048 0x0b70  KSN ping started
    22:54:33.0665 0x0b70  KSN ping finished: true
    22:54:36.0891 0x0b70  ================ Scan system memory ========================
    22:54:36.0891 0x0b70  System memory - ok
    22:54:36.0892 0x0b70  ================ Scan services =============================
    22:54:39.0524 0x0b70  [ 17AE46C4F390FB09DDF6DACFF5C0A281, 2BEE5B6D8C92401CAFE2A65E1AD7A1E369691B8097892D8C5C8D0C0AB7D61408 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
    22:54:39.0537 0x0b70  Accelerometer - ok
    22:54:39.0629 0x0b70  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
    22:54:39.0658 0x0b70  ACPI - ok
    22:54:39.0741 0x0b70  [ FB9ECE3F7B8A03E474E611031AD4CD23, 32CDBC6D32DF5C711819A85FD147511AA2E8EE7609CE7D9D352E7755D2E964BB ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
    22:54:39.0765 0x0b70  ADIHdAudAddService - ok
    22:54:40.0075 0x0b70  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A, F419E159D3E428A3929A1A983142E7B0783D3F104EE9587585418E51011E4B8F ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    22:54:40.0081 0x0b70  AdobeARMservice - ok
    22:54:40.0207 0x0b70  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB, 0342700760874683A6DF4F149DACACEF0569D40C45FC5958C67100B3C5D9BBBC ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
    22:54:40.0238 0x0b70  adp94xx - ok
    22:54:40.0292 0x0b70  [ B84088CA3CDCA97DA44A984C6CE1CCAD, 87009809FB101BF51483FA32318CBCD209386582880C82417BE4FFAD1B04C8C1 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
    22:54:40.0314 0x0b70  adpahci - ok
    22:54:40.0349 0x0b70  [ 7880C67BCCC27C86FD05AA2AFB5EA469, C8B06E203EEA6EAD19651F212432005ABADFF21E2AA5699E34040527394F2677 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
    22:54:40.0367 0x0b70  adpu160m - ok
    22:54:40.0409 0x0b70  [ 9AE713F8E30EFC2ABCCD84904333DF4D, B0C7801AC6E0811C38F0474703F34283914C8873D851F59EE232834F7C0D8087 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
    22:54:40.0420 0x0b70  adpu320 - ok
    22:54:40.0472 0x0b70  [ 12D23758621B00B8D3134095EC3325FD, 30DC1C40539FF6E14D9D692870FD6D511455F2D86DB1BF505B2500F953A611C4 ] AEADIFilters    C:\Windows\system32\AEADISRV.EXE
    22:54:40.0476 0x0b70  AEADIFilters - ok
    22:54:40.0493 0x0b70  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
    22:54:40.0494 0x0b70  AeLookupSvc - ok
    22:54:40.0547 0x0b70  [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD             C:\Windows\system32\drivers\afd.sys
    22:54:40.0556 0x0b70  AFD - ok
    22:54:40.0592 0x0b70  [ EF23439CDD587F64C2C1B8825CEAD7D8, 762665CFC202B3E16CA2338887896FDF996331A363DC709F1EC088BF927133A3 ] agp440          C:\Windows\system32\drivers\agp440.sys
    22:54:40.0594 0x0b70  agp440 - ok
    22:54:40.0614 0x0b70  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
    22:54:40.0637 0x0b70  aic78xx - ok
    22:54:40.0674 0x0b70  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
    22:54:40.0677 0x0b70  ALG - ok
    22:54:40.0706 0x0b70  [ 90395B64600EBB4552E26E178C94B2E4, 73095893964DC7915983B58A567184FC51949C99341E7E0D04D70CC4C4F95E37 ] aliide          C:\Windows\system32\drivers\aliide.sys
    22:54:40.0707 0x0b70  aliide - ok
    22:54:40.0737 0x0b70  [ 2B13E304C9DFDFA5EB582F6A149FA2C7, 196CCE13E0376526B79D9C43D4071990576C4DD210A48E9E922B438AA11C95E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
    22:54:40.0761 0x0b70  amdagp - ok
    22:54:40.0782 0x0b70  [ 0577DF1D323FE75A739C787893D300EA, 079EF3CA18FB847DB7E62929071BFF007FAF390E1DBF4C59F28DAAC6B9C2DE51 ] amdide          C:\Windows\system32\drivers\amdide.sys
    22:54:40.0783 0x0b70  amdide - ok
    22:54:40.0821 0x0b70  [ DC487885BCEF9F28EECE6FAC0E5DDFC5, 24A62F6E628AD46273BC226F7BC3453A9C7B76F81ABB9FB801EBEFADB2AB7C9B ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
    22:54:40.0823 0x0b70  AmdK7 - ok
    22:54:40.0840 0x0b70  [ 0CA0071DA4315B00FC1328CA86B425DA, 4F816FA2197166A83A266084F9D5ED68876D0521D378F90F1314DD53C6FB8814 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
    22:54:40.0842 0x0b70  AmdK8 - ok
    22:54:40.0892 0x0b70  [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
    22:54:40.0894 0x0b70  Appinfo - ok
    22:54:41.0483 0x0b70  [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    22:54:41.0486 0x0b70  Apple Mobile Device - ok
    22:54:41.0551 0x0b70  [ 0FE769CAE5855B53C90E23F85E7E89FF, 7163E364D33EDABCFC1E1B586D28FA906F34A764BF4B3031DF020043EAE0D3BF ] AppMgmt         C:\Windows\System32\appmgmts.dll
    22:54:41.0557 0x0b70  AppMgmt - ok
    22:54:41.0585 0x0b70  [ 5F673180268BB1FDB69C99B6619FE379, C4307A861163F96648109046A6C7D53AB1C9B10D0B841DD1A7D147D22F462649 ] arc             C:\Windows\system32\drivers\arc.sys
    22:54:41.0588 0x0b70  arc - ok
    22:54:41.0620 0x0b70  [ 957F7540B5E7F602E44648C7DE5A1C05, F03C7708A6C9D2579ECE5A7413AFA068E1067D7191EC653A78BA4FEDE76CFBD8 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
    22:54:41.0623 0x0b70  arcsas - ok
    22:54:42.0461 0x0b70  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    22:54:42.0465 0x0b70  aspnet_state - ok
    22:54:42.0518 0x0b70  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
    22:54:42.0521 0x0b70  AsyncMac - ok
    22:54:42.0640 0x0b70  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
    22:54:42.0642 0x0b70  atapi - ok
    22:54:43.0119 0x0b70  [ DE926B6E106DE060381A050F95422E63, 1336610B01FD0EB8B6CB720B3B1B2A9A8ACC7B19227C722783881906223B56C1 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
    22:54:43.0157 0x0b70  Ati External Event Utility - ok
    22:54:43.0570 0x0b70  [ 1FA6B621C94EE41B312F1F4F320C05A4, 8A9643B375817555852FED46F6DFE840B2652CECAEDB2F6281D2573595D7EBDD ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
    22:54:43.0616 0x0b70  atikmdag - ok
    22:54:43.0714 0x0b70  [ 293E8CC3C246A89F4CCA75B024AD757F, 6E77CCC984A3D6CFC8A8B9AAA16925C66405A41C815632E71CA51FCC2A66A0C3 ] ATSWPDRV        C:\Windows\system32\DRIVERS\ATSwpDrv.sys
    22:54:43.0718 0x0b70  ATSWPDRV - ok
    22:54:43.0750 0x0b70  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    22:54:43.0761 0x0b70  AudioEndpointBuilder - ok
    22:54:43.0775 0x0b70  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
    22:54:43.0781 0x0b70  Audiosrv - ok
    22:54:43.0852 0x0b70  [ CF6A67C90951E3E763D2135DEDE44B85, DD31F105665C6980D4CEF5C5C0F29590CF1DC0B4AEB3809C8659915E5E95931B ] BCM43XV         C:\Windows\system32\DRIVERS\bcmwl6.sys
    22:54:43.0867 0x0b70  BCM43XV - ok
    22:54:43.0898 0x0b70  [ 08015D34F6FDD0B355805BAD978497C3, AAD5F919215B8630DCCADF2AC8DC82BAA543C52B1682B476093E014532B20EBD ] bcm4sbxp        C:\Windows\system32\DRIVERS\bcm4sbxp.sys
    22:54:43.0900 0x0b70  bcm4sbxp - ok
    22:54:43.0930 0x0b70  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
    22:54:43.0931 0x0b70  Beep - ok
    22:54:43.0982 0x0b70  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
    22:54:44.0008 0x0b70  BFE - ok
    22:54:44.0104 0x0b70  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
    22:54:44.0228 0x0b70  BITS - ok
    22:54:44.0234 0x0b70  blbdrive - ok
    22:54:44.0431 0x0b70  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    22:54:44.0473 0x0b70  Bonjour Service - ok
    22:54:44.0506 0x0b70  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
    22:54:44.0528 0x0b70  bowser - ok
    22:54:44.0575 0x0b70  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
    22:54:44.0585 0x0b70  BrFiltLo - ok
    22:54:44.0598 0x0b70  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
    22:54:44.0600 0x0b70  BrFiltUp - ok
    22:54:44.0626 0x0b70  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
    22:54:44.0631 0x0b70  Browser - ok
    22:54:44.0664 0x0b70  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
    22:54:44.0667 0x0b70  Brserid - ok
    22:54:44.0683 0x0b70  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
    22:54:44.0685 0x0b70  BrSerWdm - ok
    22:54:44.0698 0x0b70  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
    22:54:44.0699 0x0b70  BrUsbMdm - ok
    22:54:44.0713 0x0b70  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
    22:54:44.0714 0x0b70  BrUsbSer - ok
    22:54:44.0740 0x0b70  [ 064FBC56921051DE1075495D628B815F, 4CFB6088423A99BC2D8F8EE22F761AC4168D0C37B86C3196D19E477FD25177DE ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
    22:54:44.0741 0x0b70  BthEnum - ok
    22:54:44.0759 0x0b70  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
    22:54:44.0760 0x0b70  BTHMODEM - ok
    22:54:44.0781 0x0b70  [ B8C3D9DDF85FD197C3E5F849FEF71144, 9DA9D7D4970814051E93288F06A6676BC4B09EF52C1E4E70541E0D9937729E84 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
    22:54:44.0784 0x0b70  BthPan - ok
    22:54:44.0805 0x0b70  [ B24757D9154CCA035E1BBD3DB92966D7, 49B5863EF8D2E1B380A4F58A77A4A9D32412120BDE603894033090E741D56ABA ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
    22:54:44.0813 0x0b70  BTHPORT - ok
    22:54:44.0850 0x0b70  [ A4C8377FA4A994E07075107DBE2E3DCE, C3CDAA7B83D130100044341C23897CC6C257FA075A8D08B8551F4A28AE8CE6C4 ] BthServ         C:\Windows\System32\bthserv.dll
    22:54:44.0869 0x0b70  BthServ - ok
    22:54:44.0910 0x0b70  [ D42CF5F0C7635B3F1578810FE34D9E41, 41E33B6D113E717CC4B1B7DF4E684F4C1AD3FD29E5A1F11E9739CA819FB6A9DC ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
    22:54:44.0928 0x0b70  BTHUSB - ok
    22:54:44.0971 0x0b70  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
    22:54:44.0972 0x0b70  cdfs - ok
    22:54:45.0023 0x0b70  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
    22:54:45.0026 0x0b70  cdrom - ok
    22:54:45.0061 0x0b70  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
    22:54:45.0063 0x0b70  CertPropSvc - ok
    22:54:45.0080 0x0b70  [ DA8E0AFC7BAA226C538EF53AC2F90897, 2BBB9966671A3B8325D215DBC29FBD7D912C13ADC562A0D4521D1FF9A6F445C0 ] circlass        C:\Windows\system32\drivers\circlass.sys
    22:54:45.0082 0x0b70  circlass - ok
    22:54:45.0168 0x0b70  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
    22:54:45.0188 0x0b70  CLFS - ok
    22:54:45.0257 0x0b70  [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:54:45.0260 0x0b70  clr_optimization_v2.0.50727_32 - ok
    22:54:45.0304 0x0b70  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:54:45.0308 0x0b70  clr_optimization_v4.0.30319_32 - ok
    22:54:45.0346 0x0b70  [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
    22:54:45.0347 0x0b70  CmBatt - ok
    22:54:45.0374 0x0b70  [ 45201046C776FFDAF3FC8A0029C581C8, 68A68CF2B76598BC8610EB5B2D3FD5BDC9D51CFC6F51FB7A0B0C92A2BE910FC6 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
    22:54:45.0375 0x0b70  cmdide - ok
    22:54:45.0395 0x0b70  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
    22:54:45.0397 0x0b70  Compbatt - ok
    22:54:45.0401 0x0b70  COMSysApp - ok
    22:54:45.0409 0x0b70  [ 2A213AE086BBEC5E937553C7D9A2B22C, 1F91ACC0426E0ED1717555B282F65629EF15021375B24A63C29C89ADE916EE2A ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
    22:54:45.0411 0x0b70  crcdisk - ok
    22:54:45.0431 0x0b70  [ 22A7F883508176489F559EE745B5BF5D, D6341E3FBC8A46D2D1F0477FA60EC4828B585D35B14609CD02868FD04ECD14DB ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
    22:54:45.0433 0x0b70  Crusoe - ok
    22:54:45.0474 0x0b70  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
    22:54:45.0478 0x0b70  CryptSvc - ok
    22:54:45.0521 0x0b70  [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C, 95E3AA76DAF3F9EDE1AAE9B85C779F2716097266F492E0A8D361C6ED9A9AC8CC ] CSC             C:\Windows\system32\drivers\csc.sys
    22:54:45.0538 0x0b70  CSC - ok
    22:54:45.0583 0x0b70  [ 0A2095F92F6AE4FE6484D911B0C21E95, 52E2E08107FEBD6B46E1C71B39ECA8AB1A0ECF18CA248D9172F831B6FAB99139 ] CscService      C:\Windows\System32\cscsvc.dll
    22:54:45.0621 0x0b70  CscService - ok
    22:54:45.0673 0x0b70  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
    22:54:45.0702 0x0b70  DcomLaunch - ok
    22:54:45.0731 0x0b70  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
    22:54:45.0735 0x0b70  DfsC - ok
    22:54:45.0840 0x0b70  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
    22:54:45.0918 0x0b70  DFSR - ok
    22:54:45.0980 0x0b70  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
    22:54:45.0989 0x0b70  Dhcp - ok
    22:54:46.0016 0x0b70  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
    22:54:46.0018 0x0b70  disk - ok
    22:54:46.0074 0x0b70  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
    22:54:46.0077 0x0b70  Dnscache - ok
    22:54:46.0127 0x0b70  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
    22:54:46.0133 0x0b70  dot3svc - ok
    22:54:46.0182 0x0b70  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
    22:54:46.0187 0x0b70  DPS - ok
    22:54:46.0214 0x0b70  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
    22:54:46.0215 0x0b70  drmkaud - ok
    22:54:46.0336 0x0b70  [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
    22:54:46.0354 0x0b70  DXGKrnl - ok
    22:54:46.0426 0x0b70  [ ABFD0739BDA1A9295B872A4B27326B9C, B11BCEDD580EE81EC3D6FEA3826D79B73B14794A22213A8E327723970463A575 ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
    22:54:46.0432 0x0b70  e1express - ok
    22:54:46.0468 0x0b70  [ F88FB26547FD2CE6D0A5AF2985892C48, F02E06E16830F5D3FAF61991F5A91E54BB3461F58AFE3BFB7A9066CD302B879F ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
    22:54:46.0473 0x0b70  E1G60 - ok
    22:54:46.0507 0x0b70  [ E88B0CFCECF745211BBA87F44F85D0DD, 919C228ED7171BB54F7D3D97FAC8652BA4C926E7887BE9E28DAEFE04D93074A8 ] eabfiltr        C:\Windows\system32\DRIVERS\eabfiltr.sys
    22:54:46.0509 0x0b70  eabfiltr - ok
    22:54:46.0562 0x0b70  [ CECB58460674339202F79BA1345D8527, 1032E726D64C3432704FE90A7B63A37E854A83389AD3A997C0916628C452F71F ] eamonm          C:\Windows\system32\DRIVERS\eamonm.sys
    22:54:46.0566 0x0b70  eamonm - ok
    22:54:46.0588 0x0b70  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
    22:54:46.0591 0x0b70  EapHost - ok
    22:54:46.0624 0x0b70  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
    22:54:46.0629 0x0b70  Ecache - ok
    22:54:46.0666 0x0b70  [ C79916F203E1A2CBBE99F22D6E5D21DA, 84749E7067927AD437D38BEFEA12B40C3E849216F26338F707694918206C4C2A ] ehdrv           C:\Windows\system32\DRIVERS\ehdrv.sys
    22:54:46.0669 0x0b70  ehdrv - ok
    22:54:46.0781 0x0b70  [ 4CB575D97653FA91FFB02DA3105EB084, 59FB4D2485EEDBCC56D92C1F5DF3FEAE67D751F3AD7AEA7590F3C73107C829E8 ] ekrn            C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    22:54:46.0806 0x0b70  ekrn - ok
    22:54:46.0858 0x0b70  [ E8F3F21A71720C84BCF423B80028359F, 63114E6120F634224A0E83A5047B37C7D6F26CF99FE3C01CFC0AB8B1763BB084 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
    22:54:46.0875 0x0b70  elxstor - ok
    22:54:46.0929 0x0b70  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
    22:54:46.0955 0x0b70  EMDMgmt - ok
    22:54:46.0990 0x0b70  [ FBF7A9D02B76AE2D2891BA5B2116DB22, FABABCE4130EC2DB8E8F3F666BC22E651382FEAC5A8F58B4A15F8C2D0807855F ] epfwwfpr        C:\Windows\system32\DRIVERS\epfwwfpr.sys
    22:54:46.0993 0x0b70  epfwwfpr - ok
    22:54:47.0086 0x0b70  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
    22:54:47.0114 0x0b70  EventSystem - ok
    22:54:47.0197 0x0b70  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
    22:54:47.0200 0x0b70  exfat - ok
    22:54:47.0239 0x0b70  [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
    22:54:47.0268 0x0b70  fastfat - ok
    22:54:47.0315 0x0b70  [ DFBA0F60FA301E5B1BFB1403A93EE23E, 727A01AA77BFD6B6FEB394A4C4CCBDB785987A1904F8EED3739A5F6D03C15965 ] Fax             C:\Windows\system32\fxssvc.exe
    22:54:47.0339 0x0b70  Fax - ok
    22:54:47.0391 0x0b70  [ 63BDADA84951B9C03E641800E176898A, AD3EA20CAD0E0C438422D5D39AEA9E0AAD9E1DC866A696AE503C76F5FAC4BE6E ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
    22:54:47.0392 0x0b70  fdc - ok
    22:54:47.0429 0x0b70  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
    22:54:47.0431 0x0b70  fdPHost - ok
    22:54:47.0453 0x0b70  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
    22:54:47.0455 0x0b70  FDResPub - ok
    22:54:47.0477 0x0b70  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
    22:54:47.0480 0x0b70  FileInfo - ok
    22:54:47.0515 0x0b70  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
    22:54:47.0518 0x0b70  Filetrace - ok
    22:54:47.0539 0x0b70  [ 6603957EFF5EC62D25075EA8AC27DE68, B52D112301A6BFBD60959D7D2502AB2E1EB6BB7F5DCED46899F1F006C7F1E887 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
    22:54:47.0541 0x0b70  flpydisk - ok
    22:54:47.0580 0x0b70  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
    22:54:47.0587 0x0b70  FltMgr - ok
    22:54:47.0674 0x0b70  [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
    22:54:47.0713 0x0b70  FontCache - ok
    22:54:47.0765 0x0b70  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    22:54:47.0769 0x0b70  FontCache3.0.0.0 - ok
    22:54:47.0796 0x0b70  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
    22:54:47.0797 0x0b70  Fs_Rec - ok
    22:54:47.0823 0x0b70  [ 4E1CD0A45C50A8882616CAE5BF82F3C5, 1B909AF150F7119A5685999451A85012F4A92F15F38390A281EA507E2D247BAE ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
    22:54:47.0825 0x0b70  gagp30kx - ok
    22:54:47.0846 0x0b70  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    22:54:47.0847 0x0b70  GEARAspiWDM - ok
    22:54:47.0898 0x0b70  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
    22:54:47.0923 0x0b70  gpsvc - ok
    22:54:47.0995 0x0b70  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
    22:54:48.0000 0x0b70  gupdate - ok
    22:54:48.0007 0x0b70  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
    22:54:48.0009 0x0b70  gupdatem - ok
    22:54:48.0028 0x0b70  [ DE15777902A5D9121857D155873A1D1B, 98D6E8204B9A773C8B11D6011ADC77676B0F94F6236CC764D3234FFD43AC86EB ] HBtnKey         C:\Windows\system32\DRIVERS\cpqbttn.sys
    22:54:48.0029 0x0b70  HBtnKey - ok
    22:54:48.0068 0x0b70  [ 3F90E001369A07243763BD5A523D8722, 25907F85787D879E75C3FE74C93567382AFB2D528BEEC61D71E3A6BE2D71DFBE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    22:54:48.0076 0x0b70  HdAudAddService - ok
    22:54:48.0117 0x0b70  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
    22:54:48.0142 0x0b70  HDAudBus - ok
    22:54:48.0178 0x0b70  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
    22:54:48.0180 0x0b70  HidBth - ok
    22:54:48.0197 0x0b70  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
    22:54:48.0198 0x0b70  HidIr - ok
    22:54:48.0236 0x0b70  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\system32\hidserv.dll
    22:54:48.0238 0x0b70  hidserv - ok
    22:54:48.0250 0x0b70  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
    22:54:48.0251 0x0b70  HidUsb - ok
    22:54:48.0269 0x0b70  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
    22:54:48.0273 0x0b70  hkmsvc - ok
    22:54:48.0323 0x0b70  [ C7FFA37D98EB5750C087EE6073BA8331, 943A546C009C13CBB722B85EB2C18D65CEFE19C27508CBC34A218B1131FC18D3 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    22:54:48.0325 0x0b70  HP Health Check Service - ok
    22:54:48.0342 0x0b70  [ DF353B401001246853763C4B7AAA6F50, 05C043493BDD99DEFBB0F5C3D8C475B06C2BF5629565ACF6F3B754002519B836 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
    22:54:48.0343 0x0b70  HpCISSs - ok
    22:54:48.0365 0x0b70  [ A27494A9325C0D06C89CF47F25DA8C46, 8DDCB49A0415E0BF089AD2BF26ED9EF9D9DFD7CD8E95BBC0B398631DA206D41A ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
    22:54:48.0367 0x0b70  hpdskflt - ok
    22:54:48.0393 0x0b70  [ 04C1DCBB226C6AE647B794833CE3CEB6, 7C89908766962169FA877D1A78C3628EDBAE2B25A3BBEE6DBB1D19C272A428D0 ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    22:54:48.0408 0x0b70  hpqwmiex - ok
    22:54:48.0425 0x0b70  [ A3A9C44E2A75984E80EBE4181E9D1CF9, F019FDBBA372603DB49AC84C634B22460D8BD2A68D61DB30601F0C9636716895 ] hpsrv           C:\Windows\system32\Hpservice.exe
    22:54:48.0427 0x0b70  hpsrv - ok
    22:54:48.0475 0x0b70  [ 46D67209550973257601A533E2AC5785, 3C0D97781947BA8532344AA5D9F3B684761B5B3263A0A294F4593E76EE41DB0C ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    22:54:48.0482 0x0b70  HSFHWAZL - ok
    22:54:48.0557 0x0b70  [ 7BC42C65B5C6281777C1A7605B253BA8, 71885EB4E8625450ECA4623466FB3D5437DAABE739A5DC3B5F4CF982A65F8A86 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
    22:54:48.0608 0x0b70  HSF_DPV - ok
    22:54:48.0634 0x0b70  [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E, A11CE324DD8E8BDFFDF513429C32D3C16EC79DC9A7517048587759B26BF38583 ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    22:54:48.0642 0x0b70  HSXHWAZL - ok
    22:54:48.0656 0x0b70  HTCAND32 - ok
    22:54:48.0704 0x0b70  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
    22:54:48.0730 0x0b70  HTTP - ok
    22:54:48.0774 0x0b70  [ 324C2152FF2C61ABAE92D09F3CCA4D63, 2D09964C8003277F7DB1FFAA0DAEF15B205F3C4100FF601950BC9E544DC0B91F ] i2omp           C:\Windows\system32\drivers\i2omp.sys
    22:54:48.0776 0x0b70  i2omp - ok
    22:54:48.0825 0x0b70  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
    22:54:48.0827 0x0b70  i8042prt - ok
    22:54:48.0850 0x0b70  [ C957BF4B5D80B46C5017BF0101E6C906, 6B9186335E50E7E0DBAF574A224E524EC526B57AA02F509E4A8D0F905C9CE880 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
    22:54:48.0857 0x0b70  iaStorV - ok
    22:54:48.0943 0x0b70  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    22:54:48.0946 0x0b70  IDriverT - ok
    22:54:49.0017 0x0b70  [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    22:54:49.0050 0x0b70  idsvc - ok
    22:54:49.0072 0x0b70  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
    22:54:49.0074 0x0b70  iirsp - ok
    22:54:49.0126 0x0b70  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
    22:54:49.0151 0x0b70  IKEEXT - ok
    22:54:49.0190 0x0b70  [ 97469037714070E45194ED318D636401, DDB5AE39BE0BD37ECB44969A5FA740E5B1169342347D0DB3E5DF0353A6708271 ] intelide        C:\Windows\system32\drivers\intelide.sys
    22:54:49.0191 0x0b70  intelide - ok
    22:54:49.0221 0x0b70  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
    22:54:49.0222 0x0b70  intelppm - ok
    22:54:49.0247 0x0b70  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
    22:54:49.0250 0x0b70  IPBusEnum - ok
    22:54:49.0275 0x0b70  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
    22:54:49.0277 0x0b70  IpFilterDriver - ok
    22:54:49.0310 0x0b70  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
    22:54:49.0317 0x0b70  iphlpsvc - ok
    22:54:49.0321 0x0b70  IpInIp - ok
    22:54:49.0393 0x0b70  [ 40F34F8ABA2A015D780E4B09138B6C17, 22F86888C6B4F76836E863A90730D8F0DBD518305D87A399A159387E79E9D2F7 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
    22:54:49.0395 0x0b70  IPMIDRV - ok
    22:54:49.0434 0x0b70  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
    22:54:49.0437 0x0b70  IPNAT - ok
    22:54:49.0496 0x0b70  [ 066F2BBE2EEC9A42B065B552BF356B4E, AE86DB5BFD4748C54C0C224E7FBEA3C032F1071A39303DF35AA04869D3950B7A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
    22:54:49.0521 0x0b70  iPod Service - ok
    22:54:49.0557 0x0b70  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
    22:54:49.0559 0x0b70  IRENUM - ok
    22:54:49.0590 0x0b70  [ 350FCA7E73CF65BCEF43FAE1E4E91293, 68403FE3F4DC40919CD26A2CC42BE4386AE6874F47DD382348FFD79080721A13 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
    22:54:49.0592 0x0b70  isapnp - ok
    22:54:49.0632 0x0b70  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
    22:54:49.0638 0x0b70  iScsiPrt - ok
    22:54:49.0658 0x0b70  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
    22:54:49.0660 0x0b70  iteatapi - ok
    22:54:49.0684 0x0b70  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
    22:54:49.0686 0x0b70  iteraid - ok
    22:54:49.0759 0x0b70  [ 213822072085B5BBAD9AF30AB577D817, 2C373B804D840933EC3A5F3ABFC43E47C2636CDB2431AB51846C565077B7C468 ] IviRegMgr       C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    22:54:49.0763 0x0b70  IviRegMgr - ok
    22:54:49.0800 0x0b70  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
    22:54:49.0803 0x0b70  kbdclass - ok
    22:54:49.0818 0x0b70  [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
    22:54:49.0820 0x0b70  kbdhid - ok
    22:54:49.0845 0x0b70  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
    22:54:49.0846 0x0b70  KeyIso - ok
    22:54:49.0884 0x0b70  [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
    22:54:49.0909 0x0b70  KSecDD - ok
    22:54:49.0951 0x0b70  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
    22:54:49.0966 0x0b70  KtmRm - ok
    22:54:49.0991 0x0b70  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\system32\srvsvc.dll
    22:54:49.0996 0x0b70  LanmanServer - ok
    22:54:50.0033 0x0b70  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    22:54:50.0040 0x0b70  LanmanWorkstation - ok
    22:54:50.0075 0x0b70  [ 31D8B705DCD5F2366186E731F87C7A71, D73DC732EF74C3C0EADD650B65BC6EEB44EA2C4E86BFD5BE989971A34FBA160A ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    22:54:50.0077 0x0b70  LightScribeService - ok
    22:54:50.0099 0x0b70  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
    22:54:50.0102 0x0b70  lltdio - ok
    22:54:50.0127 0x0b70  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
    22:54:50.0134 0x0b70  lltdsvc - ok
    22:54:50.0164 0x0b70  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
    22:54:50.0166 0x0b70  lmhosts - ok
    22:54:50.0200 0x0b70  [ A2262FB9F28935E862B4DB46438C80D2, 792684A68726BC007ACABB584682FDF4F059AE60888FB5B47ED68A97EA0BB5E6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
    22:54:50.0202 0x0b70  LSI_FC - ok
    22:54:50.0225 0x0b70  [ 30D73327D390F72A62F32C103DAF1D6D, 7BB5BFB0DCF33AF9907539B52DF7BA1943C1E75A17715B58DBC702ACA6D406EA ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
    22:54:50.0228 0x0b70  LSI_SAS - ok
    22:54:50.0270 0x0b70  [ E1E36FEFD45849A95F1AB81DE0159FE3, DA02B23A881D156A02D3874B41E6D042F84AD558B434280A6A6AC6B619668647 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
    22:54:50.0273 0x0b70  LSI_SCSI - ok
    22:54:50.0304 0x0b70  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
    22:54:50.0307 0x0b70  luafv - ok
    22:54:50.0326 0x0b70  [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
    22:54:50.0328 0x0b70  mdmxsdk - ok
    22:54:50.0348 0x0b70  [ D153B14FC6598EAE8422A2037553ADCE, D5408B07B6EBA0146A605F11106497DC3DF8EC72E0DCC44BE1366A2A58ABE478 ] megasas         C:\Windows\system32\drivers\megasas.sys
    22:54:50.0350 0x0b70  megasas - ok
    22:54:50.0378 0x0b70  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
    22:54:50.0380 0x0b70  MMCSS - ok
    22:54:50.0402 0x0b70  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
    22:54:50.0404 0x0b70  Modem - ok
    22:54:50.0424 0x0b70  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
    22:54:50.0426 0x0b70  monitor - ok
    22:54:50.0435 0x0b70  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
    22:54:50.0437 0x0b70  mouclass - ok
    22:54:50.0450 0x0b70  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
    22:54:50.0452 0x0b70  mouhid - ok
    22:54:50.0462 0x0b70  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
    22:54:50.0465 0x0b70  MountMgr - ok
    22:54:50.0504 0x0b70  [ 583A41F26278D9E0EA548163D6139397, 1F09D2FEEE1A8D4F1D9E53596158154099FD436A408F7E72E40F50778A3838A1 ] mpio            C:\Windows\system32\drivers\mpio.sys
    22:54:50.0507 0x0b70  mpio - ok
    22:54:50.0522 0x0b70  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
    22:54:50.0525 0x0b70  mpsdrv - ok
    22:54:50.0572 0x0b70  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
    22:54:50.0595 0x0b70  MpsSvc - ok
    22:54:50.0614 0x0b70  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
    22:54:50.0616 0x0b70  Mraid35x - ok
    22:54:50.0653 0x0b70  [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
    22:54:50.0658 0x0b70  MRxDAV - ok
    22:54:50.0675 0x0b70  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
    22:54:50.0681 0x0b70  mrxsmb - ok
    22:54:50.0704 0x0b70  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
    22:54:50.0714 0x0b70  mrxsmb10 - ok
    22:54:50.0731 0x0b70  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
    22:54:50.0735 0x0b70  mrxsmb20 - ok
    22:54:50.0755 0x0b70  [ 5457DCFA7C0DA43522F4D9D4049C1472, C8B0FD8F96E4FC5CB4B74D5968E808F44B4371F0A797B1D368E6A6080CB862FD ] msahci          C:\Windows\system32\drivers\msahci.sys
    22:54:50.0756 0x0b70  msahci - ok
    22:54:50.0783 0x0b70  [ 3FC82A2AE4CC149165A94699183D3028, 8575BE62A209672A5D8C68D75BBBB4FF06220CA73A939B0793442DAD2272598C ] msdsm           C:\Windows\system32\drivers\msdsm.sys
    22:54:50.0786 0x0b70  msdsm - ok
    22:54:50.0814 0x0b70  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
    22:54:50.0819 0x0b70  MSDTC - ok
    22:54:50.0841 0x0b70  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
    22:54:50.0844 0x0b70  Msfs - ok
    22:54:50.0883 0x0b70  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
    22:54:50.0884 0x0b70  msisadrv - ok
    22:54:50.0915 0x0b70  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
    22:54:50.0920 0x0b70  MSiSCSI - ok
    22:54:50.0925 0x0b70  msiserver - ok
    22:54:50.0954 0x0b70  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
    22:54:50.0955 0x0b70  MSKSSRV - ok
    22:54:50.0982 0x0b70  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
    22:54:50.0985 0x0b70  MSPCLOCK - ok
    22:54:51.0030 0x0b70  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
    22:54:51.0031 0x0b70  MSPQM - ok
    22:54:51.0068 0x0b70  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
    22:54:51.0072 0x0b70  MsRPC - ok
    22:54:51.0082 0x0b70  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
    22:54:51.0083 0x0b70  mssmbios - ok
    22:54:51.0118 0x0b70  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
    22:54:51.0119 0x0b70  MSTEE - ok
    22:54:51.0125 0x0b70  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
    22:54:51.0127 0x0b70  Mup - ok
    22:54:51.0166 0x0b70  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
    22:54:51.0182 0x0b70  napagent - ok
    22:54:51.0222 0x0b70  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
    22:54:51.0229 0x0b70  NativeWifiP - ok
    22:54:51.0291 0x0b70  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
    22:54:51.0315 0x0b70  NDIS - ok
    22:54:51.0337 0x0b70  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
    22:54:51.0339 0x0b70  NdisTapi - ok
    22:54:51.0360 0x0b70  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
    22:54:51.0362 0x0b70  Ndisuio - ok
    22:54:51.0393 0x0b70  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
    22:54:51.0397 0x0b70  NdisWan - ok
    22:54:51.0419 0x0b70  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
    22:54:51.0421 0x0b70  NDProxy - ok
    22:54:51.0451 0x0b70  [ 80B7A96F908DA13617E7E6832C5C6A64, 08B81AFE120B8064B6E001BDF424168305D55F38AE2071300F57C8EA32BEAE56 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    22:54:51.0453 0x0b70  Net Driver HPZ12 - ok
    22:54:51.0469 0x0b70  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
    22:54:51.0471 0x0b70  NetBIOS - ok
    22:54:51.0504 0x0b70  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
    22:54:51.0511 0x0b70  netbt - ok
    22:54:51.0520 0x0b70  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
    22:54:51.0521 0x0b70  Netlogon - ok
    22:54:51.0569 0x0b70  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
    22:54:51.0577 0x0b70  Netman - ok
    22:54:51.0620 0x0b70  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    22:54:51.0624 0x0b70  NetMsmqActivator - ok
    22:54:51.0630 0x0b70  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    22:54:51.0633 0x0b70  NetPipeActivator - ok
    22:54:51.0670 0x0b70  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
    22:54:51.0678 0x0b70  netprofm - ok
    22:54:51.0685 0x0b70  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    22:54:51.0688 0x0b70  NetTcpActivator - ok
    22:54:51.0696 0x0b70  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    22:54:51.0699 0x0b70  NetTcpPortSharing - ok
    22:54:51.0799 0x0b70  [ A15F219208843A5A210C8CB391384453, E333018B7A841F1E1E6E4A56BA05B4A4FDF46866B3697747ADCF4CA0F43D8A1D ] NETw3v32        C:\Windows\system32\DRIVERS\NETw3v32.sys
    22:54:51.0867 0x0b70  NETw3v32 - ok
    22:54:52.0008 0x0b70  [ 1D73499A6664B4DA05D750FF83FDB274, 8A299843DFF7DEEFB639440074C63FC88548FE4EE897FBA9F3B0FE65D17C45FA ] NETw4v32        C:\Windows\system32\DRIVERS\NETw4v32.sys
    22:54:52.0105 0x0b70  NETw4v32 - ok
    22:54:52.0268 0x0b70  [ 8DE67BD902095A13329FD82C85A1FA09, 7F0B058D0C306A845F7BF14B24B0BDBCE6F152A054331072549F46284E75A367 ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys
    22:54:52.0453 0x0b70  NETw5v32 - ok
    22:54:52.0478 0x0b70  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
    22:54:52.0480 0x0b70  nfrd960 - ok
    22:54:52.0503 0x0b70  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
    22:54:52.0509 0x0b70  NlaSvc - ok
    22:54:52.0541 0x0b70  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
    22:54:52.0542 0x0b70  Npfs - ok
    22:54:52.0565 0x0b70  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
    22:54:52.0567 0x0b70  nsi - ok
    22:54:52.0583 0x0b70  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
    22:54:52.0584 0x0b70  nsiproxy - ok
    22:54:52.0645 0x0b70  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
    22:54:52.0678 0x0b70  Ntfs - ok
    22:54:52.0702 0x0b70  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
    22:54:52.0703 0x0b70  ntrigdigi - ok
    22:54:52.0722 0x0b70  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
    22:54:52.0723 0x0b70  Null - ok
    22:54:52.0740 0x0b70  [ E69E946F80C1C31C53003BFBF50CBB7C, A0A4BC57822B2CBC75602A969E28DCEDE04B41CC084E1EF1532B1BCDAEAA43BB ] nvraid          C:\Windows\system32\drivers\nvraid.sys
    22:54:52.0744 0x0b70  nvraid - ok
    22:54:52.0771 0x0b70  [ 9E0BA19A28C498A6D323D065DB76DFFC, EA9E33ED2820ED39932FAE114A9CF1D87780ED6605D0260A6F22F920B48F34E9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
    22:54:52.0773 0x0b70  nvstor - ok
    22:54:52.0793 0x0b70  [ 07C186427EB8FCC3D8D7927187F260F7, 9AFDE1CB7B7232BD019804BFC691580B9CC2E51A5BC0E5584B23907D532600D8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
    22:54:52.0797 0x0b70  nv_agp - ok
    22:54:52.0802 0x0b70  NwlnkFlt - ok
    22:54:52.0808 0x0b70  NwlnkFwd - ok
    22:54:52.0838 0x0b70  [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
    22:54:52.0840 0x0b70  ohci1394 - ok
    22:54:52.0915 0x0b70  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    22:54:53.0116 0x0b70  ose - ok
    22:54:53.0328 0x0b70  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    22:54:53.0504 0x0b70  osppsvc - ok
    22:54:53.0563 0x0b70  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
    22:54:53.0596 0x0b70  p2pimsvc - ok
    22:54:53.0630 0x0b70  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
    22:54:53.0642 0x0b70  p2psvc - ok
    22:54:53.0678 0x0b70  [ 8A79FDF04A73428597E2CAF9D0D67850, DB438FDE5510AB2F350ED1AC4CF0E99D3CC665FE46533A438A8FDA4DAF950F93 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
    22:54:53.0681 0x0b70  Parport - ok
    22:54:53.0706 0x0b70  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
    22:54:53.0708 0x0b70  partmgr - ok
    22:54:53.0717 0x0b70  [ 6C580025C81CAF3AE9E3617C22CAD00E, 64F9061196462085E5DCD3ACB97A0D8FC67CA9A96DDD6E2103AFFF1593AE236A ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
    22:54:53.0719 0x0b70  Parvdm - ok
    22:54:53.0738 0x0b70  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
    22:54:53.0741 0x0b70  PcaSvc - ok
    22:54:53.0768 0x0b70  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
    22:54:53.0773 0x0b70  pci - ok
    22:54:53.0805 0x0b70  [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
    22:54:53.0807 0x0b70  pciide - ok
    22:54:53.0839 0x0b70  [ 3BB2244F343B610C29C98035504C9B75, DA61EC2600199DFA32020D0484E9BBF5E0742E7C8C952370BF6FAF91C914A999 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
    22:54:53.0846 0x0b70  pcmcia - ok
    22:54:53.0866 0x0b70  pdfcDispatcher - ok
    22:54:53.0925 0x0b70  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
    22:54:53.0965 0x0b70  PEAUTH - ok
    22:54:54.0055 0x0b70  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
    22:54:54.0119 0x0b70  pla - ok
    22:54:54.0156 0x0b70  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
    22:54:54.0164 0x0b70  PlugPlay - ok
    22:54:54.0175 0x0b70  [ 0C155C5D8942B3CBCF9506A9D376B9AD, 37F4878548DD7063CA31FB21D6955A45C25F648C332A736DA84DEA5AAE7486AF ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    22:54:54.0177 0x0b70  Pml Driver HPZ12 - ok
    22:54:54.0240 0x0b70  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
    22:54:54.0253 0x0b70  PNRPAutoReg - ok
    22:54:54.0279 0x0b70  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
    22:54:54.0291 0x0b70  PNRPsvc - ok
    22:54:54.0320 0x0b70  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
    22:54:54.0337 0x0b70  PolicyAgent - ok
    22:54:54.0363 0x0b70  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
    22:54:54.0365 0x0b70  PptpMiniport - ok
    22:54:54.0389 0x0b70  [ 0E3CEF5D28B40CF273281D620C50700A, 8ADA99B4563AE2129B95136295EE92A94102B035EBBC83D4C8587ECE8B0DEE60 ] Processor       C:\Windows\system32\drivers\processr.sys
    22:54:54.0391 0x0b70  Processor - ok
    22:54:54.0421 0x0b70  [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
    22:54:54.0427 0x0b70  ProfSvc - ok
    22:54:54.0437 0x0b70  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
    22:54:54.0438 0x0b70  ProtectedStorage - ok
    22:54:54.0463 0x0b70  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
    22:54:54.0465 0x0b70  PSched - ok
    22:54:54.0479 0x0b70  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E, 20ABD8372B242FD356AC143E7EB56F93CFEA4988ED1B0C4434CB64C387D7F66C ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
    22:54:54.0481 0x0b70  PxHelp20 - ok
    22:54:54.0532 0x0b70  [ CCDAC889326317792480C0A67156A1EC, 3D3B561B6D4E12DE442C98993C929765F002AF5CFB5A00EFACE6ABE957F7E8AF ] ql2300          C:\Windows\system32\drivers\ql2300.sys
    22:54:54.0573 0x0b70  ql2300 - ok
    22:54:54.0594 0x0b70  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
    22:54:54.0599 0x0b70  ql40xx - ok
    22:54:54.0634 0x0b70  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
    22:54:54.0642 0x0b70  QWAVE - ok
    22:54:54.0660 0x0b70  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
    22:54:54.0662 0x0b70  QWAVEdrv - ok
    22:54:54.0784 0x0b70  [ 1FA6B621C94EE41B312F1F4F320C05A4, 8A9643B375817555852FED46F6DFE840B2652CECAEDB2F6281D2573595D7EBDD ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
    22:54:54.0840 0x0b70  R300 - ok
    22:54:54.0867 0x0b70  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
    22:54:54.0869 0x0b70  RasAcd - ok
    22:54:54.0898 0x0b70  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
    22:54:54.0904 0x0b70  RasAuto - ok
    22:54:54.0931 0x0b70  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
    22:54:54.0935 0x0b70  Rasl2tp - ok
    22:54:54.0969 0x0b70  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
    22:54:54.0980 0x0b70  RasMan - ok
    22:54:55.0008 0x0b70  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
    22:54:55.0011 0x0b70  RasPppoe - ok
    22:54:55.0044 0x0b70  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
    22:54:55.0058 0x0b70  RasSstp - ok
    22:54:55.0106 0x0b70  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
    22:54:55.0114 0x0b70  rdbss - ok
    22:54:55.0125 0x0b70  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
    22:54:55.0126 0x0b70  RDPCDD - ok
    22:54:55.0153 0x0b70  [ 943B18305EAE3935598A9B4A3D560B4C, E083FA4B9CA1A24031FF23A54942372D7FB3F02F62EE3580F01BEC3229DB2101 ] rdpdr           C:\Windows\system32\DRIVERS\rdpdr.sys
    22:54:55.0163 0x0b70  rdpdr - ok
    22:54:55.0170 0x0b70  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
    22:54:55.0173 0x0b70  RDPENCDD - ok
    22:54:55.0273 0x0b70  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
    22:54:55.0320 0x0b70  RDPWD - ok
    22:54:55.0353 0x0b70  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
    22:54:55.0358 0x0b70  RemoteAccess - ok
    22:54:55.0394 0x0b70  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
    22:54:55.0417 0x0b70  RemoteRegistry - ok
    22:54:55.0473 0x0b70  [ 7EC90C316177BA3F1BCE92005264B447, C588611E4BD68F8220B189CBA72929A9C4143932FEF673D2676D83B2821237C2 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
    22:54:55.0498 0x0b70  RFCOMM - ok
    22:54:55.0538 0x0b70  [ 355AAC141B214BEF1DBC1483AFD9BD50, EB9AF96E81C1644C0190D269119BE71C63B60D50153C6EA2659B488C4456DBDF ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
    22:54:55.0542 0x0b70  rimmptsk - ok
    22:54:55.0572 0x0b70  [ 7C21554942BEF51CBD84FD7D4E62CB9A, 3D9DC1D78EFB5B5C80FD981AE0480581231D4DE365AEEE504E4D91527327CD73 ] rismc32         C:\Windows\system32\DRIVERS\rismc32.sys
    22:54:55.0575 0x0b70  rismc32 - ok
    22:54:55.0954 0x0b70  [ AD1411A7EA50F2F97A73A3F51153066E, ED0A3DC010FA4C0CD94E5974017D63566AED01397B2358525C43095098F73ECB ] RoxMediaDB9     c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    22:54:56.0043 0x0b70  RoxMediaDB9 - ok
    22:54:56.0087 0x0b70  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
    22:54:56.0092 0x0b70  RpcLocator - ok
    22:54:56.0430 0x0b70  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
    22:54:56.0465 0x0b70  RpcSs - ok
    22:54:56.0969 0x0b70  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
    22:54:57.0098 0x0b70  rspndr - ok
    22:54:57.0121 0x0b70  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
    22:54:57.0125 0x0b70  SamSs - ok
    22:54:57.0170 0x0b70  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
    22:54:57.0186 0x0b70  sbp2port - ok
    22:54:57.0224 0x0b70  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
    22:54:57.0242 0x0b70  SCardSvr - ok
    22:54:57.0439 0x0b70  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
    22:54:57.0528 0x0b70  Schedule - ok
    22:54:57.0564 0x0b70  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
    22:54:57.0568 0x0b70  SCPolicySvc - ok
    22:54:57.0614 0x0b70  [ 8F36B54688C31EED4580129040C6A3D3, DC150689CBAEEC94B9DE0CA6A633FAD16CDDDC452521232E0C2A44BAE61E08D9 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
    22:54:57.0622 0x0b70  sdbus - ok
    22:54:57.0658 0x0b70  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
    22:54:57.0679 0x0b70  SDRSVC - ok
    22:54:57.0711 0x0b70  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
    22:54:57.0714 0x0b70  secdrv - ok
    22:54:57.0779 0x0b70  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
    22:54:57.0786 0x0b70  seclogon - ok
    22:54:57.0817 0x0b70  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
    22:54:57.0825 0x0b70  SENS - ok
    22:54:57.0918 0x0b70  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
    22:54:58.0017 0x0b70  Serenum - ok
    22:54:58.0054 0x0b70  [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
    22:54:58.0058 0x0b70  Serial - ok
    22:54:58.0076 0x0b70  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
    22:54:58.0077 0x0b70  sermouse - ok
    22:54:58.0110 0x0b70  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
    22:54:58.0116 0x0b70  SessionEnv - ok
    22:54:58.0133 0x0b70  [ 103B79418DA647736EE95645F305F68A, E4D356FD8C62B616D3584FE84905995A1CEE452288E3A456CC358FF41FEAB1B7 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
    22:54:58.0134 0x0b70  sffdisk - ok
    22:54:58.0151 0x0b70  [ 8FD08A310645FE872EEEC6E08C6BF3EE, 702A148C9DE172E7B5E331F057487255E0729FD42F949BB0FF2D5A01775933CF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
    22:54:58.0152 0x0b70  sffp_mmc - ok
    22:54:58.0162 0x0b70  [ 9CFA05FCFCB7124E69CFC812B72F9614, E9CFCE695E4D1AF146781CFAA295878536E573F06AEA65438878DE29EC9959AD ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
    22:54:58.0164 0x0b70  sffp_sd - ok
    22:54:58.0185 0x0b70  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
    22:54:58.0186 0x0b70  sfloppy - ok
    22:54:58.0211 0x0b70  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
    22:54:58.0220 0x0b70  SharedAccess - ok
    22:54:58.0247 0x0b70  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    22:54:58.0253 0x0b70  ShellHWDetection - ok
    22:54:58.0280 0x0b70  [ D2A595D6EEBEEAF4334F8E50EFBC9931, 851B8205C657BF806C4D815DC75356E99B4246016B6E1C1F51BAF8AD1E6D5299 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
    22:54:58.0282 0x0b70  sisagp - ok
    22:54:58.0305 0x0b70  [ CEDD6F4E7D84E9F98B34B3FE988373AA, E102977E6FAC30B5ABEEC0B412A9F2A10C5C42F4D9C3AD69296BF9E1E88B6141 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
    22:54:58.0308 0x0b70  SiSRaid2 - ok
    22:54:58.0332 0x0b70  [ DF843C528C4F69D12CE41CE462E973A7, A2BEC74FCB8D8B6B9D8DD4746C013DFDF1DD662AEFE9B88CA495E5B83B4A76F9 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
    22:54:58.0336 0x0b70  SiSRaid4 - ok
    22:54:58.0491 0x0b70  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
    22:54:58.0632 0x0b70  slsvc - ok
    22:54:58.0695 0x0b70  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
    22:54:58.0699 0x0b70  SLUINotify - ok
    22:54:58.0726 0x0b70  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
    22:54:58.0729 0x0b70  Smb - ok
    22:54:58.0757 0x0b70  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
    22:54:58.0760 0x0b70  SNMPTRAP - ok
    22:54:58.0776 0x0b70  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
    22:54:58.0777 0x0b70  spldr - ok
    22:54:58.0801 0x0b70  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
    22:54:58.0806 0x0b70  Spooler - ok
    22:54:58.0832 0x0b70  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
    22:54:58.0848 0x0b70  srv - ok
    22:54:58.0865 0x0b70  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
    22:54:58.0871 0x0b70  srv2 - ok
    22:54:58.0886 0x0b70  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
    22:54:58.0890 0x0b70  srvnet - ok
    22:54:58.0905 0x0b70  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
    22:54:58.0912 0x0b70  SSDPSRV - ok
    22:54:58.0935 0x0b70  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
    22:54:58.0941 0x0b70  SstpSvc - ok
    22:54:58.0964 0x0b70  [ EF70B3D22B4BFFDA6EA851ECB063EFAA, 1666572F8F988805C3A2E949FA6B060B35B72DBB115B86F4CFC710FB6A86C3E3 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
    22:54:58.0965 0x0b70  StillCam - ok
    22:54:59.0001 0x0b70  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
    22:54:59.0026 0x0b70  stisvc - ok
    22:54:59.0077 0x0b70  [ B254B1434208F280EDF3785613DCC41B, 9AAA4D0CF65724BAB94A35DB3124790A34CDF6F4B0704FB5CEB7CE1308866546 ] stllssvr        c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    22:54:59.0080 0x0b70  stllssvr - ok
    22:54:59.0096 0x0b70  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
    22:54:59.0098 0x0b70  swenum - ok
    22:54:59.0151 0x0b70  [ 58C341D38CFA462489B735D89DF6DF12, 5C19AD4800DF1C6F2BB8792A988AD965883126D99A41C2C0B947DA14E70CE25C ] SWIHPWMI        C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
    22:54:59.0157 0x0b70  SWIHPWMI - ok
    22:54:59.0195 0x0b70  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
    22:54:59.0211 0x0b70  swprv - ok
    22:54:59.0244 0x0b70  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
    22:54:59.0246 0x0b70  Symc8xx - ok
    22:54:59.0258 0x0b70  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
    22:54:59.0260 0x0b70  Sym_hi - ok
    22:54:59.0275 0x0b70  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
    22:54:59.0277 0x0b70  Sym_u3 - ok
    22:54:59.0318 0x0b70  [ 8327106D1C93E9A7B98E63B9FCC24BB7, B602BAE109959C363BE72BCB323F63B4D13C862C24F86FE0D98684571F699199 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
    22:54:59.0326 0x0b70  SynTP - ok
    22:54:59.0378 0x0b70  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
    22:54:59.0409 0x0b70  SysMain - ok
    22:54:59.0438 0x0b70  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
    22:54:59.0442 0x0b70  TabletInputService - ok
    22:54:59.0473 0x0b70  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
    22:54:59.0481 0x0b70  TapiSrv - ok
    22:54:59.0502 0x0b70  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
    22:54:59.0506 0x0b70  TBS - ok
    22:54:59.0586 0x0b70  [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
    22:54:59.0627 0x0b70  Tcpip - ok
    22:54:59.0677 0x0b70  [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
    22:54:59.0692 0x0b70  Tcpip6 - ok
    22:54:59.0730 0x0b70  [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
    22:54:59.0732 0x0b70  tcpipreg - ok
    22:54:59.0758 0x0b70  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
    22:54:59.0760 0x0b70  TDPIPE - ok
    22:54:59.0780 0x0b70  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
    22:54:59.0781 0x0b70  TDTCP - ok
    22:54:59.0817 0x0b70  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
    22:54:59.0820 0x0b70  tdx - ok
    22:54:59.0838 0x0b70  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
    22:54:59.0840 0x0b70  TermDD - ok
    22:54:59.0865 0x0b70  [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService     C:\Windows\System32\termsrv.dll
    22:54:59.0875 0x0b70  TermService - ok
    22:54:59.0897 0x0b70  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
    22:54:59.0903 0x0b70  Themes - ok
    22:54:59.0920 0x0b70  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
    22:54:59.0922 0x0b70  THREADORDER - ok
    22:54:59.0956 0x0b70  [ CB258C2F726F1BE73C507022BE33EBB3, 096A6027D3C0D4D09DC4038505FAEA41E5DD9F62782CED648DC14314F138D666 ] TPM             C:\Windows\system32\drivers\tpm.sys
    22:54:59.0958 0x0b70  TPM - ok
    22:54:59.0985 0x0b70  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
    22:54:59.0990 0x0b70  TrkWks - ok
    22:55:00.0034 0x0b70  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    22:55:00.0035 0x0b70  TrustedInstaller - ok
    22:55:00.0061 0x0b70  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
    22:55:00.0063 0x0b70  tssecsrv - ok
    22:55:00.0088 0x0b70  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
    22:55:00.0090 0x0b70  tunmp - ok
    22:55:00.0107 0x0b70  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
    22:55:00.0110 0x0b70  tunnel - ok
    22:55:00.0136 0x0b70  [ C3ADE15414120033A36C0F293D4A4121, 74A002C4B5EBD94E33EDEACB6639AF44ED72A8DDE3083C6DE71C1EE937EF1A9C ] uagp35          C:\Windows\system32\drivers\uagp35.sys
    22:55:00.0138 0x0b70  uagp35 - ok
    22:55:00.0163 0x0b70  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
    22:55:00.0172 0x0b70  udfs - ok
    22:55:00.0202 0x0b70  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
    22:55:00.0206 0x0b70  UI0Detect - ok
    22:55:00.0226 0x0b70  [ 75E6890EBFCE0841D3291B02E7A8BDB0, FDF9CDCCCCC0AA2A52623C5A67AC5F5224557EE4C8F6487CB13CAEB012575E2A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
    22:55:00.0229 0x0b70  uliagpkx - ok
    22:55:00.0259 0x0b70  [ 3CD4EA35A6221B85DCC25DAA46313F8D, 100A7E12B8EA395F70A00874328E87B930CE88FF442F3576FE88B105A22E04C5 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
    22:55:00.0267 0x0b70  uliahci - ok
    22:55:00.0285 0x0b70  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
    22:55:00.0289 0x0b70  UlSata - ok
    22:55:00.0308 0x0b70  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
    22:55:00.0320 0x0b70  ulsata2 - ok
    22:55:00.0356 0x0b70  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
    22:55:00.0358 0x0b70  umbus - ok
    22:55:00.0403 0x0b70  [ 8A66360F38F81E960E2367B428CBD5D9, 349A39BD63E1FF3C3D0249A3BE834D62F3EFC5EA4416269421AF03F10356D3E5 ] UmRdpService    C:\Windows\System32\umrdp.dll
    22:55:00.0417 0x0b70  UmRdpService - ok
    22:55:00.0454 0x0b70  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
    22:55:00.0465 0x0b70  upnphost - ok
    22:55:00.0502 0x0b70  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
    22:55:00.0505 0x0b70  USBAAPL - ok
    22:55:00.0542 0x0b70  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
    22:55:00.0565 0x0b70  usbccgp - ok
    22:55:00.0612 0x0b70  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
    22:55:00.0615 0x0b70  usbcir - ok
    22:55:00.0658 0x0b70  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
    22:55:00.0661 0x0b70  usbehci - ok
    22:55:00.0687 0x0b70  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
    22:55:00.0695 0x0b70  usbhub - ok
    22:55:00.0710 0x0b70  [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
    22:55:00.0712 0x0b70  usbohci - ok
    22:55:00.0727 0x0b70  [ B51E52ACF758BE00EF3A58EA452FE360, 79E629EC5DE8AB7F31B0EE9AE94C71E8F703FED5C09A816228726974F7790C85 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
    22:55:00.0729 0x0b70  usbprint - ok
    22:55:00.0766 0x0b70  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
    22:55:00.0770 0x0b70  USBSTOR - ok
    22:55:00.0792 0x0b70  [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
    22:55:00.0795 0x0b70  usbuhci - ok
    22:55:00.0850 0x0b70  [ 35C9095FA7076466AFBFC5B9EC4B779E, 6E4F8241020DC3353A802849AB7930C8E4271BD19CFA66EDF2F60038CC53D836 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
    22:55:00.0851 0x0b70  usb_rndisx - ok
    22:55:00.0879 0x0b70  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
    22:55:00.0884 0x0b70  UxSms - ok
    22:55:00.0925 0x0b70  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
    22:55:00.0948 0x0b70  vds - ok
    22:55:00.0994 0x0b70  [ 7D92BE0028ECDEDEC74617009084B5EF, D0749CE6FA3415BA4364299F8D6D53F133E8D2F44C6F1057996243415A540A53 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
    22:55:00.0996 0x0b70  vga - ok
    22:55:01.0027 0x0b70  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
    22:55:01.0029 0x0b70  VgaSave - ok
    22:55:01.0050 0x0b70  [ 045D9961E591CF0674A920B6BA3BA5CB, EBF498A0424CEA0F7ECBAAE144A8669CE6B5DD67115DE22CEC5A46AED26CD90B ] viaagp          C:\Windows\system32\drivers\viaagp.sys
    22:55:01.0053 0x0b70  viaagp - ok
    22:55:01.0060 0x0b70  [ 56A4DE5F02F2E88182B0981119B4DD98, 36FC94BCFD41907838DBCB02E6EA24065FDED4224239CD19E90D14433BE9108B ] ViaC7           C:\Windows\system32\drivers\viac7.sys
    22:55:01.0063 0x0b70  ViaC7 - ok
    22:55:01.0080 0x0b70  [ FD2E3175FCADA350C7AB4521DCA187EC, 1C914B184478611A27E0141F90EBC34FC63DFB2A83441DD36DFA43D945FB1C52 ] viaide          C:\Windows\system32\drivers\viaide.sys
    22:55:01.0082 0x0b70  viaide - ok
    22:55:01.0112 0x0b70  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
    22:55:01.0115 0x0b70  volmgr - ok
    22:55:01.0150 0x0b70  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
    22:55:01.0170 0x0b70  volmgrx - ok
    22:55:01.0208 0x0b70  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
    22:55:01.0220 0x0b70  volsnap - ok
    22:55:01.0246 0x0b70  [ D984439746D42B30FC65A4C3546C6829, B134A9890638C2B4964A9C30812A2828A3E0CC641690CBF22D9FCE65EE3C2385 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
    22:55:01.0252 0x0b70  vsmraid - ok
    22:55:01.0331 0x0b70  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
    22:55:01.0402 0x0b70  VSS - ok
    22:55:01.0441 0x0b70  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
    22:55:01.0464 0x0b70  W32Time - ok
    22:55:01.0505 0x0b70  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
    22:55:01.0519 0x0b70  WacomPen - ok
    22:55:01.0552 0x0b70  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
    22:55:01.0555 0x0b70  Wanarp - ok
    22:55:01.0564 0x0b70  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
    22:55:01.0565 0x0b70  Wanarpv6 - ok
    22:55:01.0631 0x0b70  [ 20B23332885DFB93FE0185362EE811E9, 67B8026E8285FEB6E3939DEEE4E0F2FD0FA0917E0ED0F1FAE56B7841AF74C8F8 ] wbengine        C:\Windows\system32\wbengine.exe
    22:55:01.0678 0x0b70  wbengine - ok
    22:55:01.0711 0x0b70  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
    22:55:01.0735 0x0b70  wcncsvc - ok
    22:55:01.0756 0x0b70  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    22:55:01.0759 0x0b70  WcsPlugInService - ok
    22:55:01.0781 0x0b70  [ AFC5AD65B991C1E205CF25CFDBF7A6F4, 544173AE85A11B99B9221DB30B6803DAEB3EB7FCA57FE62F0D13EF70B9C69A89 ] Wd              C:\Windows\system32\drivers\wd.sys
    22:55:01.0783 0x0b70  Wd - ok
    22:55:01.0843 0x0b70  [ D6EFAF429FD30C5DF613D220E344CCE7, 807D4563E8AD4073688691078EB13AF240E14BA5E0C8506A48B3060A20B90082 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam.sys
    22:55:01.0844 0x0b70  WDC_SAM - ok
    22:55:01.0907 0x0b70  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
    22:55:01.0940 0x0b70  Wdf01000 - ok
    22:55:01.0969 0x0b70  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
    22:55:01.0974 0x0b70  WdiServiceHost - ok
    22:55:01.0978 0x0b70  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
    22:55:01.0981 0x0b70  WdiSystemHost - ok
    22:55:02.0010 0x0b70  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
    22:55:02.0017 0x0b70  WebClient - ok
    22:55:02.0046 0x0b70  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
    22:55:02.0051 0x0b70  Wecsvc - ok
    22:55:02.0075 0x0b70  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
    22:55:02.0079 0x0b70  wercplsupport - ok
    22:55:02.0113 0x0b70  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
    22:55:02.0119 0x0b70  WerSvc - ok
    22:55:02.0161 0x0b70  [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4, A6020D41FEA0CC76D0C3CA3A88F3E9493022CD5A549E18B02D69A482B579F339 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
    22:55:02.0166 0x0b70  WimFltr - ok
    22:55:02.0225 0x0b70  [ 5A77AC34A0FFB70CE8B35B524FEDE9BA, 711DD957AF98F1B835ECE0FEBCCF8FCC7763F1DAA232F1C9E80DE6DA123C7F33 ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    22:55:02.0258 0x0b70  winachsf - ok
    22:55:02.0311 0x0b70  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
    22:55:02.0320 0x0b70  WinDefend - ok
    22:55:02.0329 0x0b70  WinHttpAutoProxySvc - ok
    22:55:02.0412 0x0b70  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
    22:55:02.0418 0x0b70  Winmgmt - ok
    22:55:02.0488 0x0b70  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
    22:55:02.0754 0x0b70  WinRM - ok
    22:55:02.0964 0x0b70  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
    22:55:03.0106 0x0b70  Wlansvc - ok
    22:55:03.0155 0x0b70  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
    22:55:03.0157 0x0b70  WmiAcpi - ok
    22:55:03.0236 0x0b70  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
    22:55:03.0607 0x0b70  wmiApSrv - ok
    22:55:03.0714 0x0b70  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
    22:55:03.0764 0x0b70  WMPNetworkSvc - ok
    22:55:03.0795 0x0b70  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
    22:55:03.0799 0x0b70  WPDBusEnum - ok
    22:55:03.0822 0x0b70  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
    22:55:03.0824 0x0b70  WpdUsb - ok
    22:55:03.0910 0x0b70  [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    22:55:03.0951 0x0b70  WPFFontCache_v0400 - ok
    22:55:03.0989 0x0b70  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
    22:55:03.0991 0x0b70  ws2ifsl - ok
    22:55:04.0021 0x0b70  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\System32\wscsvc.dll
    22:55:04.0025 0x0b70  wscsvc - ok
    22:55:04.0030 0x0b70  WSearch - ok
    22:55:04.0129 0x0b70  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
    22:55:04.0203 0x0b70  wuauserv - ok
    22:55:04.0232 0x0b70  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
    22:55:04.0234 0x0b70  WudfPf - ok
    22:55:04.0269 0x0b70  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
    22:55:04.0272 0x0b70  WUDFRd - ok
    22:55:04.0291 0x0b70  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
    22:55:04.0295 0x0b70  wudfsvc - ok
    22:55:04.0312 0x0b70  [ 88AF537264F2B818DA15479CEEAF5D7C, E0F95D6448FFB77351BB63ED444238F891B16748FD09F8BCCA23BEC4E341A96B ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
    22:55:04.0313 0x0b70  XAudio - ok
    22:55:04.0337 0x0b70  [ 15A317674A08DF26BE65164D959E9203, 6EEE0D1711F37936D157651E265A65137BCBFBDA17F066C844BAA0D53558F86A ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
    22:55:04.0347 0x0b70  XAudioService - ok
    22:55:04.0367 0x0b70  ================ Scan global ===============================
    22:55:04.0397 0x0b70  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
    22:55:04.0428 0x0b70  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
    22:55:04.0478 0x0b70  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
    22:55:04.0522 0x0b70  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
    22:55:04.0531 0x0b70  [ Global ] - ok
    22:55:04.0531 0x0b70  ================ Scan MBR ==================================
    22:55:04.0542 0x0b70  [ 3554B00B0DA494B2E00AEE9DC37D7609 ] \Device\Harddisk0\DR0
    22:55:04.0913 0x0b70  \Device\Harddisk0\DR0 - ok
    22:55:04.0914 0x0b70  ================ Scan VBR ==================================
    22:55:04.0916 0x0b70  [ 70DFD2AAB2B66874CFFD81830D7FF357 ] \Device\Harddisk0\DR0\Partition1
    22:55:04.0954 0x0b70  \Device\Harddisk0\DR0\Partition1 - ok
    22:55:04.0956 0x0b70  [ 739222C09382EAE30F41720260D62C03 ] \Device\Harddisk0\DR0\Partition2
    22:55:04.0981 0x0b70  \Device\Harddisk0\DR0\Partition2 - ok
    22:55:04.0983 0x0b70  [ 5EDB772FF558F224CBFD566FC997CB4F ] \Device\Harddisk0\DR0\Partition3
    22:55:04.0985 0x0b70  \Device\Harddisk0\DR0\Partition3 - ok
    22:55:04.0986 0x0b70  Waiting for KSN requests completion. In queue: 32
    22:55:05.0986 0x0b70  Waiting for KSN requests completion. In queue: 32
    22:55:06.0986 0x0b70  Waiting for KSN requests completion. In queue: 32
    22:55:08.0192 0x0b70  AV detected via SS2: ESET NOD32 Antivirus 7.0, C:\Program Files\ESET\ESET NOD32 Antivirus\ecmd.exe ( 7.0.302.0 ), 0x41000 ( enabled : updated )
    22:55:08.0200 0x0b70  Win FW state via NFP2: enabled
    22:55:10.0848 0x0b70  ============================================================
    22:55:10.0848 0x0b70  Scan finished
    22:55:10.0849 0x0b70  ============================================================
    22:55:10.0868 0x1330  Detected object count: 0
    22:55:10.0868 0x1330  Actual detected object count: 0
    22:55:31.0426 0x1770  Deinitialize success
     



    #8 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:07:25 PM

    Posted 17 May 2014 - 05:54 PM

    Ok thanks for that.   :)
     
    Please download DDS from either of these links
     
    LINK 1
    LINK 2
     
    and save it to your desktop.

    • Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
    • Double click dds to run the tool.
    • When done, two DDS.txt's will open.
    • Save both reports to your desktop.

    ---------------------------------------------------
    Please include the contents of the following in your next reply:
     
    DDS.txt
     
    Attach.txt
    ----------


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #9 norms

    norms
    • Topic Starter

    • Members
    • 72 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Washington State
    • Local time:05:25 PM

    Posted 17 May 2014 - 11:51 PM

    Here is the DDS and I followed the instructions after running the scan and attached the "attach" file.

     

     

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16545
    Run by Simpson at 21:34:29 on 2014-05-17
    Microsoft® Windows Vista™ Business   6.0.6002.2.1252.1.1033.18.3070.1798 [GMT -7:00]
    .
    AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\AEADISRV.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\PDF Complete\pdfsvc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\WINDOWS\SMINST\scheduler.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\PDF Complete\pdfsty.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_168_ActiveX.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=none&bd=smb&pf=laptop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=none&bd=smb&pf=laptop
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
    mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
    mRun: [HPWWANGSAssistant] c:\swsetup\hpqwwan\HPWWanGSAssistant.exe /TrayMode
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRunOnce: [ST Recovery Launcher] c:\windows\sminst\launcher.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    TCP: NameServer = 66.199.187.21 66.199.187.22 4.2.2.2 4.2.2.3
    TCP: Interfaces\{3C6A798E-9082-48F1-8334-EDFE0CAC7E00} : DHCPNameServer = 66.199.187.21 66.199.187.22 4.2.2.2 4.2.2.3
    TCP: Interfaces\{CE10C3C0-C959-4BA6-8F50-2D5FF529FCC3} : DHCPNameServer = 66.199.187.21 66.199.187.22 4.2.2.2 4.2.2.3
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.137\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2013-9-17 188808]
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2013-9-17 134248]
    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2013-9-12 1337752]
    R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2013-9-17 122376]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-11-24 21504]
    R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2007-1-5 18944]
    R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2007-7-26 540448]
    R2 SWIHPWMI;SWIHPWMI;c:\program files\hpq\shared\sierra wireless\win32\unicode\SWIHPWMI.exe [2006-12-4 292384]
    R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
    R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2006-12-19 47616]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
    .
    =============== Created Last 30 ================
    .
    2014-05-15 04:59:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2014-05-15 04:45:58 8050496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d5686778-ab68-4b8d-bcf2-de147e4e67a7}\mpengine.dll
    2014-05-15 04:23:14 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-05-15 04:22:56 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-05-15 04:22:56 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-05-15 04:22:56 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-05-15 04:22:56 -------- d-----w- c:\programdata\Malwarebytes
    2014-05-15 04:22:56 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-05-11 17:30:30 505344 ----a-w- c:\windows\system32\qedit.dll
    2014-05-11 17:30:29 2050560 ----a-w- c:\windows\system32\win32k.sys
    2014-05-11 17:30:28 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2014-05-11 17:30:16 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-05-11 17:28:45 876032 ----a-w- c:\windows\system32\wer.dll
    .
    ==================== Find3M  ====================
    .
    2014-03-31 16:35:10 231584 ------w- c:\windows\system32\MpSigStub.exe
    2014-03-07 23:12:00 1806848 ----a-w- c:\windows\system32\jscript9.dll
    2014-03-07 23:02:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-03-07 23:02:07 1129472 ----a-w- c:\windows\system32\wininet.dll
    2014-03-07 22:57:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-03-07 22:56:03 421376 ----a-w- c:\windows\system32\vbscript.dll
    2013-07-20 05:36:32 4188160 ----a-w- c:\program files\GUT9702.tmp
    .
    ============= FINISH: 21:34:51.99 ===============

    Attached Files



    #10 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:07:25 PM

    Posted 18 May 2014 - 10:00 AM

    ComboFix
     
    Download Combofix from either of the links below, and save it to your desktop.  
    Link 1
    Link 2
     
    **Note:  It is important that it is saved directly to your desktop**
    If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


     
    --------------------------------------------------------------------
     
    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
     
    --------------------------------------------------------------------
     
    Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt for further review.

    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #11 norms

    norms
    • Topic Starter

    • Members
    • 72 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Washington State
    • Local time:05:25 PM

    Posted 18 May 2014 - 01:27 PM

    It said I was infected with "ZeroAccess".

     

     

     

     

     

    ComboFix 14-05-16.01 - Simpson 05/18/2014  10:34:10.1.2 - x86
    Microsoft® Windows Vista™ Business   6.0.6002.2.1252.1.1033.18.3070.2022 [GMT -7:00]
    Running from: c:\users\Simpson\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
    SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     * Created a new restore point
     * Resident AV is active
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\$NtUninstallKB62280$
    c:\windows\$NtUninstallKB62280$\485945278\@
    c:\windows\$NtUninstallKB62280$\485945278\bckfg.tmp
    c:\windows\$NtUninstallKB62280$\485945278\cfg.ini
    c:\windows\$NtUninstallKB62280$\485945278\Desktop.ini
    c:\windows\$NtUninstallKB62280$\485945278\keywords
    c:\windows\$NtUninstallKB62280$\485945278\kwrd.dll
    c:\windows\$NtUninstallKB62280$\485945278\L\vhtmwbun
    c:\windows\$NtUninstallKB62280$\485945278\U\00000001.@
    c:\windows\$NtUninstallKB62280$\485945278\U\00000002.@
    c:\windows\$NtUninstallKB62280$\485945278\U\00000004.@
    c:\windows\$NtUninstallKB62280$\485945278\U\80000000.@
    c:\windows\$NtUninstallKB62280$\485945278\U\80000004.@
    c:\windows\$NtUninstallKB62280$\485945278\U\80000032.@
    c:\windows\$NtUninstallKB62280$\678638124
    .
    .
    (((((((((((((((((((((((((   Files Created from 2014-04-18 to 2014-05-18  )))))))))))))))))))))))))))))))
    .
    .
    2014-05-18 17:51 . 2014-05-18 17:57 -------- d-----w- c:\users\Simpson\AppData\Local\temp
    2014-05-15 04:59 . 2014-05-05 23:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2014-05-15 04:45 . 2014-04-17 12:32 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D5686778-AB68-4B8D-BCF2-DE147E4E67A7}\mpengine.dll
    2014-05-15 04:23 . 2014-05-15 19:30 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-05-15 04:22 . 2014-05-15 04:22 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-05-15 04:22 . 2014-05-15 04:22 -------- d-----w- c:\programdata\Malwarebytes
    2014-05-15 04:22 . 2014-04-03 16:51 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-05-15 04:22 . 2014-04-03 16:51 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-05-15 04:22 . 2014-04-03 16:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-05-11 17:30 . 2014-02-03 10:37 505344 ----a-w- c:\windows\system32\qedit.dll
    2014-05-11 17:30 . 2014-02-07 10:38 2050560 ----a-w- c:\windows\system32\win32k.sys
    2014-05-11 17:30 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2014-05-11 17:30 . 2013-11-13 00:30 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-05-11 17:28 . 2014-01-30 07:46 876032 ----a-w- c:\windows\system32\wer.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-03-31 16:35 . 2011-11-25 02:05 231584 ------w- c:\windows\system32\MpSigStub.exe
    2013-07-20 05:36 . 2013-07-20 05:36 4188160 ----a-w- c:\program files\GUT9702.tmp
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
    "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-16 71176]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-09 44168]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2011-11-24 192512]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-633393617-3382209047-2029477318-1003]
    "EnableNotificationsRef"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ    PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ    BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
    HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-05-15 18:55 1077576 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-20 04:51]
    .
    2014-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cef2477590b260.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-20 04:51]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=none&bd=smb&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    TCP: DhcpNameServer = 66.199.187.21 66.199.187.22 4.2.2.2 4.2.2.3
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-HPWWANGSAssistant - c:\swsetup\HPQWWAN\HPWWanGSAssistant.exe
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-05-18 10:56
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ... 
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ... 
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
    "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Hpservice.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\windows\system32\AEADISRV.EXE
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\PDF Complete\pdfsvc.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
    c:\windows\SMINST\scheduler.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
    .
    **************************************************************************
    .
    Completion time: 2014-05-18  11:12:49 - machine was rebooted
    ComboFix-quarantined-files.txt  2014-05-18 18:12
    .
    Pre-Run: 10,796,404,736 bytes free
    Post-Run: 11,756,261,376 bytes free
    .
    - - End Of File - - 58C1E3B82F7B9E47A7EEA0DD30E0EE21
    3554B00B0DA494B2E00AEE9DC37D7609



    #12 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:07:25 PM

    Posted 18 May 2014 - 01:38 PM

    **WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.
     
    Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.
     
    If you would like to format and reinstall your Operating System please let me know and we can assist you with that.
     
    If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help.   :)
    ----------
     

    Please go to: VirusTotal
    On the page you'll find a "Choose File" button.
    Click on the Choose File button.
    In the Choose File to Upload window which opens, copy and paste this into the File Name box.
     
    c:\program files\GUT9702.tmp
     
    Next, click the Open button.
    Then click the "Scan It!" button just below.
    This will scan the file. Please be patient.
    If you get a message saying File has already been analyzed: click Reanalyze file now
    Once scanned, copy and paste the link to the results page in your next reply.
    ----------


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #13 norms

    norms
    • Topic Starter

    • Members
    • 72 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Washington State
    • Local time:05:25 PM

    Posted 18 May 2014 - 08:25 PM

    I didn't think what CombFix found was very good from what I've read about it.  This computer just sits in our living room and isn't used for business or our personal affairs.  The only thing of any value that I will need from it is my iTunes music.  I was thinking of copying that folder to a USB drive and just reinstalling the OS.  Is there anything I need to know before I do a "fresh" install?



    #14 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:07:25 PM

    Posted 19 May 2014 - 06:28 AM

    Well....if you are already going to copy all of your important files, photos, music and the like you should be good to go.  Just be sure that you have the installation disks.

     

    Of course, if you don't do anything of importance, we could just continue as well.  

     

    Let me know what you would like to do.  :)


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #15 norms

    norms
    • Topic Starter

    • Members
    • 72 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Washington State
    • Local time:05:25 PM

    Posted 19 May 2014 - 02:33 PM

    I have the OS disk so I think I'm just going to go ahead and reinstall just in case we start using this computer in the future for online purchases. Thank you very much though for your help.




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users