Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Kernel-Rootkit infection


  • This topic is locked This topic is locked
17 replies to this topic

#1 Bleky

Bleky

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:09:45 PM

Posted 04 August 2014 - 03:54 PM

It all started with a few strange proccesses ran RogueKiller and found a kernel-rootkit.

If needed I will post the RK log. :)

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.55.2
Run by USER at 22:43:47 on 2014-08-04
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.385.1033.18.3574.1480 [GMT 2:00]
.
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\HitmanPro.Alert\hmpalert.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\TeamViewer\Version9\tv_w32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Users\USER\AppData\Local\Skillbrains\lightshot\5.1.2.5\Lightshot.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\Program Files\Avira\AntiVir Desktop\updrgui.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Java\jre7\bin\java.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.hr/
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - 
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\program files\amd\steadyvideo\SteadyVideo.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightShot] c:\users\user\appdata\local\skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue
uRun: [Facebook Update] "c:\users\user\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ITSecMng] c:\program files\toshiba\bluetooth toshiba stack\ItSecMng.exe /START
mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe"
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\program files\avira\antivir desktop\avsda.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9887B342-0491-449B-A360-B3AC871E5DE3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9887B342-0491-449B-A360-B3AC871E5DE3}\16462626D20727F646 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9887B342-0491-449B-A360-B3AC871E5DE3}\350756564645F6573686442363645403 : DHCPNameServer = 192.168.5.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\program files\amd\steadyvideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\program files\amd\steadyvideo\VideoMIMEFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\fmruwdpp.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - plugin: c:\program files\google\update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\users\user\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\user\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-6-6 37352]
R1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-2-18 74456]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-6-6 97648]
R2 hmpalert;HitmanPro.Alert Support Driver;c:\windows\system32\drivers\hmpalert.sys [2014-4-3 75640]
R3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [2012-1-4 82560]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [2012-1-4 173184]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-4 23256]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-3-26 51928]
S3 AKSIM;ActivKey Sim;c:\windows\system32\drivers\aksim.sys [2013-6-24 26496]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2014-1-28 30976]
.
=============== Created Last 30 ================
.
2014-08-03 08:41:51 29160 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-08-03 08:41:48 -------- d-----w- c:\programdata\RogueKiller
2014-08-01 11:13:42 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-08-01 11:13:08 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-08-01 11:12:45 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-01 11:12:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-07-22 13:25:53 -------- d-----w- c:\users\user\appdata\local\Diagnostics
2014-07-21 08:20:05 -------- d-----w- c:\users\user\appdata\local\Apple Computer
2014-07-21 08:19:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-07-21 08:16:29 -------- d-----w- c:\program files\iPod
2014-07-21 08:16:27 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-21 08:16:27 -------- d-----w- c:\program files\iTunes
2014-07-21 08:12:36 -------- d-----w- c:\users\user\appdata\local\Apple
2014-07-21 08:10:07 -------- d-----w- c:\program files\Bonjour
2014-07-09 11:18:55 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-07-09 11:18:54 62464 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-07-09 11:18:53 752640 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2014-07-09 11:18:52 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-07-09 11:18:49 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-07-09 11:18:48 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-07-09 11:18:08 509440 ----a-w- c:\windows\system32\qedit.dll
.
==================== Find3M  ====================
.
2014-08-04 20:38:50 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-26 12:13:31 35848 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-08 17:33:02 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 17:33:02 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-30 01:40:16 404480 ----a-w- c:\windows\system32\aepdu.dll
2014-06-30 01:36:00 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-06-24 09:58:27 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-18 23:56:37 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-18 23:56:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-06-18 23:37:23 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-06-18 23:23:27 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-18 23:23:24 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-06-18 23:16:33 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 23:06:10 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 22:45:59 1964544 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- c:\windows\system32\wininet.dll
2014-06-18 01:51:32 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-18 00:52:00 2350080 ----a-w- c:\windows\system32\win32k.sys
2014-06-10 19:50:24 6112864 ----a-w- c:\windows\system32\usbaaplrc.dll
2014-06-10 19:50:24 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2014-06-05 14:26:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-30 07:52:51 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 06:36:07 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-16 13:25:48 204064 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2014-05-16 13:24:56 116512 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2014-05-16 13:24:54 104736 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2014-05-16 13:24:48 174880 ------w- c:\windows\system32\VBoxNetFltNobj.dll
2014-05-12 05:26:08 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 05:25:58 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 05:25:54 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-08 09:06:54 2742784 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:06:54 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
.
============= FINISH: 22:47:46,25 ===============

Attached Files


Edited by Bleky, 04 August 2014 - 03:56 PM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:45 PM

Posted 05 August 2014 - 06:29 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

Please post the RK log and do the following:

 

 

Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • If any threats are found, don´t click the Cleanup button - rather save the log and post it up in your topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:09:45 PM

Posted 05 August 2014 - 07:45 AM

Some screenshots of strange processes:

http://prntscr.com/43iivb

http://prntscr.com/43ij2s

http://prntscr.com/43ijax

 

Logs:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x86
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17207
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.397000 GHz
Memory total: 3747995648, free: 2533498880
 
Downloaded database version: v2014.08.05.03
Downloaded database version: v2014.08.04.01
=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2BD2C32A
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 206848  Numsec = 624932864
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-206847-625122448-625142448)...
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
RogueKiller V9.2.4.0 [Jul 11 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : USER [Admin rights]
Mode : Remove -- Date : 08/03/2014  11:26:40
 
¤¤¤ Bad processes : 15 ¤¤¤
[Proc.Hidden]  -- [x] -> KILLED [TermThr]
[Proc.Hidden]  -- [x] -> KILLED [TermThr]
[Proc.Hidden]  -- [x] -> KILLED [TermThr]
[Proc.Hidden]  -- [x] -> KILLED [TermThr]
[Proc.Hidden]  -- [x] -> KILLED [TermThr]
[Proc.Hidden]  -- [x] -> KILLED [TermThr]
[Proc.Hidden]  -- [x] -> KILLED [TermThr]
[Proc.Hidden]  -- [x] -> KILLED [TermThr]
[Proc.Hidden]  -- [x] -> KILLED [TermThr]
[Proc.Hidden]  -- [x] -> KILLED [TermThr]
[Proc.Hidden]  -- [x] -> KILLED [TermThr]
[Proc.Hidden]  -- [x] -> KILLED [TermThr]
[Proc.Hidden]  -- [x] -> KILLED [TermThr]
[Proc.Hidden]  -- [x] -> KILLED [TermThr]
[Proc.Hidden]  -- [x] -> KILLED [TermThr]
 
¤¤¤ Registry Entries : 7 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{579356F1-1AF7-4044-83C6-CC23EB65EC27} | NameServer : 195.29.150.3  -> REPLACED ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{579356F1-1AF7-4044-83C6-CC23EB65EC27} | NameServer : 195.29.150.3  -> REPLACED ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{579356F1-1AF7-4044-83C6-CC23EB65EC27} | NameServer : 195.29.150.3  -> REPLACED ()
[PUM.Policies] HKEY_USERS\S-1-5-21-1232973798-4032959043-3512486690-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> DELETED
[PUM.Policies] HKEY_USERS\S-1-5-21-1232973798-4032959043-3512486690-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> DELETED
[PUM.Policies] HKEY_USERS\S-1-5-21-1232973798-4032959043-3512486690-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> DELETED
[PUM.Policies] HKEY_USERS\S-1-5-21-1232973798-4032959043-3512486690-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> DELETED
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 9 (Driver: LOADED) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtCreateSection[84] : Unknown @ 0x952538de
[SSDT:Addr(Hook.SSDT)] NtRequestWaitReplyPort[299] : Unknown @ 0x952538e8
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[316] : Unknown @ 0x952538e3
[SSDT:Addr(Hook.SSDT)] NtSetSecurityObject[347] : Unknown @ 0x952538ed
[SSDT:Addr(Hook.SSDT)] NtSystemDebugControl[368] : Unknown @ 0x952538f2
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[370] : Unknown @ 0x9525387f
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[585] : Unknown @ 0x95253906
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[588] : Unknown @ 0x9525390b
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\CdRom0 : \Driver\GEARAspiWDM @ Unknown (\SystemRoot\system32\DRIVERS\usbfilter.sys)
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABF032 ATA Device +++++
--- User ---
[MBR] 091f463b21babdceff5061e966d0791e
[BSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 305143 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_SCN_08032014_112253.log
 
RogueKiller V9.2.4.0 [Jul 11 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : USER [Admin rights]
Mode : Scan -- Date : 08/05/2014  14:38:25
 
¤¤¤ Bad processes : 3 ¤¤¤
[Suspicious.Path] mbar-1.07.0.1012.exe -- C:\Users\USER\Desktop\mbar-1.07.0.1012.exe[7] -> KILLED [TermThr]
[Suspicious.Path] mbar.exe -- C:\Users\USER\Desktop\mbar\mbar.exe[7] -> KILLED [TermThr]
[Proc.Hidden]  -- [x] -> KILLED [TermThr]
 
¤¤¤ Registry Entries : 0 ¤¤¤
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 8 (Driver: LOADED) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtCreateSection[84] : Unknown @ 0x91f6b136
[SSDT:Addr(Hook.SSDT)] NtRequestWaitReplyPort[299] : Unknown @ 0x91f6b140
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[316] : Unknown @ 0x91f6b13b
[SSDT:Addr(Hook.SSDT)] NtSetSecurityObject[347] : Unknown @ 0x91f6b145
[SSDT:Addr(Hook.SSDT)] NtSystemDebugControl[368] : Unknown @ 0x91f6b14a
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[370] : Unknown @ 0x91f6b0d7
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[585] : Unknown @ 0x91f6b15e
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[588] : Unknown @ 0x91f6b163
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABF032 ATA Device +++++
--- User ---
[MBR] 091f463b21babdceff5061e966d0791e
[BSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 305143 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_DEL_08032014_112640.log - RKreport_SCN_08032014_112253.log


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:45 PM

Posted 06 August 2014 - 02:58 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:09:45 PM

Posted 06 August 2014 - 07:45 AM

ComboFix 14-08-05.01 - USER 6.08.2014.  14:12:19.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.385.1033.18.3574.2062 [GMT 2:00]
Running from: c:\users\USER\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-06 to 2014-08-06  )))))))))))))))))))))))))))))))
.
.
2014-08-06 12:33 . 2014-08-06 12:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-03 08:41 . 2014-08-05 12:19 29160 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-08-03 08:41 . 2014-08-03 08:41 -------- d-----w- c:\programdata\RogueKiller
2014-08-01 11:13 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll
2014-08-01 11:13 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-01 11:13 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-08-01 11:13 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-01 11:13 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll
2014-08-01 11:13 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll
2014-08-01 11:13 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-08-01 11:12 . 2014-05-14 07:23 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-01 11:12 . 2014-05-14 07:17 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-07-22 13:25 . 2014-07-22 13:25 -------- d-----w- c:\users\USER\AppData\Local\Diagnostics
2014-07-21 08:20 . 2014-07-21 08:20 -------- d-----w- c:\users\USER\AppData\Local\Apple Computer
2014-07-21 08:20 . 2014-07-21 08:23 -------- d-----w- c:\users\USER\AppData\Roaming\Apple Computer
2014-07-21 08:19 . 2012-08-21 11:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-07-21 08:16 . 2014-07-21 08:16 -------- d-----w- c:\program files\iPod
2014-07-21 08:16 . 2014-07-21 08:19 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-21 08:16 . 2014-07-21 08:19 -------- d-----w- c:\program files\iTunes
2014-07-21 08:16 . 2014-07-21 08:16 -------- d-----w- c:\programdata\Apple Computer
2014-07-21 08:12 . 2014-07-21 08:12 -------- d-----w- c:\users\USER\AppData\Local\Apple
2014-07-21 08:12 . 2014-07-21 08:12 -------- d-----w- c:\program files\Apple Software Update
2014-07-21 08:10 . 2014-07-21 08:10 -------- d-----w- c:\program files\Bonjour
2014-07-21 08:08 . 2014-07-21 08:16 -------- d-----w- c:\program files\Common Files\Apple
2014-07-21 08:08 . 2014-07-21 08:12 -------- d-----w- c:\programdata\Apple
2014-07-09 11:18 . 2014-06-18 22:46 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-07-09 11:18 . 2014-06-18 23:35 62464 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-07-09 11:18 . 2014-06-18 23:00 752640 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-07-09 11:18 . 2014-06-18 23:22 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-07-09 11:18 . 2014-06-18 23:38 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-07-09 11:18 . 2014-06-18 22:52 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-07-09 11:18 . 2014-06-06 09:44 509440 ----a-w- c:\windows\system32\qedit.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-05 11:43 . 2014-03-01 22:16 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-26 12:13 . 2013-06-06 20:44 35848 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-08 17:33 . 2013-06-07 12:42 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-08 17:33 . 2013-06-07 12:42 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-24 09:58 . 2013-06-06 14:36 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-12 14:54 . 2013-06-06 14:36 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-06-10 19:50 . 2014-06-10 19:50 6112864 ----a-w- c:\windows\system32\usbaaplrc.dll
2014-06-10 19:50 . 2014-06-10 19:50 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2014-05-16 13:25 . 2014-06-07 09:39 204064 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2014-05-16 13:24 . 2014-05-16 13:24 116512 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2014-05-16 13:24 . 2014-06-07 09:38 104736 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2014-05-16 13:24 . 2014-05-16 13:24 174880 ------w- c:\windows\system32\VBoxNetFltNobj.dll
2014-05-12 05:26 . 2014-03-26 14:57 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 05:25 . 2014-02-18 21:14 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 05:25 . 2013-11-04 15:36 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"LightShot"="c:\users\USER\AppData\Local\Skillbrains\lightshot\Lightshot.exe" [2014-03-06 226592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-06-24 750160]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-12-19 2321680]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-06 343168]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-01 80840]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2012-04-04 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2012-04-04 407704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-07-08 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 130600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R3 AKSIM;ActivKey Sim;c:\windows\system32\drivers\aksim.sys [2013-06-24 26496]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2014-01-28 30976]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-06-18 108032]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-05-12 51928]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2014-05-16 116512]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-06-06 1343400]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-11-25 37352]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-05-12 74456]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-06 163328]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-06-24 430160]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2014-06-24 1028688]
S2 hmpalert;HitmanPro.Alert Support Driver;c:\windows\system32\drivers\hmpalert.sys [2014-04-11 75640]
S2 hmpalertsvc;HitmanPro.Alert Service;c:\program files\HitmanPro.Alert\hmpalert.exe [2014-04-11 1876816]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-07-02 5037888]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2012-01-04 82560]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2012-01-04 173184]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2013-03-25 65200]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-05-12 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-08-05 107736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-08-23 414824]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtwlane.sys [2012-07-26 998544]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2012-01-14 44160]
S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-21 13:34 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-07 17:33]
.
2014-08-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1232973798-4032959043-3512486690-1000Core.job
- c:\users\USER\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-11 12:45]
.
2014-08-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1232973798-4032959043-3512486690-1000UA.job
- c:\users\USER\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-11 12:45]
.
2014-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-06 17:53]
.
2014-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-06 17:53]
.
2014-08-06 c:\windows\Tasks\update-S-1-5-21-1232973798-4032959043-3512486690-1000.job
- c:\program files\Skillbrains\Updater\Updater.exe [2013-08-01 11:37]
.
2014-08-06 c:\windows\Tasks\update-sys.job
- c:\program files\Skillbrains\Updater\Updater.exe [2013-08-01 11:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hr/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\fmruwdpp.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(20580)
c:\windows\System32\netshell.dll
.
Completion time: 2014-08-06  14:42:37
ComboFix-quarantined-files.txt  2014-08-06 12:42
.
Pre-Run: 263.399.284.736 bytes free
Post-Run: 263.451.709.440 bytes free
.
- - End Of File - - 1FD602AFE60A75F8A276DAA54207AEE8
A36C5E4F47E84449FF07ED3517B43A31


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:45 PM

Posted 06 August 2014 - 07:47 AM

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:09:45 PM

Posted 06 August 2014 - 08:42 AM

TDSS Killer log was too big to attach so I will post it.

 

14:52:16.0584 0x5dc4  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
14:52:20.0343 0x5dc4  ============================================================
14:52:20.0343 0x5dc4  Current date / time: 2014/08/06 14:52:20.0343
14:52:20.0343 0x5dc4  SystemInfo:
14:52:20.0343 0x5dc4  
14:52:20.0343 0x5dc4  OS Version: 6.1.7601 ServicePack: 1.0
14:52:20.0344 0x5dc4  Product type: Workstation
14:52:20.0345 0x5dc4  ComputerName: USER-PC
14:52:20.0354 0x5dc4  UserName: USER
14:52:20.0354 0x5dc4  Windows directory: C:\Windows
14:52:20.0354 0x5dc4  System windows directory: C:\Windows
14:52:20.0354 0x5dc4  Processor architecture: Intel x86
14:52:20.0354 0x5dc4  Number of processors: 2
14:52:20.0354 0x5dc4  Page size: 0x1000
14:52:20.0354 0x5dc4  Boot type: Normal boot
14:52:20.0354 0x5dc4  ============================================================
14:52:25.0469 0x5dc4  KLMD registered as C:\Windows\system32\drivers\07987879.sys
14:52:25.0712 0x5dc4  System UUID: {8538AF72-448C-8F7B-B6E8-C55B208CB5DB}
14:52:26.0749 0x5dc4  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:52:26.0763 0x5dc4  ============================================================
14:52:26.0763 0x5dc4  \Device\Harddisk0\DR0:
14:52:26.0763 0x5dc4  MBR partitions:
14:52:26.0764 0x5dc4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
14:52:26.0764 0x5dc4  ============================================================
14:52:26.0865 0x5dc4  C: <-> \Device\Harddisk0\DR0\Partition1
14:52:26.0866 0x5dc4  ============================================================
14:52:26.0866 0x5dc4  Initialize success
14:52:26.0866 0x5dc4  ============================================================
14:52:28.0597 0x5ed4  ============================================================
14:52:28.0597 0x5ed4  Scan started
14:52:28.0597 0x5ed4  Mode: Manual; 
14:52:28.0597 0x5ed4  ============================================================
14:52:28.0597 0x5ed4  KSN ping started
14:52:28.0787 0x5ed4  KSN ping finished: false
14:52:30.0058 0x5ed4  ================ Scan system memory ========================
14:52:30.0058 0x5ed4  System memory - ok
14:52:30.0059 0x5ed4  ================ Scan services =============================
14:52:30.0245 0x5ed4  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:52:30.0257 0x5ed4  1394ohci - ok
14:52:30.0385 0x5ed4  [ 00659E56339389469473AEC41587E706, 33CF74B079268D7B1205969212F2F6145095F0A5500C1B96957F0EB08C2D9D4E ] ac.sharedstore  C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
14:52:30.0397 0x5ed4  ac.sharedstore - ok
14:52:30.0441 0x5ed4  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:52:30.0456 0x5ed4  ACPI - ok
14:52:30.0495 0x5ed4  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:52:30.0497 0x5ed4  AcpiPmi - ok
14:52:30.0601 0x5ed4  [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:52:30.0619 0x5ed4  AdobeFlashPlayerUpdateSvc - ok
14:52:30.0680 0x5ed4  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:52:30.0703 0x5ed4  adp94xx - ok
14:52:30.0752 0x5ed4  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:52:30.0768 0x5ed4  adpahci - ok
14:52:30.0799 0x5ed4  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:52:30.0807 0x5ed4  adpu320 - ok
14:52:30.0861 0x5ed4  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:52:30.0866 0x5ed4  AeLookupSvc - ok
14:52:30.0930 0x5ed4  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
14:52:30.0950 0x5ed4  AFD - ok
14:52:30.0993 0x5ed4  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
14:52:30.0998 0x5ed4  agp440 - ok
14:52:31.0028 0x5ed4  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
14:52:31.0033 0x5ed4  aic78xx - ok
14:52:31.0080 0x5ed4  [ A5155F4E6C56416911A34DEE0FA5B1E0, 350A2CD482871A64D918E86DEDEC26A62DE6381C4EAECBBD36B682CB344156B2 ] AKSIM           C:\Windows\system32\drivers\aksim.sys
14:52:31.0083 0x5ed4  AKSIM - ok
14:52:31.0167 0x5ed4  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
14:52:31.0172 0x5ed4  ALG - ok
14:52:31.0213 0x5ed4  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:52:31.0215 0x5ed4  aliide - ok
14:52:31.0263 0x5ed4  [ 7B60D1680FD45DE85E25A863605F727D, F5EF458ADBBD047C15002CCAD2ECB78A6A7403E5DA22D53B1FB4B9A6A855844E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:52:31.0273 0x5ed4  AMD External Events Utility - ok
14:52:31.0306 0x5ed4  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
14:52:31.0310 0x5ed4  amdagp - ok
14:52:31.0349 0x5ed4  [ 7933FB35658E0F666FD01FEEA2C74EBC, D075BAD9CD954AF909919B03C73EE0C40E74055B28F0E9E17AEC7AAD604BB1E7 ] amdhub30        C:\Windows\system32\DRIVERS\amdhub30.sys
14:52:31.0355 0x5ed4  amdhub30 - ok
14:52:31.0387 0x5ed4  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
14:52:31.0390 0x5ed4  amdide - ok
14:52:31.0424 0x5ed4  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:52:31.0429 0x5ed4  AmdK8 - ok
14:52:32.0026 0x5ed4  [ FFDB8CFD2ADA5F13B30823E690B8640B, B1D5F1C023CAAF4CF9E44AD7351926AE3C9BD4B806663AB02379595102DAED9A ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
14:52:32.0569 0x5ed4  amdkmdag - ok
14:52:32.0668 0x5ed4  [ A74A35D76E6375003E4319897C2D0664, 6E9055B5E8D4035F178D4A68FE6EF043148601AABBB030DDFA42E212D0E46FC1 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
14:52:32.0683 0x5ed4  amdkmdap - ok
14:52:32.0737 0x5ed4  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:52:32.0741 0x5ed4  AmdPPM - ok
14:52:32.0786 0x5ed4  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:52:32.0792 0x5ed4  amdsata - ok
14:52:32.0830 0x5ed4  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:52:32.0839 0x5ed4  amdsbs - ok
14:52:32.0859 0x5ed4  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:52:32.0861 0x5ed4  amdxata - ok
14:52:32.0897 0x5ed4  [ DE6F0911D3ACFA04678871DD2E9AD08D, 46214DF68BDFE6C3D436AB13C31724B937D80AED198C86CCD7D48826D5019188 ] amdxhc          C:\Windows\system32\DRIVERS\amdxhc.sys
14:52:32.0908 0x5ed4  amdxhc - ok
14:52:32.0998 0x5ed4  [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:52:33.0020 0x5ed4  AntiVirSchedulerService - ok
14:52:33.0073 0x5ed4  [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:52:33.0096 0x5ed4  AntiVirService - ok
14:52:33.0182 0x5ed4  [ 8900BF6C4D6B02F8E4CBE9A276D15B50, D12E4A727A95E401BDD52C79F8287AC967BE2D4B0E69FE62EC52280EDA0069F6 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
14:52:33.0231 0x5ed4  AntiVirWebService - ok
14:52:33.0266 0x5ed4  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
14:52:33.0270 0x5ed4  AppID - ok
14:52:33.0296 0x5ed4  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:52:33.0299 0x5ed4  AppIDSvc - ok
14:52:33.0349 0x5ed4  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
14:52:33.0354 0x5ed4  Appinfo - ok
14:52:33.0427 0x5ed4  [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:52:33.0432 0x5ed4  Apple Mobile Device - ok
14:52:33.0482 0x5ed4  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
14:52:33.0492 0x5ed4  AppMgmt - ok
14:52:33.0515 0x5ed4  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\drivers\arc.sys
14:52:33.0522 0x5ed4  arc - ok
14:52:33.0553 0x5ed4  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:52:33.0559 0x5ed4  arcsas - ok
14:52:33.0676 0x5ed4  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:52:33.0680 0x5ed4  aspnet_state - ok
14:52:33.0699 0x5ed4  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:52:33.0702 0x5ed4  AsyncMac - ok
14:52:33.0729 0x5ed4  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:52:33.0732 0x5ed4  atapi - ok
14:52:33.0807 0x5ed4  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:52:33.0833 0x5ed4  AudioEndpointBuilder - ok
14:52:33.0868 0x5ed4  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
14:52:33.0892 0x5ed4  Audiosrv - ok
14:52:33.0927 0x5ed4  [ B0A63DD71CB0CB597D8BD5C364E73F7C, 572B31F3FC962F50110D42A08CDD0614323E18C213575710CEEFA35EE7CAE8C5 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
14:52:33.0934 0x5ed4  avgntflt - ok
14:52:33.0963 0x5ed4  [ 05AF7CBF0BDA1571BBADC36703EB9CA4, 3925AD58053769D317D3CF0DDDF7371B010F2F4C839CF7B44F327AE9D0AB5442 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
14:52:33.0972 0x5ed4  avipbb - ok
14:52:33.0995 0x5ed4  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
14:52:33.0999 0x5ed4  avkmgr - ok
14:52:34.0043 0x5ed4  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:52:34.0050 0x5ed4  AxInstSV - ok
14:52:34.0109 0x5ed4  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
14:52:34.0130 0x5ed4  b06bdrv - ok
14:52:34.0176 0x5ed4  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
14:52:34.0189 0x5ed4  b57nd60x - ok
14:52:34.0250 0x5ed4  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
14:52:34.0257 0x5ed4  BDESVC - ok
14:52:34.0294 0x5ed4  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:52:34.0296 0x5ed4  Beep - ok
14:52:34.0348 0x5ed4  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
14:52:34.0375 0x5ed4  BFE - ok
14:52:34.0443 0x5ed4  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\system32\qmgr.dll
14:52:34.0476 0x5ed4  BITS - ok
14:52:34.0504 0x5ed4  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:52:34.0507 0x5ed4  blbdrive - ok
14:52:34.0603 0x5ed4  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:52:34.0624 0x5ed4  Bonjour Service - ok
14:52:34.0652 0x5ed4  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:52:34.0657 0x5ed4  bowser - ok
14:52:34.0688 0x5ed4  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
14:52:34.0690 0x5ed4  BrFiltLo - ok
14:52:34.0715 0x5ed4  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
14:52:34.0717 0x5ed4  BrFiltUp - ok
14:52:34.0755 0x5ed4  [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
14:52:34.0761 0x5ed4  BridgeMP - ok
14:52:34.0794 0x5ed4  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
14:52:34.0801 0x5ed4  Browser - ok
14:52:34.0837 0x5ed4  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:52:34.0851 0x5ed4  Brserid - ok
14:52:34.0883 0x5ed4  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:52:34.0888 0x5ed4  BrSerWdm - ok
14:52:34.0909 0x5ed4  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:52:34.0911 0x5ed4  BrUsbMdm - ok
14:52:34.0923 0x5ed4  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:52:34.0925 0x5ed4  BrUsbSer - ok
14:52:34.0963 0x5ed4  [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
14:52:34.0967 0x5ed4  BthEnum - ok
14:52:34.0988 0x5ed4  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:52:34.0994 0x5ed4  BTHMODEM - ok
14:52:35.0029 0x5ed4  [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
14:52:35.0036 0x5ed4  BthPan - ok
14:52:35.0090 0x5ed4  [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
14:52:35.0110 0x5ed4  BTHPORT - ok
14:52:35.0154 0x5ed4  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
14:52:35.0160 0x5ed4  bthserv - ok
14:52:35.0186 0x5ed4  [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
14:52:35.0191 0x5ed4  BTHUSB - ok
14:52:35.0290 0x5ed4  catchme - ok
14:52:35.0321 0x5ed4  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:52:35.0326 0x5ed4  cdfs - ok
14:52:35.0366 0x5ed4  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:52:35.0373 0x5ed4  cdrom - ok
14:52:35.0413 0x5ed4  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:52:35.0420 0x5ed4  CertPropSvc - ok
14:52:35.0455 0x5ed4  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\drivers\circlass.sys
14:52:35.0459 0x5ed4  circlass - ok
14:52:35.0495 0x5ed4  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
14:52:35.0510 0x5ed4  CLFS - ok
14:52:35.0575 0x5ed4  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:52:35.0581 0x5ed4  clr_optimization_v2.0.50727_32 - ok
14:52:35.0646 0x5ed4  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:52:35.0654 0x5ed4  clr_optimization_v4.0.30319_32 - ok
14:52:35.0696 0x5ed4  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:52:35.0698 0x5ed4  CmBatt - ok
14:52:35.0737 0x5ed4  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:52:35.0740 0x5ed4  cmdide - ok
14:52:35.0799 0x5ed4  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
14:52:35.0818 0x5ed4  CNG - ok
14:52:35.0861 0x5ed4  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:52:35.0864 0x5ed4  Compbatt - ok
14:52:35.0889 0x5ed4  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
14:52:35.0892 0x5ed4  CompositeBus - ok
14:52:35.0906 0x5ed4  COMSysApp - ok
14:52:35.0929 0x5ed4  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:52:35.0932 0x5ed4  crcdisk - ok
14:52:35.0977 0x5ed4  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:52:35.0987 0x5ed4  CryptSvc - ok
14:52:36.0038 0x5ed4  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
14:52:36.0058 0x5ed4  CSC - ok
14:52:36.0120 0x5ed4  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
14:52:36.0165 0x5ed4  CscService - ok
14:52:36.0229 0x5ed4  [ BFA04E060F1F26C92F62958757C47BDB, 3378E26E115B1FA7AA9D5DAF825C130180F52C61F0F08D35715C4FCE8F0E5634 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
14:52:36.0234 0x5ed4  dc3d - ok
14:52:36.0285 0x5ed4  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:52:36.0309 0x5ed4  DcomLaunch - ok
14:52:36.0346 0x5ed4  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
14:52:36.0360 0x5ed4  defragsvc - ok
14:52:36.0391 0x5ed4  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:52:36.0396 0x5ed4  DfsC - ok
14:52:36.0443 0x5ed4  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:52:36.0460 0x5ed4  Dhcp - ok
14:52:36.0495 0x5ed4  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
14:52:36.0498 0x5ed4  discache - ok
14:52:36.0530 0x5ed4  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\drivers\disk.sys
14:52:36.0536 0x5ed4  Disk - ok
14:52:36.0570 0x5ed4  [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
14:52:36.0575 0x5ed4  dmvsc - ok
14:52:36.0610 0x5ed4  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:52:36.0620 0x5ed4  Dnscache - ok
14:52:36.0669 0x5ed4  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:52:36.0684 0x5ed4  dot3svc - ok
14:52:36.0724 0x5ed4  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
14:52:36.0735 0x5ed4  DPS - ok
14:52:36.0802 0x5ed4  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:52:36.0804 0x5ed4  drmkaud - ok
14:52:36.0882 0x5ed4  [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:52:36.0918 0x5ed4  DXGKrnl - ok
14:52:36.0972 0x5ed4  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
14:52:36.0981 0x5ed4  EapHost - ok
14:52:37.0210 0x5ed4  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
14:52:37.0381 0x5ed4  ebdrv - ok
14:52:37.0428 0x5ed4  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS             C:\Windows\System32\lsass.exe
14:52:37.0433 0x5ed4  EFS - ok
14:52:37.0511 0x5ed4  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:52:37.0541 0x5ed4  ehRecvr - ok
14:52:37.0564 0x5ed4  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
14:52:37.0570 0x5ed4  ehSched - ok
14:52:37.0625 0x5ed4  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:52:37.0648 0x5ed4  elxstor - ok
14:52:37.0711 0x5ed4  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:52:37.0713 0x5ed4  ErrDev - ok
14:52:37.0825 0x5ed4  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
14:52:37.0841 0x5ed4  EventSystem - ok
14:52:37.0865 0x5ed4  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
14:52:37.0875 0x5ed4  exfat - ok
14:52:37.0907 0x5ed4  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:52:37.0917 0x5ed4  fastfat - ok
14:52:37.0994 0x5ed4  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
14:52:38.0022 0x5ed4  Fax - ok
14:52:38.0064 0x5ed4  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\drivers\fdc.sys
14:52:38.0067 0x5ed4  fdc - ok
14:52:38.0087 0x5ed4  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
14:52:38.0091 0x5ed4  fdPHost - ok
14:52:38.0116 0x5ed4  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:52:38.0122 0x5ed4  FDResPub - ok
14:52:38.0141 0x5ed4  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:52:38.0146 0x5ed4  FileInfo - ok
14:52:38.0169 0x5ed4  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:52:38.0173 0x5ed4  Filetrace - ok
14:52:38.0189 0x5ed4  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
14:52:38.0192 0x5ed4  flpydisk - ok
14:52:38.0247 0x5ed4  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:52:38.0259 0x5ed4  FltMgr - ok
14:52:38.0347 0x5ed4  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
14:52:38.0412 0x5ed4  FontCache - ok
14:52:38.0475 0x5ed4  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:52:38.0479 0x5ed4  FontCache3.0.0.0 - ok
14:52:38.0505 0x5ed4  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:52:38.0509 0x5ed4  FsDepends - ok
14:52:38.0536 0x5ed4  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:52:38.0539 0x5ed4  Fs_Rec - ok
14:52:38.0582 0x5ed4  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:52:38.0593 0x5ed4  fvevol - ok
14:52:38.0630 0x5ed4  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:52:38.0635 0x5ed4  gagp30kx - ok
14:52:38.0667 0x5ed4  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:52:38.0671 0x5ed4  GEARAspiWDM - ok
14:52:38.0768 0x5ed4  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:52:38.0799 0x5ed4  gpsvc - ok
14:52:38.0876 0x5ed4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
14:52:38.0883 0x5ed4  gupdate - ok
14:52:38.0946 0x5ed4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
14:52:38.0958 0x5ed4  gupdatem - ok
14:52:39.0005 0x5ed4  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:52:39.0008 0x5ed4  hcw85cir - ok
14:52:39.0067 0x5ed4  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:52:39.0084 0x5ed4  HdAudAddService - ok
14:52:39.0117 0x5ed4  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:52:39.0124 0x5ed4  HDAudBus - ok
14:52:39.0142 0x5ed4  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
14:52:39.0145 0x5ed4  HidBatt - ok
14:52:39.0173 0x5ed4  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:52:39.0179 0x5ed4  HidBth - ok
14:52:39.0208 0x5ed4  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:52:39.0211 0x5ed4  HidIr - ok
14:52:39.0243 0x5ed4  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\System32\hidserv.dll
14:52:39.0250 0x5ed4  hidserv - ok
14:52:39.0279 0x5ed4  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:52:39.0282 0x5ed4  HidUsb - ok
14:52:39.0347 0x5ed4  [ CE77439BAF613019D6B7658292D1E4A6, EF0BCD841FB884F409102DED41EEB4B9E093B3B2FF9C2D932CE581767D892007 ] hitmanpro37     C:\Windows\system32\drivers\hitmanpro37.sys
14:52:39.0351 0x5ed4  hitmanpro37 - ok
14:52:39.0379 0x5ed4  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:52:39.0387 0x5ed4  hkmsvc - ok
14:52:39.0428 0x5ed4  [ 5240B0F53AE3327446CD2F964BC6A010, 544E8F94272CF87DF300079EEDE20722A9C466C4128B1B249E32D68838830100 ] hmpalert        C:\Windows\system32\drivers\hmpalert.sys
14:52:39.0433 0x5ed4  hmpalert - ok
14:52:39.0577 0x5ed4  [ 2638395F6E61889D75C363A80A0E17F4, D61FD993DA6605F32E6CDAC889285EB67F1A112BB9A294838BB90FCBF5FA11C1 ] hmpalertsvc     C:\Program Files\HitmanPro.Alert\hmpalert.exe
14:52:39.0667 0x5ed4  hmpalertsvc - ok
14:52:39.0741 0x5ed4  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:52:39.0764 0x5ed4  HomeGroupListener - ok
14:52:39.0801 0x5ed4  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:52:39.0814 0x5ed4  HomeGroupProvider - ok
14:52:39.0849 0x5ed4  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:52:39.0855 0x5ed4  HpSAMD - ok
14:52:39.0904 0x5ed4  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:52:39.0930 0x5ed4  HTTP - ok
14:52:39.0956 0x5ed4  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:52:39.0959 0x5ed4  hwpolicy - ok
14:52:40.0006 0x5ed4  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
14:52:40.0012 0x5ed4  i8042prt - ok
14:52:40.0055 0x5ed4  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:52:40.0073 0x5ed4  iaStorV - ok
14:52:40.0168 0x5ed4  [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:52:40.0222 0x5ed4  idsvc - ok
14:52:40.0262 0x5ed4  IEEtwCollectorService - ok
14:52:40.0299 0x5ed4  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:52:40.0303 0x5ed4  iirsp - ok
14:52:40.0381 0x5ed4  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
14:52:40.0434 0x5ed4  IKEEXT - ok
14:52:40.0477 0x5ed4  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:52:40.0480 0x5ed4  intelide - ok
14:52:40.0529 0x5ed4  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\drivers\intelppm.sys
14:52:40.0534 0x5ed4  intelppm - ok
14:52:40.0566 0x5ed4  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:52:40.0575 0x5ed4  IPBusEnum - ok
14:52:40.0594 0x5ed4  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:52:40.0599 0x5ed4  IpFilterDriver - ok
14:52:40.0662 0x5ed4  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:52:40.0693 0x5ed4  iphlpsvc - ok
14:52:40.0736 0x5ed4  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:52:40.0741 0x5ed4  IPMIDRV - ok
14:52:40.0795 0x5ed4  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:52:40.0801 0x5ed4  IPNAT - ok
14:52:40.0892 0x5ed4  [ 33813E4F82AEC696762EAD9EDADC9FE3, D0045D6782523B7B6FCFE4A6C864F081B522E409D9E5F031A7B8584910CEE3F5 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:52:40.0919 0x5ed4  iPod Service - ok
14:52:40.0956 0x5ed4  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:52:40.0958 0x5ed4  IRENUM - ok
14:52:40.0980 0x5ed4  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:52:40.0984 0x5ed4  isapnp - ok
14:52:41.0032 0x5ed4  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:52:41.0045 0x5ed4  iScsiPrt - ok
14:52:41.0076 0x5ed4  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:52:41.0080 0x5ed4  kbdclass - ok
14:52:41.0110 0x5ed4  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:52:41.0113 0x5ed4  kbdhid - ok
14:52:41.0128 0x5ed4  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso          C:\Windows\system32\lsass.exe
14:52:41.0133 0x5ed4  KeyIso - ok
14:52:41.0162 0x5ed4  [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:52:41.0167 0x5ed4  KSecDD - ok
14:52:41.0208 0x5ed4  [ D3964885F0A11ACF51DA3AAA776973B2, 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:52:41.0216 0x5ed4  KSecPkg - ok
14:52:41.0262 0x5ed4  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:52:41.0282 0x5ed4  KtmRm - ok
14:52:41.0351 0x5ed4  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\System32\srvsvc.dll
14:52:41.0365 0x5ed4  LanmanServer - ok
14:52:41.0392 0x5ed4  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:52:41.0404 0x5ed4  LanmanWorkstation - ok
14:52:41.0451 0x5ed4  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:52:41.0455 0x5ed4  lltdio - ok
14:52:41.0501 0x5ed4  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:52:41.0516 0x5ed4  lltdsvc - ok
14:52:41.0539 0x5ed4  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:52:41.0544 0x5ed4  lmhosts - ok
14:52:41.0586 0x5ed4  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:52:41.0592 0x5ed4  LSI_FC - ok
14:52:41.0625 0x5ed4  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:52:41.0631 0x5ed4  LSI_SAS - ok
14:52:41.0666 0x5ed4  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:52:41.0670 0x5ed4  LSI_SAS2 - ok
14:52:41.0698 0x5ed4  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:52:41.0705 0x5ed4  LSI_SCSI - ok
14:52:41.0732 0x5ed4  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
14:52:41.0739 0x5ed4  luafv - ok
14:52:41.0784 0x5ed4  [ 1AA835E8A0B8EDF3D676B4ED4BF5EF07, 2D3A92A9B0F800D291B5E84D90C151E52D0BD6A8516E3252441A78226795D53B ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
14:52:41.0790 0x5ed4  mbamchameleon - ok
14:52:41.0834 0x5ed4  [ 8683C1B450F4B3872839308D836E0F92, C6CEEEA780D2191AEAC2537FD96324FF5501D92CE46313FB95ABB51765D919ED ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
14:52:41.0837 0x5ed4  MBAMProtector - ok
14:52:41.0998 0x5ed4  [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler   C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
14:52:42.0084 0x5ed4  MBAMScheduler - ok
14:52:42.0176 0x5ed4  [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService     C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
14:52:42.0231 0x5ed4  MBAMService - ok
14:52:42.0292 0x5ed4  [ 661B911FA04E73FB073FF9B1C9BD2E05, C5FD4F528A59141418DA279291E88E51D406D01FAD36435569D97E95FBA66164 ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
14:52:42.0300 0x5ed4  MBAMSwissArmy - ok
14:52:42.0348 0x5ed4  [ BD27D97297934FD4217A37FD28A7ABC7, 446F3D6D278A4B3B79B331AA325632FD038952E5E910FC927894E9171A623794 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
14:52:42.0353 0x5ed4  MBAMWebAccessControl - ok
14:52:42.0389 0x5ed4  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:52:42.0397 0x5ed4  Mcx2Svc - ok
14:52:42.0425 0x5ed4  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:52:42.0428 0x5ed4  megasas - ok
14:52:42.0474 0x5ed4  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
14:52:42.0487 0x5ed4  MegaSR - ok
14:52:42.0562 0x5ed4  [ FAFE367D032ED82E9332B4C741A20216, 7B123766E360570E0FCB211835B7910D6A1806C25A06BCA9227AB9E993376CA8 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
14:52:42.0568 0x5ed4  Microsoft Office Groove Audit Service - ok
14:52:42.0600 0x5ed4  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
14:52:42.0607 0x5ed4  MMCSS - ok
14:52:42.0626 0x5ed4  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
14:52:42.0630 0x5ed4  Modem - ok
14:52:42.0678 0x5ed4  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:52:42.0681 0x5ed4  monitor - ok
14:52:42.0718 0x5ed4  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:52:42.0722 0x5ed4  mouclass - ok
14:52:42.0753 0x5ed4  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:52:42.0756 0x5ed4  mouhid - ok
14:52:42.0806 0x5ed4  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:52:42.0811 0x5ed4  mountmgr - ok
14:52:42.0925 0x5ed4  [ 528A5C2570F468155A1B3CF0A2FF5EBD, 473EEE97A4690A919DE05C525F0858DA9A5BD30072383D81F096F82DDFC93BAB ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:52:42.0938 0x5ed4  MozillaMaintenance - ok
14:52:42.0981 0x5ed4  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:52:42.0990 0x5ed4  mpio - ok
14:52:43.0026 0x5ed4  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:52:43.0031 0x5ed4  mpsdrv - ok
14:52:43.0087 0x5ed4  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:52:43.0132 0x5ed4  MpsSvc - ok
14:52:43.0173 0x5ed4  [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:52:43.0180 0x5ed4  MRxDAV - ok
14:52:43.0213 0x5ed4  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:52:43.0222 0x5ed4  mrxsmb - ok
14:52:43.0267 0x5ed4  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:52:43.0279 0x5ed4  mrxsmb10 - ok
14:52:43.0300 0x5ed4  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:52:43.0306 0x5ed4  mrxsmb20 - ok
14:52:43.0330 0x5ed4  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:52:43.0334 0x5ed4  msahci - ok
14:52:43.0367 0x5ed4  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:52:43.0374 0x5ed4  msdsm - ok
14:52:43.0400 0x5ed4  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
14:52:43.0412 0x5ed4  MSDTC - ok
14:52:43.0449 0x5ed4  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:52:43.0453 0x5ed4  Msfs - ok
14:52:43.0467 0x5ed4  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:52:43.0469 0x5ed4  mshidkmdf - ok
14:52:43.0483 0x5ed4  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:52:43.0486 0x5ed4  msisadrv - ok
14:52:43.0530 0x5ed4  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:52:43.0543 0x5ed4  MSiSCSI - ok
14:52:43.0555 0x5ed4  msiserver - ok
14:52:43.0609 0x5ed4  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:52:43.0611 0x5ed4  MSKSSRV - ok
14:52:43.0633 0x5ed4  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:52:43.0636 0x5ed4  MSPCLOCK - ok
14:52:43.0652 0x5ed4  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:52:43.0654 0x5ed4  MSPQM - ok
14:52:43.0694 0x5ed4  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:52:43.0704 0x5ed4  MsRPC - ok
14:52:43.0728 0x5ed4  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:52:43.0731 0x5ed4  mssmbios - ok
14:52:43.0763 0x5ed4  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:52:43.0766 0x5ed4  MSTEE - ok
14:52:43.0783 0x5ed4  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
14:52:43.0786 0x5ed4  MTConfig - ok
14:52:43.0811 0x5ed4  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:52:43.0816 0x5ed4  Mup - ok
14:52:43.0864 0x5ed4  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
14:52:43.0887 0x5ed4  napagent - ok
14:52:43.0945 0x5ed4  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:52:43.0959 0x5ed4  NativeWifiP - ok
14:52:44.0046 0x5ed4  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:52:44.0082 0x5ed4  NDIS - ok
14:52:44.0115 0x5ed4  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:52:44.0119 0x5ed4  NdisCap - ok
14:52:44.0141 0x5ed4  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:52:44.0144 0x5ed4  NdisTapi - ok
14:52:44.0171 0x5ed4  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:52:44.0175 0x5ed4  Ndisuio - ok
14:52:44.0203 0x5ed4  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:52:44.0210 0x5ed4  NdisWan - ok
14:52:44.0229 0x5ed4  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:52:44.0234 0x5ed4  NDProxy - ok
14:52:44.0368 0x5ed4  [ 40D7D0A208EE863BCA8D89E299216F15, 4686E416A80D883B7C6CBE21E8D8D6C814D16DC48495F8ACFE7B4664560CA5E3 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
14:52:44.0411 0x5ed4  Nero BackItUp Scheduler 3 - ok
14:52:44.0454 0x5ed4  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:52:44.0458 0x5ed4  NetBIOS - ok
14:52:44.0488 0x5ed4  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:52:44.0499 0x5ed4  NetBT - ok
14:52:44.0518 0x5ed4  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon        C:\Windows\system32\lsass.exe
14:52:44.0523 0x5ed4  Netlogon - ok
14:52:44.0571 0x5ed4  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
14:52:44.0589 0x5ed4  Netman - ok
14:52:44.0640 0x5ed4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:52:44.0649 0x5ed4  NetMsmqActivator - ok
14:52:44.0668 0x5ed4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:52:44.0678 0x5ed4  NetPipeActivator - ok
14:52:44.0716 0x5ed4  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
14:52:44.0739 0x5ed4  netprofm - ok
14:52:44.0756 0x5ed4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:52:44.0764 0x5ed4  NetTcpActivator - ok
14:52:44.0781 0x5ed4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:52:44.0791 0x5ed4  NetTcpPortSharing - ok
14:52:44.0830 0x5ed4  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:52:44.0834 0x5ed4  nfrd960 - ok
14:52:44.0872 0x5ed4  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:52:44.0890 0x5ed4  NlaSvc - ok
14:52:44.0970 0x5ed4  [ EBA1B4BF2E2375ABDADEDB649F283541, 8B27AE794678C55791F95F34E67E12BAD5BE753F812C49D6511BB657CF453B52 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
14:52:45.0010 0x5ed4  NMIndexingService - ok
14:52:45.0045 0x5ed4  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:52:45.0050 0x5ed4  Npfs - ok
14:52:45.0076 0x5ed4  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
14:52:45.0083 0x5ed4  nsi - ok
14:52:45.0106 0x5ed4  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:52:45.0109 0x5ed4  nsiproxy - ok
14:52:45.0223 0x5ed4  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:52:45.0298 0x5ed4  Ntfs - ok
14:52:45.0326 0x5ed4  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
14:52:45.0328 0x5ed4  Null - ok
14:52:45.0376 0x5ed4  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:52:45.0383 0x5ed4  nvraid - ok
14:52:45.0414 0x5ed4  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:52:45.0423 0x5ed4  nvstor - ok
14:52:45.0442 0x5ed4  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:52:45.0450 0x5ed4  nv_agp - ok
14:52:45.0552 0x5ed4  [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:52:45.0577 0x5ed4  odserv - ok
14:52:45.0621 0x5ed4  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:52:45.0626 0x5ed4  ohci1394 - ok
14:52:45.0684 0x5ed4  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:52:45.0693 0x5ed4  ose - ok
14:52:45.0748 0x5ed4  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:52:45.0767 0x5ed4  p2pimsvc - ok
14:52:45.0801 0x5ed4  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:52:45.0824 0x5ed4  p2psvc - ok
14:52:45.0856 0x5ed4  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\drivers\parport.sys
14:52:45.0861 0x5ed4  Parport - ok
14:52:45.0896 0x5ed4  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:52:45.0901 0x5ed4  partmgr - ok
14:52:45.0940 0x5ed4  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
14:52:45.0942 0x5ed4  Parvdm - ok
14:52:45.0987 0x5ed4  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:52:46.0001 0x5ed4  PcaSvc - ok
14:52:46.0024 0x5ed4  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
14:52:46.0033 0x5ed4  pci - ok
14:52:46.0063 0x5ed4  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:52:46.0067 0x5ed4  pciide - ok
14:52:46.0102 0x5ed4  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:52:46.0112 0x5ed4  pcmcia - ok
14:52:46.0141 0x5ed4  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:52:46.0145 0x5ed4  pcw - ok
14:52:46.0292 0x5ed4  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:52:46.0321 0x5ed4  PEAUTH - ok
14:52:46.0419 0x5ed4  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
14:52:46.0484 0x5ed4  PeerDistSvc - ok
14:52:46.0802 0x5ed4  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
14:52:46.0900 0x5ed4  pla - ok
14:52:46.0935 0x5ed4  [ 875E4E0661F3A5994DF9E5E3A0A4F96B, 7198C02935B3714C455EE94305D2A21D900D72AC67049C11A1E842572AD6C5E1 ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
14:52:46.0942 0x5ed4  PLFlash DeviceIoControl Service - ok
14:52:46.0996 0x5ed4  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:52:47.0018 0x5ed4  PlugPlay - ok
14:52:47.0044 0x5ed4  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:52:47.0052 0x5ed4  PNRPAutoReg - ok
14:52:47.0082 0x5ed4  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:52:47.0100 0x5ed4  PNRPsvc - ok
14:52:47.0163 0x5ed4  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:52:47.0184 0x5ed4  PolicyAgent - ok
14:52:47.0235 0x5ed4  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
14:52:47.0247 0x5ed4  Power - ok
14:52:47.0292 0x5ed4  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:52:47.0299 0x5ed4  PptpMiniport - ok
14:52:47.0321 0x5ed4  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\drivers\processr.sys
14:52:47.0325 0x5ed4  Processor - ok
14:52:47.0368 0x5ed4  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:52:47.0383 0x5ed4  ProfSvc - ok
14:52:47.0407 0x5ed4  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:52:47.0412 0x5ed4  ProtectedStorage - ok
14:52:47.0450 0x5ed4  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:52:47.0458 0x5ed4  Psched - ok
14:52:47.0564 0x5ed4  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:52:47.0632 0x5ed4  ql2300 - ok
14:52:47.0679 0x5ed4  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:52:47.0686 0x5ed4  ql40xx - ok
14:52:47.0717 0x5ed4  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
14:52:47.0734 0x5ed4  QWAVE - ok
14:52:47.0754 0x5ed4  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:52:47.0758 0x5ed4  QWAVEdrv - ok
14:52:47.0784 0x5ed4  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:52:47.0787 0x5ed4  RasAcd - ok
14:52:47.0827 0x5ed4  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:52:47.0831 0x5ed4  RasAgileVpn - ok
14:52:47.0852 0x5ed4  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
14:52:47.0863 0x5ed4  RasAuto - ok
14:52:47.0900 0x5ed4  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:52:47.0906 0x5ed4  Rasl2tp - ok
14:52:47.0937 0x5ed4  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
14:52:47.0959 0x5ed4  RasMan - ok
14:52:47.0992 0x5ed4  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:52:47.0999 0x5ed4  RasPppoe - ok
14:52:48.0024 0x5ed4  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:52:48.0030 0x5ed4  RasSstp - ok
14:52:48.0072 0x5ed4  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:52:48.0085 0x5ed4  rdbss - ok
14:52:48.0105 0x5ed4  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:52:48.0108 0x5ed4  rdpbus - ok
14:52:48.0134 0x5ed4  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:52:48.0137 0x5ed4  RDPCDD - ok
14:52:48.0172 0x5ed4  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
14:52:48.0181 0x5ed4  RDPDR - ok
14:52:48.0194 0x5ed4  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:52:48.0198 0x5ed4  RDPENCDD - ok
14:52:48.0232 0x5ed4  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:52:48.0235 0x5ed4  RDPREFMP - ok
14:52:48.0275 0x5ed4  [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:52:48.0279 0x5ed4  RdpVideoMiniport - ok
14:52:48.0329 0x5ed4  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:52:48.0341 0x5ed4  RDPWD - ok
14:52:48.0393 0x5ed4  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:52:48.0403 0x5ed4  rdyboost - ok
14:52:48.0436 0x5ed4  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:52:48.0444 0x5ed4  RemoteAccess - ok
14:52:48.0478 0x5ed4  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:52:48.0490 0x5ed4  RemoteRegistry - ok
14:52:48.0535 0x5ed4  [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
14:52:48.0543 0x5ed4  RFCOMM - ok
14:52:48.0569 0x5ed4  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:52:48.0577 0x5ed4  RpcEptMapper - ok
14:52:48.0608 0x5ed4  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
14:52:48.0613 0x5ed4  RpcLocator - ok
14:52:48.0653 0x5ed4  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
14:52:48.0680 0x5ed4  RpcSs - ok
14:52:48.0742 0x5ed4  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:52:48.0747 0x5ed4  rspndr - ok
14:52:48.0804 0x5ed4  [ 3849D5D73BDD9B7BC4E3305DDC345B2C, CCB81EB36DB8A7027EAB0C5BA28D77694AD25BD11A222B4B6BF3932E284F77A1 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
14:52:48.0825 0x5ed4  RTL8167 - ok
14:52:48.0927 0x5ed4  [ BE2A77A83F0AF8C1080FD74E780BD9BE, 10C5B9E10639EBA4A1350796B5F30A90D56AA1EB10E9A4F81434ACF4C97EA998 ] RTL8192Ce       C:\Windows\system32\DRIVERS\rtwlane.sys
14:52:48.0975 0x5ed4  RTL8192Ce - ok
14:52:48.0998 0x5ed4  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
14:52:49.0001 0x5ed4  s3cap - ok
14:52:49.0018 0x5ed4  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs           C:\Windows\system32\lsass.exe
14:52:49.0023 0x5ed4  SamSs - ok
14:52:49.0066 0x5ed4  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:52:49.0073 0x5ed4  sbp2port - ok
14:52:49.0106 0x5ed4  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:52:49.0118 0x5ed4  SCardSvr - ok
14:52:49.0134 0x5ed4  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:52:49.0138 0x5ed4  scfilter - ok
14:52:49.0223 0x5ed4  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
14:52:49.0265 0x5ed4  Schedule - ok
14:52:49.0293 0x5ed4  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:52:49.0299 0x5ed4  SCPolicySvc - ok
14:52:49.0335 0x5ed4  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:52:49.0348 0x5ed4  SDRSVC - ok
14:52:49.0385 0x5ed4  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:52:49.0388 0x5ed4  secdrv - ok
14:52:49.0411 0x5ed4  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
14:52:49.0419 0x5ed4  seclogon - ok
14:52:49.0439 0x5ed4  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\system32\sens.dll
14:52:49.0449 0x5ed4  SENS - ok
14:52:49.0479 0x5ed4  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:52:49.0486 0x5ed4  SensrSvc - ok
14:52:49.0519 0x5ed4  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\drivers\serenum.sys
14:52:49.0522 0x5ed4  Serenum - ok
14:52:49.0543 0x5ed4  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\drivers\serial.sys
14:52:49.0549 0x5ed4  Serial - ok
14:52:49.0574 0x5ed4  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:52:49.0577 0x5ed4  sermouse - ok
14:52:49.0630 0x5ed4  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:52:49.0642 0x5ed4  SessionEnv - ok
14:52:49.0662 0x5ed4  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:52:49.0665 0x5ed4  sffdisk - ok
14:52:49.0692 0x5ed4  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:52:49.0696 0x5ed4  sffp_mmc - ok
14:52:49.0719 0x5ed4  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:52:49.0722 0x5ed4  sffp_sd - ok
14:52:49.0736 0x5ed4  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:52:49.0739 0x5ed4  sfloppy - ok
14:52:49.0793 0x5ed4  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:52:49.0813 0x5ed4  SharedAccess - ok
14:52:49.0863 0x5ed4  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:52:49.0887 0x5ed4  ShellHWDetection - ok
14:52:49.0917 0x5ed4  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
14:52:49.0921 0x5ed4  sisagp - ok
14:52:49.0961 0x5ed4  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:52:49.0965 0x5ed4  SiSRaid2 - ok
14:52:49.0990 0x5ed4  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:52:49.0997 0x5ed4  SiSRaid4 - ok
14:52:50.0023 0x5ed4  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:52:50.0029 0x5ed4  Smb - ok
14:52:50.0083 0x5ed4  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:52:50.0090 0x5ed4  SNMPTRAP - ok
14:52:50.0121 0x5ed4  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:52:50.0124 0x5ed4  spldr - ok
14:52:50.0169 0x5ed4  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
14:52:50.0190 0x5ed4  Spooler - ok
14:52:50.0403 0x5ed4  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
14:52:50.0579 0x5ed4  sppsvc - ok
14:52:50.0629 0x5ed4  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:52:50.0639 0x5ed4  sppuinotify - ok
14:52:50.0689 0x5ed4  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:52:50.0706 0x5ed4  srv - ok
14:52:50.0757 0x5ed4  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:52:50.0773 0x5ed4  srv2 - ok
14:52:50.0795 0x5ed4  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:52:50.0803 0x5ed4  srvnet - ok
14:52:50.0844 0x5ed4  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:52:50.0858 0x5ed4  SSDPSRV - ok
14:52:50.0891 0x5ed4  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
14:52:50.0894 0x5ed4  ssmdrv - ok
14:52:50.0920 0x5ed4  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:52:50.0932 0x5ed4  SstpSvc - ok
14:52:50.0968 0x5ed4  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:52:50.0972 0x5ed4  stexstor - ok
14:52:51.0036 0x5ed4  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
14:52:51.0066 0x5ed4  StiSvc - ok
14:52:51.0099 0x5ed4  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
14:52:51.0103 0x5ed4  storflt - ok
14:52:51.0132 0x5ed4  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
14:52:51.0136 0x5ed4  storvsc - ok
14:52:51.0161 0x5ed4  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:52:51.0165 0x5ed4  swenum - ok
14:52:51.0214 0x5ed4  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
14:52:51.0237 0x5ed4  swprv - ok
14:52:51.0271 0x5ed4  [ F2AD8960812FD111E20E84659EF19D43, FAC91E940D3735738908447E58792C32E6F86427612114A624041B7213831105 ] Synth3dVsc      C:\Windows\system32\drivers\synth3dvsc.sys
14:52:51.0277 0x5ed4  Synth3dVsc - ok
14:52:51.0333 0x5ed4  [ E3D32CC52337215B653BF8175273644A, F22866D6A3F7818995D5CA9EF55C17F98591F85D9EDCC0CEC0415C9FC0881200 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
14:52:51.0350 0x5ed4  SynTP - ok
14:52:51.0448 0x5ed4  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
14:52:51.0524 0x5ed4  SysMain - ok
14:52:51.0553 0x5ed4  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
14:52:51.0564 0x5ed4  TabletInputService - ok
14:52:51.0592 0x5ed4  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:52:51.0610 0x5ed4  TapiSrv - ok
14:52:51.0637 0x5ed4  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
14:52:51.0646 0x5ed4  TBS - ok
14:52:51.0808 0x5ed4  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:52:51.0872 0x5ed4  Tcpip - ok
14:52:52.0003 0x5ed4  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:52:52.0079 0x5ed4  TCPIP6 - ok
14:52:52.0123 0x5ed4  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:52:52.0127 0x5ed4  tcpipreg - ok
14:52:52.0161 0x5ed4  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:52:52.0165 0x5ed4  TDPIPE - ok
14:52:52.0190 0x5ed4  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:52:52.0194 0x5ed4  TDTCP - ok
14:52:52.0223 0x5ed4  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:52:52.0229 0x5ed4  tdx - ok
14:52:52.0622 0x5ed4  [ 3438EFDC30F7A41D3598ED60BBF6CF2A, 342B8E78DF6B4BA641C5CCB5B1343B363B770681F0794A809728789E3BE56E46 ] TeamViewer9     C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
14:52:52.0864 0x5ed4  TeamViewer9 - ok
14:52:52.0939 0x5ed4  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:52:52.0947 0x5ed4  TermDD - ok
14:52:52.0983 0x5ed4  [ E951866BAC5A23403F62A349EDBB6EEB, BE6FB3C09D1CF8952B4D041F45B4DEE53D78EE7D27A5135012BC92B2F7CFBEA3 ] terminpt        C:\Windows\system32\drivers\terminpt.sys
14:52:52.0987 0x5ed4  terminpt - ok
14:52:53.0046 0x5ed4  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
14:52:53.0077 0x5ed4  TermService - ok
14:52:53.0097 0x5ed4  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
14:52:53.0106 0x5ed4  Themes - ok
14:52:53.0135 0x5ed4  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
14:52:53.0142 0x5ed4  THREADORDER - ok
14:52:53.0194 0x5ed4  [ F95208D35A9667C58CF8122EE22805A6, 80A72F21EE1E96753E90DDD87FA9BEACDF11E1A92FCDF01AFB499E751DA0613B ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
14:52:53.0205 0x5ed4  TOSHIBA Bluetooth Service - ok
14:52:53.0238 0x5ed4  Tosrfcom - ok
14:52:53.0276 0x5ed4  [ 51BAA142744E236C3A886479CAD99A06, B033630835D9274B7C8223FBCA89FB6D10DB084E4778295F978E19EB2919961F ] tosrfec         C:\Windows\system32\DRIVERS\tosrfec.sys
14:52:53.0280 0x5ed4  tosrfec - ok
14:52:53.0328 0x5ed4  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
14:52:53.0339 0x5ed4  TrkWks - ok
14:52:53.0410 0x5ed4  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:52:53.0421 0x5ed4  TrustedInstaller - ok
14:52:53.0455 0x5ed4  [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:52:53.0459 0x5ed4  tssecsrv - ok
14:52:53.0501 0x5ed4  [ 9CE253214ACAA5A7D323327D2055EFAA, 15E7DB578EDF36DD2FD5BA960C3941B2353037323B6B96702CDCDC07588EA724 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:52:53.0506 0x5ed4  TsUsbFlt - ok
14:52:53.0528 0x5ed4  [ 57C527AF84748B5C2F5178C499C0B81F, 2FF1F25BA16F8984E9F2CE4DE663F261BAF267EDF10D466A52BB211C567F763C ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
14:52:53.0533 0x5ed4  TsUsbGD - ok
14:52:53.0564 0x5ed4  [ 045ACB987C650D8186C6B4A692223860, C1CDDF7DABAE531C53290C7C70F35DD65751B399D269711865AD65F9E4E43B0B ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
14:52:53.0572 0x5ed4  tsusbhub - ok
14:52:53.0624 0x5ed4  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:52:53.0631 0x5ed4  tunnel - ok
14:52:53.0671 0x5ed4  [ 792A8B80F8188ABA4B2BE271583F3E46, BFE96D13926F3CB7D807CEBB5E190736B742EB5C93F7FED08AA5D145F4B6A874 ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
14:52:53.0674 0x5ed4  TVALZ - ok
14:52:53.0699 0x5ed4  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:52:53.0704 0x5ed4  uagp35 - ok
14:52:53.0735 0x5ed4  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:52:53.0749 0x5ed4  udfs - ok
14:52:53.0798 0x5ed4  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:52:53.0806 0x5ed4  UI0Detect - ok
14:52:53.0834 0x5ed4  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:52:53.0839 0x5ed4  uliagpkx - ok
14:52:53.0881 0x5ed4  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:52:53.0886 0x5ed4  umbus - ok
14:52:53.0920 0x5ed4  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\drivers\umpass.sys
14:52:53.0923 0x5ed4  UmPass - ok
14:52:53.0967 0x5ed4  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
14:52:53.0983 0x5ed4  UmRdpService - ok
14:52:54.0037 0x5ed4  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
14:52:54.0056 0x5ed4  upnphost - ok
14:52:54.0097 0x5ed4  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
14:52:54.0101 0x5ed4  USBAAPL - ok
14:52:54.0134 0x5ed4  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:52:54.0139 0x5ed4  usbccgp - ok
14:52:54.0191 0x5ed4  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:52:54.0198 0x5ed4  usbcir - ok
14:52:54.0222 0x5ed4  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:52:54.0226 0x5ed4  usbehci - ok
14:52:54.0271 0x5ed4  [ 04322AECFC8718883EE3A0FE21FB5B70, F2AEE1999E9ACA8D4D61B0FC165EB22827892BB1E6B93E3B86694101AD06DA9C ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
14:52:54.0275 0x5ed4  usbfilter - ok
14:52:54.0328 0x5ed4  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:52:54.0343 0x5ed4  usbhub - ok
14:52:54.0368 0x5ed4  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
14:52:54.0371 0x5ed4  usbohci - ok
14:52:54.0411 0x5ed4  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:52:54.0415 0x5ed4  usbprint - ok
14:52:54.0452 0x5ed4  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:52:54.0458 0x5ed4  USBSTOR - ok
14:52:54.0484 0x5ed4  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:52:54.0487 0x5ed4  usbuhci - ok
14:52:54.0543 0x5ed4  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
14:52:54.0552 0x5ed4  usbvideo - ok
14:52:54.0583 0x5ed4  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
14:52:54.0591 0x5ed4  UxSms - ok
14:52:54.0607 0x5ed4  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc        C:\Windows\system32\lsass.exe
14:52:54.0612 0x5ed4  VaultSvc - ok
14:52:54.0676 0x5ed4  [ 7D8070106CD78C8C87E34F11DFB9F860, 9A8F392DC6137C407712550B10A56CAD94329C5B49ECDB67BAFCA5E11949844C ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
14:52:54.0684 0x5ed4  VBoxNetAdp - ok
14:52:54.0694 0x5ed4  VBoxNetFlt - ok
14:52:54.0746 0x5ed4  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:52:54.0751 0x5ed4  vdrvroot - ok
14:52:54.0810 0x5ed4  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
14:52:54.0838 0x5ed4  vds - ok
14:52:54.0860 0x5ed4  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:52:54.0866 0x5ed4  vga - ok
14:52:54.0889 0x5ed4  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:52:54.0893 0x5ed4  VgaSave - ok
14:52:54.0904 0x5ed4  VGPU - ok
14:52:54.0932 0x5ed4  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:52:54.0942 0x5ed4  vhdmp - ok
14:52:54.0966 0x5ed4  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
14:52:54.0971 0x5ed4  viaagp - ok
14:52:54.0992 0x5ed4  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
14:52:54.0998 0x5ed4  ViaC7 - ok
14:52:55.0020 0x5ed4  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:52:55.0023 0x5ed4  viaide - ok
14:52:55.0071 0x5ed4  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
14:52:55.0082 0x5ed4  vmbus - ok
14:52:55.0100 0x5ed4  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
14:52:55.0103 0x5ed4  VMBusHID - ok
14:52:55.0133 0x5ed4  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:52:55.0138 0x5ed4  volmgr - ok
14:52:55.0172 0x5ed4  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:52:55.0188 0x5ed4  volmgrx - ok
14:52:55.0219 0x5ed4  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:52:55.0233 0x5ed4  volsnap - ok
14:52:55.0275 0x5ed4  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:52:55.0284 0x5ed4  vsmraid - ok
14:52:55.0384 0x5ed4  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
14:52:55.0440 0x5ed4  VSS - ok
14:52:55.0464 0x5ed4  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:52:55.0467 0x5ed4  vwifibus - ok
14:52:55.0496 0x5ed4  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:52:55.0501 0x5ed4  vwififlt - ok
14:52:55.0530 0x5ed4  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
14:52:55.0550 0x5ed4  W32Time - ok
14:52:55.0584 0x5ed4  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:52:55.0587 0x5ed4  WacomPen - ok
14:52:55.0622 0x5ed4  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:52:55.0627 0x5ed4  WANARP - ok
14:52:55.0639 0x5ed4  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:52:55.0644 0x5ed4  Wanarpv6 - ok
14:52:55.0766 0x5ed4  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:52:55.0853 0x5ed4  WatAdminSvc - ok
14:52:55.0972 0x5ed4  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
14:52:56.0036 0x5ed4  wbengine - ok
14:52:56.0069 0x5ed4  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:52:56.0084 0x5ed4  WbioSrvc - ok
14:52:56.0123 0x5ed4  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:52:56.0144 0x5ed4  wcncsvc - ok
14:52:56.0171 0x5ed4  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:52:56.0180 0x5ed4  WcsPlugInService - ok
14:52:56.0208 0x5ed4  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\drivers\wd.sys
14:52:56.0212 0x5ed4  Wd - ok
14:52:56.0271 0x5ed4  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:52:56.0298 0x5ed4  Wdf01000 - ok
14:52:56.0337 0x5ed4  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:52:56.0348 0x5ed4  WdiServiceHost - ok
14:52:56.0360 0x5ed4  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:52:56.0372 0x5ed4  WdiSystemHost - ok
14:52:56.0411 0x5ed4  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
14:52:56.0429 0x5ed4  WebClient - ok
14:52:56.0461 0x5ed4  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:52:56.0475 0x5ed4  Wecsvc - ok
14:52:56.0496 0x5ed4  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:52:56.0507 0x5ed4  wercplsupport - ok
14:52:56.0545 0x5ed4  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
14:52:56.0555 0x5ed4  WerSvc - ok
14:52:56.0601 0x5ed4  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:52:56.0604 0x5ed4  WfpLwf - ok
14:52:56.0620 0x5ed4  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:52:56.0623 0x5ed4  WIMMount - ok
14:52:56.0725 0x5ed4  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
14:52:56.0801 0x5ed4  WinDefend - ok
14:52:56.0831 0x5ed4  WinHttpAutoProxySvc - ok
14:52:56.0914 0x5ed4  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:52:56.0955 0x5ed4  Winmgmt - ok
14:52:57.0078 0x5ed4  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
14:52:57.0164 0x5ed4  WinRM - ok
14:52:57.0228 0x5ed4  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:52:57.0233 0x5ed4  WinUsb - ok
14:52:57.0318 0x5ed4  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:52:57.0364 0x5ed4  Wlansvc - ok
14:52:57.0413 0x5ed4  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
14:52:57.0416 0x5ed4  WmiAcpi - ok
14:52:57.0463 0x5ed4  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:52:57.0471 0x5ed4  wmiApSrv - ok
14:52:57.0582 0x5ed4  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
14:52:57.0636 0x5ed4  WMPNetworkSvc - ok
14:52:57.0663 0x5ed4  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:52:57.0671 0x5ed4  WPCSvc - ok
14:52:57.0697 0x5ed4  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:52:57.0708 0x5ed4  WPDBusEnum - ok
14:52:57.0747 0x5ed4  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:52:57.0750 0x5ed4  ws2ifsl - ok
14:52:57.0769 0x5ed4  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\system32\wscsvc.dll
14:52:57.0780 0x5ed4  wscsvc - ok
14:52:57.0790 0x5ed4  WSearch - ok
14:52:57.0951 0x5ed4  [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv        C:\Windows\system32\wuaueng.dll
14:52:58.0073 0x5ed4  wuauserv - ok
14:52:58.0126 0x5ed4  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:52:58.0132 0x5ed4  WudfPf - ok
14:52:58.0168 0x5ed4  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:52:58.0178 0x5ed4  WUDFRd - ok
14:52:58.0220 0x5ed4  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:52:58.0231 0x5ed4  wudfsvc - ok
14:52:58.0275 0x5ed4  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:52:58.0292 0x5ed4  WwanSvc - ok
14:52:58.0321 0x5ed4  ================ Scan global ===============================
14:52:58.0350 0x5ed4  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
14:52:58.0388 0x5ed4  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
14:52:58.0418 0x5ed4  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
14:52:58.0471 0x5ed4  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
14:52:58.0518 0x5ed4  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
14:52:58.0536 0x5ed4  [ Global ] - ok
14:52:58.0537 0x5ed4  ================ Scan MBR ==================================
14:52:58.0551 0x5ed4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:52:59.0522 0x5ed4  \Device\Harddisk0\DR0 - ok
14:52:59.0524 0x5ed4  ================ Scan VBR ==================================
14:52:59.0553 0x5ed4  [ 7FFE360315BA8E3264EC8351E6463483 ] \Device\Harddisk0\DR0\Partition1
14:52:59.0556 0x5ed4  \Device\Harddisk0\DR0\Partition1 - ok
14:52:59.0558 0x5ed4  ================ Scan generic autorun ======================
14:52:59.0615 0x5ed4  [ 38D198A2DD54A67120040566A38103BA, 01604BD91A5B2C0DDC7B52036511F8219952626716E75979D8464F2C56BA0114 ] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
14:52:59.0619 0x5ed4  GrooveMonitor - ok
14:52:59.0667 0x5ed4  [ 8B9145D229D4E89D15ACB820D4A3A90F, F3831D9AE752B6AFBD3380E0BC849E4B051D6E06A88C1F61293A6DE4F66794E1 ] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
14:52:59.0671 0x5ed4  Adobe Reader Speed Launcher - ok
14:52:59.0883 0x5ed4  [ C7420E7B290E371967F59026E6B014CE, B5852401CCD1D3EDF89462B47B44D58B85E37D54498EC0E743E16DA17764D495 ] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
14:53:00.0028 0x5ed4  NBKeyScan - ok
14:53:00.0121 0x5ed4  [ 1E9B225DE829A6F666A0BA9B8A7984BF, 89D1222D72E23D21E6388B068CE7C415A9857ABB37D7A3AAD549B949A87E61FC ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
14:53:00.0156 0x5ed4  avgnt - ok
14:53:00.0341 0x5ed4  [ 1ECF477A06C6729FF43A816AB71DFCC2, ED4DD2B883E1FFEB7FB46304609177C22D44150684D021C9F369082A395B9DCC ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
14:53:00.0453 0x5ed4  SynTPEnh - ok
14:53:00.0550 0x5ed4  [ 86AE9C0D419BE7BE98F1FE40E154DB7E, 71C7BB02817CD90D4E0C0A9ED9C08280E2B2CA92306D06C4F392307440476FF5 ] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
14:53:00.0569 0x5ed4  StartCCC - ok
14:53:00.0597 0x5ed4  [ C8AEBDDAAD605E68DBCCD41CD58FC841, 97243EB73BD358D23E74AEEA8998A45B2DF23637282E892D39FDA0EFCB2EFB69 ] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
14:53:00.0603 0x5ed4  ITSecMng - ok
14:53:00.0650 0x5ed4  [ 1AE0189F6E0C89751D7810DFA4432EAC, A1422453DCCD8163C0A7620CEFDE42184C26DD40BFA4208715B394E2558C19EA ] C:\Program Files\ActivIdentity\ActivClient\acevents.exe
14:53:00.0662 0x5ed4  acevents - ok
14:53:00.0720 0x5ed4  [ FBAFAD50A5D116933F116B0B910B6AA4, C72DAADDC564876B1FF7693B61FAEB60C7C89C5C14F72B9AF3A27A5EF6D42D15 ] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
14:53:00.0740 0x5ed4  accrdsub - ok
14:53:00.0813 0x5ed4  [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
14:53:00.0826 0x5ed4  SunJavaUpdateSched - ok
14:53:00.0892 0x5ed4  [ 603668084332DDB58D8C5AACE30B04FC, B6FA6BBE18D433F41F96640726444B7CB9D669BAE87A545E1408391B9469EDB9 ] C:\Program Files\iTunes\iTunesHelper.exe
14:53:00.0900 0x5ed4  iTunesHelper - ok
14:53:01.0060 0x5ed4  [ E4EFC2CDC71E0698CB81A4D60C3FADFF, 0278452E7FE903053A470EFA0C7813E9C43517EC0C8C9E42C5A9A3C99146D06B ] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
14:53:01.0147 0x5ed4  IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - ok
14:53:01.0314 0x5ed4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\sidebar.exe
14:53:01.0368 0x5ed4  Sidebar - ok
14:53:01.0480 0x5ed4  [ B4A7BAB6D6E08ECF0CB15CAA4A44A6B3, AD698B0AFCD6DF59BE5E913DA402F74C2AF4FC443DA43CD0BBBE3D8EAAEC37A7 ] C:\Users\USER\AppData\Local\Skillbrains\lightshot\Lightshot.exe
14:53:01.0494 0x5ed4  LightShot - ok
14:53:01.0555 0x5ed4  AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.5.376 ), 0x40000 ( disabled : updated )
14:53:01.0584 0x5ed4  Win FW state via NFP2: enabled
14:53:01.0586 0x5ed4  ============================================================
14:53:01.0586 0x5ed4  Scan finished
14:53:01.0586 0x5ed4  ============================================================
14:53:01.0608 0x5ecc  Detected object count: 0
14:53:01.0608 0x5ecc  Actual detected object count: 0
14:53:45.0095 0x5cf0  Deinitialize success
 

Attached Files

  • Attached File  ark.txt   2.31KB   2 downloads


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:45 PM

Posted 06 August 2014 - 09:07 AM

Your system is clearly not infected by a rootkit.

Some device drivers use similar functions to interact with windows and/or the hardware.

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:09:45 PM

Posted 06 August 2014 - 11:39 AM

Just adware...

 

C:\Firefox\toolbar@ask.com\plugins\npAviraCallingID.dll a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Program Files\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Program Files\Avira\AntiVir Desktop\apnstub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Program Files\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 Win32/AdWare.1ClickDownload.AR application
C:\Users\USER\Downloads\spsetup125.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application


#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:45 PM

Posted 07 August 2014 - 02:16 AM

These files aren´t malware but contain security risks. I´d delete them immediately - your choice.

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:09:45 PM

Posted 07 August 2014 - 04:39 AM

Weird,Avira is killed by a virus I think...



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:45 PM

Posted 07 August 2014 - 06:59 AM

Weird,Avira is killed by a virus I think...

If you mean these files:

 

C:\Program Files\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Program Files\Avira\AntiVir Desktop\apnstub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Program Files\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
 
then this is not a virus. It is a legit function of antivir which uses an adware-related toolbar.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:09:45 PM

Posted 07 August 2014 - 07:12 AM

Its all good now,I cleaned those files

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Ultimate x86
Ran by USER on źet 07.08.2014. at 13:44:58,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źet 07.08.2014. at 14:03:57,54
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v3.303 - Report created 07/08/2014 at 12:26:13
# Updated 06/08/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : USER - USER-PC
# Running from : C:\Users\USER\Downloads\adwcleaner_3.303.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Program Files\Skillbrains
Folder Found : C:\USERs\USER\AppData\Local\Skillbrains
 
***** [ Scheduled Tasks ] *****
 
Task Found : Scheduled Update for Ask Toolbar
Task Found : update-sys
Task Found : update-S-1-5-21-1232973798-4032959043-3512486690-1000
Task Found : update-sys
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\SkillBrains
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Key Found : HKLM\Software\SkillBrains
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [LightShot]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Mozilla Firefox v22.0 (hr)
 
[ File : C:\USERs\USER\AppData\Roaming\Mozilla\Firefox\Profiles\fmruwdpp.default\prefs.js ]
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1326 octets] - [07/08/2014 12:26:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1386 octets] ##########
 


#14 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:09:45 PM

Posted 07 August 2014 - 07:55 AM

Results of screen317's Security Check version 0.99.86  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Java version out of Date! 
 Adobe Flash Player 14.0.0.145  
 Adobe Reader 8 Adobe Reader out of Date! 
 Mozilla Firefox 22.0 Firefox out of Date!  
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 7% 
````````````````````End of Log`````````````````````` 


#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:45 PM

Posted 07 August 2014 - 08:27 AM

Your system is clean now! :)

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.

After the reboot
  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

Mozilla Firefox out of date

Your Firefox browser is outdated. Please follow these instructions to update it:

  • Get the actual firefox from here.
  • Run setup and follow the instructions on your monitor.
  • Report any problems you have with the update.

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.




Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.




Temp File Cleaner

We need to download Temp File Cleaner (TFC) by OldTimer:
  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now
More Information can be found about the tool here: http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users