Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijack/router hijack?


  • This topic is locked This topic is locked
35 replies to this topic

#1 sunflwr89

sunflwr89

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 13 October 2014 - 09:01 PM

Been having problems with browser redirects/slowed connection/changed homepage/and general lagging and lack of performance in my two laptops since last yr, figured one was old and full of spam the other running xp so tht was the issues, tried for months to fix through online forum diy guides, finally got a new computer 6 months ago...within 3 months same issues on my new one and it seems any other computer in this household has them as well. Tried ccleaner, tdss killer, combofix, hijack this, adwcleaner,winpatrol, kaspersky virus removal tool, malwayrebytes, hostsman, a few other programs to no avail... so finally i am asking you all for help, I use avira free antivirus, running win7 pro sp1 32bit on a dell mini 1012 2gs ram, here is my dds log from right now:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 10.67.2
Run by SANDRA at 21:48:29 on 2014-10-13
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2037.1148 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [WinPatrol] c:\program files\ruiware\winpatrol\winpatrol.exe -expressboot
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Avira Systray] c:\program files\avira\my avira\Avira.OE.Systray.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{359138D5-82CC-49EC-A394-211CF9AFA589} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{359138D5-82CC-49EC-A394-211CF9AFA589}\25F6765627371323131363 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{359138D5-82CC-49EC-A394-211CF9AFA589}\5767F69607 : DHCPNameServer = 0.0.0.0 0.0.0.0 0.0.0.0
TCP: Interfaces\{359138D5-82CC-49EC-A394-211CF9AFA589}\64F627B614E64605C6164756 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{359138D5-82CC-49EC-A394-211CF9AFA589}\75C414E4 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{359138D5-82CC-49EC-A394-211CF9AFA589}\A45454655435 : DHCPNameServer = 192.168.1.1 192.168.0.1
Notify: igfxcui - <no file>
SSODL: WebCheck - <orphaned>
Hosts: 0.0.0.0 fr.a2dfp.net
Hosts: 0.0.0.0 m.fr.a2dfp.net
Hosts: 0.0.0.0 mfr.a2dfp.net
Hosts: 0.0.0.0 ad.a8.net
Hosts: 0.0.0.0 asy.a8ww.net
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sandra\appdata\roaming\mozilla\firefox\profiles\39ytt2hp.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 75049098;75049098;c:\windows\system32\drivers\75049098.sys [2014-10-13 135776]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2014-6-16 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2014-6-16 430160]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2014-6-16 430160]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2014-6-16 97648]
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\avira\my avira\Avira.OE.ServiceHost.exe [2014-9-23 160560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-9-16 108032]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-6-20 40776]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-6-14 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2014-6-13 1343400]
S4 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebg7.exe [2014-6-16 1021520]
.
=============== Created Last 30 ================
.
2014-10-13 19:14:53    --------    d-----w-    c:\programdata\Kaspersky Lab
2014-10-13 19:11:45    135776    ----a-w-    c:\windows\system32\drivers\75049098.sys
2014-10-13 18:37:04    62576    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{45c2e9c3-0876-4f0f-b264-8ea5b2997c3b}\offreg.dll
2014-10-13 18:35:25    8806800    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{45c2e9c3-0876-4f0f-b264-8ea5b2997c3b}\mpengine.dll
2014-10-09 00:42:43    --------    d-----w-    c:\windows\pss
2014-10-08 03:56:33    163504    ----a-w-    c:\programdata\microsoft\windows\sqm\manifest\Sqm10145.bin
2014-10-07 01:08:29    --------    d-----w-    c:\program files\iPod
2014-10-07 01:08:27    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-10-07 01:08:26    --------    d-----w-    c:\program files\iTunes
2014-10-07 00:58:46    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin5.dll
2014-10-07 00:58:46    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin4.dll
2014-10-07 00:58:46    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin3.dll
2014-10-07 00:58:46    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin2.dll
2014-10-07 00:58:46    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin.dll
2014-10-01 01:31:02    519680    ----a-w-    c:\windows\system32\qdvd.dll
2014-09-27 15:40:16    --------    d-----w-    c:\programdata\Oracle
2014-09-27 15:36:54    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-09-25 01:48:32    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-23 02:13:47    --------    d-----w-    c:\users\sandra\appdata\roaming\WinPatrol
2014-09-23 02:13:29    --------    d-----w-    c:\programdata\InstallMate
2014-09-23 02:13:29    --------    d-----w-    c:\program files\Ruiware
2014-09-23 02:11:03    --------    d-----w-    C:\AdwCleaner
2014-09-23 00:58:21    --------    d-----w-    c:\users\sandra\appdata\roaming\abelhadigital.com
2014-09-23 00:58:21    --------    d-----w-    c:\programdata\abelhadigital.com
2014-09-23 00:58:11    --------    d-----w-    c:\program files\HostsMan
2014-09-21 04:13:23    --------    d-----w-    c:\users\sandra\appdata\local\ElevatedDiagnostics
2014-09-16 05:24:02    61952    ----a-w-    c:\windows\system32\iesetup.dll
2014-09-16 05:24:02    259584    ----a-w-    c:\program files\internet explorer\IEShims.dll
2014-09-16 05:24:00    752640    ----a-w-    c:\program files\common files\microsoft shared\vgx\VGX.dll
2014-09-16 05:24:00    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-09-16 05:22:02    2285056    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2014-09-16 00:35:02    --------    d-----w-    c:\users\sandra\appdata\roaming\SuperEasy Software
2014-09-16 00:34:46    --------    d-----w-    c:\program files\SuperEasy Software
.
==================== Find3M  ====================
.
2014-10-09 00:51:58    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2014-09-25 01:36:13    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-25 01:36:13    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-09-15 13:06:04    231568    ------w-    c:\windows\system32\MpSigStub.exe
2014-09-05 01:52:10    445952    ----a-w-    c:\windows\system32\aepdu.dll
2014-09-05 01:47:39    302592    ----a-w-    c:\windows\system32\aeinv.dll
2014-09-02 19:27:28    35848    ----a-w-    c:\windows\system32\drivers\avnetflt.sys
2014-08-23 01:46:55    305152    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-23 00:42:53    2352640    ----a-w-    c:\windows\system32\win32k.sys
2014-08-18 22:08:55    4232704    ----a-w-    c:\windows\system32\jscript9.dll
2014-08-18 21:57:30    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-08-18 21:46:26    454656    ----a-w-    c:\windows\system32\vbscript.dll
2014-08-18 21:44:44    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-08-18 21:44:09    61952    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-08-18 21:36:07    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-08-18 21:36:05    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-08-18 21:35:24    597504    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-08-18 21:30:29    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:22:48    60416    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:08:54    2014208    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-08-18 21:07:44    1068032    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-08-18 20:46:48    1812992    ----a-w-    c:\windows\system32\wininet.dll
2014-08-01 11:35:06    793600    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-07-25 06:35:46    875688    ----a-w-    c:\windows\system32\msvcr120_clr0400.dll
.
============= FINISH: 21:49:32.67 ===============
 



BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 AM

Posted 14 October 2014 - 04:54 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 sunflwr89

sunflwr89
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 14 October 2014 - 08:15 PM

Thank you for your help. I forgot to say my browser homepage is blank, firefox apps options blank, random bookmarks i didnt make (or delete) and when i tried to run gmer and tdss killer the first times they both didnt work but 2nd try they did,  here are my logs in order:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-10-2014
Ran by SANDRA (administrator) on SANDRA-PC on 14-10-2014 20:22:01
Running from C:\Users\SANDRA\Desktop
Loaded Profile: SANDRA (Available profiles: SANDRA)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Ruiware LLC) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Avira Operations GmbH & Co. KG) C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\update.exe
(Avira Operations GmbH & Co. KG) C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\updrgui.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui:  [X]
HKU\S-1-5-21-57660182-1202358582-1590155930-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\SANDRA\AppData\Roaming\Mozilla\Firefox\Profiles\39ytt2hp.default
FF Homepage: www.google.ca
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Extension: Adblock Plus - C:\Users\SANDRA\AppData\Roaming\Mozilla\Firefox\Profiles\39ytt2hp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-14]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
U2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [994096 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 75049098; C:\Windows\System32\DRIVERS\75049098.sys [135776 2014-10-13] (Kaspersky Lab ZAO)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-05-09] (Avira Operations GmbH & Co. KG)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-10-08] (Malwarebytes Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-05-09] (Avira GmbH)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2014-06-10] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-14 20:24 - 2014-10-14 20:24 - 00380416 _____ () C:\Users\SANDRA\Desktop\sc5np92y.exe
2014-10-14 20:22 - 2014-10-14 20:24 - 00006224 _____ () C:\Users\SANDRA\Desktop\FRST.txt
2014-10-14 20:21 - 2014-10-14 20:22 - 00000000 ____D () C:\FRST
2014-10-14 20:19 - 2014-10-14 20:19 - 01101824 _____ (Farbar) C:\Users\SANDRA\Desktop\FRST.exe
2014-10-13 21:49 - 2014-10-13 21:49 - 00524513 _____ () C:\Users\SANDRA\Desktop\attach.txt
2014-10-13 21:49 - 2014-10-13 21:49 - 00011578 _____ () C:\Users\SANDRA\Desktop\dds.txt
2014-10-13 21:46 - 2014-10-13 21:46 - 00688992 ____R (Swearware) C:\Users\SANDRA\Desktop\dds.com
2014-10-13 15:14 - 2014-10-13 15:14 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-13 15:11 - 2014-10-13 22:25 - 00135776 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\75049098.sys
2014-10-13 15:07 - 2014-10-13 15:11 - 161171808 _____ () C:\Users\SANDRA\Desktop\setup_11.0.3.7.x01_2014_10_13_22_26.exe
2014-10-13 14:32 - 2014-10-13 14:32 - 00001091 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-08 20:42 - 2014-10-08 20:42 - 00000000 ____D () C:\Windows\pss
2014-10-06 21:09 - 2014-10-06 21:09 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-06 21:09 - 2014-10-06 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-06 21:08 - 2014-10-06 21:09 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-10-06 21:08 - 2014-10-06 21:09 - 00000000 ____D () C:\Program Files\iTunes
2014-10-06 21:08 - 2014-10-06 21:08 - 00000000 ____D () C:\Program Files\iPod
2014-10-06 20:58 - 2014-10-06 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-06 20:57 - 2014-10-06 20:58 - 00000000 ____D () C:\Program Files\QuickTime
2014-09-30 21:31 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 21:23 - 2014-09-30 21:23 - 00028060 _____ () C:\HijackPatrolsept30.txt
2014-09-30 21:20 - 2014-09-30 21:21 - 00028060 _____ () C:\HijackPatrol.log
2014-09-27 11:40 - 2014-09-27 11:40 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-27 11:38 - 2014-09-27 11:38 - 00000000 ____D () C:\ProgramData\Sun
2014-09-27 11:38 - 2014-09-27 11:38 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-27 11:37 - 2014-09-27 11:36 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-27 11:36 - 2014-09-27 11:36 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-27 11:36 - 2014-09-27 11:36 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-27 11:36 - 2014-09-27 11:36 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-27 11:36 - 2014-09-27 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-27 11:36 - 2014-09-27 11:36 - 00000000 ____D () C:\Program Files\Java
2014-09-27 11:31 - 2014-09-27 11:31 - 00918952 _____ (Oracle Corporation) C:\Users\SANDRA\Downloads\jxpiinstall.exe
2014-09-24 21:48 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-22 22:13 - 2014-10-08 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-09-22 22:13 - 2014-10-08 21:34 - 00000000 ____D () C:\ProgramData\InstallMate
2014-09-22 22:13 - 2014-09-22 22:13 - 00000000 ____D () C:\Users\SANDRA\AppData\Roaming\WinPatrol
2014-09-22 22:13 - 2014-09-22 22:13 - 00000000 ____D () C:\Program Files\Ruiware
2014-09-22 22:12 - 2014-09-22 22:12 - 01156136 _____ (Ruiware) C:\Users\SANDRA\Downloads\wpsetup.exe
2014-09-22 22:11 - 2014-10-08 21:07 - 00000000 ____D () C:\AdwCleaner
2014-09-22 22:10 - 2014-09-22 22:10 - 01373475 _____ () C:\Users\SANDRA\Downloads\adwcleaner_3.310.exe
2014-09-22 20:58 - 2014-09-22 20:58 - 00000929 _____ () C:\Users\Public\Desktop\HostsMan.lnk
2014-09-22 20:58 - 2014-09-22 20:58 - 00000000 ____D () C:\Users\SANDRA\AppData\Roaming\abelhadigital.com
2014-09-22 20:58 - 2014-09-22 20:58 - 00000000 ____D () C:\Users\Public\Documents\HostsMan Backups
2014-09-22 20:58 - 2014-09-22 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HostsMan
2014-09-22 20:58 - 2014-09-22 20:58 - 00000000 ____D () C:\ProgramData\abelhadigital.com
2014-09-22 20:58 - 2014-09-22 20:58 - 00000000 ____D () C:\Program Files\HostsMan
2014-09-22 20:56 - 2014-09-22 20:56 - 02984645 _____ () C:\Users\SANDRA\Downloads\HostsMan_4.5.102_installer.zip
2014-09-16 01:24 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-16 01:24 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-16 01:23 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-16 01:23 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-16 01:23 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-16 01:23 - 2014-08-18 17:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-16 01:23 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-16 01:23 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-16 01:23 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-16 01:23 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-16 01:23 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-16 01:23 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-16 01:23 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-16 01:23 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-16 01:23 - 2014-08-18 17:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-16 01:23 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-16 01:23 - 2014-08-18 17:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-16 01:23 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-16 01:23 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-16 01:23 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-16 01:23 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-16 01:23 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-16 01:23 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-16 01:23 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-16 01:23 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-16 01:23 - 2014-08-18 17:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-16 01:23 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-16 01:23 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-16 01:23 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-16 01:23 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-16 01:22 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-15 20:35 - 2014-09-15 20:35 - 00000000 ____D () C:\Users\SANDRA\AppData\Roaming\SuperEasy Software
2014-09-15 20:34 - 2014-09-15 20:34 - 00001223 _____ () C:\Users\Public\Desktop\Driver Updater.lnk
2014-09-15 20:34 - 2014-09-15 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperEasy Software
2014-09-15 20:34 - 2014-09-15 20:34 - 00000000 ____D () C:\Program Files\SuperEasy Software
2014-09-15 20:33 - 2014-09-15 20:33 - 05229864 _____ (SuperEasy Software GmbH & Co. KG ) C:\Users\SANDRA\Downloads\supereasy_driver_updater_1.1.1_7870.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-14 20:20 - 2014-06-14 00:39 - 01085347 _____ () C:\Windows\WindowsUpdate.log
2014-10-14 20:15 - 2014-06-16 18:04 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-14 20:15 - 2014-06-16 17:58 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-14 20:15 - 2014-06-16 17:58 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-14 20:09 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-14 20:09 - 2009-07-14 00:39 - 00029377 _____ () C:\Windows\setupact.log
2014-10-14 01:02 - 2014-06-30 22:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-13 22:03 - 2009-07-14 00:34 - 00031280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-13 22:03 - 2009-07-14 00:34 - 00031280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-13 16:52 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-10-13 14:32 - 2014-06-16 17:55 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-13 14:32 - 2014-06-16 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-13 14:31 - 2014-06-16 17:55 - 00000000 ____D () C:\Program Files\Avira
2014-10-08 21:59 - 2010-11-20 17:48 - 00092104 _____ () C:\Windows\PFRO.log
2014-10-08 20:51 - 2014-06-20 23:13 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-10-06 21:08 - 2014-09-08 20:57 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-28 23:42 - 2010-11-20 17:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-24 21:58 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-24 21:36 - 2014-06-20 23:21 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 21:36 - 2014-06-20 23:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-16 01:28 - 2014-06-16 18:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-16 01:22 - 2014-06-13 23:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-16 01:15 - 2014-06-14 19:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-16 01:15 - 2014-06-13 23:27 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-16 00:37 - 2014-08-25 11:30 - 00000078 _____ () C:\Users\SANDRA\AppData\Roaming\mbam.context.scan
2014-09-15 09:06 - 2014-06-13 22:24 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\SANDRA\AppData\Local\Temp\avgnt.exe
C:\Users\SANDRA\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\SANDRA\AppData\Local\Temp\install_flashplayer14x32ax_gtbd_chrd_dn_aaa_aih.exe
C:\Users\SANDRA\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-08 22:30

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-10-2014
Ran by SANDRA at 2014-10-14 20:25:24
Running from C:\Users\SANDRA\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CopyTrans Control Center Uninstall Only (HKCU\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
HostsMan 4.5.102 (HKLM\...\{1A3DD1A9-7B7B-4ECA-AD2F-98466F49F62C}_is1) (Version: 4.5.102.0 - abelhadigital.com)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2230 - Intel Corporation)
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
PodTrans 3.8.0 (HKLM\...\{16EF54EF-8F6F-40DA-9A82-B0DF8F38957F}}_is1) (Version: 3.8.0 - iMobie Inc.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Sharepod 4.0.1.1 (HKLM\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version:  - Macroplant LLC)
SuperEasy Driver Updater v.1.1.1 (HKLM\...\{039BC111-D60F-A6FF-85F4-7992EA886B8D}_is1) (Version: 1.1.1 - SuperEasy Software GmbH & Co. KG)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

01-10-2014 01:31:04 Windows Update
04-10-2014 01:46:00 Windows Update
06-10-2014 23:32:50 Windows Update
13-10-2014 18:34:14 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2014-09-22 21:05 - 00418524 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 fr.a2dfp.net
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 abcstats.com
0.0.0.0 ad4.abradio.cz
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 www2.a-counter.kiev.ua
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 app.activetrail.com
0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 ads.ad2games.com
0.0.0.0 content.ad20.net
0.0.0.0 core.ad20.net

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4899CA43-0BFA-4A8F-BFFA-7BDAAE7D2C1C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {6A383186-8D08-49E5-A147-1AFE800A900E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {962A9CCA-A4A0-4B80-A9BC-518182B956DE} - System32\Tasks\SuperEasyDriverUpdaterRunAtStartup => C:\Program Files\SuperEasy Software\Driver Updater\supereasydu.exe [2013-11-01] (SuperEasy Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-29 22:56 - 2014-06-06 00:38 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-57660182-1202358582-1590155930-500 - Administrator - Disabled)
Guest (S-1-5-21-57660182-1202358582-1590155930-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-57660182-1202358582-1590155930-1002 - Limited - Enabled)
SANDRA (S-1-5-21-57660182-1202358582-1590155930-1000 - Administrator - Enabled) => C:\Users\SANDRA

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/14/2014 08:11:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2014 08:36:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2014 02:24:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/08/2014 10:01:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/08/2014 08:52:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/08/2014 08:45:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/08/2014 06:05:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16349

Error: (10/08/2014 06:05:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16349

Error: (10/08/2014 06:05:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/07/2014 09:52:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/14/2014 08:10:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/13/2014 08:36:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/13/2014 02:24:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/13/2014 02:23:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:48:43 AM on ‎10/‎9/‎2014 was unexpected.

Error: (10/08/2014 10:01:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/08/2014 09:57:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/08/2014 09:37:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/08/2014 09:34:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/08/2014 09:06:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (10/08/2014 08:52:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Atom™ CPU N450 @ 1.66GHz
Percentage of memory in use: 45%
Total physical RAM: 2037.36 MB
Available physical RAM: 1103.82 MB
Total Pagefile: 4074.72 MB
Available Pagefile: 2884.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:108.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 9D15818A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-10-14 20:51:52
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM160HI rev.HH100-15 149.05GB
Running: sc5np92y.exe; Driver: C:\Users\SANDRA\AppData\Local\Temp\kwdiqpob.sys


---- System - GMER 2.1 ----

SSDT  8B648076  ZwCreateSection
SSDT  8B648080  ZwRequestWaitReplyPort
SSDT  8B64807B  ZwSetContextThread
SSDT  8B648085  ZwSetSecurityObject
SSDT  8B64808A  ZwSystemDebugControl
SSDT  8B648017  ZwTerminateProcess

---- EOF - GMER 2.1 ----



#4 sunflwr89

sunflwr89
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 14 October 2014 - 08:22 PM

tdsskiller log:
20:55:51.0266 0x0980  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
20:55:56.0508 0x0980  ============================================================
20:55:56.0508 0x0980  Current date / time: 2014/10/14 20:55:56.0508
20:55:56.0508 0x0980  SystemInfo:
20:55:56.0508 0x0980  
20:55:56.0508 0x0980  OS Version: 6.1.7601 ServicePack: 1.0
20:55:56.0508 0x0980  Product type: Workstation
20:55:56.0508 0x0980  ComputerName: SANDRA-PC
20:55:56.0508 0x0980  UserName: SANDRA
20:55:56.0508 0x0980  Windows directory: C:\Windows
20:55:56.0508 0x0980  System windows directory: C:\Windows
20:55:56.0508 0x0980  Processor architecture: Intel x86
20:55:56.0508 0x0980  Number of processors: 2
20:55:56.0508 0x0980  Page size: 0x1000
20:55:56.0508 0x0980  Boot type: Normal boot
20:55:56.0508 0x0980  ============================================================
20:55:59.0520 0x0980  KLMD registered as C:\Windows\system32\drivers\21325823.sys
20:56:00.0020 0x0980  System UUID: {70E3F90B-6911-EF02-25BF-03D5AE287734}
20:56:01.0704 0x0980  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:56:01.0720 0x0980  ============================================================
20:56:01.0720 0x0980  \Device\Harddisk0\DR0:
20:56:01.0720 0x0980  MBR partitions:
20:56:01.0720 0x0980  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:56:01.0720 0x0980  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
20:56:01.0720 0x0980  ============================================================
20:56:01.0767 0x0980  C: <-> \Device\Harddisk0\DR0\Partition2
20:56:01.0767 0x0980  ============================================================
20:56:01.0767 0x0980  Initialize success
20:56:01.0767 0x0980  ============================================================
20:56:09.0896 0x0d68  ============================================================
20:56:09.0896 0x0d68  Scan started
20:56:09.0896 0x0d68  Mode: Manual;
20:56:09.0896 0x0d68  ============================================================
20:56:09.0896 0x0d68  KSN ping started
20:56:12.0876 0x0d68  KSN ping finished: true
20:56:13.0921 0x0d68  ================ Scan system memory ========================
20:56:13.0921 0x0d68  System memory - ok
20:56:13.0921 0x0d68  ================ Scan services =============================
20:56:14.0421 0x0d68  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:56:14.0436 0x0d68  1394ohci - ok
20:56:14.0592 0x0d68  [ 871C226234A48C24DFE7478F36C0050C, 657CAB49387E0E40311D4DEC93D9860B2DAC2C05F223698CFA2F9BB50B5F3022 ] 75049098        C:\Windows\system32\DRIVERS\75049098.sys
20:56:14.0592 0x0d68  75049098 - ok
20:56:14.0655 0x0d68  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:56:14.0670 0x0d68  ACPI - ok
20:56:14.0701 0x0d68  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:56:14.0717 0x0d68  AcpiPmi - ok
20:56:14.0842 0x0d68  [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:56:14.0857 0x0d68  AdobeFlashPlayerUpdateSvc - ok
20:56:14.0935 0x0d68  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:56:14.0982 0x0d68  adp94xx - ok
20:56:15.0045 0x0d68  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:56:15.0076 0x0d68  adpahci - ok
20:56:15.0138 0x0d68  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:56:15.0154 0x0d68  adpu320 - ok
20:56:15.0216 0x0d68  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:56:15.0232 0x0d68  AeLookupSvc - ok
20:56:15.0325 0x0d68  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
20:56:15.0357 0x0d68  AFD - ok
20:56:15.0403 0x0d68  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
20:56:15.0403 0x0d68  agp440 - ok
20:56:15.0466 0x0d68  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
20:56:15.0466 0x0d68  aic78xx - ok
20:56:15.0528 0x0d68  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
20:56:15.0544 0x0d68  ALG - ok
20:56:15.0606 0x0d68  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:56:15.0622 0x0d68  aliide - ok
20:56:15.0653 0x0d68  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
20:56:15.0669 0x0d68  amdagp - ok
20:56:15.0715 0x0d68  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:56:15.0715 0x0d68  amdide - ok
20:56:15.0747 0x0d68  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:56:15.0762 0x0d68  AmdK8 - ok
20:56:15.0809 0x0d68  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
20:56:15.0825 0x0d68  AmdPPM - ok
20:56:15.0887 0x0d68  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:56:15.0903 0x0d68  amdsata - ok
20:56:15.0949 0x0d68  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:56:15.0965 0x0d68  amdsbs - ok
20:56:16.0012 0x0d68  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:56:16.0027 0x0d68  amdxata - ok
20:56:16.0183 0x0d68  [ FCFCD84A3F84375CF2EADA10650C3289, A5AC6E167C60451B2EC9561FA83C9DA5ADDF4152E1AD01A38C80D00B3118EE9A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:56:16.0215 0x0d68  AntiVirSchedulerService - ok
20:56:16.0324 0x0d68  [ FCFCD84A3F84375CF2EADA10650C3289, A5AC6E167C60451B2EC9561FA83C9DA5ADDF4152E1AD01A38C80D00B3118EE9A ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:56:16.0371 0x0d68  AntiVirService - ok
20:56:16.0495 0x0d68  [ B0BC20ADD485E48DDFC613941CBBCFD0, FCC89EA77B327D5715C3A5816522F78FD4002CC2DAFB30CB075D9C501C5181EE ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
20:56:16.0589 0x0d68  AntiVirWebService - ok
20:56:16.0651 0x0d68  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
20:56:16.0651 0x0d68  AppID - ok
20:56:16.0714 0x0d68  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:56:16.0714 0x0d68  AppIDSvc - ok
20:56:16.0761 0x0d68  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
20:56:16.0761 0x0d68  Appinfo - ok
20:56:16.0885 0x0d68  [ 608D6A90E989C6522F170E5526A64BF4, 36EDD07DF6BD2D20121F63CF720C289FCCF7C53574D37F99C2F9ED68298D655B ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:56:16.0885 0x0d68  Apple Mobile Device - ok
20:56:16.0963 0x0d68  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
20:56:16.0979 0x0d68  AppMgmt - ok
20:56:17.0041 0x0d68  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\drivers\arc.sys
20:56:17.0057 0x0d68  arc - ok
20:56:17.0088 0x0d68  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:56:17.0104 0x0d68  arcsas - ok
20:56:17.0275 0x0d68  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:56:17.0291 0x0d68  aspnet_state - ok
20:56:17.0322 0x0d68  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:56:17.0338 0x0d68  AsyncMac - ok
20:56:17.0385 0x0d68  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:56:17.0400 0x0d68  atapi - ok
20:56:17.0509 0x0d68  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:56:17.0541 0x0d68  AudioEndpointBuilder - ok
20:56:17.0587 0x0d68  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
20:56:17.0634 0x0d68  Audiosrv - ok
20:56:17.0712 0x0d68  [ F581D2F3E30C1CA7206D660FB7689F98, 53647E017AE58788922F72285DD63E8CD2F9E922B31F7C6711E547BC6B360154 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
20:56:17.0728 0x0d68  avgntflt - ok
20:56:17.0790 0x0d68  [ A2EE407D6D3757A2FFD5095DD16AE1F2, BBFCC5DC116D6A3AF85591955541528DB0CB1FE81D353F717BE7CAD3F7F446F4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
20:56:17.0806 0x0d68  avipbb - ok
20:56:17.0915 0x0d68  [ 485B85B3FF68FB7454984CB92A0532D9, 287F6C6ADF3D96C8AC1BD1FFAD82563DA72A26CF0DECDEA7E987A020EBE06552 ] Avira.OE.ServiceHost C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
20:56:17.0946 0x0d68  Avira.OE.ServiceHost - ok
20:56:17.0977 0x0d68  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
20:56:17.0993 0x0d68  avkmgr - ok
20:56:18.0055 0x0d68  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:56:18.0055 0x0d68  AxInstSV - ok
20:56:18.0165 0x0d68  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
20:56:18.0211 0x0d68  b06bdrv - ok
20:56:18.0274 0x0d68  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
20:56:18.0305 0x0d68  b57nd60x - ok
20:56:18.0617 0x0d68  [ F9CE9B5E049EFC66B8E6C73C18EE8438, 8B43B84F59810DAFA961EEA13E354FF9A0796A185E2C8D6642D8660AAC1B96F4 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
20:56:18.0835 0x0d68  BCM43XX - ok
20:56:18.0913 0x0d68  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
20:56:18.0929 0x0d68  BDESVC - ok
20:56:18.0960 0x0d68  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:56:18.0960 0x0d68  Beep - ok
20:56:19.0054 0x0d68  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
20:56:19.0101 0x0d68  BFE - ok
20:56:19.0210 0x0d68  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
20:56:19.0288 0x0d68  BITS - ok
20:56:19.0319 0x0d68  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:56:19.0335 0x0d68  blbdrive - ok
20:56:19.0444 0x0d68  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:56:19.0491 0x0d68  Bonjour Service - ok
20:56:19.0537 0x0d68  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:56:19.0553 0x0d68  bowser - ok
20:56:19.0584 0x0d68  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
20:56:19.0600 0x0d68  BrFiltLo - ok
20:56:19.0631 0x0d68  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
20:56:19.0631 0x0d68  BrFiltUp - ok
20:56:19.0678 0x0d68  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
20:56:19.0693 0x0d68  Browser - ok
20:56:19.0787 0x0d68  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:56:19.0803 0x0d68  Brserid - ok
20:56:19.0849 0x0d68  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:56:19.0849 0x0d68  BrSerWdm - ok
20:56:19.0896 0x0d68  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:56:19.0896 0x0d68  BrUsbMdm - ok
20:56:19.0927 0x0d68  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:56:19.0927 0x0d68  BrUsbSer - ok
20:56:19.0974 0x0d68  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:56:19.0990 0x0d68  BTHMODEM - ok
20:56:20.0068 0x0d68  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
20:56:20.0068 0x0d68  bthserv - ok
20:56:20.0115 0x0d68  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:56:20.0130 0x0d68  cdfs - ok
20:56:20.0193 0x0d68  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:56:20.0208 0x0d68  cdrom - ok
20:56:20.0271 0x0d68  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:56:20.0286 0x0d68  CertPropSvc - ok
20:56:20.0333 0x0d68  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\drivers\circlass.sys
20:56:20.0333 0x0d68  circlass - ok
20:56:20.0411 0x0d68  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
20:56:20.0427 0x0d68  CLFS - ok
20:56:20.0536 0x0d68  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:56:20.0551 0x0d68  clr_optimization_v2.0.50727_32 - ok
20:56:20.0645 0x0d68  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:56:20.0676 0x0d68  clr_optimization_v4.0.30319_32 - ok
20:56:20.0707 0x0d68  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:56:20.0723 0x0d68  CmBatt - ok
20:56:20.0785 0x0d68  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:56:20.0785 0x0d68  cmdide - ok
20:56:20.0863 0x0d68  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
20:56:20.0895 0x0d68  CNG - ok
20:56:20.0941 0x0d68  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:56:20.0957 0x0d68  Compbatt - ok
20:56:20.0988 0x0d68  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
20:56:21.0004 0x0d68  CompositeBus - ok
20:56:21.0051 0x0d68  COMSysApp - ok
20:56:21.0082 0x0d68  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:56:21.0097 0x0d68  crcdisk - ok
20:56:21.0191 0x0d68  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:56:21.0207 0x0d68  CryptSvc - ok
20:56:21.0285 0x0d68  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
20:56:21.0316 0x0d68  CSC - ok
20:56:21.0394 0x0d68  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
20:56:21.0441 0x0d68  CscService - ok
20:56:21.0550 0x0d68  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:56:21.0581 0x0d68  DcomLaunch - ok
20:56:21.0675 0x0d68  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
20:56:21.0690 0x0d68  defragsvc - ok
20:56:21.0753 0x0d68  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:56:21.0753 0x0d68  DfsC - ok
20:56:21.0815 0x0d68  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:56:21.0846 0x0d68  Dhcp - ok
20:56:21.0877 0x0d68  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
20:56:21.0877 0x0d68  discache - ok
20:56:21.0955 0x0d68  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\drivers\disk.sys
20:56:21.0971 0x0d68  Disk - ok
20:56:22.0018 0x0d68  [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
20:56:22.0033 0x0d68  dmvsc - ok
20:56:22.0080 0x0d68  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:56:22.0096 0x0d68  Dnscache - ok
20:56:22.0158 0x0d68  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:56:22.0189 0x0d68  dot3svc - ok
20:56:22.0267 0x0d68  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
20:56:22.0283 0x0d68  DPS - ok
20:56:22.0330 0x0d68  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:56:22.0345 0x0d68  drmkaud - ok
20:56:22.0486 0x0d68  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:56:22.0548 0x0d68  DXGKrnl - ok
20:56:22.0611 0x0d68  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
20:56:22.0626 0x0d68  EapHost - ok
20:56:22.0969 0x0d68  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
20:56:23.0235 0x0d68  ebdrv - ok
20:56:23.0313 0x0d68  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS             C:\Windows\System32\lsass.exe
20:56:23.0328 0x0d68  EFS - ok
20:56:23.0453 0x0d68  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:56:23.0500 0x0d68  ehRecvr - ok
20:56:23.0547 0x0d68  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
20:56:23.0562 0x0d68  ehSched - ok
20:56:23.0656 0x0d68  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:56:23.0687 0x0d68  elxstor - ok
20:56:23.0718 0x0d68  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:56:23.0734 0x0d68  ErrDev - ok
20:56:23.0859 0x0d68  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
20:56:23.0874 0x0d68  EventSystem - ok
20:56:23.0937 0x0d68  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:56:23.0952 0x0d68  exfat - ok
20:56:23.0999 0x0d68  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:56:24.0015 0x0d68  fastfat - ok
20:56:24.0124 0x0d68  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
20:56:24.0171 0x0d68  Fax - ok
20:56:24.0217 0x0d68  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\drivers\fdc.sys
20:56:24.0233 0x0d68  fdc - ok
20:56:24.0264 0x0d68  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
20:56:24.0280 0x0d68  fdPHost - ok
20:56:24.0311 0x0d68  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:56:24.0311 0x0d68  FDResPub - ok
20:56:24.0358 0x0d68  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:56:24.0373 0x0d68  FileInfo - ok
20:56:24.0389 0x0d68  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:56:24.0389 0x0d68  Filetrace - ok
20:56:24.0436 0x0d68  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
20:56:24.0451 0x0d68  flpydisk - ok
20:56:24.0498 0x0d68  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:56:24.0529 0x0d68  FltMgr - ok
20:56:24.0685 0x0d68  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
20:56:24.0763 0x0d68  FontCache - ok
20:56:24.0841 0x0d68  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:56:24.0857 0x0d68  FontCache3.0.0.0 - ok
20:56:24.0888 0x0d68  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:56:24.0904 0x0d68  FsDepends - ok
20:56:24.0951 0x0d68  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:56:24.0951 0x0d68  Fs_Rec - ok
20:56:25.0029 0x0d68  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:56:25.0060 0x0d68  fvevol - ok
20:56:25.0091 0x0d68  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:56:25.0107 0x0d68  gagp30kx - ok
20:56:25.0185 0x0d68  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:56:25.0185 0x0d68  GEARAspiWDM - ok
20:56:25.0325 0x0d68  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:56:25.0372 0x0d68  gpsvc - ok
20:56:25.0403 0x0d68  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:56:25.0419 0x0d68  hcw85cir - ok
20:56:25.0497 0x0d68  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:56:25.0512 0x0d68  HdAudAddService - ok
20:56:25.0575 0x0d68  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:56:25.0590 0x0d68  HDAudBus - ok
20:56:25.0621 0x0d68  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
20:56:25.0637 0x0d68  HidBatt - ok
20:56:25.0684 0x0d68  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:56:25.0684 0x0d68  HidBth - ok
20:56:25.0746 0x0d68  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:56:25.0762 0x0d68  HidIr - ok
20:56:25.0793 0x0d68  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
20:56:25.0809 0x0d68  hidserv - ok
20:56:25.0871 0x0d68  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
20:56:25.0871 0x0d68  HidUsb - ok
20:56:25.0918 0x0d68  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:56:25.0933 0x0d68  hkmsvc - ok
20:56:25.0980 0x0d68  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:56:26.0011 0x0d68  HomeGroupListener - ok
20:56:26.0089 0x0d68  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:56:26.0121 0x0d68  HomeGroupProvider - ok
20:56:26.0167 0x0d68  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:56:26.0167 0x0d68  HpSAMD - ok
20:56:26.0292 0x0d68  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:56:26.0339 0x0d68  HTTP - ok
20:56:26.0370 0x0d68  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:56:26.0370 0x0d68  hwpolicy - ok
20:56:26.0433 0x0d68  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:56:26.0464 0x0d68  i8042prt - ok
20:56:26.0557 0x0d68  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:56:26.0589 0x0d68  iaStorV - ok
20:56:26.0729 0x0d68  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:56:26.0823 0x0d68  idsvc - ok
20:56:26.0838 0x0d68  IEEtwCollectorService - ok
20:56:27.0353 0x0d68  [ BA41E1BBA410212CE6D30E0DAC47972B, C1D8E5C95EADD9E2083275C1DA633F0B773B65EABEBC0F52224FF1156CBBE8C1 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
20:56:27.0759 0x0d68  igfx - ok
20:56:27.0837 0x0d68  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:56:27.0852 0x0d68  iirsp - ok
20:56:27.0993 0x0d68  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:56:28.0039 0x0d68  IKEEXT - ok
20:56:28.0071 0x0d68  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:56:28.0071 0x0d68  intelide - ok
20:56:28.0117 0x0d68  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:56:28.0133 0x0d68  intelppm - ok
20:56:28.0180 0x0d68  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:56:28.0180 0x0d68  IPBusEnum - ok
20:56:28.0227 0x0d68  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:56:28.0227 0x0d68  IpFilterDriver - ok
20:56:28.0320 0x0d68  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:56:28.0351 0x0d68  iphlpsvc - ok
20:56:28.0398 0x0d68  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:56:28.0398 0x0d68  IPMIDRV - ok
20:56:28.0429 0x0d68  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:56:28.0445 0x0d68  IPNAT - ok
20:56:28.0554 0x0d68  [ 781ABA6C29AD40259602703A328DAEC6, 2DB936C8DE6D4424C6A10D4200F3D7F97A3A129A3B1064A83AB9846C3A828BE0 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:56:28.0601 0x0d68  iPod Service - ok
20:56:28.0663 0x0d68  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:56:28.0663 0x0d68  IRENUM - ok
20:56:28.0695 0x0d68  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:56:28.0710 0x0d68  isapnp - ok
20:56:28.0804 0x0d68  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:56:28.0819 0x0d68  iScsiPrt - ok
20:56:28.0866 0x0d68  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:56:28.0866 0x0d68  kbdclass - ok
20:56:28.0929 0x0d68  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
20:56:28.0929 0x0d68  kbdhid - ok
20:56:28.0944 0x0d68  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso          C:\Windows\system32\lsass.exe
20:56:28.0960 0x0d68  KeyIso - ok
20:56:28.0991 0x0d68  [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:56:29.0007 0x0d68  KSecDD - ok
20:56:29.0100 0x0d68  [ D3964885F0A11ACF51DA3AAA776973B2, 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:56:29.0116 0x0d68  KSecPkg - ok
20:56:29.0225 0x0d68  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:56:29.0256 0x0d68  KtmRm - ok
20:56:29.0303 0x0d68  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:56:29.0319 0x0d68  LanmanServer - ok
20:56:29.0365 0x0d68  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:56:29.0381 0x0d68  LanmanWorkstation - ok
20:56:29.0443 0x0d68  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:56:29.0459 0x0d68  lltdio - ok
20:56:29.0537 0x0d68  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:56:29.0553 0x0d68  lltdsvc - ok
20:56:29.0584 0x0d68  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:56:29.0584 0x0d68  lmhosts - ok
20:56:29.0631 0x0d68  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:56:29.0646 0x0d68  LSI_FC - ok
20:56:29.0677 0x0d68  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:56:29.0693 0x0d68  LSI_SAS - ok
20:56:29.0724 0x0d68  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
20:56:29.0724 0x0d68  LSI_SAS2 - ok
20:56:29.0755 0x0d68  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:56:29.0771 0x0d68  LSI_SCSI - ok
20:56:29.0802 0x0d68  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
20:56:29.0802 0x0d68  luafv - ok
20:56:29.0865 0x0d68  [ 0DB7527DB188C7D967A37BB51BBF3963, 3812E26626EC49BE61B0B8DA5FE6E838C0FEF8A08363C239F64E6CCA0BA949D5 ] MBAMSwissArmy   C:\Windows\system32\drivers\mbamswissarmy.sys
20:56:29.0880 0x0d68  MBAMSwissArmy - ok
20:56:29.0927 0x0d68  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:56:29.0958 0x0d68  Mcx2Svc - ok
20:56:29.0989 0x0d68  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:56:29.0989 0x0d68  megasas - ok
20:56:30.0052 0x0d68  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
20:56:30.0067 0x0d68  MegaSR - ok
20:56:30.0099 0x0d68  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
20:56:30.0114 0x0d68  MMCSS - ok
20:56:30.0130 0x0d68  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
20:56:30.0145 0x0d68  Modem - ok
20:56:30.0192 0x0d68  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:56:30.0192 0x0d68  monitor - ok
20:56:30.0239 0x0d68  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:56:30.0239 0x0d68  mouclass - ok
20:56:30.0301 0x0d68  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
20:56:30.0301 0x0d68  mouhid - ok
20:56:30.0333 0x0d68  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:56:30.0333 0x0d68  mountmgr - ok
20:56:30.0442 0x0d68  [ 26EA1DAD601EE3ACAC301D66F07BA219, C9594BB15D53D4AC2156CCCD2DB65B2C20620F1F60DA85F48D1586FC10028096 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:56:30.0457 0x0d68  MozillaMaintenance - ok
20:56:30.0504 0x0d68  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:56:30.0520 0x0d68  mpio - ok
20:56:30.0567 0x0d68  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:56:30.0567 0x0d68  mpsdrv - ok
20:56:30.0660 0x0d68  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:56:30.0691 0x0d68  MpsSvc - ok
20:56:30.0754 0x0d68  [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:56:30.0754 0x0d68  MRxDAV - ok
20:56:30.0832 0x0d68  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:56:30.0847 0x0d68  mrxsmb - ok
20:56:30.0894 0x0d68  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:56:30.0910 0x0d68  mrxsmb10 - ok
20:56:30.0941 0x0d68  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:56:30.0957 0x0d68  mrxsmb20 - ok
20:56:31.0003 0x0d68  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:56:31.0003 0x0d68  msahci - ok
20:56:31.0081 0x0d68  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:56:31.0097 0x0d68  msdsm - ok
20:56:31.0128 0x0d68  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
20:56:31.0144 0x0d68  MSDTC - ok
20:56:31.0191 0x0d68  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:56:31.0206 0x0d68  Msfs - ok
20:56:31.0253 0x0d68  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:56:31.0253 0x0d68  mshidkmdf - ok
20:56:31.0284 0x0d68  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:56:31.0300 0x0d68  msisadrv - ok
20:56:31.0362 0x0d68  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:56:31.0378 0x0d68  MSiSCSI - ok
20:56:31.0393 0x0d68  msiserver - ok
20:56:31.0471 0x0d68  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:56:31.0471 0x0d68  MSKSSRV - ok
20:56:31.0518 0x0d68  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:56:31.0518 0x0d68  MSPCLOCK - ok
20:56:31.0549 0x0d68  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:56:31.0549 0x0d68  MSPQM - ok
20:56:31.0627 0x0d68  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:56:31.0627 0x0d68  MsRPC - ok
20:56:31.0674 0x0d68  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:56:31.0690 0x0d68  mssmbios - ok
20:56:31.0737 0x0d68  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:56:31.0737 0x0d68  MSTEE - ok
20:56:31.0783 0x0d68  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
20:56:31.0783 0x0d68  MTConfig - ok
20:56:31.0830 0x0d68  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:56:31.0830 0x0d68  Mup - ok
20:56:31.0939 0x0d68  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
20:56:31.0971 0x0d68  napagent - ok
20:56:32.0033 0x0d68  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:56:32.0049 0x0d68  NativeWifiP - ok
20:56:32.0236 0x0d68  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:56:32.0267 0x0d68  NDIS - ok
20:56:32.0298 0x0d68  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:56:32.0314 0x0d68  NdisCap - ok
20:56:32.0345 0x0d68  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:56:32.0345 0x0d68  NdisTapi - ok
20:56:32.0392 0x0d68  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:56:32.0392 0x0d68  Ndisuio - ok
20:56:32.0439 0x0d68  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:56:32.0439 0x0d68  NdisWan - ok
20:56:32.0501 0x0d68  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:56:32.0501 0x0d68  NDProxy - ok
20:56:32.0548 0x0d68  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:56:32.0548 0x0d68  NetBIOS - ok
20:56:32.0657 0x0d68  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:56:32.0673 0x0d68  NetBT - ok
20:56:32.0688 0x0d68  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon        C:\Windows\system32\lsass.exe
20:56:32.0704 0x0d68  Netlogon - ok
20:56:32.0813 0x0d68  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
20:56:32.0844 0x0d68  Netman - ok
20:56:32.0907 0x0d68  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:56:32.0922 0x0d68  NetMsmqActivator - ok
20:56:32.0953 0x0d68  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:56:32.0953 0x0d68  NetPipeActivator - ok
20:56:33.0047 0x0d68  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
20:56:33.0094 0x0d68  netprofm - ok
20:56:33.0109 0x0d68  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:56:33.0125 0x0d68  NetTcpActivator - ok
20:56:33.0172 0x0d68  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:56:33.0172 0x0d68  NetTcpPortSharing - ok
20:56:33.0234 0x0d68  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:56:33.0234 0x0d68  nfrd960 - ok
20:56:33.0312 0x0d68  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:56:33.0343 0x0d68  NlaSvc - ok
20:56:33.0375 0x0d68  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:56:33.0390 0x0d68  Npfs - ok
20:56:33.0437 0x0d68  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
20:56:33.0453 0x0d68  nsi - ok
20:56:33.0484 0x0d68  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:56:33.0499 0x0d68  nsiproxy - ok
20:56:33.0733 0x0d68  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:56:33.0811 0x0d68  Ntfs - ok
20:56:33.0858 0x0d68  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
20:56:33.0858 0x0d68  Null - ok
20:56:33.0936 0x0d68  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:56:33.0952 0x0d68  nvraid - ok
20:56:33.0983 0x0d68  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:56:33.0999 0x0d68  nvstor - ok
20:56:34.0030 0x0d68  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:56:34.0030 0x0d68  nv_agp - ok
20:56:34.0155 0x0d68  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:56:34.0186 0x0d68  odserv - ok
20:56:34.0217 0x0d68  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:56:34.0217 0x0d68  ohci1394 - ok
20:56:34.0279 0x0d68  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:56:34.0295 0x0d68  ose - ok
20:56:34.0373 0x0d68  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:56:34.0389 0x0d68  p2pimsvc - ok
20:56:34.0435 0x0d68  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:56:34.0451 0x0d68  p2psvc - ok
20:56:34.0498 0x0d68  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\drivers\parport.sys
20:56:34.0513 0x0d68  Parport - ok
20:56:34.0591 0x0d68  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:56:34.0591 0x0d68  partmgr - ok
20:56:34.0638 0x0d68  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
20:56:34.0638 0x0d68  Parvdm - ok
20:56:34.0716 0x0d68  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:56:34.0732 0x0d68  PcaSvc - ok
20:56:34.0825 0x0d68  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
20:56:34.0841 0x0d68  pci - ok
20:56:34.0872 0x0d68  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:56:34.0872 0x0d68  pciide - ok
20:56:34.0935 0x0d68  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:56:34.0950 0x0d68  pcmcia - ok
20:56:34.0981 0x0d68  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:56:34.0997 0x0d68  pcw - ok
20:56:35.0106 0x0d68  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:56:35.0137 0x0d68  PEAUTH - ok
20:56:35.0262 0x0d68  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
20:56:35.0340 0x0d68  PeerDistSvc - ok
20:56:35.0574 0x0d68  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
20:56:35.0668 0x0d68  pla - ok
20:56:35.0746 0x0d68  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:56:35.0777 0x0d68  PlugPlay - ok
20:56:35.0808 0x0d68  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:56:35.0808 0x0d68  PNRPAutoReg - ok
20:56:35.0855 0x0d68  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:56:35.0871 0x0d68  PNRPsvc - ok
20:56:35.0980 0x0d68  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:56:36.0011 0x0d68  PolicyAgent - ok
20:56:36.0073 0x0d68  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
20:56:36.0089 0x0d68  Power - ok
20:56:36.0136 0x0d68  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:56:36.0136 0x0d68  PptpMiniport - ok
20:56:36.0183 0x0d68  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\drivers\processr.sys
20:56:36.0183 0x0d68  Processor - ok
20:56:36.0245 0x0d68  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:56:36.0261 0x0d68  ProfSvc - ok
20:56:36.0276 0x0d68  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:56:36.0292 0x0d68  ProtectedStorage - ok
20:56:36.0339 0x0d68  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:56:36.0339 0x0d68  Psched - ok
20:56:36.0463 0x0d68  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:56:36.0557 0x0d68  ql2300 - ok
20:56:36.0588 0x0d68  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:56:36.0604 0x0d68  ql40xx - ok
20:56:36.0651 0x0d68  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
20:56:36.0666 0x0d68  QWAVE - ok
20:56:36.0713 0x0d68  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:56:36.0713 0x0d68  QWAVEdrv - ok
20:56:36.0744 0x0d68  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:56:36.0744 0x0d68  RasAcd - ok
20:56:36.0807 0x0d68  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:56:36.0807 0x0d68  RasAgileVpn - ok
20:56:36.0838 0x0d68  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
20:56:36.0853 0x0d68  RasAuto - ok
20:56:36.0900 0x0d68  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:56:36.0900 0x0d68  Rasl2tp - ok
20:56:36.0963 0x0d68  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
20:56:36.0978 0x0d68  RasMan - ok
20:56:37.0009 0x0d68  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:56:37.0009 0x0d68  RasPppoe - ok
20:56:37.0041 0x0d68  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:56:37.0041 0x0d68  RasSstp - ok
20:56:37.0087 0x0d68  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:56:37.0119 0x0d68  rdbss - ok
20:56:37.0150 0x0d68  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:56:37.0150 0x0d68  rdpbus - ok
20:56:37.0181 0x0d68  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:56:37.0197 0x0d68  RDPCDD - ok
20:56:37.0243 0x0d68  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
20:56:37.0259 0x0d68  RDPDR - ok
20:56:37.0306 0x0d68  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:56:37.0306 0x0d68  RDPENCDD - ok
20:56:37.0353 0x0d68  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:56:37.0353 0x0d68  RDPREFMP - ok
20:56:37.0399 0x0d68  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:56:37.0415 0x0d68  RDPWD - ok
20:56:37.0462 0x0d68  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:56:37.0477 0x0d68  rdyboost - ok
20:56:37.0540 0x0d68  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:56:37.0540 0x0d68  RemoteAccess - ok
20:56:37.0602 0x0d68  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:56:37.0602 0x0d68  RemoteRegistry - ok
20:56:37.0633 0x0d68  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:56:37.0649 0x0d68  RpcEptMapper - ok
20:56:37.0680 0x0d68  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
20:56:37.0696 0x0d68  RpcLocator - ok
20:56:37.0743 0x0d68  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
20:56:37.0758 0x0d68  RpcSs - ok
20:56:37.0805 0x0d68  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:56:37.0821 0x0d68  rspndr - ok
20:56:37.0899 0x0d68  [ 5283B9A27FF230F2FF70D92451FF409A, B8BAC70E1DE4485C79CA7B47D4DCFE0223CECEA8ED75CE4F128D47051F95FE5D ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
20:56:37.0914 0x0d68  RTL8167 - ok
20:56:37.0977 0x0d68  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
20:56:37.0977 0x0d68  s3cap - ok
20:56:38.0023 0x0d68  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs           C:\Windows\system32\lsass.exe
20:56:38.0023 0x0d68  SamSs - ok
20:56:38.0070 0x0d68  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:56:38.0070 0x0d68  sbp2port - ok
20:56:38.0133 0x0d68  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:56:38.0148 0x0d68  SCardSvr - ok
20:56:38.0164 0x0d68  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:56:38.0179 0x0d68  scfilter - ok
20:56:38.0273 0x0d68  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
20:56:38.0320 0x0d68  Schedule - ok
20:56:38.0351 0x0d68  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:56:38.0351 0x0d68  SCPolicySvc - ok
20:56:38.0382 0x0d68  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:56:38.0398 0x0d68  SDRSVC - ok
20:56:38.0460 0x0d68  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:56:38.0460 0x0d68  secdrv - ok
20:56:38.0476 0x0d68  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
20:56:38.0491 0x0d68  seclogon - ok
20:56:38.0523 0x0d68  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
20:56:38.0538 0x0d68  SENS - ok
20:56:38.0569 0x0d68  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:56:38.0585 0x0d68  SensrSvc - ok
20:56:38.0601 0x0d68  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\drivers\serenum.sys
20:56:38.0616 0x0d68  Serenum - ok
20:56:38.0647 0x0d68  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\drivers\serial.sys
20:56:38.0663 0x0d68  Serial - ok
20:56:38.0710 0x0d68  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:56:38.0710 0x0d68  sermouse - ok
20:56:38.0788 0x0d68  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:56:38.0788 0x0d68  SessionEnv - ok
20:56:38.0819 0x0d68  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:56:38.0835 0x0d68  sffdisk - ok
20:56:38.0850 0x0d68  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:56:38.0850 0x0d68  sffp_mmc - ok
20:56:38.0881 0x0d68  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:56:38.0897 0x0d68  sffp_sd - ok
20:56:38.0913 0x0d68  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:56:38.0913 0x0d68  sfloppy - ok
20:56:39.0006 0x0d68  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:56:39.0037 0x0d68  SharedAccess - ok
20:56:39.0100 0x0d68  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:56:39.0131 0x0d68  ShellHWDetection - ok
20:56:39.0162 0x0d68  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
20:56:39.0162 0x0d68  sisagp - ok
20:56:39.0209 0x0d68  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
20:56:39.0225 0x0d68  SiSRaid2 - ok
20:56:39.0256 0x0d68  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:56:39.0256 0x0d68  SiSRaid4 - ok
20:56:39.0318 0x0d68  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:56:39.0334 0x0d68  Smb - ok
20:56:39.0381 0x0d68  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:56:39.0396 0x0d68  SNMPTRAP - ok
20:56:39.0412 0x0d68  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:56:39.0427 0x0d68  spldr - ok
20:56:39.0490 0x0d68  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
20:56:39.0552 0x0d68  Spooler - ok
20:56:39.0833 0x0d68  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
20:56:40.0036 0x0d68  sppsvc - ok
20:56:40.0067 0x0d68  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:56:40.0083 0x0d68  sppuinotify - ok
20:56:40.0161 0x0d68  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:56:40.0176 0x0d68  srv - ok
20:56:40.0207 0x0d68  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:56:40.0239 0x0d68  srv2 - ok
20:56:40.0285 0x0d68  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:56:40.0301 0x0d68  srvnet - ok
20:56:40.0332 0x0d68  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:56:40.0363 0x0d68  SSDPSRV - ok
20:56:40.0410 0x0d68  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
20:56:40.0410 0x0d68  ssmdrv - ok
20:56:40.0441 0x0d68  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:56:40.0457 0x0d68  SstpSvc - ok
20:56:40.0504 0x0d68  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\drivers\stexstor.sys
20:56:40.0504 0x0d68  stexstor - ok
20:56:40.0613 0x0d68  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
20:56:40.0644 0x0d68  StiSvc - ok
20:56:40.0691 0x0d68  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
20:56:40.0691 0x0d68  storflt - ok
20:56:40.0722 0x0d68  [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc         C:\Windows\system32\storsvc.dll
20:56:40.0738 0x0d68  StorSvc - ok
20:56:40.0769 0x0d68  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
20:56:40.0785 0x0d68  storvsc - ok
20:56:40.0816 0x0d68  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:56:40.0816 0x0d68  swenum - ok
20:56:40.0878 0x0d68  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
20:56:40.0909 0x0d68  swprv - ok
20:56:41.0003 0x0d68  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
20:56:41.0112 0x0d68  SysMain - ok
20:56:41.0159 0x0d68  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
20:56:41.0175 0x0d68  TabletInputService - ok
20:56:41.0221 0x0d68  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:56:41.0253 0x0d68  TapiSrv - ok
20:56:41.0284 0x0d68  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
20:56:41.0299 0x0d68  TBS - ok
20:56:41.0455 0x0d68  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:56:41.0533 0x0d68  Tcpip - ok
20:56:41.0643 0x0d68  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:56:41.0721 0x0d68  TCPIP6 - ok
20:56:41.0767 0x0d68  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:56:41.0767 0x0d68  tcpipreg - ok
20:56:41.0814 0x0d68  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:56:41.0830 0x0d68  TDPIPE - ok
20:56:41.0861 0x0d68  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:56:41.0861 0x0d68  TDTCP - ok
20:56:41.0908 0x0d68  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:56:41.0908 0x0d68  tdx - ok
20:56:41.0939 0x0d68  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:56:41.0939 0x0d68  TermDD - ok
20:56:42.0017 0x0d68  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
20:56:42.0048 0x0d68  TermService - ok
20:56:42.0095 0x0d68  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
20:56:42.0095 0x0d68  Themes - ok
20:56:42.0126 0x0d68  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
20:56:42.0126 0x0d68  THREADORDER - ok
20:56:42.0189 0x0d68  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
20:56:42.0204 0x0d68  TrkWks - ok
20:56:42.0298 0x0d68  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:56:42.0313 0x0d68  TrustedInstaller - ok
20:56:42.0360 0x0d68  [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:56:42.0376 0x0d68  tssecsrv - ok
20:56:42.0407 0x0d68  [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:56:42.0423 0x0d68  TsUsbFlt - ok
20:56:42.0438 0x0d68  [ 01246F0BAAD7B68EC0F472AA41E33282, 51F975AF029AD015576FFFA3E88F5DBB8B40C7CD30ECDEDE8AFABCB08C954199 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
20:56:42.0438 0x0d68  TsUsbGD - ok
20:56:42.0516 0x0d68  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:56:42.0532 0x0d68  tunnel - ok
20:56:42.0563 0x0d68  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:56:42.0563 0x0d68  uagp35 - ok
20:56:42.0610 0x0d68  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:56:42.0625 0x0d68  udfs - ok
20:56:42.0672 0x0d68  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:56:42.0688 0x0d68  UI0Detect - ok
20:56:42.0735 0x0d68  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:56:42.0750 0x0d68  uliagpkx - ok
20:56:42.0781 0x0d68  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:56:42.0797 0x0d68  umbus - ok
20:56:42.0844 0x0d68  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\drivers\umpass.sys
20:56:42.0844 0x0d68  UmPass - ok
20:56:42.0906 0x0d68  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
20:56:42.0922 0x0d68  UmRdpService - ok
20:56:42.0969 0x0d68  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
20:56:42.0984 0x0d68  upnphost - ok
20:56:43.0047 0x0d68  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
20:56:43.0047 0x0d68  USBAAPL - ok
20:56:43.0109 0x0d68  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:56:43.0109 0x0d68  usbccgp - ok
20:56:43.0156 0x0d68  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:56:43.0156 0x0d68  usbcir - ok
20:56:43.0218 0x0d68  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:56:43.0234 0x0d68  usbehci - ok
20:56:43.0296 0x0d68  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:56:43.0312 0x0d68  usbhub - ok
20:56:43.0343 0x0d68  [ A6FB7957EA7AFB1165991E54CE934B74, 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:56:43.0343 0x0d68  usbohci - ok
20:56:43.0374 0x0d68  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
20:56:43.0374 0x0d68  usbprint - ok
20:56:43.0421 0x0d68  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:56:43.0421 0x0d68  USBSTOR - ok
20:56:43.0468 0x0d68  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:56:43.0468 0x0d68  usbuhci - ok
20:56:43.0530 0x0d68  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:56:43.0546 0x0d68  usbvideo - ok
20:56:43.0577 0x0d68  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
20:56:43.0593 0x0d68  UxSms - ok
20:56:43.0624 0x0d68  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc        C:\Windows\system32\lsass.exe
20:56:43.0624 0x0d68  VaultSvc - ok
20:56:43.0671 0x0d68  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:56:43.0671 0x0d68  vdrvroot - ok
20:56:43.0733 0x0d68  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
20:56:43.0764 0x0d68  vds - ok
20:56:43.0795 0x0d68  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:56:43.0811 0x0d68  vga - ok
20:56:43.0842 0x0d68  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:56:43.0842 0x0d68  VgaSave - ok
20:56:43.0889 0x0d68  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:56:43.0889 0x0d68  vhdmp - ok
20:56:43.0967 0x0d68  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
20:56:43.0967 0x0d68  viaagp - ok
20:56:44.0014 0x0d68  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
20:56:44.0014 0x0d68  ViaC7 - ok
20:56:44.0061 0x0d68  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:56:44.0061 0x0d68  viaide - ok
20:56:44.0123 0x0d68  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
20:56:44.0139 0x0d68  vmbus - ok
20:56:44.0185 0x0d68  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
20:56:44.0185 0x0d68  VMBusHID - ok
20:56:44.0217 0x0d68  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:56:44.0232 0x0d68  volmgr - ok
20:56:44.0279 0x0d68  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:56:44.0295 0x0d68  volmgrx - ok
20:56:44.0341 0x0d68  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:56:44.0357 0x0d68  volsnap - ok
20:56:44.0404 0x0d68  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:56:44.0419 0x0d68  vsmraid - ok
20:56:44.0544 0x0d68  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
20:56:44.0622 0x0d68  VSS - ok
20:56:44.0653 0x0d68  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:56:44.0669 0x0d68  vwifibus - ok
20:56:44.0700 0x0d68  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:56:44.0716 0x0d68  vwififlt - ok
20:56:44.0778 0x0d68  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
20:56:44.0794 0x0d68  W32Time - ok
20:56:44.0841 0x0d68  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:56:44.0841 0x0d68  WacomPen - ok
20:56:44.0903 0x0d68  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:56:44.0903 0x0d68  WANARP - ok
20:56:44.0934 0x0d68  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:56:44.0934 0x0d68  Wanarpv6 - ok
20:56:45.0106 0x0d68  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:56:45.0231 0x0d68  WatAdminSvc - ok
20:56:45.0402 0x0d68  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
20:56:45.0480 0x0d68  wbengine - ok
20:56:45.0543 0x0d68  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:56:45.0558 0x0d68  WbioSrvc - ok
20:56:45.0605 0x0d68  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:56:45.0636 0x0d68  wcncsvc - ok
20:56:45.0683 0x0d68  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:56:45.0683 0x0d68  WcsPlugInService - ok
20:56:45.0730 0x0d68  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\drivers\wd.sys
20:56:45.0730 0x0d68  Wd - ok
20:56:45.0823 0x0d68  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:56:45.0855 0x0d68  Wdf01000 - ok
20:56:45.0886 0x0d68  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:56:45.0901 0x0d68  WdiServiceHost - ok
20:56:45.0917 0x0d68  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:56:45.0948 0x0d68  WdiSystemHost - ok
20:56:46.0011 0x0d68  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
20:56:46.0026 0x0d68  WebClient - ok
20:56:46.0073 0x0d68  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:56:46.0089 0x0d68  Wecsvc - ok
20:56:46.0120 0x0d68  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:56:46.0135 0x0d68  wercplsupport - ok
20:56:46.0182 0x0d68  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
20:56:46.0198 0x0d68  WerSvc - ok
20:56:46.0245 0x0d68  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:56:46.0245 0x0d68  WfpLwf - ok
20:56:46.0276 0x0d68  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:56:46.0276 0x0d68  WIMMount - ok
20:56:46.0401 0x0d68  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
20:56:46.0447 0x0d68  WinDefend - ok
20:56:46.0494 0x0d68  WinHttpAutoProxySvc - ok
20:56:46.0603 0x0d68  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:56:46.0619 0x0d68  Winmgmt - ok
20:56:46.0744 0x0d68  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
20:56:46.0853 0x0d68  WinRM - ok
20:56:46.0993 0x0d68  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:56:47.0056 0x0d68  Wlansvc - ok
20:56:47.0087 0x0d68  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:56:47.0087 0x0d68  WmiAcpi - ok
20:56:47.0134 0x0d68  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:56:47.0149 0x0d68  wmiApSrv - ok
20:56:47.0415 0x0d68  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
20:56:47.0477 0x0d68  WMPNetworkSvc - ok
20:56:47.0508 0x0d68  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:56:47.0524 0x0d68  WPCSvc - ok
20:56:47.0586 0x0d68  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:56:47.0602 0x0d68  WPDBusEnum - ok
20:56:47.0633 0x0d68  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:56:47.0649 0x0d68  ws2ifsl - ok
20:56:47.0664 0x0d68  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
20:56:47.0680 0x0d68  wscsvc - ok
20:56:47.0695 0x0d68  WSearch - ok
20:56:47.0898 0x0d68  [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv        C:\Windows\system32\wuaueng.dll
20:56:48.0023 0x0d68  wuauserv - ok
20:56:48.0070 0x0d68  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:56:48.0085 0x0d68  WudfPf - ok
20:56:48.0117 0x0d68  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:56:48.0132 0x0d68  WUDFRd - ok
20:56:48.0210 0x0d68  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:56:48.0210 0x0d68  wudfsvc - ok
20:56:48.0273 0x0d68  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:56:48.0288 0x0d68  WwanSvc - ok
20:56:48.0335 0x0d68  ================ Scan global ===============================
20:56:48.0382 0x0d68  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
20:56:48.0444 0x0d68  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
20:56:48.0475 0x0d68  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
20:56:48.0538 0x0d68  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
20:56:48.0585 0x0d68  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
20:56:48.0616 0x0d68  [ Global ] - ok
20:56:48.0616 0x0d68  ================ Scan MBR ==================================
20:56:48.0616 0x0d68  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:56:49.0068 0x0d68  \Device\Harddisk0\DR0 - ok
20:56:49.0068 0x0d68  ================ Scan VBR ==================================
20:56:49.0084 0x0d68  [ 91A9B74914CDE3F7A54989C585BC1833 ] \Device\Harddisk0\DR0\Partition1
20:56:49.0099 0x0d68  \Device\Harddisk0\DR0\Partition1 - ok
20:56:49.0115 0x0d68  [ 7D6744AB3B74D3398E4108568E2F61BC ] \Device\Harddisk0\DR0\Partition2
20:56:49.0115 0x0d68  \Device\Harddisk0\DR0\Partition2 - ok
20:56:49.0131 0x0d68  ================ Scan generic autorun ======================
20:56:49.0162 0x0d68  [ 0BA966FD5349BDF9895F40C045A7C7EC, CEF1BAA8E1960C28625811487E1A623D3EF27D8578CDFAA148605BDC2BE16F03 ] C:\Windows\system32\igfxtray.exe
20:56:49.0177 0x0d68  IgfxTray - ok
20:56:49.0209 0x0d68  [ 13B671D7253F29DA148569288CECF74B, E4AAD7EA71BDD11C9727ED0A110F35FBCD1CCE7ACAC6A8C7F42BE5BBF3F8D45D ] C:\Windows\system32\hkcmd.exe
20:56:49.0224 0x0d68  HotKeysCmds - ok
20:56:49.0271 0x0d68  [ 052F402E557C9EC01B188AD56E336029, 02E7E0CF41FBA61F3CA7DD093552D7BFBDDDBB6409643AEE752BD9B06FCC8913 ] C:\Windows\system32\igfxpers.exe
20:56:49.0287 0x0d68  Persistence - ok
20:56:49.0443 0x0d68  [ DAA21DC0AA2E688370D356757892816D, 97EBF3B8A4B8544B6C1379A391AA4079F38EB4D507931249BC1427D961F58F8C ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
20:56:49.0474 0x0d68  avgnt - ok
20:56:49.0521 0x0d68  [ 308F2EE28005510DE616409148CF077B, A2126CB185B0053086BDD6F0A16A503F6CA629AC677E4B7AE6D43C770061D087 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
20:56:49.0536 0x0d68  SunJavaUpdateSched - ok
20:56:49.0630 0x0d68  [ D88B2D487439305A2EC308A6796C3044, 79DF0A41ECB08D5BEB3393B2BA15E6C88AD626803E1734EFBA0DBE4ECF7274D7 ] C:\Program Files\iTunes\iTunesHelper.exe
20:56:49.0630 0x0d68  iTunesHelper - ok
20:56:49.0692 0x0d68  [ 7632A6EA63FEEBC2798D3852CE754972, 291409858E75B7E84397EED3270E737958255E7F733A3B2FE7BD282A2604B247 ] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
20:56:49.0692 0x0d68  Avira Systray - ok
20:56:49.0942 0x0d68  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:56:50.0176 0x0d68  Sidebar - ok
20:56:50.0238 0x0d68  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
20:56:50.0269 0x0d68  mctadmin - ok
20:56:50.0363 0x0d68  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:56:50.0410 0x0d68  Sidebar - ok
20:56:50.0441 0x0d68  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
20:56:50.0457 0x0d68  mctadmin - ok
20:56:50.0581 0x0d68  [ 059C2F55E82C8EDB20E8F26B2A7D2B19, BC323A8B8E0C3A5C2ABF23EDA0314A6117B9C2BC417A66CA5D6B25773E84E8F1 ] C:\Program Files\Ruiware\WinPatrol\winpatrol.exe
20:56:50.0644 0x0d68  WinPatrol - ok
20:56:50.0644 0x0d68  Waiting for KSN requests completion. In queue: 54
20:56:51.0658 0x0d68  Waiting for KSN requests completion. In queue: 54
20:56:52.0672 0x0d68  Waiting for KSN requests completion. In queue: 54
20:56:53.0795 0x0d68  AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.266 ), 0x41000 ( enabled : updated )
20:56:53.0795 0x0d68  Win FW state via NFP2: enabled
20:56:56.0743 0x0d68  ============================================================
20:56:56.0743 0x0d68  Scan finished
20:56:56.0743 0x0d68  ============================================================
20:56:56.0775 0x08d0  Detected object count: 0
20:56:56.0775 0x08d0  Actual detected object count: 0
21:02:20.0984 0x0690  ============================================================
21:02:20.0984 0x0690  Scan started
21:02:20.0984 0x0690  Mode: Manual;
21:02:20.0984 0x0690  ============================================================
21:02:20.0984 0x0690  KSN ping started
21:02:23.0885 0x0690  KSN ping finished: true
 



#5 sunflwr89

sunflwr89
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 14 October 2014 - 08:23 PM

21:02:24.0915 0x0690  ================ Scan system memory ========================
21:02:24.0931 0x0690  System memory - ok
21:02:24.0931 0x0690  ================ Scan services =============================
21:02:25.0196 0x0690  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:02:25.0211 0x0690  1394ohci - ok
21:02:25.0258 0x0690  [ 871C226234A48C24DFE7478F36C0050C, 657CAB49387E0E40311D4DEC93D9860B2DAC2C05F223698CFA2F9BB50B5F3022 ] 75049098        C:\Windows\system32\DRIVERS\75049098.sys
21:02:25.0258 0x0690  75049098 - ok
21:02:25.0305 0x0690  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:02:25.0321 0x0690  ACPI - ok
21:02:25.0352 0x0690  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:02:25.0367 0x0690  AcpiPmi - ok
21:02:25.0445 0x0690  [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:02:25.0461 0x0690  AdobeFlashPlayerUpdateSvc - ok
21:02:25.0523 0x0690  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:02:25.0555 0x0690  adp94xx - ok
21:02:25.0601 0x0690  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:02:25.0617 0x0690  adpahci - ok
21:02:25.0664 0x0690  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:02:25.0664 0x0690  adpu320 - ok
21:02:25.0711 0x0690  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:02:25.0726 0x0690  AeLookupSvc - ok
21:02:25.0789 0x0690  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
21:02:25.0804 0x0690  AFD - ok
21:02:25.0835 0x0690  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
21:02:25.0835 0x0690  agp440 - ok
21:02:25.0867 0x0690  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
21:02:25.0882 0x0690  aic78xx - ok
21:02:25.0898 0x0690  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
21:02:25.0913 0x0690  ALG - ok
21:02:25.0960 0x0690  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:02:25.0960 0x0690  aliide - ok
21:02:25.0991 0x0690  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
21:02:25.0991 0x0690  amdagp - ok
21:02:26.0038 0x0690  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:02:26.0038 0x0690  amdide - ok
21:02:26.0101 0x0690  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:02:26.0116 0x0690  AmdK8 - ok
21:02:26.0132 0x0690  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
21:02:26.0147 0x0690  AmdPPM - ok
21:02:26.0194 0x0690  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:02:26.0194 0x0690  amdsata - ok
21:02:26.0241 0x0690  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:02:26.0257 0x0690  amdsbs - ok
21:02:26.0303 0x0690  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:02:26.0303 0x0690  amdxata - ok
21:02:26.0475 0x0690  [ FCFCD84A3F84375CF2EADA10650C3289, A5AC6E167C60451B2EC9561FA83C9DA5ADDF4152E1AD01A38C80D00B3118EE9A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:02:26.0491 0x0690  AntiVirSchedulerService - ok
21:02:26.0569 0x0690  [ FCFCD84A3F84375CF2EADA10650C3289, A5AC6E167C60451B2EC9561FA83C9DA5ADDF4152E1AD01A38C80D00B3118EE9A ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:02:26.0600 0x0690  AntiVirService - ok
21:02:26.0709 0x0690  [ B0BC20ADD485E48DDFC613941CBBCFD0, FCC89EA77B327D5715C3A5816522F78FD4002CC2DAFB30CB075D9C501C5181EE ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
21:02:26.0756 0x0690  AntiVirWebService - ok
21:02:26.0803 0x0690  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
21:02:26.0818 0x0690  AppID - ok
21:02:26.0849 0x0690  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:02:26.0849 0x0690  AppIDSvc - ok
21:02:26.0896 0x0690  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
21:02:26.0896 0x0690  Appinfo - ok
21:02:27.0005 0x0690  [ 608D6A90E989C6522F170E5526A64BF4, 36EDD07DF6BD2D20121F63CF720C289FCCF7C53574D37F99C2F9ED68298D655B ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:02:27.0005 0x0690  Apple Mobile Device - ok
21:02:27.0052 0x0690  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
21:02:27.0052 0x0690  AppMgmt - ok
21:02:27.0083 0x0690  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\drivers\arc.sys
21:02:27.0099 0x0690  arc - ok
21:02:27.0130 0x0690  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:02:27.0130 0x0690  arcsas - ok
21:02:27.0271 0x0690  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:02:27.0286 0x0690  aspnet_state - ok
21:02:27.0333 0x0690  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:02:27.0349 0x0690  AsyncMac - ok
21:02:27.0380 0x0690  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:02:27.0395 0x0690  atapi - ok
21:02:27.0473 0x0690  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:02:27.0505 0x0690  AudioEndpointBuilder - ok
21:02:27.0583 0x0690  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:02:27.0598 0x0690  Audiosrv - ok
21:02:27.0661 0x0690  [ F581D2F3E30C1CA7206D660FB7689F98, 53647E017AE58788922F72285DD63E8CD2F9E922B31F7C6711E547BC6B360154 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:02:27.0661 0x0690  avgntflt - ok
21:02:27.0723 0x0690  [ A2EE407D6D3757A2FFD5095DD16AE1F2, BBFCC5DC116D6A3AF85591955541528DB0CB1FE81D353F717BE7CAD3F7F446F4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:02:27.0723 0x0690  avipbb - ok
21:02:27.0801 0x0690  [ 485B85B3FF68FB7454984CB92A0532D9, 287F6C6ADF3D96C8AC1BD1FFAD82563DA72A26CF0DECDEA7E987A020EBE06552 ] Avira.OE.ServiceHost C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
21:02:27.0801 0x0690  Avira.OE.ServiceHost - ok
21:02:27.0832 0x0690  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:02:27.0832 0x0690  avkmgr - ok
21:02:27.0863 0x0690  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:02:27.0879 0x0690  AxInstSV - ok
21:02:27.0941 0x0690  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
21:02:27.0957 0x0690  b06bdrv - ok
21:02:28.0019 0x0690  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
21:02:28.0035 0x0690  b57nd60x - ok
21:02:28.0285 0x0690  [ F9CE9B5E049EFC66B8E6C73C18EE8438, 8B43B84F59810DAFA961EEA13E354FF9A0796A185E2C8D6642D8660AAC1B96F4 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
21:02:28.0425 0x0690  BCM43XX - ok
21:02:28.0472 0x0690  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
21:02:28.0472 0x0690  BDESVC - ok
21:02:28.0503 0x0690  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:02:28.0503 0x0690  Beep - ok
21:02:28.0581 0x0690  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
21:02:28.0597 0x0690  BFE - ok
21:02:28.0690 0x0690  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
21:02:28.0737 0x0690  BITS - ok
21:02:28.0768 0x0690  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:02:28.0768 0x0690  blbdrive - ok
21:02:28.0877 0x0690  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:02:28.0909 0x0690  Bonjour Service - ok
21:02:28.0955 0x0690  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:02:28.0955 0x0690  bowser - ok
21:02:29.0002 0x0690  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:02:29.0002 0x0690  BrFiltLo - ok
21:02:29.0033 0x0690  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:02:29.0033 0x0690  BrFiltUp - ok
21:02:29.0080 0x0690  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
21:02:29.0096 0x0690  Browser - ok
21:02:29.0143 0x0690  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:02:29.0158 0x0690  Brserid - ok
21:02:29.0189 0x0690  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:02:29.0189 0x0690  BrSerWdm - ok
21:02:29.0236 0x0690  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:02:29.0236 0x0690  BrUsbMdm - ok
21:02:29.0267 0x0690  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:02:29.0267 0x0690  BrUsbSer - ok
21:02:29.0330 0x0690  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:02:29.0345 0x0690  BTHMODEM - ok
21:02:29.0377 0x0690  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
21:02:29.0392 0x0690  bthserv - ok
21:02:29.0423 0x0690  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:02:29.0423 0x0690  cdfs - ok
21:02:29.0455 0x0690  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:02:29.0470 0x0690  cdrom - ok
21:02:29.0501 0x0690  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:02:29.0517 0x0690  CertPropSvc - ok
21:02:29.0564 0x0690  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\drivers\circlass.sys
21:02:29.0564 0x0690  circlass - ok
21:02:29.0611 0x0690  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
21:02:29.0642 0x0690  CLFS - ok
21:02:29.0704 0x0690  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:02:29.0720 0x0690  clr_optimization_v2.0.50727_32 - ok
21:02:29.0751 0x0690  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:02:29.0767 0x0690  clr_optimization_v4.0.30319_32 - ok
21:02:29.0782 0x0690  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:02:29.0782 0x0690  CmBatt - ok
21:02:29.0829 0x0690  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:02:29.0829 0x0690  cmdide - ok
21:02:29.0891 0x0690  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
21:02:29.0907 0x0690  CNG - ok
21:02:29.0938 0x0690  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:02:29.0938 0x0690  Compbatt - ok
21:02:29.0954 0x0690  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
21:02:29.0954 0x0690  CompositeBus - ok
21:02:29.0969 0x0690  COMSysApp - ok
21:02:30.0016 0x0690  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:02:30.0016 0x0690  crcdisk - ok
21:02:30.0094 0x0690  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:02:30.0094 0x0690  CryptSvc - ok
21:02:30.0157 0x0690  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
21:02:30.0188 0x0690  CSC - ok
21:02:30.0250 0x0690  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
21:02:30.0281 0x0690  CscService - ok
21:02:30.0359 0x0690  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:02:30.0375 0x0690  DcomLaunch - ok
21:02:30.0453 0x0690  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
21:02:30.0469 0x0690  defragsvc - ok
21:02:30.0500 0x0690  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:02:30.0500 0x0690  DfsC - ok
21:02:30.0562 0x0690  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:02:30.0578 0x0690  Dhcp - ok
21:02:30.0593 0x0690  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
21:02:30.0593 0x0690  discache - ok
21:02:30.0656 0x0690  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\drivers\disk.sys
21:02:30.0656 0x0690  Disk - ok
21:02:30.0703 0x0690  [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
21:02:30.0718 0x0690  dmvsc - ok
21:02:30.0781 0x0690  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:02:30.0796 0x0690  Dnscache - ok
21:02:30.0827 0x0690  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:02:30.0843 0x0690  dot3svc - ok
21:02:30.0874 0x0690  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
21:02:30.0890 0x0690  DPS - ok
21:02:30.0921 0x0690  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:02:30.0921 0x0690  drmkaud - ok
21:02:31.0030 0x0690  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:02:31.0077 0x0690  DXGKrnl - ok
21:02:31.0124 0x0690  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
21:02:31.0139 0x0690  EapHost - ok
21:02:31.0405 0x0690  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
21:02:31.0592 0x0690  ebdrv - ok
21:02:31.0670 0x0690  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS             C:\Windows\System32\lsass.exe
21:02:31.0670 0x0690  EFS - ok
21:02:31.0763 0x0690  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:02:31.0795 0x0690  ehRecvr - ok
21:02:31.0826 0x0690  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
21:02:31.0841 0x0690  ehSched - ok
21:02:31.0904 0x0690  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:02:31.0935 0x0690  elxstor - ok
21:02:31.0966 0x0690  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:02:31.0966 0x0690  ErrDev - ok
21:02:32.0044 0x0690  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
21:02:32.0060 0x0690  EventSystem - ok
21:02:32.0107 0x0690  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
21:02:32.0107 0x0690  exfat - ok
21:02:32.0153 0x0690  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:02:32.0169 0x0690  fastfat - ok
21:02:32.0247 0x0690  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
21:02:32.0278 0x0690  Fax - ok
21:02:32.0325 0x0690  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\drivers\fdc.sys
21:02:32.0325 0x0690  fdc - ok
21:02:32.0341 0x0690  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
21:02:32.0356 0x0690  fdPHost - ok
21:02:32.0387 0x0690  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:02:32.0387 0x0690  FDResPub - ok
21:02:32.0419 0x0690  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:02:32.0419 0x0690  FileInfo - ok
21:02:32.0450 0x0690  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:02:32.0450 0x0690  Filetrace - ok
21:02:32.0481 0x0690  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
21:02:32.0481 0x0690  flpydisk - ok
21:02:32.0528 0x0690  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:02:32.0543 0x0690  FltMgr - ok
21:02:32.0653 0x0690  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
21:02:32.0715 0x0690  FontCache - ok
21:02:32.0824 0x0690  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:02:32.0824 0x0690  FontCache3.0.0.0 - ok
21:02:32.0855 0x0690  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:02:32.0871 0x0690  FsDepends - ok
21:02:32.0902 0x0690  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:02:32.0902 0x0690  Fs_Rec - ok
21:02:32.0949 0x0690  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:02:32.0965 0x0690  fvevol - ok
21:02:32.0996 0x0690  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:02:33.0011 0x0690  gagp30kx - ok
21:02:33.0058 0x0690  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:02:33.0058 0x0690  GEARAspiWDM - ok
21:02:33.0167 0x0690  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:02:33.0214 0x0690  gpsvc - ok
21:02:33.0261 0x0690  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:02:33.0277 0x0690  hcw85cir - ok
21:02:33.0339 0x0690  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:02:33.0355 0x0690  HdAudAddService - ok
21:02:33.0401 0x0690  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:02:33.0401 0x0690  HDAudBus - ok
21:02:33.0433 0x0690  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
21:02:33.0433 0x0690  HidBatt - ok
21:02:33.0479 0x0690  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:02:33.0479 0x0690  HidBth - ok
21:02:33.0511 0x0690  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:02:33.0526 0x0690  HidIr - ok
21:02:33.0557 0x0690  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
21:02:33.0557 0x0690  hidserv - ok
21:02:33.0620 0x0690  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
21:02:33.0620 0x0690  HidUsb - ok
21:02:33.0651 0x0690  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:02:33.0667 0x0690  hkmsvc - ok
21:02:33.0713 0x0690  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:02:33.0729 0x0690  HomeGroupListener - ok
21:02:33.0791 0x0690  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:02:33.0807 0x0690  HomeGroupProvider - ok
21:02:33.0838 0x0690  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:02:33.0854 0x0690  HpSAMD - ok
21:02:33.0916 0x0690  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:02:33.0947 0x0690  HTTP - ok
21:02:33.0979 0x0690  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:02:33.0979 0x0690  hwpolicy - ok
21:02:34.0010 0x0690  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:02:34.0010 0x0690  i8042prt - ok
21:02:34.0103 0x0690  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:02:34.0119 0x0690  iaStorV - ok
21:02:34.0228 0x0690  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:02:34.0275 0x0690  idsvc - ok
21:02:34.0291 0x0690  IEEtwCollectorService - ok
21:02:34.0681 0x0690  [ BA41E1BBA410212CE6D30E0DAC47972B, C1D8E5C95EADD9E2083275C1DA633F0B773B65EABEBC0F52224FF1156CBBE8C1 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
21:02:34.0930 0x0690  igfx - ok
21:02:34.0993 0x0690  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:02:34.0993 0x0690  iirsp - ok
21:02:35.0117 0x0690  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:02:35.0164 0x0690  IKEEXT - ok
21:02:35.0211 0x0690  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:02:35.0211 0x0690  intelide - ok
21:02:35.0242 0x0690  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:02:35.0258 0x0690  intelppm - ok
21:02:35.0305 0x0690  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:02:35.0320 0x0690  IPBusEnum - ok
21:02:35.0351 0x0690  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:02:35.0367 0x0690  IpFilterDriver - ok
21:02:35.0429 0x0690  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:02:35.0461 0x0690  iphlpsvc - ok
21:02:35.0507 0x0690  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:02:35.0523 0x0690  IPMIDRV - ok
21:02:35.0554 0x0690  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:02:35.0554 0x0690  IPNAT - ok
21:02:35.0632 0x0690  [ 781ABA6C29AD40259602703A328DAEC6, 2DB936C8DE6D4424C6A10D4200F3D7F97A3A129A3B1064A83AB9846C3A828BE0 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:02:35.0663 0x0690  iPod Service - ok
21:02:35.0710 0x0690  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:02:35.0726 0x0690  IRENUM - ok
21:02:35.0757 0x0690  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:02:35.0757 0x0690  isapnp - ok
21:02:35.0819 0x0690  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:02:35.0835 0x0690  iScsiPrt - ok
21:02:35.0851 0x0690  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:02:35.0866 0x0690  kbdclass - ok
21:02:35.0897 0x0690  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
21:02:35.0897 0x0690  kbdhid - ok
21:02:35.0929 0x0690  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso          C:\Windows\system32\lsass.exe
21:02:35.0944 0x0690  KeyIso - ok
21:02:35.0960 0x0690  [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:02:35.0975 0x0690  KSecDD - ok
21:02:36.0022 0x0690  [ D3964885F0A11ACF51DA3AAA776973B2, 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:02:36.0038 0x0690  KSecPkg - ok
21:02:36.0085 0x0690  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:02:36.0116 0x0690  KtmRm - ok
21:02:36.0178 0x0690  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:02:36.0194 0x0690  LanmanServer - ok
21:02:36.0241 0x0690  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:02:36.0256 0x0690  LanmanWorkstation - ok
21:02:36.0303 0x0690  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:02:36.0303 0x0690  lltdio - ok
21:02:36.0334 0x0690  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:02:36.0350 0x0690  lltdsvc - ok
21:02:36.0397 0x0690  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:02:36.0397 0x0690  lmhosts - ok
21:02:36.0443 0x0690  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:02:36.0459 0x0690  LSI_FC - ok
21:02:36.0490 0x0690  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:02:36.0490 0x0690  LSI_SAS - ok
21:02:36.0521 0x0690  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:02:36.0521 0x0690  LSI_SAS2 - ok
21:02:36.0553 0x0690  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:02:36.0568 0x0690  LSI_SCSI - ok
21:02:36.0615 0x0690  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
21:02:36.0631 0x0690  luafv - ok
21:02:36.0662 0x0690  [ 0DB7527DB188C7D967A37BB51BBF3963, 3812E26626EC49BE61B0B8DA5FE6E838C0FEF8A08363C239F64E6CCA0BA949D5 ] MBAMSwissArmy   C:\Windows\system32\drivers\mbamswissarmy.sys
21:02:36.0662 0x0690  MBAMSwissArmy - ok
21:02:36.0709 0x0690  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:02:36.0724 0x0690  Mcx2Svc - ok
21:02:36.0755 0x0690  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:02:36.0771 0x0690  megasas - ok
21:02:36.0818 0x0690  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:02:36.0833 0x0690  MegaSR - ok
21:02:36.0880 0x0690  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
21:02:36.0896 0x0690  MMCSS - ok
21:02:36.0911 0x0690  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
21:02:36.0927 0x0690  Modem - ok
21:02:36.0958 0x0690  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:02:36.0958 0x0690  monitor - ok
21:02:36.0974 0x0690  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:02:36.0974 0x0690  mouclass - ok
21:02:37.0005 0x0690  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
21:02:37.0021 0x0690  mouhid - ok
21:02:37.0067 0x0690  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:02:37.0067 0x0690  mountmgr - ok
21:02:37.0145 0x0690  [ 26EA1DAD601EE3ACAC301D66F07BA219, C9594BB15D53D4AC2156CCCD2DB65B2C20620F1F60DA85F48D1586FC10028096 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:02:37.0161 0x0690  MozillaMaintenance - ok
21:02:37.0239 0x0690  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:02:37.0255 0x0690  mpio - ok
21:02:37.0301 0x0690  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:02:37.0317 0x0690  mpsdrv - ok
21:02:37.0395 0x0690  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:02:37.0426 0x0690  MpsSvc - ok
21:02:37.0489 0x0690  [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:02:37.0489 0x0690  MRxDAV - ok
21:02:37.0551 0x0690  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:02:37.0551 0x0690  mrxsmb - ok
21:02:37.0598 0x0690  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:02:37.0613 0x0690  mrxsmb10 - ok
21:02:37.0645 0x0690  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:02:37.0660 0x0690  mrxsmb20 - ok
21:02:37.0707 0x0690  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:02:37.0723 0x0690  msahci - ok
21:02:37.0754 0x0690  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:02:37.0769 0x0690  msdsm - ok
21:02:37.0801 0x0690  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
21:02:37.0816 0x0690  MSDTC - ok
21:02:37.0863 0x0690  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:02:37.0863 0x0690  Msfs - ok
21:02:37.0879 0x0690  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:02:37.0879 0x0690  mshidkmdf - ok
21:02:37.0910 0x0690  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:02:37.0910 0x0690  msisadrv - ok
21:02:37.0957 0x0690  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:02:37.0972 0x0690  MSiSCSI - ok
21:02:37.0972 0x0690  msiserver - ok
21:02:38.0003 0x0690  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:02:38.0003 0x0690  MSKSSRV - ok
21:02:38.0019 0x0690  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:02:38.0019 0x0690  MSPCLOCK - ok
21:02:38.0050 0x0690  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:02:38.0050 0x0690  MSPQM - ok
21:02:38.0097 0x0690  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:02:38.0113 0x0690  MsRPC - ok
21:02:38.0144 0x0690  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:02:38.0144 0x0690  mssmbios - ok
21:02:38.0175 0x0690  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:02:38.0175 0x0690  MSTEE - ok
21:02:38.0191 0x0690  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:02:38.0191 0x0690  MTConfig - ok
21:02:38.0222 0x0690  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:02:38.0222 0x0690  Mup - ok
21:02:38.0300 0x0690  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
21:02:38.0315 0x0690  napagent - ok
21:02:38.0362 0x0690  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:02:38.0378 0x0690  NativeWifiP - ok
21:02:38.0471 0x0690  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:02:38.0503 0x0690  NDIS - ok
21:02:38.0534 0x0690  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:02:38.0549 0x0690  NdisCap - ok
21:02:38.0565 0x0690  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:02:38.0581 0x0690  NdisTapi - ok
21:02:38.0612 0x0690  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:02:38.0612 0x0690  Ndisuio - ok
21:02:38.0643 0x0690  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:02:38.0643 0x0690  NdisWan - ok
21:02:38.0674 0x0690  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:02:38.0690 0x0690  NDProxy - ok
21:02:38.0705 0x0690  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:02:38.0705 0x0690  NetBIOS - ok
21:02:38.0752 0x0690  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:02:38.0768 0x0690  NetBT - ok
21:02:38.0783 0x0690  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon        C:\Windows\system32\lsass.exe
21:02:38.0799 0x0690  Netlogon - ok
21:02:38.0846 0x0690  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
21:02:38.0861 0x0690  Netman - ok
21:02:38.0908 0x0690  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:02:38.0924 0x0690  NetMsmqActivator - ok
21:02:38.0939 0x0690  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:02:38.0955 0x0690  NetPipeActivator - ok
21:02:39.0002 0x0690  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
21:02:39.0017 0x0690  netprofm - ok
21:02:39.0033 0x0690  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:02:39.0049 0x0690  NetTcpActivator - ok
21:02:39.0064 0x0690  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:02:39.0064 0x0690  NetTcpPortSharing - ok
21:02:39.0095 0x0690  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:02:39.0095 0x0690  nfrd960 - ok
21:02:39.0158 0x0690  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:02:39.0173 0x0690  NlaSvc - ok
21:02:39.0205 0x0690  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:02:39.0220 0x0690  Npfs - ok
21:02:39.0267 0x0690  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
21:02:39.0267 0x0690  nsi - ok
21:02:39.0314 0x0690  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:02:39.0329 0x0690  nsiproxy - ok
21:02:39.0532 0x0690  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:02:39.0595 0x0690  Ntfs - ok
21:02:39.0626 0x0690  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
21:02:39.0626 0x0690  Null - ok
21:02:39.0657 0x0690  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:02:39.0673 0x0690  nvraid - ok
21:02:39.0704 0x0690  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:02:39.0719 0x0690  nvstor - ok
21:02:39.0735 0x0690  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:02:39.0751 0x0690  nv_agp - ok
21:02:39.0860 0x0690  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:02:39.0891 0x0690  odserv - ok
21:02:39.0907 0x0690  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:02:39.0922 0x0690  ohci1394 - ok
21:02:39.0969 0x0690  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:02:39.0985 0x0690  ose - ok
21:02:40.0047 0x0690  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:02:40.0063 0x0690  p2pimsvc - ok
21:02:40.0125 0x0690  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:02:40.0156 0x0690  p2psvc - ok
21:02:40.0172 0x0690  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\drivers\parport.sys
21:02:40.0187 0x0690  Parport - ok
21:02:40.0234 0x0690  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:02:40.0234 0x0690  partmgr - ok
21:02:40.0250 0x0690  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
21:02:40.0250 0x0690  Parvdm - ok
21:02:40.0297 0x0690  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:02:40.0312 0x0690  PcaSvc - ok
21:02:40.0328 0x0690  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
21:02:40.0343 0x0690  pci - ok
21:02:40.0359 0x0690  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
21:02:40.0359 0x0690  pciide - ok
21:02:40.0406 0x0690  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:02:40.0421 0x0690  pcmcia - ok
21:02:40.0453 0x0690  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:02:40.0468 0x0690  pcw - ok
21:02:40.0546 0x0690  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:02:40.0577 0x0690  PEAUTH - ok
21:02:40.0702 0x0690  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
21:02:40.0749 0x0690  PeerDistSvc - ok
21:02:40.0905 0x0690  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
21:02:40.0983 0x0690  pla - ok
21:02:41.0045 0x0690  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:02:41.0077 0x0690  PlugPlay - ok
21:02:41.0108 0x0690  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:02:41.0108 0x0690  PNRPAutoReg - ok
21:02:41.0155 0x0690  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:02:41.0170 0x0690  PNRPsvc - ok
21:02:41.0233 0x0690  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:02:41.0264 0x0690  PolicyAgent - ok
21:02:41.0342 0x0690  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
21:02:41.0357 0x0690  Power - ok
21:02:41.0389 0x0690  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:02:41.0389 0x0690  PptpMiniport - ok
21:02:41.0404 0x0690  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\drivers\processr.sys
21:02:41.0420 0x0690  Processor - ok
21:02:41.0451 0x0690  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:02:41.0467 0x0690  ProfSvc - ok
21:02:41.0482 0x0690  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:02:41.0482 0x0690  ProtectedStorage - ok
21:02:41.0513 0x0690  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:02:41.0513 0x0690  Psched - ok
21:02:41.0654 0x0690  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:02:41.0716 0x0690  ql2300 - ok
21:02:41.0747 0x0690  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:02:41.0763 0x0690  ql40xx - ok
21:02:41.0810 0x0690  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
21:02:41.0841 0x0690  QWAVE - ok
21:02:41.0872 0x0690  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:02:41.0872 0x0690  QWAVEdrv - ok
21:02:41.0888 0x0690  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:02:41.0888 0x0690  RasAcd - ok
21:02:41.0919 0x0690  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:02:41.0919 0x0690  RasAgileVpn - ok
21:02:41.0935 0x0690  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
21:02:41.0950 0x0690  RasAuto - ok
21:02:41.0981 0x0690  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:02:41.0981 0x0690  Rasl2tp - ok
21:02:42.0028 0x0690  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
21:02:42.0044 0x0690  RasMan - ok
21:02:42.0059 0x0690  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:02:42.0059 0x0690  RasPppoe - ok
21:02:42.0091 0x0690  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:02:42.0091 0x0690  RasSstp - ok
21:02:42.0137 0x0690  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:02:42.0153 0x0690  rdbss - ok
21:02:42.0169 0x0690  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:02:42.0169 0x0690  rdpbus - ok
21:02:42.0200 0x0690  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:02:42.0200 0x0690  RDPCDD - ok
21:02:42.0247 0x0690  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
21:02:42.0262 0x0690  RDPDR - ok
21:02:42.0293 0x0690  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:02:42.0293 0x0690  RDPENCDD - ok
21:02:42.0309 0x0690  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:02:42.0325 0x0690  RDPREFMP - ok
21:02:42.0356 0x0690  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:02:42.0371 0x0690  RDPWD - ok
21:02:42.0403 0x0690  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:02:42.0418 0x0690  rdyboost - ok
21:02:42.0465 0x0690  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:02:42.0481 0x0690  RemoteAccess - ok
21:02:42.0527 0x0690  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:02:42.0543 0x0690  RemoteRegistry - ok
21:02:42.0559 0x0690  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:02:42.0574 0x0690  RpcEptMapper - ok
21:02:42.0605 0x0690  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
21:02:42.0605 0x0690  RpcLocator - ok
21:02:42.0652 0x0690  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
21:02:42.0668 0x0690  RpcSs - ok
21:02:42.0699 0x0690  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:02:42.0715 0x0690  rspndr - ok
21:02:42.0761 0x0690  [ 5283B9A27FF230F2FF70D92451FF409A, B8BAC70E1DE4485C79CA7B47D4DCFE0223CECEA8ED75CE4F128D47051F95FE5D ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
21:02:42.0793 0x0690  RTL8167 - ok
21:02:42.0824 0x0690  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
21:02:42.0824 0x0690  s3cap - ok
21:02:42.0839 0x0690  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs           C:\Windows\system32\lsass.exe
21:02:42.0855 0x0690  SamSs - ok
21:02:42.0886 0x0690  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:02:42.0886 0x0690  sbp2port - ok
21:02:42.0917 0x0690  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:02:42.0933 0x0690  SCardSvr - ok
21:02:42.0964 0x0690  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:02:42.0964 0x0690  scfilter - ok
21:02:43.0058 0x0690  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
21:02:43.0120 0x0690  Schedule - ok
21:02:43.0151 0x0690  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:02:43.0151 0x0690  SCPolicySvc - ok
21:02:43.0183 0x0690  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:02:43.0198 0x0690  SDRSVC - ok
21:02:43.0229 0x0690  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:02:43.0229 0x0690  secdrv - ok
21:02:43.0245 0x0690  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
21:02:43.0261 0x0690  seclogon - ok
21:02:43.0307 0x0690  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
21:02:43.0323 0x0690  SENS - ok
21:02:43.0385 0x0690  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:02:43.0401 0x0690  SensrSvc - ok
21:02:43.0417 0x0690  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\drivers\serenum.sys
21:02:43.0432 0x0690  Serenum - ok
21:02:43.0448 0x0690  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\drivers\serial.sys
21:02:43.0463 0x0690  Serial - ok
21:02:43.0495 0x0690  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:02:43.0495 0x0690  sermouse - ok
21:02:43.0526 0x0690  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:02:43.0541 0x0690  SessionEnv - ok
21:02:43.0557 0x0690  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:02:43.0573 0x0690  sffdisk - ok
21:02:43.0573 0x0690  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:02:43.0573 0x0690  sffp_mmc - ok
21:02:43.0588 0x0690  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:02:43.0604 0x0690  sffp_sd - ok
21:02:43.0619 0x0690  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:02:43.0619 0x0690  sfloppy - ok
21:02:43.0682 0x0690  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:02:43.0697 0x0690  SharedAccess - ok
21:02:43.0744 0x0690  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:02:43.0760 0x0690  ShellHWDetection - ok
21:02:43.0791 0x0690  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
21:02:43.0791 0x0690  sisagp - ok
21:02:43.0807 0x0690  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:02:43.0822 0x0690  SiSRaid2 - ok
21:02:43.0853 0x0690  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:02:43.0853 0x0690  SiSRaid4 - ok
21:02:43.0885 0x0690  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:02:43.0885 0x0690  Smb - ok
21:02:43.0916 0x0690  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:02:43.0931 0x0690  SNMPTRAP - ok
21:02:43.0947 0x0690  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:02:43.0947 0x0690  spldr - ok
21:02:44.0025 0x0690  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
21:02:44.0041 0x0690  Spooler - ok
21:02:44.0290 0x0690  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
21:02:44.0446 0x0690  sppsvc - ok
21:02:44.0493 0x0690  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:02:44.0493 0x0690  sppuinotify - ok
21:02:44.0555 0x0690  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:02:44.0571 0x0690  srv - ok
21:02:44.0618 0x0690  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:02:44.0633 0x0690  srv2 - ok
21:02:44.0665 0x0690  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:02:44.0680 0x0690  srvnet - ok
21:02:44.0696 0x0690  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:02:44.0711 0x0690  SSDPSRV - ok
21:02:44.0758 0x0690  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
21:02:44.0774 0x0690  ssmdrv - ok
21:02:44.0789 0x0690  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:02:44.0805 0x0690  SstpSvc - ok
21:02:44.0852 0x0690  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:02:44.0852 0x0690  stexstor - ok
21:02:44.0914 0x0690  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
21:02:44.0945 0x0690  StiSvc - ok
21:02:44.0977 0x0690  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
21:02:44.0992 0x0690  storflt - ok
21:02:45.0023 0x0690  [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc         C:\Windows\system32\storsvc.dll
21:02:45.0039 0x0690  StorSvc - ok
21:02:45.0070 0x0690  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
21:02:45.0086 0x0690  storvsc - ok
21:02:45.0101 0x0690  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:02:45.0101 0x0690  swenum - ok
21:02:45.0148 0x0690  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
21:02:45.0179 0x0690  swprv - ok
21:02:45.0273 0x0690  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
21:02:45.0351 0x0690  SysMain - ok
21:02:45.0398 0x0690  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
21:02:45.0413 0x0690  TabletInputService - ok
21:02:45.0460 0x0690  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:02:45.0491 0x0690  TapiSrv - ok
21:02:45.0507 0x0690  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
21:02:45.0523 0x0690  TBS - ok
21:02:45.0632 0x0690  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:02:45.0694 0x0690  Tcpip - ok
21:02:45.0788 0x0690  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:02:45.0850 0x0690  TCPIP6 - ok
21:02:45.0897 0x0690  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:02:45.0897 0x0690  tcpipreg - ok
21:02:45.0928 0x0690  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:02:45.0928 0x0690  TDPIPE - ok
21:02:45.0975 0x0690  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:02:45.0975 0x0690  TDTCP - ok
21:02:46.0006 0x0690  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:02:46.0006 0x0690  tdx - ok
21:02:46.0037 0x0690  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:02:46.0037 0x0690  TermDD - ok
21:02:46.0084 0x0690  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
21:02:46.0131 0x0690  TermService - ok
21:02:46.0147 0x0690  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
21:02:46.0162 0x0690  Themes - ok
21:02:46.0178 0x0690  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
21:02:46.0178 0x0690  THREADORDER - ok
21:02:46.0209 0x0690  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
21:02:46.0209 0x0690  TrkWks - ok
21:02:46.0303 0x0690  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:02:46.0303 0x0690  TrustedInstaller - ok
21:02:46.0349 0x0690  [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:02:46.0349 0x0690  tssecsrv - ok
21:02:46.0381 0x0690  [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:02:46.0381 0x0690  TsUsbFlt - ok
21:02:46.0396 0x0690  [ 01246F0BAAD7B68EC0F472AA41E33282, 51F975AF029AD015576FFFA3E88F5DBB8B40C7CD30ECDEDE8AFABCB08C954199 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
21:02:46.0412 0x0690  TsUsbGD - ok
21:02:46.0443 0x0690  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:02:46.0443 0x0690  tunnel - ok
21:02:46.0474 0x0690  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:02:46.0490 0x0690  uagp35 - ok
21:02:46.0537 0x0690  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:02:46.0552 0x0690  udfs - ok
21:02:46.0583 0x0690  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:02:46.0583 0x0690  UI0Detect - ok
21:02:46.0615 0x0690  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:02:46.0615 0x0690  uliagpkx - ok
21:02:46.0646 0x0690  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:02:46.0646 0x0690  umbus - ok
21:02:46.0677 0x0690  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\drivers\umpass.sys
21:02:46.0677 0x0690  UmPass - ok
21:02:46.0739 0x0690  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
21:02:46.0755 0x0690  UmRdpService - ok
21:02:46.0802 0x0690  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
21:02:46.0817 0x0690  upnphost - ok
21:02:46.0849 0x0690  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
21:02:46.0849 0x0690  USBAAPL - ok
21:02:46.0895 0x0690  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:02:46.0895 0x0690  usbccgp - ok
21:02:46.0942 0x0690  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:02:46.0958 0x0690  usbcir - ok
21:02:46.0989 0x0690  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:02:47.0005 0x0690  usbehci - ok
21:02:47.0051 0x0690  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:02:47.0067 0x0690  usbhub - ok
21:02:47.0083 0x0690  [ A6FB7957EA7AFB1165991E54CE934B74, 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:02:47.0083 0x0690  usbohci - ok
21:02:47.0114 0x0690  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
21:02:47.0114 0x0690  usbprint - ok
21:02:47.0161 0x0690  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:02:47.0176 0x0690  USBSTOR - ok
21:02:47.0223 0x0690  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
21:02:47.0223 0x0690  usbuhci - ok
21:02:47.0254 0x0690  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
21:02:47.0254 0x0690  usbvideo - ok
21:02:47.0301 0x0690  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
21:02:47.0301 0x0690  UxSms - ok
21:02:47.0317 0x0690  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc        C:\Windows\system32\lsass.exe
21:02:47.0332 0x0690  VaultSvc - ok
21:02:47.0348 0x0690  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:02:47.0348 0x0690  vdrvroot - ok
21:02:47.0410 0x0690  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
21:02:47.0457 0x0690  vds - ok
21:02:47.0473 0x0690  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:02:47.0488 0x0690  vga - ok
21:02:47.0504 0x0690  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:02:47.0504 0x0690  VgaSave - ok
21:02:47.0535 0x0690  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:02:47.0551 0x0690  vhdmp - ok
21:02:47.0582 0x0690  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
21:02:47.0582 0x0690  viaagp - ok
21:02:47.0613 0x0690  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
21:02:47.0613 0x0690  ViaC7 - ok
21:02:47.0644 0x0690  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:02:47.0644 0x0690  viaide - ok
21:02:47.0691 0x0690  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
21:02:47.0722 0x0690  vmbus - ok
21:02:47.0753 0x0690  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
21:02:47.0753 0x0690  VMBusHID - ok
21:02:47.0785 0x0690  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:02:47.0800 0x0690  volmgr - ok
21:02:47.0863 0x0690  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:02:47.0878 0x0690  volmgrx - ok
21:02:47.0909 0x0690  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:02:47.0925 0x0690  volsnap - ok
21:02:47.0956 0x0690  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:02:47.0956 0x0690  vsmraid - ok
21:02:48.0081 0x0690  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
21:02:48.0128 0x0690  VSS - ok
21:02:48.0159 0x0690  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:02:48.0175 0x0690  vwifibus - ok
21:02:48.0206 0x0690  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:02:48.0206 0x0690  vwififlt - ok
21:02:48.0237 0x0690  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
21:02:48.0268 0x0690  W32Time - ok
21:02:48.0299 0x0690  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:02:48.0299 0x0690  WacomPen - ok
21:02:48.0331 0x0690  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:02:48.0331 0x0690  WANARP - ok
21:02:48.0346 0x0690  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:02:48.0346 0x0690  Wanarpv6 - ok
21:02:48.0487 0x0690  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
21:02:48.0565 0x0690  WatAdminSvc - ok
21:02:48.0658 0x0690  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
21:02:48.0736 0x0690  wbengine - ok
21:02:48.0767 0x0690  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:02:48.0783 0x0690  WbioSrvc - ok
21:02:48.0814 0x0690  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:02:48.0830 0x0690  wcncsvc - ok
21:02:48.0877 0x0690  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:02:48.0877 0x0690  WcsPlugInService - ok
21:02:48.0923 0x0690  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\drivers\wd.sys
21:02:48.0923 0x0690  Wd - ok
21:02:49.0001 0x0690  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:02:49.0033 0x0690  Wdf01000 - ok
21:02:49.0064 0x0690  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:02:49.0064 0x0690  WdiServiceHost - ok
21:02:49.0079 0x0690  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:02:49.0095 0x0690  WdiSystemHost - ok
21:02:49.0142 0x0690  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
21:02:49.0157 0x0690  WebClient - ok
21:02:49.0204 0x0690  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:02:49.0220 0x0690  Wecsvc - ok
21:02:49.0267 0x0690  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:02:49.0282 0x0690  wercplsupport - ok
21:02:49.0313 0x0690  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
21:02:49.0329 0x0690  WerSvc - ok
21:02:49.0360 0x0690  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:02:49.0360 0x0690  WfpLwf - ok
21:02:49.0407 0x0690  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:02:49.0407 0x0690  WIMMount - ok
21:02:49.0657 0x0690  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
21:02:49.0750 0x0690  WinDefend - ok
21:02:49.0781 0x0690  WinHttpAutoProxySvc - ok
21:02:49.0891 0x0690  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:02:49.0922 0x0690  Winmgmt - ok
21:02:50.0234 0x0690  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
21:02:50.0312 0x0690  WinRM - ok
21:02:50.0515 0x0690  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:02:50.0561 0x0690  Wlansvc - ok
21:02:50.0593 0x0690  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:02:50.0593 0x0690  WmiAcpi - ok
21:02:50.0624 0x0690  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:02:50.0639 0x0690  wmiApSrv - ok
21:02:50.0780 0x0690  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
21:02:50.0842 0x0690  WMPNetworkSvc - ok
21:02:50.0873 0x0690  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:02:50.0889 0x0690  WPCSvc - ok
21:02:50.0920 0x0690  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:02:50.0936 0x0690  WPDBusEnum - ok
21:02:50.0983 0x0690  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:02:50.0998 0x0690  ws2ifsl - ok
21:02:51.0029 0x0690  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
21:02:51.0045 0x0690  wscsvc - ok
21:02:51.0061 0x0690  WSearch - ok
21:02:51.0248 0x0690  [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv        C:\Windows\system32\wuaueng.dll
21:02:51.0341 0x0690  wuauserv - ok
21:02:51.0404 0x0690  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:02:51.0404 0x0690  WudfPf - ok
21:02:51.0435 0x0690  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:02:51.0451 0x0690  WUDFRd - ok
21:02:51.0466 0x0690  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:02:51.0482 0x0690  wudfsvc - ok
21:02:51.0544 0x0690  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:02:51.0575 0x0690  WwanSvc - ok
21:02:51.0591 0x0690  ================ Scan global ===============================
21:02:51.0622 0x0690  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
21:02:51.0653 0x0690  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
21:02:51.0685 0x0690  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
21:02:51.0747 0x0690  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
21:02:51.0778 0x0690  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
21:02:51.0809 0x0690  [ Global ] - ok
21:02:51.0809 0x0690  ================ Scan MBR ==================================
21:02:51.0825 0x0690  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:02:52.0246 0x0690  \Device\Harddisk0\DR0 - ok
21:02:52.0246 0x0690  ================ Scan VBR ==================================
21:02:52.0246 0x0690  [ 91A9B74914CDE3F7A54989C585BC1833 ] \Device\Harddisk0\DR0\Partition1
21:02:52.0246 0x0690  \Device\Harddisk0\DR0\Partition1 - ok
21:02:52.0246 0x0690  [ 7D6744AB3B74D3398E4108568E2F61BC ] \Device\Harddisk0\DR0\Partition2
21:02:52.0262 0x0690  \Device\Harddisk0\DR0\Partition2 - ok
21:02:52.0262 0x0690  ================ Scan generic autorun ======================
21:02:52.0293 0x0690  [ 0BA966FD5349BDF9895F40C045A7C7EC, CEF1BAA8E1960C28625811487E1A623D3EF27D8578CDFAA148605BDC2BE16F03 ] C:\Windows\system32\igfxtray.exe
21:02:52.0309 0x0690  IgfxTray - ok
21:02:52.0355 0x0690  [ 13B671D7253F29DA148569288CECF74B, E4AAD7EA71BDD11C9727ED0A110F35FBCD1CCE7ACAC6A8C7F42BE5BBF3F8D45D ] C:\Windows\system32\hkcmd.exe
21:02:52.0371 0x0690  HotKeysCmds - ok
21:02:52.0387 0x0690  [ 052F402E557C9EC01B188AD56E336029, 02E7E0CF41FBA61F3CA7DD093552D7BFBDDDBB6409643AEE752BD9B06FCC8913 ] C:\Windows\system32\igfxpers.exe
21:02:52.0402 0x0690  Persistence - ok
21:02:52.0543 0x0690  [ DAA21DC0AA2E688370D356757892816D, 97EBF3B8A4B8544B6C1379A391AA4079F38EB4D507931249BC1427D961F58F8C ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
21:02:52.0574 0x0690  avgnt - ok
21:02:52.0636 0x0690  [ 308F2EE28005510DE616409148CF077B, A2126CB185B0053086BDD6F0A16A503F6CA629AC677E4B7AE6D43C770061D087 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
21:02:52.0652 0x0690  SunJavaUpdateSched - ok
21:02:52.0730 0x0690  [ D88B2D487439305A2EC308A6796C3044, 79DF0A41ECB08D5BEB3393B2BA15E6C88AD626803E1734EFBA0DBE4ECF7274D7 ] C:\Program Files\iTunes\iTunesHelper.exe
21:02:52.0745 0x0690  iTunesHelper - ok
21:02:52.0808 0x0690  [ 7632A6EA63FEEBC2798D3852CE754972, 291409858E75B7E84397EED3270E737958255E7F733A3B2FE7BD282A2604B247 ] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
21:02:52.0823 0x0690  Avira Systray - ok
21:02:52.0964 0x0690  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
21:02:53.0042 0x0690  Sidebar - ok
21:02:53.0089 0x0690  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
21:02:53.0104 0x0690  mctadmin - ok
21:02:53.0167 0x0690  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
21:02:53.0245 0x0690  Sidebar - ok
21:02:53.0260 0x0690  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
21:02:53.0260 0x0690  mctadmin - ok
21:02:53.0401 0x0690  [ 059C2F55E82C8EDB20E8F26B2A7D2B19, BC323A8B8E0C3A5C2ABF23EDA0314A6117B9C2BC417A66CA5D6B25773E84E8F1 ] C:\Program Files\Ruiware\WinPatrol\winpatrol.exe
21:02:53.0447 0x0690  WinPatrol - ok
21:02:53.0479 0x0690  AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.266 ), 0x41000 ( enabled : updated )
21:02:53.0494 0x0690  Win FW state via NFP2: enabled
21:02:56.0474 0x0690  ============================================================
21:02:56.0474 0x0690  Scan finished
21:02:56.0474 0x0690  ============================================================
21:02:56.0474 0x05d4  Detected object count: 0
21:02:56.0474 0x05d4  Actual detected object count: 0



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 AM

Posted 16 October 2014 - 09:24 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 sunflwr89

sunflwr89
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 16 October 2014 - 08:52 PM

Thank you. Combofix log:

 

ComboFix 14-10-15.01 - SANDRA 10/16/2014  21:16:03.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2037.639 [GMT -4:00]
Running from: c:\users\SANDRA\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\SANDRA\AppData\Local\Adobe\gccheck.exe
c:\users\SANDRA\AppData\Local\Adobe\gtbcheck.exe
c:\users\SANDRA\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-17 to 2014-10-17  )))))))))))))))))))))))))))))))
.
.
2014-10-17 01:36 . 2014-10-17 01:39	--------	d-----w-	c:\users\SANDRA\AppData\Local\temp
2014-10-15 23:42 . 2014-10-15 23:42	--------	d-----w-	c:\users\SANDRA\AppData\Roaming\Oracle
2014-10-15 23:42 . 2014-10-15 23:42	--------	d-----w-	c:\program files\Common Files\Java
2014-10-15 23:41 . 2014-10-15 23:41	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2014-10-15 23:40 . 2014-10-15 23:40	--------	d-----w-	c:\program files\Java
2014-10-15 23:22 . 2014-10-15 23:22	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-10-15 23:19 . 2014-09-13 01:40	67072	----a-w-	c:\windows\system32\packager.dll
2014-10-15 23:19 . 2014-08-30 01:50	5702656	----a-w-	c:\windows\system32\mstscax.dll
2014-10-15 23:06 . 2014-09-09 01:24	8806800	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9B2B625-5F60-4800-9C64-DA41920C6E53}\mpengine.dll
2014-10-15 00:21 . 2014-10-15 00:27	--------	d-----w-	C:\FRST
2014-10-13 19:14 . 2014-10-13 19:14	--------	d-----w-	c:\programdata\Kaspersky Lab
2014-10-13 19:11 . 2014-10-14 02:25	135776	----a-w-	c:\windows\system32\drivers\75049098.sys
2014-10-07 01:08 . 2014-10-07 01:08	--------	d-----w-	c:\program files\iPod
2014-10-07 01:08 . 2014-10-07 01:09	--------	d-----w-	c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-10-07 01:08 . 2014-10-07 01:09	--------	d-----w-	c:\program files\iTunes
2014-10-07 00:58 . 2014-10-07 00:58	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-10-07 00:58 . 2014-10-07 00:58	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-10-07 00:58 . 2014-10-07 00:58	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-10-07 00:58 . 2014-10-07 00:58	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-10-07 00:58 . 2014-10-07 00:58	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-10-07 00:57 . 2014-10-07 00:58	--------	d-----w-	c:\program files\QuickTime
2014-10-01 01:31 . 2014-09-25 01:40	519680	----a-w-	c:\windows\system32\qdvd.dll
2014-09-27 15:40 . 2014-10-15 23:42	--------	d-----w-	c:\programdata\Oracle
2014-09-25 01:48 . 2014-09-09 21:47	2048	----a-w-	c:\windows\system32\tzres.dll
2014-09-23 02:13 . 2014-09-23 02:13	--------	d-----w-	c:\users\SANDRA\AppData\Roaming\WinPatrol
2014-09-23 02:13 . 2014-10-09 01:34	--------	d-----w-	c:\programdata\InstallMate
2014-09-23 02:13 . 2014-09-23 02:13	--------	d-----w-	c:\program files\Ruiware
2014-09-23 02:11 . 2014-10-09 01:07	--------	d-----w-	C:\AdwCleaner
2014-09-23 00:58 . 2014-09-23 00:58	--------	d-----w-	c:\users\SANDRA\AppData\Roaming\abelhadigital.com
2014-09-23 00:58 . 2014-09-23 00:58	--------	d-----w-	c:\programdata\abelhadigital.com
2014-09-23 00:58 . 2014-09-23 00:58	--------	d-----w-	c:\program files\HostsMan
2014-09-21 04:13 . 2014-09-21 04:13	--------	d-----w-	c:\users\SANDRA\AppData\Local\ElevatedDiagnostics
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-17 01:00 . 2014-06-21 03:13	40776	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2014-10-15 00:15 . 2014-06-16 22:04	37384	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2014-10-15 00:15 . 2014-06-16 21:58	136216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-10-15 00:15 . 2014-06-16 21:58	98160	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-09-25 01:36 . 2014-06-21 03:21	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-25 01:36 . 2014-06-21 03:21	701104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-09-15 13:06 . 2014-06-14 02:24	231568	------w-	c:\windows\system32\MpSigStub.exe
2014-09-05 01:52 . 2014-09-10 22:57	445952	----a-w-	c:\windows\system32\aepdu.dll
2014-09-05 01:47 . 2014-09-10 22:57	302592	----a-w-	c:\windows\system32\aeinv.dll
2014-08-23 01:46 . 2014-09-02 20:05	305152	----a-w-	c:\windows\system32\gdi32.dll
2014-08-23 00:42 . 2014-09-02 20:05	2352640	----a-w-	c:\windows\system32\win32k.sys
2014-08-18 22:08 . 2014-09-16 05:23	4232704	----a-w-	c:\windows\system32\jscript9.dll
2014-08-18 21:57 . 2014-09-16 05:24	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-08-18 21:57 . 2014-09-16 05:23	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-08-18 21:46 . 2014-09-16 05:23	454656	----a-w-	c:\windows\system32\vbscript.dll
2014-08-18 21:45 . 2014-09-16 05:24	61952	----a-w-	c:\windows\system32\iesetup.dll
2014-08-18 21:44 . 2014-09-16 05:23	51200	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-08-18 21:44 . 2014-09-16 05:23	61952	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-08-18 21:36 . 2014-09-16 05:23	112128	----a-w-	c:\windows\system32\ieUnatt.exe
2014-08-18 21:36 . 2014-09-16 05:23	108032	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-08-18 21:35 . 2014-09-16 05:23	597504	----a-w-	c:\windows\system32\jscript9diag.dll
2014-08-18 21:30 . 2014-09-16 05:23	646144	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:22 . 2014-09-16 05:23	60416	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:08 . 2014-09-16 05:23	2014208	----a-w-	c:\windows\system32\inetcpl.cpl
2014-08-18 21:07 . 2014-09-16 05:23	1068032	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-08-18 20:46 . 2014-09-16 05:23	1812992	----a-w-	c:\windows\system32\wininet.dll
2014-08-01 11:35 . 2014-09-10 22:57	793600	----a-w-	c:\windows\system32\TSWorkspace.dll
2014-07-25 06:35 . 2014-07-25 06:35	875688	----a-w-	c:\windows\system32\msvcr120_clr0400.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2014-06-14 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\Ruiware\WinPatrol\winpatrol.exe" [2014-07-21 1154112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-10-15 703736]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-09-23 165168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-10-17 40776]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-06-14 1343400]
R4 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2014-10-15 994096]
S0 75049098;75049098;c:\windows\system32\DRIVERS\75049098.sys [2014-10-14 135776]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2014-05-09 37352]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-10-15 431920]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-09-23 160560]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-21 01:36]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\SANDRA\AppData\Roaming\Mozilla\Firefox\Profiles\39ytt2hp.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\AUDIODG.EXE
.
**************************************************************************
.
Completion time: 2014-10-16  21:47:14 - machine was rebooted
ComboFix-quarantined-files.txt  2014-10-17 01:47
.
Pre-Run: 117,417,443,328 bytes free
Post-Run: 117,585,276,928 bytes free
.
- - End Of File - - D29F672AFF5B4DB9AD6A473B73884808
A36C5E4F47E84449FF07ED3517B43A31



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 AM

Posted 17 October 2014 - 06:52 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 sunflwr89

sunflwr89
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 17 October 2014 - 08:56 PM

Startup is very slow now and my homepage is still blank, when I ran combofix it worked but malwarebytes gives me this msg everytime i try using it : "RUNTIME ERROR '383': 'TEXT' PROPERTY IS READ ONLY"
My combofix log
 

ComboFix 14-10-15.01 - SANDRA 10/17/2014  21:08:53.2.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2037.1007 [GMT -4:00]
Running from: c:\users\SANDRA\Desktop\ComboFix.exe
Command switches used :: c:\users\SANDRA\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\SANDRA\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll --> c:\windows\System32\user32.dll
.
(((((((((((((((((((((((((   Files Created from 2014-09-18 to 2014-10-18  )))))))))))))))))))))))))))))))
.
.
2014-10-18 01:24 . 2014-10-18 01:28	--------	d-----w-	c:\users\SANDRA\AppData\Local\temp
2014-10-18 01:24 . 2014-10-18 01:24	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-10-18 01:18 . 2014-10-18 01:18	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3DFF9C8B-512C-4297-8DDE-5B099892240B}\offreg.dll
2014-10-18 01:03 . 2014-09-09 01:24	8806800	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3DFF9C8B-512C-4297-8DDE-5B099892240B}\mpengine.dll
2014-10-15 23:42 . 2014-10-15 23:42	--------	d-----w-	c:\users\SANDRA\AppData\Roaming\Oracle
2014-10-15 23:42 . 2014-10-15 23:42	--------	d-----w-	c:\program files\Common Files\Java
2014-10-15 23:41 . 2014-10-15 23:41	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2014-10-15 23:40 . 2014-10-15 23:40	--------	d-----w-	c:\program files\Java
2014-10-15 23:22 . 2014-10-10 01:44	230912	----a-w-	c:\windows\system32\generaltel.dll
2014-10-15 23:22 . 2014-10-10 01:44	396288	----a-w-	c:\windows\system32\aepdu.dll
2014-10-15 23:22 . 2014-10-10 01:39	302592	----a-w-	c:\windows\system32\aeinv.dll
2014-10-15 23:22 . 2014-09-29 00:41	2379264	----a-w-	c:\windows\system32\win32k.sys
2014-10-15 23:22 . 2014-10-17 02:24	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-10-15 23:22 . 2014-09-04 05:04	372736	----a-w-	c:\windows\system32\rastls.dll
2014-10-15 23:22 . 2014-06-18 22:23	81560	----a-w-	c:\windows\system32\mscories.dll
2014-10-15 23:22 . 2014-06-18 22:23	156824	----a-w-	c:\windows\system32\mscorier.dll
2014-10-15 23:22 . 2014-06-18 22:23	1131664	----a-w-	c:\windows\system32\dfshim.dll
2014-10-15 23:21 . 2014-07-09 01:29	6144	----a-w-	c:\windows\system32\KBDYAK.DLL
2014-10-15 23:21 . 2014-07-09 01:29	6144	----a-w-	c:\windows\system32\KBDBASH.DLL
2014-10-15 23:21 . 2014-09-05 01:52	5703168	----a-w-	c:\windows\system32\mstscax.dll
2014-10-15 23:20 . 2014-07-17 01:40	157696	----a-w-	c:\windows\system32\winsta.dll
2014-10-15 23:20 . 2014-07-17 01:39	65536	----a-w-	c:\windows\system32\TSpkg.dll
2014-10-15 23:20 . 2014-07-17 01:39	523264	----a-w-	c:\windows\system32\termsrv.dll
2014-10-15 23:20 . 2014-07-17 01:39	130048	----a-w-	c:\windows\system32\rdpcorekmts.dll
2014-10-15 23:20 . 2014-07-17 01:39	17408	----a-w-	c:\windows\system32\credssp.dll
2014-10-15 23:20 . 2014-07-17 01:39	304128	----a-w-	c:\windows\system32\winlogon.exe
2014-10-15 23:20 . 2014-07-17 01:03	184320	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2014-10-15 23:20 . 2014-07-17 01:02	31232	----a-w-	c:\windows\system32\drivers\tssecsrv.sys
2014-10-15 23:20 . 2014-09-18 01:32	2363904	----a-w-	c:\windows\system32\msi.dll
2014-10-15 23:19 . 2014-09-13 01:40	67072	----a-w-	c:\windows\system32\packager.dll
2014-10-15 00:21 . 2014-10-15 00:27	--------	d-----w-	C:\FRST
2014-10-13 19:14 . 2014-10-13 19:14	--------	d-----w-	c:\programdata\Kaspersky Lab
2014-10-13 19:11 . 2014-10-14 02:25	135776	----a-w-	c:\windows\system32\drivers\75049098.sys
2014-10-07 01:08 . 2014-10-07 01:08	--------	d-----w-	c:\program files\iPod
2014-10-07 01:08 . 2014-10-07 01:09	--------	d-----w-	c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-10-07 01:08 . 2014-10-07 01:09	--------	d-----w-	c:\program files\iTunes
2014-10-07 00:58 . 2014-10-07 00:58	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-10-07 00:58 . 2014-10-07 00:58	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-10-07 00:58 . 2014-10-07 00:58	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-10-07 00:58 . 2014-10-07 00:58	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-10-07 00:58 . 2014-10-07 00:58	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-10-07 00:57 . 2014-10-07 00:58	--------	d-----w-	c:\program files\QuickTime
2014-10-01 01:31 . 2014-09-25 01:40	519680	----a-w-	c:\windows\system32\qdvd.dll
2014-09-27 15:40 . 2014-10-15 23:42	--------	d-----w-	c:\programdata\Oracle
2014-09-25 01:48 . 2014-09-09 21:47	2048	----a-w-	c:\windows\system32\tzres.dll
2014-09-23 02:13 . 2014-09-23 02:13	--------	d-----w-	c:\users\SANDRA\AppData\Roaming\WinPatrol
2014-09-23 02:13 . 2014-10-09 01:34	--------	d-----w-	c:\programdata\InstallMate
2014-09-23 02:13 . 2014-09-23 02:13	--------	d-----w-	c:\program files\Ruiware
2014-09-23 02:11 . 2014-10-09 01:07	--------	d-----w-	C:\AdwCleaner
2014-09-23 00:58 . 2014-09-23 00:58	--------	d-----w-	c:\users\SANDRA\AppData\Roaming\abelhadigital.com
2014-09-23 00:58 . 2014-09-23 00:58	--------	d-----w-	c:\programdata\abelhadigital.com
2014-09-23 00:58 . 2014-09-23 00:58	--------	d-----w-	c:\program files\HostsMan
2014-09-21 04:13 . 2014-09-21 04:13	--------	d-----w-	c:\users\SANDRA\AppData\Local\ElevatedDiagnostics
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-17 01:00 . 2014-06-21 03:13	40776	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2014-10-15 00:15 . 2014-06-16 22:04	37384	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2014-10-15 00:15 . 2014-06-16 21:58	136216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-10-15 00:15 . 2014-06-16 21:58	98160	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-09-25 01:36 . 2014-06-21 03:21	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-25 01:36 . 2014-06-21 03:21	701104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-09-15 13:06 . 2014-06-14 02:24	231568	------w-	c:\windows\system32\MpSigStub.exe
2014-08-23 01:46 . 2014-09-02 20:05	305152	----a-w-	c:\windows\system32\gdi32.dll
2014-08-01 11:35 . 2014-09-10 22:57	793600	----a-w-	c:\windows\system32\TSWorkspace.dll
2014-07-25 06:35 . 2014-07-25 06:35	875688	----a-w-	c:\windows\system32\msvcr120_clr0400.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\Ruiware\WinPatrol\winpatrol.exe" [2014-07-21 1154112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-10-15 703736]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-09-23 165168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-09-23 160560]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-09-19 108032]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-10-17 40776]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-06-14 1343400]
R4 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2014-10-15 994096]
S0 75049098;75049098;c:\windows\system32\DRIVERS\75049098.sys [2014-10-14 135776]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2014-05-09 37352]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-10-15 431920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-21 01:36]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\SANDRA\AppData\Roaming\Mozilla\Firefox\Profiles\39ytt2hp.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\SuperEasy Software\Driver Updater\supereasydu.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2014-10-17  21:35:22 - machine was rebooted
ComboFix-quarantined-files.txt  2014-10-18 01:35
ComboFix2.txt  2014-10-17 01:47
.
Pre-Run: 117,073,903,616 bytes free
Post-Run: 116,814,352,384 bytes free
.
- - End Of File - - F123259A4C55246F5F3CD8993AE5DE69
A36C5E4F47E84449FF07ED3517B43A31



#10 sunflwr89

sunflwr89
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 19 October 2014 - 03:29 PM

I reinstalled malwarebytes had trouble removing old version the scan that worked found nothing but would not let me export the log nothing happens instead or it closes. I have a feeling there are old malwarebytes files but revo uninstaller finds nothing. I also just noticed i have 2 avira antivirus programs.



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 AM

Posted 21 October 2014 - 07:51 AM

Clean reinstall of Malwarebytes Antimalware
 
 
Remove Malwarebytes Antimalware following theseinstructions.
When finished, reinstall it and run a scan:
 
 
Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 sunflwr89

sunflwr89
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 21 October 2014 - 08:33 PM

I did everything u said, removed with cleaner and reinstalled, scanned and found nothing and it still will not let me export the log or even see the options on the bottom of the window, or let me resize the window, when i click on it, it just exits.?

I copied the logfrom the C:/programfiles/malwarebytes folder :

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/10/21 21:05:37 -0400</date>
<logfile>mbam-log-2014-10-21 (21-05-33).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.3.1025</version>
<malware-database>v2014.10.21.11</malware-database>
<rootkit-database>v2014.10.21.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x86</arch>
<username>SANDRA</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>296640</objects>
<time>992</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</mbam-log>
 


Edited by sunflwr89, 21 October 2014 - 09:01 PM.


#13 sunflwr89

sunflwr89
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 26 October 2014 - 08:47 PM

I've continued to scan with malwarebytes and it finds nothing but my browser is increasingly slower and redirecting to blank pages, some pictures dont load and im getting script crashing errors more frequently,  I would sincerely apprieciate some more help....



#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:29 AM

Posted 29 October 2014 - 03:00 AM

Hi sunflwr89,

Marius is not available at the moment, so I will work with you from now on. Please post back with a fresh FRST logfile and tell me how the system is running.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 sunflwr89

sunflwr89
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 02 November 2014 - 10:45 AM

Thank you for your help, and sorry for the late reply. System is very slow now not starting up so much as basically any program i run is slow or doesnt work or refuses to close unless terminated in taskmanager. Here is my log, thanks again

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2014
Ran by SANDRA (administrator) on SANDRA-PC on 02-11-2014 10:34:34
Running from C:\Users\SANDRA\Desktop
Loaded Profiles: SANDRA &  (Available profiles: SANDRA)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Ruiware LLC) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avrestart.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui:  [X]
HKU\S-1-5-21-57660182-1202358582-1590155930-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-57660182-1202358582-1590155930-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-57660182-1202358582-1590155930-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-57660182-1202358582-1590155930-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-57660182-1202358582-1590155930-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-57660182-1202358582-1590155930-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\SANDRA\AppData\Roaming\Mozilla\Firefox\Profiles\39ytt2hp.default
FF Homepage: www.google.ca
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\SANDRA\AppData\Roaming\Mozilla\Firefox\Profiles\39ytt2hp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-14]

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [994096 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 75049098; C:\Windows\System32\DRIVERS\75049098.sys [135776 2014-10-13] (Kaspersky Lab ZAO)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-05-09] (Avira GmbH)
S3 catchme; \??\C:\Users\SANDRA\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 10:28 - 2014-11-02 10:28 - 00000000 ____D () C:\Users\SANDRA\Desktop\FRST-OlderVersion
2014-10-27 20:49 - 2014-10-27 20:49 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-10-27 20:48 - 2014-10-27 20:48 - 00002112 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-10-27 20:48 - 2014-10-27 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-10-27 20:48 - 2014-10-27 20:48 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-27 20:48 - 2014-10-27 20:48 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-10-27 20:47 - 2014-10-27 20:47 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-27 20:47 - 2014-10-27 20:47 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-10-27 20:46 - 2014-10-27 20:46 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-27 20:46 - 2014-10-27 20:46 - 00000000 ____D () C:\Program Files\Adobe
2014-10-27 20:44 - 2014-10-27 20:53 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-25 22:01 - 2014-10-27 21:00 - 00000000 ____D () C:\Users\SANDRA\Downloads\HAIRSTYLES2014
2014-10-25 20:07 - 2014-10-25 20:07 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-25 20:07 - 2014-10-25 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-25 20:05 - 2014-10-25 20:06 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-10-25 20:05 - 2014-10-25 20:06 - 00000000 ____D () C:\Program Files\iTunes
2014-10-25 20:05 - 2014-10-25 20:05 - 00000000 ____D () C:\Program Files\iPod
2014-10-21 20:04 - 2014-11-02 10:28 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-21 20:03 - 2014-10-21 20:03 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-21 20:03 - 2014-10-21 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-21 20:03 - 2014-10-21 20:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-21 20:03 - 2014-10-21 20:03 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-21 20:03 - 2014-10-01 10:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-21 20:03 - 2014-10-01 10:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-21 20:03 - 2014-10-01 10:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-21 19:59 - 2014-10-21 20:01 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\SANDRA\Desktop\mbam-setup-2.0.3.1025.exe
2014-10-21 19:54 - 2014-10-21 19:54 - 00321848 _____ (Malwarebytes Corporation) C:\Users\SANDRA\Desktop\mbam-clean-2.1.1.1001.exe
2014-10-20 11:47 - 2014-10-20 11:47 - 00013967 _____ () C:\Users\SANDRA\Documents\STEVEN_HUNTsandra_Resume[1].dotx
2014-10-19 13:25 - 2014-10-19 13:25 - 00001230 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-10-19 13:25 - 2014-10-19 13:25 - 00000000 ____D () C:\Users\SANDRA\AppData\Local\VS Revo Group
2014-10-19 13:25 - 2014-10-19 13:25 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-10-19 13:25 - 2014-10-19 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-10-19 13:25 - 2014-10-19 13:25 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-10-19 13:25 - 2009-12-30 10:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-10-19 13:24 - 2014-10-19 13:24 - 10691640 _____ (VS Revo Group ) C:\Users\SANDRA\Desktop\RevoUninProSetup.exe
2014-10-17 20:35 - 2014-10-17 20:35 - 00012291 _____ () C:\ComboFix.txt
2014-10-16 20:10 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-16 20:10 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-16 20:10 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-16 20:10 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-16 20:10 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-16 20:10 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-16 20:10 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-16 20:10 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-16 20:09 - 2014-10-17 20:35 - 00000000 ____D () C:\Qoobox
2014-10-16 20:08 - 2014-10-16 20:43 - 00000000 ____D () C:\Windows\erdnt
2014-10-16 20:05 - 2014-10-16 20:05 - 05583559 ____R (Swearware) C:\Users\SANDRA\Desktop\ComboFix.exe
2014-10-15 18:42 - 2014-10-15 18:42 - 00000000 ____D () C:\Users\SANDRA\AppData\Roaming\Oracle
2014-10-15 18:42 - 2014-10-15 18:42 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-15 18:41 - 2014-10-15 18:41 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-10-15 18:41 - 2014-10-15 18:41 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-10-15 18:41 - 2014-10-15 18:41 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-10-15 18:41 - 2014-10-15 18:41 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-10-15 18:41 - 2014-10-15 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-15 18:40 - 2014-10-15 18:40 - 00000000 ____D () C:\Program Files\Java
2014-10-15 18:23 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 18:23 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 18:23 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 18:23 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 18:23 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 18:23 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 18:23 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 18:23 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 18:23 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 18:23 - 2014-09-18 20:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 18:23 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 18:23 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 18:23 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 18:23 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 18:23 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 18:23 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 18:23 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 18:23 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 18:23 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 18:23 - 2014-09-18 19:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 18:23 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 18:23 - 2014-09-18 19:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 18:23 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 18:23 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 18:23 - 2014-09-18 19:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 18:23 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 18:23 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 18:23 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 18:23 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 18:23 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 18:22 - 2014-10-09 20:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 18:22 - 2014-10-09 20:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 18:22 - 2014-10-09 20:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 18:22 - 2014-09-28 19:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 18:22 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 18:22 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 18:22 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 18:22 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 18:21 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 18:21 - 2014-07-08 20:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-15 18:21 - 2014-07-08 20:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-15 18:21 - 2014-07-08 20:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-15 18:21 - 2014-07-08 20:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-15 18:21 - 2014-07-08 20:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-15 18:21 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-15 18:20 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 18:20 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 18:20 - 2014-07-16 20:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 18:20 - 2014-07-16 20:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 18:20 - 2014-07-16 20:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 18:20 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 18:20 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 18:20 - 2014-07-16 20:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 18:20 - 2014-07-16 20:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 18:19 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 19:55 - 2014-10-14 19:55 - 00000000 ____D () C:\Users\SANDRA\Desktop\tdsskiller
2014-10-14 19:54 - 2014-10-14 19:54 - 04161313 _____ () C:\Users\SANDRA\Desktop\tdsskiller.zip
2014-10-14 19:51 - 2014-10-14 19:51 - 00000561 _____ () C:\Users\SANDRA\Desktop\ark.txt
2014-10-14 19:25 - 2014-10-14 19:27 - 00018081 _____ () C:\Users\SANDRA\Desktop\Addition.txt
2014-10-14 19:24 - 2014-10-14 19:24 - 00380416 _____ () C:\Users\SANDRA\Desktop\sc5np92y.exe
2014-10-14 19:22 - 2014-11-02 10:37 - 00008929 _____ () C:\Users\SANDRA\Desktop\FRST.txt
2014-10-14 19:21 - 2014-11-02 10:35 - 00000000 ____D () C:\FRST
2014-10-14 19:19 - 2014-11-02 10:28 - 01106432 _____ (Farbar) C:\Users\SANDRA\Desktop\FRST.exe
2014-10-13 20:49 - 2014-10-13 20:49 - 00524513 _____ () C:\Users\SANDRA\Desktop\attach.txt
2014-10-13 20:49 - 2014-10-13 20:49 - 00011578 _____ () C:\Users\SANDRA\Desktop\dds.txt
2014-10-13 20:46 - 2014-10-13 20:46 - 00688992 ____R (Swearware) C:\Users\SANDRA\Desktop\dds.com
2014-10-13 14:14 - 2014-10-13 14:14 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-13 14:11 - 2014-10-13 21:25 - 00135776 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\75049098.sys
2014-10-13 14:07 - 2014-10-13 14:11 - 161171808 _____ () C:\Users\SANDRA\Desktop\setup_11.0.3.7.x01_2014_10_13_22_26.exe
2014-10-13 13:32 - 2014-10-13 13:32 - 00001091 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-08 19:42 - 2014-10-21 22:05 - 00000000 ____D () C:\Windows\pss
2014-10-06 20:08 - 2014-10-25 20:05 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-10-06 19:58 - 2014-10-06 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-06 19:57 - 2014-10-06 19:58 - 00000000 ____D () C:\Program Files\QuickTime

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 10:36 - 2009-07-13 23:34 - 00031280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 10:36 - 2009-07-13 23:34 - 00031280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 10:35 - 2010-11-20 16:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 10:27 - 2014-06-30 21:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-31 15:44 - 2014-06-13 23:39 - 02037313 _____ () C:\Windows\WindowsUpdate.log
2014-10-30 19:07 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-30 19:07 - 2009-07-13 23:39 - 00032477 _____ () C:\Windows\setupact.log
2014-10-27 20:53 - 2014-06-15 06:04 - 00000000 ____D () C:\Users\SANDRA\AppData\Roaming\Adobe
2014-10-27 20:52 - 2014-06-20 22:19 - 00000000 ____D () C:\Users\SANDRA\AppData\Local\Adobe
2014-10-27 11:21 - 2014-09-08 20:03 - 00000000 ____D () C:\Users\SANDRA\AppData\Roaming\Apple Computer
2014-10-25 20:05 - 2014-09-08 19:57 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-21 22:06 - 2010-11-20 16:48 - 00105486 _____ () C:\Windows\PFRO.log
2014-10-21 11:53 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-10-19 21:37 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-19 13:02 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-17 20:28 - 2009-07-13 21:04 - 00000215 _____ () C:\Windows\system.ini
2014-10-17 19:41 - 2009-07-13 23:33 - 00407384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 23:38 - 2014-06-14 18:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 23:36 - 2014-06-16 17:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 20:47 - 2009-07-13 21:37 - 00000000 __RHD () C:\Users\Default
2014-10-16 20:47 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
2014-10-16 20:15 - 2014-06-13 22:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 20:05 - 2014-06-13 22:27 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 18:42 - 2014-09-27 10:40 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-14 19:15 - 2014-06-16 17:04 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-14 19:15 - 2014-06-16 16:58 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-14 19:15 - 2014-06-16 16:58 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-13 13:32 - 2014-06-16 16:55 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-13 13:32 - 2014-06-16 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-13 13:31 - 2014-06-16 16:55 - 00000000 ____D () C:\Program Files\Avira
2014-10-08 20:36 - 2014-09-22 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-10-08 20:34 - 2014-09-22 21:13 - 00000000 ____D () C:\ProgramData\InstallMate
2014-10-08 20:07 - 2014-09-22 21:11 - 00000000 ____D () C:\AdwCleaner

Some content of TEMP:
====================
C:\Users\SANDRA\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-26 15:16

==================== End Of Log ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users