Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to start computer in other than safe mode.


  • This topic is locked This topic is locked
9 replies to this topic

#1 Stratomaster

Stratomaster

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 28 September 2014 - 11:51 AM

I used Malwarebytes to remove a bunch of spyware and other things from a friend's laptop (Windows 7) and now it won't boot up in anything other than plaing safe mode. When you try and start it normally it just freezes on a black screen. Any and all help is appreciated.



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 29 September 2014 - 05:00 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Stratomaster

Stratomaster
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 03 October 2014 - 09:08 PM

So sorry have been out of town away from a computer until now. Nice to meet you and I will get started on this as soon as possible, as in now



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 04 October 2014 - 08:07 AM

OK :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Stratomaster

Stratomaster
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 04 October 2014 - 02:32 PM

Marius,

 

  My name is Greg by the way from Tennessee in he good old USA. Here are the files and posts you asked for. The only program that didn't give any results was TDSSKiller.

 

Here is the FRST.txt file

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-10-2014 01
Ran by Primi (administrator) on PRIMI-PC on 04-10-2014 09:08:08
Running from C:\Users\Primi\Downloads
Loaded Profile: Primi (Available profiles: Primi)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files\pcmax\pcmax.exe
() C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF\SupraSavingsService64.exe
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Pay By Ads LTD) C:\Users\Primi\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe
(Facebook Inc.) C:\Users\Primi\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-09-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-09-18] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2011-09-18] (Lenovo)
HKLM\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-06-15] (Vimicro)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-13] (Egis Technology Inc. )
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-09-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PLTSR] => C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-09-18] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2266686303-887618710-1039380715-1000\...\Run: [Best Buy pc app] => C:\Users\Primi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
HKU\S-1-5-21-2266686303-887618710-1039380715-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-09-18] (Google Inc.)
HKU\S-1-5-21-2266686303-887618710-1039380715-1000\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()
HKU\S-1-5-21-2266686303-887618710-1039380715-1000\...\Run: [Yahoo! Search] => C:\Users\Primi\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe [535472 2014-07-07] (Pay By Ads LTD)
HKU\S-1-5-21-2266686303-887618710-1039380715-1000\...\Run: [Facebook Update] => C:\Users\Primi\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-17] (Facebook Inc.)
HKU\S-1-5-21-2266686303-887618710-1039380715-1000\...\Policies\Explorer: [HideSCAHealth] 1
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL => "C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL" File Not Found
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer:
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - {59F491AF-4D02-49AE-92E0-4DB4F4F895AC} URL = http://rts.dsrlte.com/?q={searchTerms}&r=454
BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.203.226
 
FireFox:
========
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Primi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension:  Online Accounts Extension  - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011-09-18]
 
Chrome: 
=======
CHR NewTab: Default -> "chrome-extension://nglnnifljabmkcecofpnlokcgnmbecia/spent.html"
CHR Profile: C:\Users\Primi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Primi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-02]
CHR Extension: (GamingWonderland) - C:\Users\Primi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nglnnifljabmkcecofpnlokcgnmbecia [2014-06-02]
CHR Extension: (Google Wallet) - C:\Users\Primi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-03]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 pcmaxservice; C:\Program Files\pcmax\pcmax.exe [241344 2014-05-29] ()
R2 SupraSavingsService64; C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF\SupraSavingsService64.exe [172544 2014-06-25] () [File not signed]
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [584232 2010-12-09] (Ericsson AB)
S2 Update Yula; "C:\Program Files (x86)\Yula\updateYulasee.exe" [X]
S2 Util Yula; "C:\Program Files (x86)\Yula\bin\utilYulasee.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-04] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com)
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2011-09-15] (Microsoft Corporation) [File not signed]
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [250752 2011-06-14] (Vimicro Corporation)
R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
R1 {4df60d2c-927b-478c-83f0-b7dc923bae60}w64; C:\Windows\System32\drivers\{4df60d2c-927b-478c-83f0-b7dc923bae60}w64.sys [61104 2014-07-10] (StdLib)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
S3 NPF; system32\DRIVERS\npf.sys [X]
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
S3 SPPD; \??\C:\windows\system32\drivers\SPPD.sys [X]
U3 SQLWriter; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-04 09:08 - 2014-10-04 09:08 - 00018405 _____ () C:\Users\Primi\Downloads\FRST.txt
2014-10-04 09:08 - 2014-10-04 09:08 - 00000000 ____D () C:\FRST
2014-10-04 09:00 - 2014-10-04 09:07 - 02109440 _____ (Farbar) C:\Users\Primi\Downloads\FRST64.exe
2014-10-04 08:17 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-10-04 08:17 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-10-04 08:17 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-10-04 08:17 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-10-04 08:17 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-10-04 08:17 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-10-04 08:16 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-10-04 08:16 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-04 09:07 - 2011-09-18 09:21 - 01199916 _____ () C:\windows\WindowsUpdate.log
2014-10-04 08:59 - 2014-08-29 18:02 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-04 08:49 - 2011-09-18 10:25 - 00002183 _____ () C:\Users\Public\Desktop\Internet Browser.lnk
2014-10-04 08:47 - 2009-07-13 22:13 - 00781298 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-04 08:44 - 2009-07-13 21:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-04 08:44 - 2009-07-13 21:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-04 08:32 - 2014-08-29 18:35 - 00001242 _____ () C:\windows\setupact.log
2014-10-04 08:31 - 2011-09-18 10:25 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-04 08:14 - 2014-05-07 13:53 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-10-04 08:10 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\tracing
2014-10-04 08:08 - 2011-09-18 10:31 - 00390782 _____ () C:\windows\system32\fastboot.set
2014-10-04 08:08 - 2011-09-18 10:25 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-04 08:08 - 2011-09-18 10:07 - 00287309 _____ () C:\FaceProv.log
2014-10-04 08:08 - 2011-09-18 10:07 - 00000000 ____D () C:\ProgramData\VeriFace
2014-10-04 08:07 - 2014-05-02 17:57 - 00065536 _____ () C:\windows\system32\Ikeext.etl
2014-10-04 08:07 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-15 09:06 - 2010-11-20 20:27 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-09-10 18:21 - 2010-11-20 20:47 - 00451756 _____ () C:\windows\PFRO.log
2014-09-10 17:58 - 2014-06-16 18:29 - 00000000 ____D () C:\Program Files\suprasavings
 
Some content of TEMP:
====================
C:\Users\Primi\AppData\Local\Temp\nsx76C7.tmp.exe
C:\Users\Primi\AppData\Local\Temp\YulaseeUntemp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-20 14:06
 
==================== End Of Log ============================


#6 Stratomaster

Stratomaster
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 04 October 2014 - 02:37 PM

Here is the Addition.txt file from the first FRST scan:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-10-2014 01
Ran by Primi at 2014-10-04 09:09:48
Running from C:\Users\Primi\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{FFB768E4-E427-4553-BC36-A11F5E62A94D}) (Version: 10.1.53.64 - Adobe Systems Incorporated)
Adobe Reader 9.4.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.0 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.60628.2255 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0628.2340.40663 - ATI) Hidden
ATI AVIVO64 Codecs (Version: 11.6.0.10628 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{C5E7EB18-8F3A-2192-7435-7D68CB4907CB}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Belkin USB Wireless Adapter (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin)
Belkin USB Wireless Adapter (x32 Version: 1.0.0.13 - Belkin) Hidden
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
BioExcess (HKLM-x32\...\InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}) (Version: 7.0.67.0 - Egis Technology Inc.)
BioExcess (Version: 7.0.67.0 - Egis Technology Inc.) Hidden
BioExcess (x32 Version: 7.0.67.0 - Egis Technology Inc.) Hidden
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version:  - Alactro LLC) <==== ATTENTION
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0628.2340.40663 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0628.2340.40663 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0628.2340.40663 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0628.2340.40663 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help English (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help French (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help German (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
ccc-utility64 (Version: 2011.0628.2340.40663 - ATI) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.50 - Conexant)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EgisTec ES603 WDM Driver (HKLM-x32\...\InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}) (Version: 3.0.20.0 - Egis Technology Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.1 - Lenovo)
Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden
ES603 WDM Driver (x32 Version: 3.0.20.0 - Egis Technology Inc.) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.11.616.1 - Vimicro)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.7 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.2525 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.2525 - CyberLink Corp.) Hidden
Lenovo Security Suite (HKLM-x32\...\InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}) (Version: 2.0.13.0 - Lenovo)
Lenovo Security Suite (x32 Version: 2.0.13.0 - Lenovo) Hidden
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 6.3.1.3 - Ericsson AB)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Port Locker (HKLM-x32\...\InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}) (Version: 1.0.5.24 - Egis Technology Inc.)
Port Locker (Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Port Locker (x32 Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
PowerXpressHybrid (x32 Version: 1.00.0000 - ATI) Hidden
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.30 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
Snap.Do (HKLM-x32\...\{AB65D81D-303A-4DDB-AC7C-12C9CD9F67FB}) (Version: 11.71.1.16545 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKCU\...\{48c067bd-8422-4658-b4c7-eb0f57d709b2}) (Version: 11.71.1.16545 - ReSoft Ltd.) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated)
System Optimizer Pro (HKLM\...\System Optimizer Pro) (Version: 1.0 - 383 Media, Inc.) <==== ATTENTION
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1224 - Lenovo)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Yahoo! Search (HKCU\...\Yahoo! Search) (Version:  - Pay-By-Ads) <==== ATTENTION
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
18-08-2014 22:05:39 Windows Update
18-08-2014 22:21:57 Windows Update
28-08-2014 17:32:43 Windows Modules Installer
29-08-2014 04:00:04 Windows Defender Checkpoint
29-08-2014 06:06:49 Windows Update
04-10-2014 15:11:49 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {004C2685-1F2A-4699-A948-A4EA7B319C1E} - System32\Tasks\TidyNetwork Update => C:\Users\Primi\AppData\Local\TidyNetwork\petnupdate.exe
Task: {43541D46-EB49-481C-8E46-D1CAB301D723} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18] (Google Inc.)
Task: {48719485-4FEF-456A-8BA4-B537E22D6FF7} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {4E4B539F-788C-43EE-99DC-BC598454BBA8} - System32\Tasks\Yahoo! Search => C:\Users\Primi\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe [2014-07-07] (Pay By Ads LTD)
Task: {69BBFA09-82E3-40FC-BDEF-FBBDB44BC814} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe [2014-05-29] () <==== ATTENTION
Task: {934DEF20-FD3B-4A87-93CD-6D643B0219DD} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-28] (CyberLink)
Task: {F1C51E6A-71CE-4045-838E-BD5992E07174} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18] (Google Inc.)
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2266686303-887618710-1039380715-1000Core.job => C:\Users\Primi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\PC Optimizer Pro Idle.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\windows\Tasks\PC Optimizer Pro Scan.job => C:\StartApps.exe
Task: C:\windows\Tasks\PC Optimizer Pro startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\windows\Tasks\PC Optimizer Pro Updates.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\windows\Tasks\VStart{A37B472A-8335-449F-9568-43ECC2907F06}.job => C:\Users\Primi\AppData\Local\Temp\nsy8E30.tmp\78\vbates_4232014.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-01-21 09:45 - 2009-01-21 09:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec BioExcess\x64\LIBEAY32.dll
2014-05-29 04:16 - 2014-05-29 04:16 - 00241344 _____ () C:\Program Files\pcmax\pcmax.exe
2014-06-25 10:58 - 2014-06-25 10:58 - 00172544 _____ () C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF\SupraSavingsService64.exe
2014-06-12 12:05 - 2014-06-12 12:05 - 00110080 _____ () C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF\nfapi.dll
2014-06-12 12:05 - 2014-06-12 12:05 - 00456192 _____ () C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF\ProtocolFilters.dll
2011-09-18 10:07 - 2011-09-18 10:07 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll
2008-12-19 20:20 - 2011-09-18 10:29 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-19 20:20 - 2011-09-18 10:29 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2011-03-14 07:21 - 2011-03-14 07:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-06-28 16:38 - 2011-06-28 16:38 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-05-02 20:09 - 2010-02-17 11:20 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2011-09-18 10:07 - 2011-09-18 10:07 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2014-10-04 08:49 - 2014-09-22 21:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-10-04 08:49 - 2014-09-22 21:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-10-04 08:49 - 2014-09-22 21:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-10-04 08:49 - 2014-09-22 21:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-10-04 08:49 - 2014-09-22 21:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-10-04 08:49 - 2014-09-22 21:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2266686303-887618710-1039380715-500 - Administrator - Disabled)
Guest (S-1-5-21-2266686303-887618710-1039380715-501 - Administrator - Disabled)
Primi (S-1-5-21-2266686303-887618710-1039380715-1000 - Administrator - Enabled) => C:\Users\Primi
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Ralink RT3090 802.11n WiFi Adapter
Description: Ralink RT3090 802.11n WiFi Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/04/2014 09:00:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1268
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (10/04/2014 08:08:47 AM) (Source: Google Update) (EventID: 20) (User: Primi-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
Error: (10/04/2014 08:08:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/04/2014 07:54:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/10/2014 06:23:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/10/2014 06:12:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/10/2014 06:03:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/10/2014 05:27:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/30/2014 01:26:47 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007041d, The service did not respond to the start or control request in a timely fashion.
.
 
 
Operation:
   Instantiating VSS server
 
Error: (08/30/2014 01:26:47 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x8007041d, The service did not respond to the start or control request in a timely fashion.
]
 
 
Operation:
   Instantiating VSS server
 
 
System errors:
=============
Error: (10/04/2014 08:38:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2937610).
 
Error: (10/04/2014 08:10:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147467259
 
Error: (10/04/2014 08:10:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147467259
 
Error: (10/04/2014 08:10:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147467259
 
Error: (10/04/2014 08:10:14 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147467259
 
Error: (10/04/2014 08:09:53 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147467259
 
Error: (10/04/2014 08:07:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util Yula service failed to start due to the following error: 
%%2
 
Error: (10/04/2014 08:07:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Yula service failed to start due to the following error: 
%%2
 
Error: (10/04/2014 08:00:46 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (10/04/2014 08:00:46 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
 
Microsoft Office Sessions:
=========================
Error: (10/04/2014 09:00:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd126801cfdfec2331c86aC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll8ada0862-4bdf-11e4-8fde-f0def18ec4b0
 
Error: (10/04/2014 08:08:47 AM) (Source: Google Update) (EventID: 20) (User: Primi-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
Error: (10/04/2014 08:08:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/04/2014 07:54:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/10/2014 06:23:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/10/2014 06:12:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/10/2014 06:03:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/10/2014 05:27:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/30/2014 01:26:47 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x8007041d, The service did not respond to the start or control request in a timely fashion.
 
 
Operation:
   Instantiating VSS server
 
Error: (08/30/2014 01:26:47 AM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007041d, The service did not respond to the start or control request in a timely fashion.
 
 
Operation:
   Instantiating VSS server
 
 
==================== Memory info =========================== 
 
Processor: AMD E-450 APU with Radeon™ HD Graphics
Percentage of memory in use: 57%
Total physical RAM: 3686.11 MB
Available physical RAM: 1553.54 MB
Total Pagefile: 7370.4 MB
Available Pagefile: 4939.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:254.14 GB) (Free:201.61 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.12 GB) NTFS
Drive e: (USB20FD) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: DD70306F)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=254.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
 
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0C)
 
==================== End Of Log ============================


#7 Stratomaster

Stratomaster
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 04 October 2014 - 02:41 PM

And here is the results of the GMER run. If there are other or better ways you want me to send these to you please feel free to tell me and thank you again for taking the time to help.

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-10-04 09:57:45
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000065 WDC_WD32 rev.02.0 298.09GB
Running: gmer.exe; Driver: C:\Users\Primi\AppData\Local\Temp\pgloapoc.sys
 
---- Processes - GMER 2.1 ----
 
Process  C:\Users\Primi\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe (*** suspicious ***) @ C:\Users\Primi\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe [2344](2014-01-29 01:36:04)  0000000000400000
 
---- Registry - GMER 2.1 ----
 
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13                                                                                             
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet)                                                                         
 
---- EOF - GMER 2.1 ----


#8 Stratomaster

Stratomaster
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 05 October 2014 - 07:30 AM

I have been trying since last night to post the last TDSS Killer file and for what ever reason have been unsucessful so I thought I would try again so here goes nothing.

 

12:01:14.0384 0x0c58  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
12:01:23.0670 0x0c58  ============================================================
12:01:23.0670 0x0c58  Current date / time: 2014/10/04 12:01:23.0670
12:01:23.0670 0x0c58  SystemInfo:
12:01:23.0670 0x0c58  
12:01:23.0670 0x0c58  OS Version: 6.1.7601 ServicePack: 1.0
12:01:23.0670 0x0c58  Product type: Workstation
12:01:23.0670 0x0c58  ComputerName: PRIMI-PC
12:01:23.0670 0x0c58  UserName: Primi
12:01:23.0670 0x0c58  Windows directory: C:\windows
12:01:23.0670 0x0c58  System windows directory: C:\windows
12:01:23.0670 0x0c58  Running under WOW64
12:01:23.0670 0x0c58  Processor architecture: Intel x64
12:01:23.0670 0x0c58  Number of processors: 2
12:01:23.0670 0x0c58  Page size: 0x1000
12:01:23.0670 0x0c58  Boot type: Normal boot
12:01:23.0670 0x0c58  ============================================================
12:01:25.0750 0x0c58  KLMD registered as C:\windows\system32\drivers\04356916.sys
12:01:25.0990 0x0c58  System UUID: {7E0072FD-2EBD-0E36-890F-BCF85390647B}
12:01:26.0740 0x0c58  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:01:26.0810 0x0c58  Drive \Device\Harddisk1\DR5 - Size: 0xEF800000 ( 3.74 Gb ), SectorSize: 0x200, Cylinders: 0x1E8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:01:26.0810 0x0c58  ============================================================
12:01:26.0810 0x0c58  \Device\Harddisk0\DR0:
12:01:26.0810 0x0c58  MBR partitions:
12:01:26.0810 0x0c58  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
12:01:26.0810 0x0c58  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x1FC49800
12:01:26.0840 0x0c58  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1FCAE800, BlocksNum 0x39FD800
12:01:26.0840 0x0c58  \Device\Harddisk1\DR5:
12:01:26.0840 0x0c58  MBR partitions:
12:01:26.0840 0x0c58  \Device\Harddisk1\DR5\Partition1: MBR, Type 0xC, StartLBA 0x458, BlocksNum 0x77BBA8
12:01:26.0840 0x0c58  ============================================================
12:01:26.0890 0x0c58  C: <-> \Device\Harddisk0\DR0\Partition2
12:01:26.0930 0x0c58  D: <-> \Device\Harddisk0\DR0\Partition3
12:01:26.0930 0x0c58  ============================================================
12:01:26.0930 0x0c58  Initialize success
12:01:26.0930 0x0c58  ============================================================
12:01:34.0334 0x0e60  ============================================================
12:01:34.0334 0x0e60  Scan started
12:01:34.0334 0x0e60  Mode: Manual; 
12:01:34.0334 0x0e60  ============================================================
12:01:34.0334 0x0e60  KSN ping started
12:01:39.0798 0x0e60  KSN ping finished: true
12:01:41.0500 0x0e60  ================ Scan system memory ========================
12:01:41.0500 0x0e60  System memory - ok
12:01:41.0500 0x0e60  ================ Scan services =============================
12:01:41.0710 0x0e60  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
12:01:41.0720 0x0e60  1394ohci - ok
12:01:41.0800 0x0e60  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
12:01:41.0810 0x0e60  ACPI - ok
12:01:41.0830 0x0e60  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
12:01:41.0830 0x0e60  AcpiPmi - ok
12:01:41.0882 0x0e60  [ 5BBFF8B826EC38D32C26334E079C7EFC, 673D46409F0225A804B55FFB77E82AF34F8C7A93BEEF92DC3DFAC7EFCC5F09B6 ] ACPIVPC         C:\windows\system32\DRIVERS\AcpiVpc.sys
12:01:41.0882 0x0e60  ACPIVPC - ok
12:01:41.0942 0x0e60  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
12:01:41.0962 0x0e60  adp94xx - ok
12:01:41.0994 0x0e60  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\drivers\adpahci.sys
12:01:42.0010 0x0e60  adpahci - ok
12:01:42.0028 0x0e60  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\drivers\adpu320.sys
12:01:42.0038 0x0e60  adpu320 - ok
12:01:42.0074 0x0e60  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
12:01:42.0074 0x0e60  AeLookupSvc - ok
12:01:42.0154 0x0e60  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\windows\system32\drivers\afd.sys
12:01:42.0174 0x0e60  AFD - ok
12:01:42.0204 0x0e60  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
12:01:42.0204 0x0e60  agp440 - ok
12:01:42.0234 0x0e60  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
12:01:42.0244 0x0e60  ALG - ok
12:01:42.0274 0x0e60  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
12:01:42.0274 0x0e60  aliide - ok
12:01:42.0344 0x0e60  [ 310F88A93C3B02E3D1F906FB57B9E01E, C12CF7005F681305FA4A945C77E0C6C6AD674037187030FA506EA85DB37CA68C ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
12:01:42.0354 0x0e60  AMD External Events Utility - ok
12:01:42.0384 0x0e60  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
12:01:42.0384 0x0e60  amdide - ok
12:01:42.0414 0x0e60  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
12:01:42.0424 0x0e60  AmdK8 - ok
12:01:42.0966 0x0e60  [ 62DDF55680F8C53E4B8DDE4189ADA0B8, 0840DC0F30430C708896859ABEFEBB9802EE6544F0BEE7C16EFCBC991B49C43C ] amdkmdag        C:\windows\system32\DRIVERS\atikmdag.sys
12:01:43.0381 0x0e60  amdkmdag - ok
12:01:43.0440 0x0e60  [ 51F027DFFEDFB8D763FABFFA06B56E6D, 85C6173B910E90C399A0AE3000C6527E390B72B8550618FA91D4E979793DB19C ] amdkmdap        C:\windows\system32\DRIVERS\atikmpag.sys
12:01:43.0460 0x0e60  amdkmdap - ok
12:01:43.0487 0x0e60  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
12:01:43.0491 0x0e60  AmdPPM - ok
12:01:43.0513 0x0e60  [ CC3021D064EB6D3C2F949530E2B0BA47, 3BEFF55082E742454283CC963624B3E11EE0BB4AA8B605D8F26CCCDB9FF4AE38 ] amdsata         C:\windows\system32\DRIVERS\amdsata.sys
12:01:43.0518 0x0e60  amdsata - ok
12:01:43.0539 0x0e60  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
12:01:43.0550 0x0e60  amdsbs - ok
12:01:43.0568 0x0e60  [ FFC5A0F6263574EF0D5467496B721F77, 85C949FA223099B33AFCFBC8AC85E82E6CDAAA315F13B7AF1189AC917CB70331 ] amdxata         C:\windows\system32\drivers\amdxata.sys
12:01:43.0572 0x0e60  amdxata - ok
12:01:43.0608 0x0e60  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\windows\system32\drivers\appid.sys
12:01:43.0608 0x0e60  AppID - ok
12:01:43.0646 0x0e60  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\windows\System32\appidsvc.dll
12:01:43.0651 0x0e60  AppIDSvc - ok
12:01:43.0720 0x0e60  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\windows\System32\appinfo.dll
12:01:43.0740 0x0e60  Appinfo - ok
12:01:43.0750 0x0e60  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\drivers\arc.sys
12:01:43.0760 0x0e60  arc - ok
12:01:43.0780 0x0e60  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\drivers\arcsas.sys
12:01:43.0790 0x0e60  arcsas - ok
12:01:43.0920 0x0e60  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:01:43.0920 0x0e60  aspnet_state - ok
12:01:43.0940 0x0e60  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
12:01:43.0940 0x0e60  AsyncMac - ok
12:01:43.0990 0x0e60  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
12:01:43.0990 0x0e60  atapi - ok
12:01:44.0070 0x0e60  [ 4BF5BCA6E2608CD8A00BC4A6673A9F47, 172240231981162F67DD2CF13C6D8C807EFFCE9C24B476F2942BC3E1F41C1A71 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys
12:01:44.0080 0x0e60  AtiHDAudioService - ok
12:01:44.0160 0x0e60  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
12:01:44.0200 0x0e60  AudioEndpointBuilder - ok
12:01:44.0246 0x0e60  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\windows\System32\Audiosrv.dll
12:01:44.0272 0x0e60  AudioSrv - ok
12:01:44.0312 0x0e60  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
12:01:44.0320 0x0e60  AxInstSV - ok
12:01:44.0374 0x0e60  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
12:01:44.0404 0x0e60  b06bdrv - ok
12:01:44.0464 0x0e60  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
12:01:44.0484 0x0e60  b57nd60a - ok
12:01:44.0514 0x0e60  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
12:01:44.0524 0x0e60  BDESVC - ok
12:01:44.0544 0x0e60  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
12:01:44.0554 0x0e60  Beep - ok
12:01:44.0604 0x0e60  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
12:01:44.0634 0x0e60  BFE - ok
12:01:44.0724 0x0e60  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\System32\qmgr.dll
12:01:44.0794 0x0e60  BITS - ok
12:01:44.0814 0x0e60  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
12:01:44.0814 0x0e60  blbdrive - ok
12:01:44.0854 0x0e60  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
12:01:44.0854 0x0e60  bowser - ok
12:01:44.0904 0x0e60  [ AAA4F992F879977A000FE8B8C730CD2C, A109D3F7CA9D49B98FDA5CA34C60055690F72400CCC96D48076FA86086E4C74D ] BPntDrv         C:\windows\system32\drivers\BPntDrv.sys
12:01:44.0904 0x0e60  BPntDrv - ok
12:01:44.0934 0x0e60  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
12:01:44.0934 0x0e60  BrFiltLo - ok
12:01:44.0944 0x0e60  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
12:01:44.0944 0x0e60  BrFiltUp - ok
12:01:44.0994 0x0e60  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\windows\System32\browser.dll
12:01:45.0004 0x0e60  Browser - ok
12:01:45.0024 0x0e60  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
12:01:45.0034 0x0e60  Brserid - ok
12:01:45.0054 0x0e60  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
12:01:45.0054 0x0e60  BrSerWdm - ok
12:01:45.0064 0x0e60  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
12:01:45.0064 0x0e60  BrUsbMdm - ok
12:01:45.0074 0x0e60  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
12:01:45.0084 0x0e60  BrUsbSer - ok
12:01:45.0134 0x0e60  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
12:01:45.0144 0x0e60  BthEnum - ok
12:01:45.0174 0x0e60  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
12:01:45.0174 0x0e60  BTHMODEM - ok
12:01:45.0196 0x0e60  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
12:01:45.0204 0x0e60  BthPan - ok
12:01:45.0286 0x0e60  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
12:01:45.0336 0x0e60  BTHPORT - ok
12:01:45.0376 0x0e60  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
12:01:45.0386 0x0e60  bthserv - ok
12:01:45.0406 0x0e60  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
12:01:45.0416 0x0e60  BTHUSB - ok
12:01:45.0446 0x0e60  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
12:01:45.0456 0x0e60  cdfs - ok
12:01:45.0506 0x0e60  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
12:01:45.0516 0x0e60  cdrom - ok
12:01:45.0546 0x0e60  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
12:01:45.0556 0x0e60  CertPropSvc - ok
12:01:45.0576 0x0e60  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\drivers\circlass.sys
12:01:45.0586 0x0e60  circlass - ok
12:01:45.0626 0x0e60  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\windows\system32\CLFS.sys
12:01:45.0656 0x0e60  CLFS - ok
12:01:45.0736 0x0e60  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:01:45.0746 0x0e60  clr_optimization_v2.0.50727_32 - ok
12:01:45.0776 0x0e60  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:01:45.0786 0x0e60  clr_optimization_v2.0.50727_64 - ok
12:01:45.0876 0x0e60  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:01:45.0886 0x0e60  clr_optimization_v4.0.30319_32 - ok
12:01:45.0906 0x0e60  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:01:45.0916 0x0e60  clr_optimization_v4.0.30319_64 - ok
12:01:45.0976 0x0e60  [ 50F92C943F18B070F166D019DFAB3D9A, A997EAFFC1598B1D0A9E1A4475F25418CA8AA6B703B53A71B1AF028E247C9950 ] clwvd           C:\windows\system32\DRIVERS\clwvd.sys
12:01:45.0986 0x0e60  clwvd - ok
12:01:46.0016 0x0e60  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
12:01:46.0016 0x0e60  CmBatt - ok
12:01:46.0046 0x0e60  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
12:01:46.0056 0x0e60  cmdide - ok
12:01:46.0106 0x0e60  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\windows\system32\Drivers\cng.sys
12:01:46.0146 0x0e60  CNG - ok
12:01:46.0266 0x0e60  [ A260BE645DD096D90318C8CF98536720, ACFDC643485AAAB40ABB3A00C8D9F2E962AF273B95118F0CD19FB8E93E8BF032 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
12:01:46.0356 0x0e60  CnxtHdAudService - ok
12:01:46.0406 0x0e60  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
12:01:46.0416 0x0e60  Compbatt - ok
12:01:46.0446 0x0e60  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
12:01:46.0446 0x0e60  CompositeBus - ok
12:01:46.0466 0x0e60  COMSysApp - ok
12:01:46.0486 0x0e60  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
12:01:46.0486 0x0e60  crcdisk - ok
12:01:46.0526 0x0e60  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\windows\system32\cryptsvc.dll
12:01:46.0546 0x0e60  CryptSvc - ok
12:01:46.0596 0x0e60  [ F160B26B26BA4AFE8CECC12ED5AC231E, 8DA8921A40B67ACFC7E47A54870181CDA1866901A3E8B3A2393D7C006C6B3A42 ] CxAudMsg        C:\windows\system32\CxAudMsg64.exe
12:01:46.0616 0x0e60  CxAudMsg - ok
12:01:46.0678 0x0e60  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
12:01:46.0708 0x0e60  DcomLaunch - ok
12:01:46.0758 0x0e60  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
12:01:46.0808 0x0e60  defragsvc - ok
12:01:46.0848 0x0e60  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
12:01:46.0858 0x0e60  DfsC - ok
12:01:46.0908 0x0e60  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
12:01:46.0948 0x0e60  Dhcp - ok
12:01:46.0968 0x0e60  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
12:01:46.0983 0x0e60  discache - ok
12:01:47.0020 0x0e60  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\drivers\disk.sys
12:01:47.0020 0x0e60  Disk - ok
12:01:47.0050 0x0e60  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
12:01:47.0070 0x0e60  Dnscache - ok
12:01:47.0090 0x0e60  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll
12:01:47.0110 0x0e60  dot3svc - ok
12:01:47.0130 0x0e60  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll
12:01:47.0140 0x0e60  DPS - ok
12:01:47.0210 0x0e60  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
12:01:47.0210 0x0e60  drmkaud - ok
12:01:47.0300 0x0e60  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
12:01:47.0390 0x0e60  DXGKrnl - ok
12:01:47.0420 0x0e60  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
12:01:47.0430 0x0e60  EapHost - ok
12:01:47.0622 0x0e60  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\drivers\evbda.sys
12:01:47.0804 0x0e60  ebdrv - ok
12:01:47.0854 0x0e60  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\windows\System32\lsass.exe
12:01:47.0864 0x0e60  EFS - ok
12:01:47.0984 0x0e60  [ 2C1A297638E4319179A1112D4D6522B8, A5A9A82245D631EE50C9F5BF22C85B18E4BAABAB1C559E1833164578C2EC618F ] EgisTec Service C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
12:01:48.0024 0x0e60  EgisTec Service - ok
12:01:48.0094 0x0e60  [ 0AC3BAA7DF250C76DD9BCFC51565CB5F, 018F0DABF6B948E39423CE899BEFC864240402D5F31B86BEAD655ABEF4AFAFC3 ] EgisTec Service Help C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
12:01:48.0114 0x0e60  EgisTec Service Help - ok
12:01:48.0184 0x0e60  [ 7745AAFFB61438C28C75E18CE98D4E64, 236FFA327A6EC1DB952B23ECAAA4969241F15376D374CDFD39916E1C0882B216 ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
12:01:48.0234 0x0e60  EgisTec Ticket Service - ok
12:01:48.0279 0x0e60  [ 33708C6D915F8DE734CF3ABB0731515B, AE4FFC410C0A90C94C196E04DEACD0E707750D14DEC460D6DD79140320FE62B0 ] EgisTecFF       C:\windows\system32\DRIVERS\EgisTecFF.sys
12:01:48.0285 0x0e60  EgisTecFF - ok
12:01:48.0378 0x0e60  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
12:01:48.0416 0x0e60  ehRecvr - ok
12:01:48.0439 0x0e60  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
12:01:48.0446 0x0e60  ehSched - ok
12:01:48.0498 0x0e60  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\drivers\elxstor.sys
12:01:48.0540 0x0e60  elxstor - ok
12:01:48.0572 0x0e60  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
12:01:48.0574 0x0e60  ErrDev - ok
12:01:48.0650 0x0e60  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
12:01:48.0680 0x0e60  EventSystem - ok
12:01:48.0720 0x0e60  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
12:01:48.0730 0x0e60  exfat - ok
12:01:48.0750 0x0e60  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
12:01:48.0770 0x0e60  fastfat - ok
12:01:48.0820 0x0e60  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe
12:01:48.0870 0x0e60  Fax - ok
12:01:48.0920 0x0e60  [ 0BDD7984DB7AAFF6DFEFD11D82D473DB, 616B20DD438DA1F18949DD99513889D47A5773E7FD98776B61A2A654733C855E ] fbfmon          C:\windows\system32\drivers\fbfmon.sys
12:01:48.0920 0x0e60  fbfmon - ok
12:01:48.0940 0x0e60  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\drivers\fdc.sys
12:01:48.0950 0x0e60  fdc - ok
12:01:48.0970 0x0e60  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
12:01:48.0980 0x0e60  fdPHost - ok
12:01:49.0020 0x0e60  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
12:01:49.0020 0x0e60  FDResPub - ok
12:01:49.0070 0x0e60  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
12:01:49.0070 0x0e60  FileInfo - ok
12:01:49.0100 0x0e60  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
12:01:49.0100 0x0e60  Filetrace - ok
12:01:49.0130 0x0e60  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
12:01:49.0130 0x0e60  flpydisk - ok
12:01:49.0170 0x0e60  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
12:01:49.0190 0x0e60  FltMgr - ok
12:01:49.0300 0x0e60  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\windows\system32\FntCache.dll
12:01:49.0410 0x0e60  FontCache - ok
12:01:49.0470 0x0e60  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:01:49.0480 0x0e60  FontCache3.0.0.0 - ok
12:01:49.0520 0x0e60  [ 721A1C957BD23829C6D2BE5C7CDC1012, 8ACCDC0B059032824BA1D52030CD7F3D8A3F4D90FCE5968E0094DC3F437C8385 ] FPSensor        C:\windows\system32\Drivers\FPSensor.sys
12:01:49.0530 0x0e60  FPSensor - ok
12:01:49.0550 0x0e60  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
12:01:49.0550 0x0e60  FsDepends - ok
12:01:49.0590 0x0e60  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
12:01:49.0600 0x0e60  Fs_Rec - ok
12:01:49.0650 0x0e60  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
12:01:49.0660 0x0e60  fvevol - ok
12:01:49.0720 0x0e60  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
12:01:49.0720 0x0e60  gagp30kx - ok
12:01:49.0790 0x0e60  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll
12:01:49.0902 0x0e60  gpsvc - ok
12:01:49.0984 0x0e60  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:01:49.0994 0x0e60  gupdate - ok
12:01:50.0034 0x0e60  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:01:50.0044 0x0e60  gupdatem - ok
12:01:50.0094 0x0e60  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:01:50.0104 0x0e60  gusvc - ok
12:01:50.0124 0x0e60  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
12:01:50.0134 0x0e60  hcw85cir - ok
12:01:50.0174 0x0e60  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
12:01:50.0194 0x0e60  HdAudAddService - ok
12:01:50.0234 0x0e60  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
12:01:50.0244 0x0e60  HDAudBus - ok
12:01:50.0264 0x0e60  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
12:01:50.0274 0x0e60  HidBatt - ok
12:01:50.0294 0x0e60  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\drivers\hidbth.sys
12:01:50.0304 0x0e60  HidBth - ok
12:01:50.0314 0x0e60  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\drivers\hidir.sys
12:01:50.0324 0x0e60  HidIr - ok
12:01:50.0354 0x0e60  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\system32\hidserv.dll
12:01:50.0364 0x0e60  hidserv - ok
12:01:50.0404 0x0e60  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\drivers\hidusb.sys
12:01:50.0404 0x0e60  HidUsb - ok
12:01:50.0424 0x0e60  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
12:01:50.0434 0x0e60  hkmsvc - ok
12:01:50.0464 0x0e60  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
12:01:50.0484 0x0e60  HomeGroupListener - ok
12:01:50.0524 0x0e60  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
12:01:50.0564 0x0e60  HomeGroupProvider - ok
12:01:50.0584 0x0e60  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
12:01:50.0584 0x0e60  HpSAMD - ok
12:01:50.0654 0x0e60  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\windows\system32\drivers\HTTP.sys
12:01:50.0704 0x0e60  HTTP - ok
12:01:50.0714 0x0e60  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
12:01:50.0724 0x0e60  hwpolicy - ok
12:01:50.0754 0x0e60  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
12:01:50.0764 0x0e60  i8042prt - ok
12:01:50.0814 0x0e60  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
12:01:50.0854 0x0e60  iaStorV - ok
12:01:50.0954 0x0e60  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:01:51.0014 0x0e60  idsvc - ok
12:01:51.0054 0x0e60  IEEtwCollectorService - ok
12:01:51.0094 0x0e60  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\drivers\iirsp.sys
12:01:51.0094 0x0e60  iirsp - ok
12:01:51.0176 0x0e60  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\windows\System32\ikeext.dll
12:01:51.0256 0x0e60  IKEEXT - ok
12:01:51.0306 0x0e60  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
12:01:51.0306 0x0e60  intelide - ok
12:01:51.0366 0x0e60  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\drivers\intelppm.sys
12:01:51.0371 0x0e60  intelppm - ok
12:01:51.0410 0x0e60  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
12:01:51.0418 0x0e60  IPBusEnum - ok
12:01:51.0448 0x0e60  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
12:01:51.0448 0x0e60  IpFilterDriver - ok
12:01:51.0528 0x0e60  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
12:01:51.0570 0x0e60  iphlpsvc - ok
12:01:51.0580 0x0e60  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
12:01:51.0590 0x0e60  IPMIDRV - ok
12:01:51.0610 0x0e60  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
12:01:51.0620 0x0e60  IPNAT - ok
12:01:51.0640 0x0e60  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
12:01:51.0640 0x0e60  IRENUM - ok
12:01:51.0650 0x0e60  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
12:01:51.0660 0x0e60  isapnp - ok
12:01:51.0700 0x0e60  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
12:01:51.0720 0x0e60  iScsiPrt - ok
12:01:51.0760 0x0e60  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
12:01:51.0760 0x0e60  kbdclass - ok
12:01:51.0790 0x0e60  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
12:01:51.0790 0x0e60  kbdhid - ok
12:01:51.0810 0x0e60  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\windows\system32\lsass.exe
12:01:51.0820 0x0e60  KeyIso - ok
12:01:51.0840 0x0e60  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
12:01:51.0850 0x0e60  KSecDD - ok
12:01:51.0860 0x0e60  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
12:01:51.0870 0x0e60  KSecPkg - ok
12:01:51.0880 0x0e60  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
12:01:51.0890 0x0e60  ksthunk - ok
12:01:51.0932 0x0e60  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
12:01:51.0962 0x0e60  KtmRm - ok
12:01:52.0012 0x0e60  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\system32\srvsvc.dll
12:01:52.0032 0x0e60  LanmanServer - ok
12:01:52.0062 0x0e60  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
12:01:52.0082 0x0e60  LanmanWorkstation - ok
12:01:52.0112 0x0e60  [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr          C:\windows\system32\DRIVERS\LhdX64.sys
12:01:52.0112 0x0e60  LHDmgr - ok
12:01:52.0132 0x0e60  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
12:01:52.0132 0x0e60  lltdio - ok
12:01:52.0222 0x0e60  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
12:01:52.0252 0x0e60  lltdsvc - ok
12:01:52.0272 0x0e60  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
12:01:52.0282 0x0e60  lmhosts - ok
12:01:52.0322 0x0e60  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
12:01:52.0332 0x0e60  LSI_FC - ok
12:01:52.0342 0x0e60  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
12:01:52.0352 0x0e60  LSI_SAS - ok
12:01:52.0362 0x0e60  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
12:01:52.0372 0x0e60  LSI_SAS2 - ok
12:01:52.0382 0x0e60  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
12:01:52.0392 0x0e60  LSI_SCSI - ok
12:01:52.0422 0x0e60  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
12:01:52.0432 0x0e60  luafv - ok
12:01:52.0452 0x0e60  MBAMSwissArmy - ok
12:01:52.0472 0x0e60  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
12:01:52.0492 0x0e60  Mcx2Svc - ok
12:01:52.0502 0x0e60  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\drivers\megasas.sys
12:01:52.0512 0x0e60  megasas - ok
12:01:52.0542 0x0e60  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
12:01:52.0582 0x0e60  MegaSR - ok
12:01:52.0611 0x0e60  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
12:01:52.0614 0x0e60  MMCSS - ok
12:01:52.0644 0x0e60  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
12:01:52.0644 0x0e60  Modem - ok
12:01:52.0676 0x0e60  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
12:01:52.0676 0x0e60  monitor - ok
12:01:52.0706 0x0e60  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
12:01:52.0716 0x0e60  mouclass - ok
12:01:52.0726 0x0e60  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\drivers\mouhid.sys
12:01:52.0746 0x0e60  mouhid - ok
12:01:52.0776 0x0e60  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
12:01:52.0786 0x0e60  mountmgr - ok
12:01:52.0796 0x0e60  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
12:01:52.0806 0x0e60  mpio - ok
12:01:52.0866 0x0e60  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
12:01:52.0866 0x0e60  mpsdrv - ok
12:01:52.0956 0x0e60  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
12:01:53.0026 0x0e60  MpsSvc - ok
12:01:53.0106 0x0e60  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
12:01:53.0126 0x0e60  MRxDAV - ok
12:01:53.0146 0x0e60  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
12:01:53.0156 0x0e60  mrxsmb - ok
12:01:53.0229 0x0e60  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
12:01:53.0250 0x0e60  mrxsmb10 - ok
12:01:53.0268 0x0e60  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
12:01:53.0275 0x0e60  mrxsmb20 - ok
12:01:53.0318 0x0e60  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
12:01:53.0318 0x0e60  msahci - ok
12:01:53.0348 0x0e60  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys
12:01:53.0374 0x0e60  msdsm - ok
12:01:53.0420 0x0e60  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
12:01:53.0440 0x0e60  MSDTC - ok
12:01:53.0480 0x0e60  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
12:01:53.0490 0x0e60  Msfs - ok
12:01:53.0510 0x0e60  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
12:01:53.0510 0x0e60  mshidkmdf - ok
12:01:53.0550 0x0e60  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
12:01:53.0570 0x0e60  msisadrv - ok
12:01:53.0620 0x0e60  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
12:01:53.0650 0x0e60  MSiSCSI - ok
12:01:53.0660 0x0e60  msiserver - ok
12:01:53.0696 0x0e60  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
12:01:53.0702 0x0e60  MSKSSRV - ok
12:01:53.0732 0x0e60  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
12:01:53.0732 0x0e60  MSPCLOCK - ok
12:01:53.0812 0x0e60  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
12:01:53.0812 0x0e60  MSPQM - ok
12:01:53.0902 0x0e60  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
12:01:53.0922 0x0e60  MsRPC - ok
12:01:53.0962 0x0e60  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
12:01:53.0962 0x0e60  mssmbios - ok
12:01:54.0032 0x0e60  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
12:01:54.0042 0x0e60  MSTEE - ok
12:01:54.0052 0x0e60  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
12:01:54.0052 0x0e60  MTConfig - ok
12:01:54.0082 0x0e60  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
12:01:54.0082 0x0e60  Mup - ok
12:01:54.0102 0x0e60  [ 9B1EAC6FAF6F37305E822F5588DC8056, AE0DC044159BB03EE8A39AE0682C8F6A78D89AD5A6192E7006D75850ECD50E9D ] mwlPSDFilter    C:\windows\system32\DRIVERS\mwlPSDFilter.sys
12:01:54.0102 0x0e60  mwlPSDFilter - ok
12:01:54.0122 0x0e60  [ AD55C1524B296280ED9C6E0D730D35DA, 8E5F9652CFCB325E131CEB2E4871126EB6F940DF7894B2E7F8241F1EF69920ED ] mwlPSDNServ     C:\windows\system32\DRIVERS\mwlPSDNServ.sys
12:01:54.0122 0x0e60  mwlPSDNServ - ok
12:01:54.0152 0x0e60  [ 2B599E6EC8843637BDD62E7F8F3BA201, 51EE657FC6CA4F2BCC24573B27379231EF30920A559423A860A278C59F4B9F98 ] mwlPSDVDisk     C:\windows\system32\DRIVERS\mwlPSDVDisk.sys
12:01:54.0162 0x0e60  mwlPSDVDisk - ok
12:01:54.0222 0x0e60  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
12:01:54.0254 0x0e60  napagent - ok
12:01:54.0324 0x0e60  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
12:01:54.0344 0x0e60  NativeWifiP - ok
12:01:54.0554 0x0e60  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\windows\system32\drivers\ndis.sys
12:01:54.0594 0x0e60  NDIS - ok
12:01:54.0634 0x0e60  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
12:01:54.0634 0x0e60  NdisCap - ok
12:01:54.0674 0x0e60  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
12:01:54.0674 0x0e60  NdisTapi - ok
12:01:54.0704 0x0e60  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
12:01:54.0724 0x0e60  Ndisuio - ok
12:01:54.0744 0x0e60  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
12:01:54.0754 0x0e60  NdisWan - ok
12:01:54.0764 0x0e60  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
12:01:54.0774 0x0e60  NDProxy - ok
12:01:54.0794 0x0e60  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
12:01:54.0794 0x0e60  NetBIOS - ok
12:01:54.0854 0x0e60  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
12:01:54.0864 0x0e60  NetBT - ok
12:01:54.0904 0x0e60  [ 9E34BF0784E087F7366DBD2BDA01C8EB, 299B4D9DFFC409FDC8AB8678190164E286D16A93F8FEBCE1DA649D2F748A0D1D ] netfilter64     C:\windows\system32\drivers\netfilter64.sys
12:01:54.0904 0x0e60  netfilter64 - ok
12:01:54.0934 0x0e60  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\windows\system32\lsass.exe
12:01:54.0934 0x0e60  Netlogon - ok
12:01:55.0004 0x0e60  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
12:01:55.0074 0x0e60  Netman - ok
12:01:55.0134 0x0e60  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:01:55.0154 0x0e60  NetMsmqActivator - ok
12:01:55.0194 0x0e60  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:01:55.0194 0x0e60  NetPipeActivator - ok
12:01:55.0250 0x0e60  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
12:01:55.0278 0x0e60  netprofm - ok
12:01:55.0398 0x0e60  [ 813B7C722BA97E703D375ABA170E16CC, 9E1437C11CA2218C6A8B05C51F168F0896BB00FE7D7534BA80596AB67ED483DF ] netr28x         C:\windows\system32\DRIVERS\netr28x.sys
12:01:55.0488 0x0e60  netr28x - ok
12:01:55.0558 0x0e60  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:01:55.0568 0x0e60  NetTcpActivator - ok
12:01:55.0588 0x0e60  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:01:55.0598 0x0e60  NetTcpPortSharing - ok
12:01:55.0648 0x0e60  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
12:01:55.0658 0x0e60  nfrd960 - ok
12:01:55.0738 0x0e60  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\windows\System32\nlasvc.dll
12:01:55.0778 0x0e60  NlaSvc - ok
12:01:55.0798 0x0e60  NPF - ok
12:01:55.0818 0x0e60  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
12:01:55.0828 0x0e60  Npfs - ok
12:01:55.0868 0x0e60  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
12:01:55.0888 0x0e60  nsi - ok
12:01:55.0918 0x0e60  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
12:01:55.0918 0x0e60  nsiproxy - ok
12:01:56.0048 0x0e60  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
12:01:56.0150 0x0e60  Ntfs - ok
12:01:56.0190 0x0e60  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
12:01:56.0190 0x0e60  Null - ok
12:01:56.0240 0x0e60  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
12:01:56.0240 0x0e60  nvraid - ok
12:01:56.0260 0x0e60  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
12:01:56.0270 0x0e60  nvstor - ok
12:01:56.0290 0x0e60  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
12:01:56.0300 0x0e60  nv_agp - ok
12:01:56.0320 0x0e60  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
12:01:56.0320 0x0e60  ohci1394 - ok
12:01:56.0400 0x0e60  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
12:01:56.0445 0x0e60  p2pimsvc - ok
12:01:56.0532 0x0e60  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
12:01:56.0592 0x0e60  p2psvc - ok
12:01:56.0632 0x0e60  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\drivers\parport.sys
12:01:56.0632 0x0e60  Parport - ok
12:01:56.0682 0x0e60  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\windows\system32\drivers\partmgr.sys
12:01:56.0692 0x0e60  partmgr - ok
12:01:56.0712 0x0e60  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\windows\System32\pcasvc.dll
12:01:56.0752 0x0e60  PcaSvc - ok
12:01:56.0812 0x0e60  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\windows\system32\drivers\pci.sys
12:01:56.0822 0x0e60  pci - ok
12:01:56.0862 0x0e60  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys
12:01:56.0862 0x0e60  pciide - ok
12:01:56.0992 0x0e60  [ 8DD5FC9D12E463C2BCCEE9628E4E94B8, 73AE64A891FBE865332BFF2862B89A4AFDE5C605FB787BA6AE17ECA9F1395C0F ] pcmaxservice    C:\Program Files\pcmax\pcmax.exe
12:01:57.0012 0x0e60  pcmaxservice - ok
12:01:57.0062 0x0e60  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
12:01:57.0072 0x0e60  pcmcia - ok
12:01:57.0092 0x0e60  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
12:01:57.0102 0x0e60  pcw - ok
12:01:57.0142 0x0e60  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
12:01:57.0172 0x0e60  PEAUTH - ok
12:01:57.0342 0x0e60  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
12:01:57.0352 0x0e60  PerfHost - ok
12:01:57.0472 0x0e60  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\windows\system32\pla.dll
12:01:57.0562 0x0e60  pla - ok
12:01:57.0622 0x0e60  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
12:01:57.0692 0x0e60  PlugPlay - ok
12:01:57.0742 0x0e60  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
12:01:57.0754 0x0e60  PNRPAutoReg - ok
12:01:57.0784 0x0e60  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
12:01:57.0804 0x0e60  PNRPsvc - ok
12:01:57.0874 0x0e60  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
12:01:57.0924 0x0e60  PolicyAgent - ok
12:01:57.0974 0x0e60  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
12:01:58.0004 0x0e60  Power - ok
12:01:58.0054 0x0e60  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
12:01:58.0064 0x0e60  PptpMiniport - ok
12:01:58.0104 0x0e60  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\drivers\processr.sys
12:01:58.0104 0x0e60  Processor - ok
12:01:58.0154 0x0e60  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\windows\system32\profsvc.dll
12:01:58.0194 0x0e60  ProfSvc - ok
12:01:58.0223 0x0e60  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\windows\system32\lsass.exe
12:01:58.0232 0x0e60  ProtectedStorage - ok
12:01:58.0254 0x0e60  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
12:01:58.0262 0x0e60  Psched - ok
12:01:58.0367 0x0e60  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\drivers\ql2300.sys
12:01:58.0462 0x0e60  ql2300 - ok
12:01:58.0498 0x0e60  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
12:01:58.0508 0x0e60  ql40xx - ok
12:01:58.0558 0x0e60  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
12:01:58.0598 0x0e60  QWAVE - ok
12:01:58.0608 0x0e60  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
12:01:58.0618 0x0e60  QWAVEdrv - ok
12:01:58.0628 0x0e60  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
12:01:58.0628 0x0e60  RasAcd - ok
12:01:58.0660 0x0e60  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
12:01:58.0670 0x0e60  RasAgileVpn - ok
12:01:58.0680 0x0e60  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
12:01:58.0700 0x0e60  RasAuto - ok
12:01:58.0720 0x0e60  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
12:01:58.0730 0x0e60  Rasl2tp - ok
12:01:58.0760 0x0e60  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
12:01:58.0800 0x0e60  RasMan - ok
12:01:58.0820 0x0e60  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
12:01:58.0820 0x0e60  RasPppoe - ok
12:01:58.0840 0x0e60  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
12:01:58.0850 0x0e60  RasSstp - ok
12:01:58.0890 0x0e60  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
12:01:58.0900 0x0e60  rdbss - ok
12:01:58.0920 0x0e60  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
12:01:58.0930 0x0e60  rdpbus - ok
12:01:58.0954 0x0e60  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
12:01:58.0956 0x0e60  RDPCDD - ok
12:01:58.0982 0x0e60  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
12:01:58.0982 0x0e60  RDPENCDD - ok
12:01:59.0022 0x0e60  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
12:01:59.0022 0x0e60  RDPREFMP - ok
12:01:59.0082 0x0e60  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
12:01:59.0092 0x0e60  RDPWD - ok
12:01:59.0132 0x0e60  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
12:01:59.0142 0x0e60  rdyboost - ok
12:01:59.0202 0x0e60  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
12:01:59.0212 0x0e60  RemoteAccess - ok
12:01:59.0264 0x0e60  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
12:01:59.0302 0x0e60  RemoteRegistry - ok
12:01:59.0372 0x0e60  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
12:01:59.0382 0x0e60  RFCOMM - ok
12:01:59.0422 0x0e60  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
12:01:59.0432 0x0e60  RpcEptMapper - ok
12:01:59.0512 0x0e60  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
12:01:59.0522 0x0e60  RpcLocator - ok
12:01:59.0572 0x0e60  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\windows\system32\rpcss.dll
12:01:59.0602 0x0e60  RpcSs - ok
12:01:59.0622 0x0e60  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
12:01:59.0632 0x0e60  rspndr - ok
12:01:59.0682 0x0e60  [ E54A5586A28D0630A79A68BBAB84BFCF, F6FBF1E4C64351CEB205DDCD17C35EA26439E98F3528F96AE326959A7C26B488 ] RSUSBVSTOR      C:\windows\system32\Drivers\RtsUVStor.sys
12:01:59.0692 0x0e60  RSUSBVSTOR - ok
12:01:59.0742 0x0e60  [ 3372196F61AF48503656EF6AA3E92D1B, 47816E28E9DE9F9698A47D7C7782D2F9E62D51A7BC92F91F2B23F818C61F2020 ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
12:01:59.0772 0x0e60  RTL8167 - ok
12:01:59.0852 0x0e60  [ 5EDFCEE5682237607082880338415AA6, C711253F14B176800C68EE1B4620E11B5C2894CD052D5A82D4CE3B05E22B359C ] RTL8192su       C:\windows\system32\DRIVERS\RTL8192su.sys
12:01:59.0892 0x0e60  RTL8192su - ok
12:01:59.0932 0x0e60  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\windows\system32\lsass.exe
12:01:59.0942 0x0e60  SamSs - ok
12:01:59.0962 0x0e60  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
12:01:59.0972 0x0e60  sbp2port - ok
12:02:00.0022 0x0e60  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
12:02:00.0062 0x0e60  SCardSvr - ok
12:02:00.0082 0x0e60  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
12:02:00.0082 0x0e60  scfilter - ok
12:02:00.0152 0x0e60  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\windows\system32\schedsvc.dll
12:02:00.0232 0x0e60  Schedule - ok
12:02:00.0282 0x0e60  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\windows\System32\certprop.dll
12:02:00.0292 0x0e60  SCPolicySvc - ok
12:02:00.0322 0x0e60  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
12:02:00.0352 0x0e60  SDRSVC - ok
12:02:00.0402 0x0e60  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
12:02:00.0412 0x0e60  secdrv - ok
12:02:00.0432 0x0e60  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
12:02:00.0442 0x0e60  seclogon - ok
12:02:00.0452 0x0e60  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\System32\sens.dll
12:02:00.0472 0x0e60  SENS - ok
12:02:00.0492 0x0e60  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
12:02:00.0502 0x0e60  SensrSvc - ok
12:02:00.0532 0x0e60  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\drivers\serenum.sys
12:02:00.0542 0x0e60  Serenum - ok
12:02:00.0562 0x0e60  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\drivers\serial.sys
12:02:00.0572 0x0e60  Serial - ok
12:02:00.0582 0x0e60  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\drivers\sermouse.sys
12:02:00.0582 0x0e60  sermouse - ok
12:02:00.0612 0x0e60  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
12:02:00.0632 0x0e60  SessionEnv - ok
12:02:00.0642 0x0e60  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
12:02:00.0652 0x0e60  sffdisk - ok
12:02:00.0662 0x0e60  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
12:02:00.0662 0x0e60  sffp_mmc - ok
12:02:00.0672 0x0e60  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
12:02:00.0682 0x0e60  sffp_sd - ok
12:02:00.0692 0x0e60  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
12:02:00.0702 0x0e60  sfloppy - ok
12:02:00.0774 0x0e60  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
12:02:00.0834 0x0e60  SharedAccess - ok
12:02:00.0876 0x0e60  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
12:02:00.0916 0x0e60  ShellHWDetection - ok
12:02:00.0936 0x0e60  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
12:02:00.0946 0x0e60  SiSRaid2 - ok
12:02:00.0966 0x0e60  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
12:02:00.0966 0x0e60  SiSRaid4 - ok
12:02:00.0996 0x0e60  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
12:02:01.0006 0x0e60  Smb - ok
12:02:01.0068 0x0e60  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
12:02:01.0078 0x0e60  SNMPTRAP - ok
12:02:01.0140 0x0e60  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
12:02:01.0140 0x0e60  spldr - ok
12:02:01.0200 0x0e60  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\windows\System32\spoolsv.exe
12:02:01.0280 0x0e60  Spooler - ok
12:02:01.0360 0x0e60  SPPD - ok
12:02:01.0590 0x0e60  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
12:02:01.0810 0x0e60  sppsvc - ok
12:02:01.0850 0x0e60  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
12:02:01.0870 0x0e60  sppuinotify - ok
12:02:01.0920 0x0e60  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\windows\system32\DRIVERS\srv.sys
12:02:01.0950 0x0e60  srv - ok
12:02:01.0980 0x0e60  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
12:02:02.0010 0x0e60  srv2 - ok
12:02:02.0040 0x0e60  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
12:02:02.0050 0x0e60  srvnet - ok
12:02:02.0080 0x0e60  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
12:02:02.0120 0x0e60  SSDPSRV - ok
12:02:02.0140 0x0e60  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
12:02:02.0160 0x0e60  SstpSvc - ok
12:02:02.0207 0x0e60  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\drivers\stexstor.sys
12:02:02.0211 0x0e60  stexstor - ok
12:02:02.0272 0x0e60  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
12:02:02.0332 0x0e60  stisvc - ok
12:02:02.0432 0x0e60  [ 1A6636D0E7E38CEB2B6B2E00AC17A4AF, 6649E824E6C0CD3FAC84BB395A340170807068A290E6F2A1CE84CB803FD684C9 ] SupraSavingsService64 C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF\SupraSavingsService64.exe
12:02:02.0442 0x0e60  SupraSavingsService64 - ok
12:02:02.0472 0x0e60  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
12:02:02.0482 0x0e60  swenum - ok
12:02:02.0561 0x0e60  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
12:02:02.0615 0x0e60  swprv - ok
12:02:02.0734 0x0e60  [ 08425CD92972C6430F350A9697F4A553, F6DAA0EB637232BEA34B73AB1E59F55A6602F209A10529D486B8134AA002762D ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
12:02:02.0856 0x0e60  SynTP - ok
12:02:02.0968 0x0e60  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\windows\system32\sysmain.dll
12:02:03.0098 0x0e60  SysMain - ok
12:02:03.0118 0x0e60  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
12:02:03.0138 0x0e60  TabletInputService - ok
12:02:03.0178 0x0e60  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\windows\System32\tapisrv.dll
12:02:03.0216 0x0e60  TapiSrv - ok
12:02:03.0270 0x0e60  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
12:02:03.0290 0x0e60  TBS - ok
12:02:03.0450 0x0e60  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
12:02:03.0602 0x0e60  Tcpip - ok
12:02:03.0714 0x0e60  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
12:02:03.0794 0x0e60  TCPIP6 - ok
12:02:03.0844 0x0e60  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
12:02:03.0854 0x0e60  tcpipreg - ok
12:02:03.0884 0x0e60  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
12:02:03.0884 0x0e60  TDPIPE - ok
12:02:03.0934 0x0e60  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
12:02:03.0934 0x0e60  TDTCP - ok
12:02:03.0964 0x0e60  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
12:02:03.0974 0x0e60  tdx - ok
12:02:03.0994 0x0e60  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
12:02:03.0994 0x0e60  TermDD - ok
12:02:04.0064 0x0e60  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\windows\System32\termsrv.dll
12:02:04.0114 0x0e60  TermService - ok
12:02:04.0155 0x0e60  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
12:02:04.0169 0x0e60  Themes - ok
12:02:04.0186 0x0e60  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
12:02:04.0196 0x0e60  THREADORDER - ok
12:02:04.0226 0x0e60  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
12:02:04.0255 0x0e60  TrkWks - ok
12:02:04.0358 0x0e60  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
12:02:04.0398 0x0e60  TrustedInstaller - ok
12:02:04.0470 0x0e60  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
12:02:04.0530 0x0e60  tssecsrv - ok
12:02:04.0590 0x0e60  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
12:02:04.0600 0x0e60  TsUsbFlt - ok
12:02:04.0620 0x0e60  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
12:02:04.0620 0x0e60  TsUsbGD - ok
12:02:04.0650 0x0e60  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
12:02:04.0660 0x0e60  tunnel - ok
12:02:04.0700 0x0e60  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\drivers\uagp35.sys
12:02:04.0700 0x0e60  uagp35 - ok
12:02:04.0757 0x0e60  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
12:02:04.0782 0x0e60  udfs - ok
12:02:04.0822 0x0e60  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
12:02:04.0842 0x0e60  UI0Detect - ok
12:02:04.0890 0x0e60  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
12:02:04.0904 0x0e60  uliagpkx - ok
12:02:04.0924 0x0e60  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\windows\system32\DRIVERS\umbus.sys
12:02:04.0944 0x0e60  umbus - ok
12:02:04.0964 0x0e60  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\drivers\umpass.sys
12:02:04.0964 0x0e60  UmPass - ok
12:02:05.0014 0x0e60  Update Yula - ok
12:02:05.0044 0x0e60  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
12:02:05.0126 0x0e60  upnphost - ok
12:02:05.0176 0x0e60  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
12:02:05.0186 0x0e60  usbccgp - ok
12:02:05.0266 0x0e60  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\windows\system32\drivers\usbcir.sys
12:02:05.0266 0x0e60  usbcir - ok
12:02:05.0322 0x0e60  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
12:02:05.0327 0x0e60  usbehci - ok
12:02:05.0338 0x0e60  [ 573D192E268F0C5B486B7E96F661E538, 0F32BD82CA7B5D4DE234EFC6527EF4C854BD15B3057FE4A0151C70115493FFDC ] usbfilter       C:\windows\system32\DRIVERS\usbfilter.sys
12:02:05.0348 0x0e60  usbfilter - ok
12:02:05.0448 0x0e60  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
12:02:05.0478 0x0e60  usbhub - ok
12:02:05.0488 0x0e60  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\windows\system32\DRIVERS\usbohci.sys
12:02:05.0498 0x0e60  usbohci - ok
12:02:05.0558 0x0e60  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\drivers\usbprint.sys
12:02:05.0558 0x0e60  usbprint - ok
12:02:05.0578 0x0e60  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
12:02:05.0588 0x0e60  USBSTOR - ok
12:02:05.0598 0x0e60  [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
12:02:05.0608 0x0e60  usbuhci - ok
12:02:05.0698 0x0e60  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
12:02:05.0708 0x0e60  usbvideo - ok
12:02:05.0738 0x0e60  Util Yula - ok
12:02:05.0788 0x0e60  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
12:02:05.0798 0x0e60  UxSms - ok
12:02:05.0818 0x0e60  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\windows\system32\lsass.exe
12:02:05.0828 0x0e60  VaultSvc - ok
12:02:05.0868 0x0e60  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
12:02:05.0868 0x0e60  vdrvroot - ok
12:02:05.0908 0x0e60  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\windows\System32\vds.exe
12:02:05.0958 0x0e60  vds - ok
12:02:05.0978 0x0e60  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
12:02:05.0978 0x0e60  vga - ok
12:02:06.0008 0x0e60  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
12:02:06.0008 0x0e60  VgaSave - ok
12:02:06.0028 0x0e60  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
12:02:06.0048 0x0e60  vhdmp - ok
12:02:06.0078 0x0e60  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
12:02:06.0078 0x0e60  viaide - ok
12:02:06.0118 0x0e60  [ 2355B35BF277965EFA3DAE43B7D78239, F75D1F4B9CCB63121F2030E0DE0CC05475DEA90E45F223BA58CFEED63CB2AD7D ] vm331avs        C:\windows\system32\Drivers\vm331avs.sys
12:02:06.0138 0x0e60  vm331avs - ok
12:02:06.0148 0x0e60  [ 40C39413A2458016FF43444750F467CA, 7753B8C622F15D851FC65851586E8C0FDDD0B00D66C54C5222BB1BD06DCD2A90 ] vmuvcflt        C:\windows\system32\Drivers\vmuvcflt.sys
12:02:06.0158 0x0e60  vmuvcflt - ok
12:02:06.0178 0x0e60  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
12:02:06.0188 0x0e60  volmgr - ok
12:02:06.0218 0x0e60  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
12:02:06.0238 0x0e60  volmgrx - ok
12:02:06.0258 0x0e60  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\windows\system32\drivers\volsnap.sys
12:02:06.0268 0x0e60  volsnap - ok
12:02:06.0308 0x0e60  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
12:02:06.0318 0x0e60  vsmraid - ok
12:02:06.0444 0x0e60  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\windows\system32\vssvc.exe
12:02:06.0540 0x0e60  VSS - ok
12:02:06.0570 0x0e60  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
12:02:06.0580 0x0e60  vwifibus - ok
12:02:06.0590 0x0e60  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
12:02:06.0600 0x0e60  vwififlt - ok
12:02:06.0620 0x0e60  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
12:02:06.0620 0x0e60  vwifimp - ok
12:02:06.0650 0x0e60  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
12:02:06.0692 0x0e60  W32Time - ok
12:02:06.0708 0x0e60  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\drivers\wacompen.sys
12:02:06.0713 0x0e60  WacomPen - ok
12:02:06.0742 0x0e60  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
12:02:06.0752 0x0e60  WANARP - ok
12:02:06.0762 0x0e60  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
12:02:06.0762 0x0e60  Wanarpv6 - ok
12:02:06.0884 0x0e60  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
12:02:06.0964 0x0e60  WatAdminSvc - ok
12:02:07.0104 0x0e60  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
12:02:07.0204 0x0e60  wbengine - ok
12:02:07.0244 0x0e60  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
12:02:07.0264 0x0e60  WbioSrvc - ok
12:02:07.0304 0x0e60  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\windows\System32\wcncsvc.dll
12:02:07.0334 0x0e60  wcncsvc - ok
12:02:07.0344 0x0e60  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
12:02:07.0354 0x0e60  WcsPlugInService - ok
12:02:07.0384 0x0e60  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\drivers\wd.sys
12:02:07.0384 0x0e60  Wd - ok
12:02:07.0464 0x0e60  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
12:02:07.0524 0x0e60  Wdf01000 - ok
12:02:07.0554 0x0e60  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\windows\system32\wdi.dll
12:02:07.0564 0x0e60  WdiServiceHost - ok
12:02:07.0584 0x0e60  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\windows\system32\wdi.dll
12:02:07.0594 0x0e60  WdiSystemHost - ok
12:02:07.0644 0x0e60  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\windows\System32\webclnt.dll
12:02:07.0684 0x0e60  WebClient - ok
12:02:07.0724 0x0e60  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
12:02:07.0754 0x0e60  Wecsvc - ok
12:02:07.0774 0x0e60  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
12:02:07.0794 0x0e60  wercplsupport - ok
12:02:07.0814 0x0e60  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
12:02:07.0824 0x0e60  WerSvc - ok
12:02:07.0854 0x0e60  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
12:02:07.0864 0x0e60  WfpLwf - ok
12:02:07.0884 0x0e60  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
12:02:07.0884 0x0e60  WIMMount - ok
12:02:07.0914 0x0e60  WinDefend - ok
12:02:07.0934 0x0e60  WinHttpAutoProxySvc - ok
12:02:08.0014 0x0e60  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
12:02:08.0024 0x0e60  Winmgmt - ok
12:02:08.0221 0x0e60  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\windows\system32\WsmSvc.dll
12:02:08.0349 0x0e60  WinRM - ok
12:02:08.0418 0x0e60  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
12:02:08.0418 0x0e60  WinUsb - ok
12:02:08.0501 0x0e60  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
12:02:08.0560 0x0e60  Wlansvc - ok
12:02:08.0622 0x0e60  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:02:08.0622 0x0e60  wlcrasvc - ok
12:02:08.0832 0x0e60  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:02:08.0962 0x0e60  wlidsvc - ok
12:02:09.0042 0x0e60  WMCoreService - ok
12:02:09.0082 0x0e60  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\DRIVERS\wmiacpi.sys
12:02:09.0082 0x0e60  WmiAcpi - ok
12:02:09.0132 0x0e60  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
12:02:09.0142 0x0e60  wmiApSrv - ok
12:02:09.0192 0x0e60  WMPNetworkSvc - ok
12:02:09.0232 0x0e60  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
12:02:09.0242 0x0e60  WPCSvc - ok
12:02:09.0292 0x0e60  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
12:02:09.0312 0x0e60  WPDBusEnum - ok
12:02:09.0352 0x0e60  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
12:02:09.0352 0x0e60  ws2ifsl - ok
12:02:09.0372 0x0e60  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\System32\wscsvc.dll
12:02:09.0382 0x0e60  wscsvc - ok
12:02:09.0392 0x0e60  WSearch - ok
12:02:09.0462 0x0e60  [ 83575C43B2BFE9AB0661A7F957E843C0, 6FCE62721902A4F35F1A4CED8AF60A0346CFAB657ED92DE4CEFF19BDB830D32D ] wsvd            C:\windows\system32\DRIVERS\wsvd.sys
12:02:09.0462 0x0e60  wsvd - ok
12:02:09.0766 0x0e60  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\windows\system32\wuaueng.dll
12:02:09.0906 0x0e60  wuauserv - ok
12:02:09.0946 0x0e60  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
12:02:09.0956 0x0e60  WudfPf - ok
12:02:09.0996 0x0e60  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
12:02:10.0006 0x0e60  WUDFRd - ok
12:02:10.0056 0x0e60  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
12:02:10.0066 0x0e60  wudfsvc - ok
12:02:10.0116 0x0e60  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\windows\System32\wwansvc.dll
12:02:10.0156 0x0e60  WwanSvc - ok
12:02:10.0216 0x0e60  [ 28C7F4B0821924A679DF874A198C1951, BE2A3DA267298252A3AC22B074F0FDF47F739DAF1838E3EAAF70741F6DBBFDA8 ] {4df60d2c-927b-478c-83f0-b7dc923bae60}w64 C:\windows\system32\drivers\{4df60d2c-927b-478c-83f0-b7dc923bae60}w64.sys
12:02:10.0216 0x0e60  {4df60d2c-927b-478c-83f0-b7dc923bae60}w64 - ok
12:02:10.0256 0x0e60  ================ Scan global ===============================
12:02:10.0286 0x0e60  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
12:02:10.0316 0x0e60  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
12:02:10.0376 0x0e60  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
12:02:10.0426 0x0e60  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
12:02:10.0476 0x0e60  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
12:02:10.0516 0x0e60  [ Global ] - ok
12:02:10.0516 0x0e60  ================ Scan MBR ==================================
12:02:10.0526 0x0e60  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:02:10.0876 0x0e60  \Device\Harddisk0\DR0 - ok
12:02:10.0886 0x0e60  [ 66D0B28C8B44E531D0C19F436252ABAA ] \Device\Harddisk1\DR5
12:02:10.0896 0x0e60  \Device\Harddisk1\DR5 - ok
12:02:10.0896 0x0e60  ================ Scan VBR ==================================
12:02:10.0906 0x0e60  [ 9A08960840B4FD62109C4859E8679E1B ] \Device\Harddisk0\DR0\Partition1
12:02:10.0916 0x0e60  \Device\Harddisk0\DR0\Partition1 - ok
12:02:10.0916 0x0e60  [ D632F8DD79C642F50A669B0DC5AD9C4F ] \Device\Harddisk0\DR0\Partition2
12:02:10.0916 0x0e60  \Device\Harddisk0\DR0\Partition2 - ok
12:02:10.0965 0x0e60  [ 6396736218D64DE7B53945AC5803353C ] \Device\Harddisk0\DR0\Partition3
12:02:10.0968 0x0e60  \Device\Harddisk0\DR0\Partition3 - ok
12:02:10.0978 0x0e60  [ DABEB2A13FCB4981BB5E344E49D62550 ] \Device\Harddisk1\DR5\Partition1
12:02:10.0978 0x0e60  \Device\Harddisk1\DR5\Partition1 - ok
12:02:10.0978 0x0e60  ================ Scan generic autorun ======================
12:02:10.0978 0x0e60  SynTPEnh - ok
12:02:11.0598 0x0e60  [ 39F53D30AAF0427A02D6F1223C18DC5B, 0916F1A2F53BD2D65538A3E215A80BA7EA87D52D8B9C1885E0FB2D365A68BEDB ] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
12:02:12.0098 0x0e60  Energy Management - ok
12:02:12.0448 0x0e60  [ F43AB67D41349AD8BB1FE045C5C49832, E79C50F6EA022AA41A502D780CB72232AC094FD008C31EDC51A1F58EF00B1F08 ] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
12:02:12.0758 0x0e60  EnergyUtility - ok
12:02:12.0818 0x0e60  [ 3F35AC7163E403C1FA8D34EB2FF36302, 47AE59E315A2BAE7003A18BFDC3859EFBED511822F4BA5F2E02C6D2464A019C1 ] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
12:02:12.0828 0x0e60  Lenovo EE Boot Optimizer - ok
12:02:12.0878 0x0e60  [ B63E6E1BDA38693A31F99883244F92B9, 0E8BF65BDCD416ACF14F7A6930E8AAB3210DDDD2D3FF38EC807B91DD78BCB2AD ] C:\Program Files\pcmax\service.exe
12:02:12.0878 0x0e60  pcreg - ok
12:02:12.0968 0x0e60  [ FCB1D74BCC52E843747D27ECC44F15BF, A636D2CAE52AB01E02B61A1822D1FBCD82D94DAE557EB82EC81853BEEFEC7339 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
12:02:13.0018 0x0e60  StartCCC - ok
12:02:13.0108 0x0e60  [ 61A2DBA2126BA1425CC5AECC8E8AD055, 08F07F52FF5C157F00EFEA74AB621F5E47465CD0A3359C5A513B9A01DDB9FEF0 ] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
12:02:13.0158 0x0e60  331BigDog - ok
12:02:13.0236 0x0e60  [ 0453907E40313F95371CF0CA603E5EE3, 7E62A05070BCF45391AA3C2A06F4197795BB95ABA3737CDC2E979A993C47F2F7 ] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
12:02:13.0270 0x0e60  EgisTecPMMUpdate - ok
12:02:13.0298 0x0e60  [ 12F639E4677756AF38F1B036D6CD78E5, 0E0430DA3A42A35254E92BC419EA8A93D69F3DFC58A0723BAC58A7C90CE9610E ] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
12:02:13.0308 0x0e60  EgisUpdate - ok
12:02:13.0370 0x0e60  [ 0B0E1595C3546F94013015ECADD79210, 2BBBA4CBFDDDC994F0AAFEC3B835EFB7FCA4677590D58FBA7609EC79F66ABE5C ] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
12:02:13.0422 0x0e60  VitaKeyTSR - ok
12:02:13.0492 0x0e60  [ 12673BCF7B32087DF63F0CFF550EA40B, 5985A7902B39BD08B6F0BD96AF5A98D466E4E54CDDA69CCB56767FA5C78085D1 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
12:02:13.0492 0x0e60  Adobe Reader Speed Launcher - ok
12:02:13.0602 0x0e60  [ 48BE298F7FD1BEF4D8FBACB04D8D95C4, D375B3F6E850E4B0EC81BAA0E554C356BE2248AA77C6C56F5267CA05460FE4EB ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
12:02:13.0684 0x0e60  Adobe ARM - ok
12:02:13.0714 0x0e60  [ 0A7AC2320F5ACB63A44F8BBFC41D930A, 045884D40820128C0B8B6907DFF0E0BCBF0F0EE1421414500DE965ACC4E27DDB ] C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
12:02:13.0754 0x0e60  PLTSR - ok
12:02:13.0824 0x0e60  [ BDB70EA0834EEC93927D9ABF95D11CB7, 6B92A96BFD08B4CFBBE3E983019E17029E4E886FDE821D06C94D0D9946B69964 ] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
12:02:13.0854 0x0e60  VeriFaceManager - ok
12:02:13.0904 0x0e60  [ B00F98FF6FE8682FF941BEB2559BF191, EB443E294C5609F426BF6EE388F3A4B71EFE2C6A8216C0F6DE7AE6DB382BF620 ] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
12:02:13.0914 0x0e60  YouCam Mirage - ok
12:02:13.0934 0x0e60  [ 7CD9BF0A5F47F9584E59BDF674FD1C5D, 821F2A5380B1E64B0629D67259BA92A923D5D405526CB6C44BC422294C031C1F ] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe
12:02:13.0944 0x0e60  YouCam Tray - ok
12:02:14.0014 0x0e60  [ A01FB0B0C58319FB350A53EDAA947D36, F096607CEA3EB1D569B9767B98C1409F54332A97B78848BC3CBEB92FDFAAB787 ] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
12:02:14.0034 0x0e60  UpdateP2GShortCut - ok
12:02:14.0104 0x0e60  [ 3FB4E7E2069F0FD9E15ABC18D605E427, 2FFC218E575DA9E8C86E468227B302752C73EA3246CC0A599D7BCC41ED404F4D ] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe
12:02:14.0114 0x0e60  UpdatePRCShortCut - ok
12:02:14.0144 0x0e60  [ B63E6E1BDA38693A31F99883244F92B9, 0E8BF65BDCD416ACF14F7A6930E8AAB3210DDDD2D3FF38EC807B91DD78BCB2AD ] C:\Program Files\pcmax\service.exe
12:02:14.0144 0x0e60  pcreg - ok
12:02:14.0264 0x0e60  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:02:14.0334 0x0e60  Sidebar - ok
12:02:14.0364 0x0e60  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:02:14.0374 0x0e60  mctadmin - ok
12:02:14.0444 0x0e60  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:02:14.0484 0x0e60  Sidebar - ok
12:02:14.0504 0x0e60  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:02:14.0514 0x0e60  mctadmin - ok
12:02:14.0564 0x0e60  Best Buy pc app - ok
12:02:14.0614 0x0e60  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
12:02:14.0624 0x0e60  swg - ok
12:02:14.0644 0x0e60  [ B63E6E1BDA38693A31F99883244F92B9, 0E8BF65BDCD416ACF14F7A6930E8AAB3210DDDD2D3FF38EC807B91DD78BCB2AD ] C:\Program Files\pcmax\service.exe
12:02:14.0644 0x0e60  pcreg - ok
12:02:14.0726 0x0e60  [ BA73D8DC5DD1CF3E558C2152C3D969AD, 39EAF853DD8D338F927FCE97B7E531999401C88627B08B652E292B5B4F51007B ] C:\Users\Primi\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe
12:02:14.0758 0x0e60  Yahoo! Search - ok
12:02:14.0808 0x0e60  [ 2A3FB4C98F139038E23330D2439DB8A4, DE9253AD362B03FA5D3D4912662398E5C4AC76F7274B83E51C251A6921A5B838 ] C:\Users\Primi\AppData\Local\Facebook\Update\FacebookUpdate.exe
12:02:14.0818 0x0e60  Facebook Update - ok
12:02:14.0818 0x0e60  Waiting for KSN requests completion. In queue: 73
12:02:15.0818 0x0e60  Waiting for KSN requests completion. In queue: 73
12:02:16.0818 0x0e60  Waiting for KSN requests completion. In queue: 73
12:02:17.0818 0x0e60  Waiting for KSN requests completion. In queue: 73
12:02:18.0880 0x0e60  Win FW state via NFP2: enabled
12:02:21.0490 0x0e60  ============================================================
12:02:21.0490 0x0e60  Scan finished
12:02:21.0490 0x0e60  ============================================================
12:02:21.0520 0x0934  Detected object count: 0
12:02:21.0520 0x0934  Actual detected object count: 0
12:02:57.0390 0x0b58  Deinitialize success


#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 07 October 2014 - 06:49 AM

We need to remove some programs with Revo Uninstaller Free:


Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    Yahoo! Search
    
    System Optimizer Pro
    
    Snap.Do Engine
    
    Snap.Do
    
    LPT System Updater Service
    
    Buzzdock
    
    
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 13 October 2014 - 08:11 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users