Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown infection - causing Windows 7 laptop to run very slowly


  • This topic is locked This topic is locked
46 replies to this topic

#1 ukman98

ukman98

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 19 January 2015 - 03:26 AM

My son's laptop appears to be affected by a virus/malware - it runs very slowly and does not let me do the usual processes (like running antimalwarebytes) to try and remove it. Have only been able to run DDS scan in safe mode with networking - as in normal mode it runs too slowly.

 

Worth noting that I discovered after infection that my son had not installed any antivirus software - I have now installed Avast, but it's probably too late. Tried to run full scan yesterday on safe mode and got some strange error code.

 

When running computer in safe mode I was able to do a full scan with antimalwarebytes and detected and removed one piece of malware - but problem persists.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:24 AM

Posted 19 January 2015 - 06:40 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 ukman98

ukman98
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 19 January 2015 - 07:34 AM

Hello thanks for response - when I try to download FRST, my anti-virus programme (AVAST) detects a 'suspicious item' and appears to block the download. Do I disable AVAST?

Says: infection Win32:Evo-gen



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:24 AM

Posted 19 January 2015 - 07:47 AM

This is a false positive, please disable avast! while scanning


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 ukman98

ukman98
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 19 January 2015 - 08:11 AM

Ok have run all the scans as requested - while disabling Avast.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by user (administrator) on USER-PC on 19-01-2015 12:59:57
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available profiles: user)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Users\user\Music\ZuneLauncher.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(PC Drivers Headquarters) C:\Program Files\Driver Support\Driver Support\DriverSupport.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2010-05-03] (Intel Corporation)
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [56104 2013-03-05] (Authentec Inc.)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Zune Launcher] => C:\Users\user\Music\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-17] (AVAST Software)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-2499651851-560507420-603929252-1000\...\Run: [Driver Support] => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [5817184 2014-11-09] (PC Drivers Headquarters)
HKU\S-1-5-21-2499651851-560507420-603929252-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-10-10] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_43_ch&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtCtA0ByC0AyEtDtC0B0EtBtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtAyE0B0C0DtBzytGzy0FtBzztGtAtDtCyBtG0A0CtA0BtGtB0D0D0AtB0F0DyBtC0E0Ezz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyBtD0CtAzy0FzytG0D0EtAtBtGyEzy0AtAtGzy0B0CzztGtByCtAtCtAyEtAyBtC0E0Ezz2Q&cr=1950263184&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_43_ch&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtCtA0ByC0AyEtDtC0B0EtBtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtAyE0B0C0DtBzytGzy0FtBzztGtAtDtCyBtG0A0CtA0BtGtB0D0D0AtB0F0DyBtC0E0Ezz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyBtD0CtAzy0FzytG0D0EtAtBtGyEzy0AtAtGzy0B0CzztGtByCtAtCtAyEtAyBtC0E0Ezz2Q&cr=1950263184&ir=
SearchScopes: HKU\S-1-5-21-2499651851-560507420-603929252-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_43_ch&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtCtA0ByC0AyEtDtC0B0EtBtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtAyE0B0C0DtBzytGzy0FtBzztGtAtDtCyBtG0A0CtA0BtGtB0D0D0AtB0F0DyBtC0E0Ezz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyBtD0CtAzy0FzytG0D0EtAtBtGyEzy0AtAtGzy0B0CzztGtByCtAtCtAyEtAyBtC0E0Ezz2Q&cr=1950263184&ir=
SearchScopes: HKU\S-1-5-21-2499651851-560507420-603929252-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_43_ch&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtCtA0ByC0AyEtDtC0B0EtBtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtAyE0B0C0DtBzytGzy0FtBzztGtAtDtCyBtG0A0CtA0BtGtB0D0D0AtB0F0DyBtC0E0Ezz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyBtD0CtAzy0FzytG0D0EtAtBtGyEzy0AtAtGzy0B0CzztGtByCtAtCtAyEtAyBtC0E0Ezz2Q&cr=1950263184&ir=
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-17]

Chrome: 
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-14]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-14]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-14]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-14]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-14]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-14]
CHR Extension: (ZoneAlarm Chrome Toolbar) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek [2015-01-14]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-14]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-14]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-17]
CHR HKU\S-1-5-21-2499651851-560507420-603929252-1000\...\Chrome\Extension: [kgdcapepedmpopjkmdbjnmmmfgllnfek] - C:\Users\user\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm.crx [2014-02-11]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-17] (AVAST Software)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 WMZuneComm; C:\Users\user\Music\WMZuneComm.exe [268512 2011-08-05] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.)
S3 ZuneNetworkSvc; C:\Users\user\Music\ZuneNss.exe [6363872 2011-08-05] (Microsoft Corporation)
S3 ZuneWlanCfgSvc; C:\Users\user\Music\ZuneWlanCfgSvc.exe [444640 2011-08-05] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73480 2015-01-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-01-17] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-17] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2015-01-17] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-17] ()
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-06-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [488032 2014-06-11] (Kaspersky Lab ZAO)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKsl3c31363c; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{63EBE45D-A34C-4F55-9868-8072AAE79BA0}\MpKsl3c31363c.sys [39464 2015-01-19] (Microsoft Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7122944 2010-10-18] (Intel Corporation)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [584872 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [197800 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [24232 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [20136 2013-06-26] (Microsoft Corporation)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [11976 2011-05-30] (Authentec Inc.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [456088 2014-08-13] (Check Point Software Technologies Ltd.)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-06-11] (Kaspersky Lab ZAO)
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 sccrhrce; \??\C:\Windows\system32\drivers\ngiodriver_x86 [X]
U3 kxldapob; \??\C:\Users\user\AppData\Local\Temp\kxldapob.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 12:59 - 2015-01-19 13:00 - 00014229 _____ () C:\Users\user\Desktop\FRST.txt
2015-01-19 12:59 - 2015-01-19 12:59 - 00000000 ____D () C:\FRST
2015-01-19 12:59 - 2015-01-19 12:41 - 01118208 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2015-01-19 12:51 - 2015-01-19 12:51 - 00013932 _____ () C:\Users\user\Desktop\ark.txt
2015-01-19 12:38 - 2015-01-19 12:38 - 00380416 _____ () C:\Users\user\Downloads\dddek91i.exe
2015-01-19 12:31 - 2015-01-19 12:31 - 00015501 _____ () C:\Users\user\Desktop\download.htm
2015-01-19 12:28 - 2015-01-19 12:28 - 00259495 _____ () C:\Users\user\Downloads\FRST (1).exe
2015-01-19 08:12 - 2015-01-19 08:15 - 00048655 _____ () C:\Users\user\Desktop\attach.txt
2015-01-19 08:12 - 2015-01-19 08:15 - 00012570 _____ () C:\Users\user\Desktop\dds.txt
2015-01-19 08:10 - 2015-01-19 08:10 - 00688992 ____R (Swearware) C:\Users\user\Downloads\dds.com
2015-01-19 07:31 - 2015-01-19 12:52 - 00001074 _____ () C:\Windows\setupact.log
2015-01-19 07:31 - 2015-01-19 07:31 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-18 19:28 - 2015-01-19 12:23 - 00121743 _____ () C:\Windows\WindowsUpdate.log
2015-01-17 17:15 - 2014-12-19 02:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-17 17:15 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-17 17:15 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-17 17:15 - 2014-12-11 17:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-17 17:15 - 2014-12-06 03:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-17 17:14 - 2014-12-19 01:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-17 17:05 - 2015-01-17 13:50 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-17 15:54 - 2015-01-17 15:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\Dropbox
2015-01-17 15:43 - 2015-01-17 15:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVAST Software
2015-01-17 13:50 - 2015-01-17 17:06 - 00002045 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-17 13:50 - 2015-01-17 13:50 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-17 13:50 - 2015-01-17 13:50 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-17 13:50 - 2015-01-17 13:50 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-17 13:50 - 2015-01-17 13:50 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-17 13:50 - 2015-01-17 13:50 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-17 13:50 - 2015-01-17 13:50 - 00073480 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-01-17 13:50 - 2015-01-17 13:50 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-17 13:50 - 2015-01-17 13:50 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-17 13:50 - 2015-01-17 13:50 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-17 13:50 - 2015-01-17 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-17 13:47 - 2015-01-17 13:47 - 05006864 _____ (AVAST Software) C:\Users\user\Downloads\avast_free_antivirus_setup_online.exe
2015-01-17 13:47 - 2015-01-17 13:47 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-17 13:47 - 2015-01-17 13:47 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-15 07:32 - 2015-01-15 07:29 - 03377664 _____ () C:\Windows\system32\bu_tosave.ndb
2015-01-15 07:32 - 2015-01-15 07:13 - 03376128 _____ () C:\Windows\system32\bu_todelete.ndb
2015-01-14 20:33 - 2015-01-18 19:22 - 00000000 ____D () C:\Windows\Minidump
2015-01-10 15:06 - 2015-01-10 17:29 - 00000000 ____D () C:\Users\user\Downloads\Mods
2015-01-10 12:00 - 2015-01-10 12:22 - 663678506 _____ () C:\Users\user\Downloads\TitaniumWars_1.00.30.rar

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 12:53 - 2014-09-03 13:12 - 00782164 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-19 12:35 - 2014-10-07 18:24 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-19 12:30 - 2009-07-14 04:34 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-19 12:30 - 2009-07-14 04:34 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-19 10:30 - 2014-10-07 18:24 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 10:29 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-19 07:59 - 2014-10-29 09:07 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-18 19:22 - 2014-10-29 08:11 - 00000000 ____D () C:\Program Files\Steam
2015-01-18 19:22 - 2014-10-07 20:02 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-17 17:36 - 2014-10-07 18:28 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-15 07:44 - 2009-07-14 04:53 - 00017972 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-15 04:32 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-14 19:57 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-10 21:10 - 2014-10-13 07:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\SoftGrid Client
2014-12-31 11:13 - 2014-10-10 10:29 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-21 09:01 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Speech
2014-12-20 11:57 - 2014-10-07 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-20 11:57 - 2014-10-07 19:32 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

==================== Files in the root of some directories =======
2014-10-26 07:47 - 2014-10-28 00:47 - 0000135 _____ () C:\Users\user\AppData\Roaming\WB.CFG
2014-10-27 21:07 - 2014-10-27 21:07 - 0022528 _____ () C:\Users\user\AppData\Local\135935215dsisetup1359413612.exe
2014-11-02 20:01 - 2014-11-02 20:01 - 0003584 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-27 21:07 - 2014-10-27 21:07 - 0000001 _____ () C:\Users\user\AppData\Local\DSI.DAT

Files to move or delete:
====================
C:\Users\user\SteamSetup.exe


Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\n_mp03kc.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-17 21:24

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
Ran by user at 2015-01-19 13:00:37
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: ZoneAlarm Antivirus (Disabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Anti-Spyware (Disabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: ZoneAlarm Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.115.0 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Dawn of War - Dark Crusade (HKLM\...\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}) (Version: 1.00.0000 - THQ)
Driver Support (HKLM\...\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}) (Version: 9.1.4.29 - PC Drivers Headquarters, LP)
File Opener Packages (HKU\S-1-5-21-2499651851-560507420-603929252-1000\...\File Opener Packages) (Version:  - ) <==== ATTENTION
FileOpener (HKLM\...\Tweaks FileOpener) (Version: 1.1.1 - Tweaks)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{D75AEB5B-FA18-4BD4-9EED-54CA46DB5AE8}) (Version: 13.04.0000 - Intel Corporation)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Medieval II Total War : Kingdoms : Teutonic (HKLM\...\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}) (Version: 1.03.000 - SEGA)
Medieval II: Total War (HKLM\...\Steam App 4700) (Version:  - The Creative Assembly)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.7130.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
Nokia Connectivity Cable Driver (HKLM\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
OpenOffice.org 3.3 (HKLM\...\{82AF3E91-57E1-4754-84D0-40A46E2479AB}) (Version: 3.3.9567 - OpenOffice.org)
RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab for Intel (HKLM\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
Third Age - Total War 3.0 (Part 1of2) (HKU\S-1-5-21-2499651851-560507420-603929252-1000\...\Third Age - Total War 3.0 (Part 1of2)) (Version:  - )
Third Age - Total War 3.0 (Part 2of2) (HKU\S-1-5-21-2499651851-560507420-603929252-1000\...\Third Age - Total War 3.0 (Part 2of2)) (Version:  - )
Warhammer 40,000: Dawn Of War - Gold Edition (HKLM\...\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}) (Version: 1.51 - THQ)
Windows Phone app for desktop (HKLM\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
Xfire (remove only) (HKLM\...\Xfire) (Version:  - )
ZoneAlarm Antivirus (Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM\...\ZoneAlarm Free Antivirus + Firewall) (Version: 13.3.209.000 - Check Point)
ZoneAlarm Security (Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (HKLM\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
ZoneAlarm Security Toolbar  (HKU\S-1-5-21-2499651851-560507420-603929252-1000\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:04 - 2009-06-10 21:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E65755F-435C-45C4-BE92-F8F6E6BFF1CB} - System32\Tasks\Driver Support-RTMRules => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [2014-11-09] (PC Drivers Headquarters)
Task: {12E232D5-53B2-4227-A384-48C12E663205} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-17] (AVAST Software)
Task: {18783A6D-1239-4B32-88B8-AF610E15ACAE} - System32\Tasks\{A2C50CFC-0F10-45FA-8436-4A5EDC15287D} => pcalua.exe -a "C:\Program Files\Steam\steamapps\common\Medieval II Total War\mods\M2TW mod folder.exe" -d "C:\Program Files\Steam\steamapps\common\Medieval II Total War\mods"
Task: {22FD3C3C-227B-4C4A-A7DE-B1D11BC823A7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-07] (Google Inc.)
Task: {3EB6BF44-BFEF-45B8-B05E-841177A64190} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-07] (Google Inc.)
Task: {4F01993E-FA94-421B-82F6-63C7A6313018} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {547874F1-A1AF-4E94-B2A7-1860FE54ABE4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9352FA6A-BB63-4354-B138-625C41ADA456} - System32\Tasks\Driver Support-RTMScan => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [2014-11-09] (PC Drivers Headquarters)
Task: {A8C81AFE-58B5-4627-9520-AF541F956B43} - System32\Tasks\{6720E0CA-C216-4387-BF17-4B0AF55991AF} => pcalua.exe -a D:\AutoPlay.exe -d D:\
Task: {DD624B37-FA02-4F74-8A3F-E3035D4EE07F} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [2014-11-09] (PC Drivers Headquarters)
Task: {EAF82C66-8B40-4C1A-A885-7D00F9479204} - System32\Tasks\Driver Support-RTMScanRunOnce => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [2014-11-09] (PC Drivers Headquarters)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2015-01-19 10:07 - 2015-01-19 10:07 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15011900\algo.dll
2014-08-05 11:16 - 2014-08-05 11:16 - 00024064 _____ () C:\Windows\System32\sst9clm.dll
2012-01-10 20:12 - 2012-01-10 20:12 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2015-01-17 13:50 - 2015-01-17 13:50 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-08 14:38 - 2014-11-09 20:32 - 00321912 _____ () C:\Program Files\Driver Support\Driver Support\Agent.Common.XmlSerializers.dll
2014-10-08 14:38 - 2014-11-09 20:32 - 00461192 _____ () C:\Program Files\Driver Support\Driver Support\Agent.Communication.XmlSerializers.dll
2014-10-08 14:38 - 2014-10-08 14:38 - 00067960 _____ () C:\Program Files\Driver Support\Driver Support\RuleEngine.XmlSerializers.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2499651851-560507420-603929252-500 - Administrator - Disabled)
Guest (S-1-5-21-2499651851-560507420-603929252-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2499651851-560507420-603929252-1002 - Limited - Enabled)
user (S-1-5-21-2499651851-560507420-603929252-1000 - Administrator - Enabled) => C:\Users\user

==================== Faulty Device Manager Devices =============

Name: TouchChip Fingerprint Coprocessor (WBF advanced mode)
Description: TouchChip Fingerprint Coprocessor (WBF advanced mode)
Class Guid: {53d29ef7-377c-4d14-864b-eb3a85769359}
Manufacturer: AuthenTec
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 


==================== Event log errors: =========================

Application errors:
==================
Error: (01/19/2015 00:28:04 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\mssrch.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft Windows Search Indexer because of this error.

Program: Microsoft Windows Search Indexer
File: C:\Windows\System32\mssrch.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
	- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
	- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (01/19/2015 00:28:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610, time stamp: 0x4dc0c672
Faulting module name: MSSRCH.DLL, version: 0.0.0.0, time stamp: 0x4dc0d45e
Exception code: 0xc0000006
Fault offset: 0x000a08b3
Faulting process id: 0x14a4
Faulting application start time: 0xSearchIndexer.exe0
Faulting application path: SearchIndexer.exe1
Faulting module path: SearchIndexer.exe2
Report Id: SearchIndexer.exe3

Error: (01/19/2015 10:33:42 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\en-US\wscui.cpl.mui for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows Explorer because of this error.

Program: Windows Explorer
File: C:\Windows\System32\en-US\wscui.cpl.mui

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
	- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
	- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (01/19/2015 10:33:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: wscinterop.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc3e6
Exception code: 0xc0000006
Fault offset: 0x00006e9d
Faulting process id: 0x112c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (01/19/2015 10:29:46 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

Error: (01/19/2015 07:57:19 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\ReAgent.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft® Windows Backup because of this error.

Program: Microsoft® Windows Backup
File: C:\Windows\System32\ReAgent.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
	- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
	- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (01/19/2015 07:57:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sdclt.exe, version: 6.1.7601.17514, time stamp: 0x4ce78ec8
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000006
Fault offset: 0x00064f19
Faulting process id: 0x1220
Faulting application start time: 0xsdclt.exe0
Faulting application path: sdclt.exe1
Faulting module path: sdclt.exe2
Report Id: sdclt.exe3

Error: (01/19/2015 07:56:23 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\sysmain.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\System32\sysmain.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
	- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
	- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (01/19/2015 07:56:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba10
Exception code: 0xc0000006
Fault offset: 0x0002b2da
Faulting process id: 0x464
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3

Error: (01/19/2015 07:56:11 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\p2psvc.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\System32\p2psvc.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
	- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
	- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3


System errors:
=============
Error: (01/19/2015 00:49:04 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (01/19/2015 00:49:04 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (01/19/2015 00:49:04 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (01/19/2015 00:49:04 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (01/19/2015 00:49:04 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (01/19/2015 00:49:04 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (01/19/2015 00:49:04 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (01/19/2015 00:49:04 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (01/19/2015 00:49:04 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (01/19/2015 00:45:23 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.


Microsoft Office Sessions:
=========================
Error: (01/19/2015 00:28:04 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\System32\mssrch.dllMicrosoft Windows Search IndexerC00001853

Error: (01/19/2015 00:28:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchIndexer.exe7.0.7601.176104dc0c672MSSRCH.DLL0.0.0.04dc0d45ec0000006000a08b314a401d033d2e96566b1C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\MSSRCH.DLL9d1c3151-9fd6-11e4-818d-889ffaf06ba4

Error: (01/19/2015 10:33:42 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\System32\en-US\wscui.cpl.muiWindows ExplorerC00001853

Error: (01/19/2015 10:33:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d6727a7wscinterop.dll6.1.7600.163854a5bc3e6c000000600006e9d112c01d033d2e3d727fdC:\Windows\Explorer.EXEC:\Windows\System32\wscinterop.dlla2d63ebb-9fc6-11e4-818d-889ffaf06ba4

Error: (01/19/2015 10:29:46 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

Error: (01/19/2015 07:57:19 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\System32\ReAgent.dllMicrosoft® Windows BackupC00001853

Error: (01/19/2015 07:57:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: sdclt.exe6.1.7601.175144ce78ec8ntdll.dll6.1.7601.18247521ea91cc000000600064f19122001d033bd79213011C:\Windows\System32\sdclt.exeC:\Windows\SYSTEM32\ntdll.dllca8e303e-9fb0-11e4-b014-889ffaf06ba4

Error: (01/19/2015 07:56:23 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\System32\sysmain.dllHost Process for Windows ServicesC00001853

Error: (01/19/2015 07:56:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c00000060002b2da46401d033bcfe6721b1C:\Windows\System32\svchost.exec:\windows\system32\sysmain.dlla8fedf7b-9fb0-11e4-b014-889ffaf06ba4

Error: (01/19/2015 07:56:11 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\System32\p2psvc.dllHost Process for Windows ServicesC00001853


CodeIntegrity Errors:
===================================
  Date: 2015-01-17 18:26:08.891
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sfc_os.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-15 07:42:25.027
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sfc_os.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-13 08:48:40.446
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-13 08:48:40.390
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-13 08:47:46.625
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 44%
Total physical RAM: 2995.67 MB
Available physical RAM: 1674.17 MB
Total Pagefile: 5989.63 MB
Available Pagefile: 4406.49 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:65.26 GB) NTFS
Drive e: () (Removable) (Total:0.94 GB) (Free:0.66 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 0BF37809)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 964 MB) (Disk ID: 91F72D24)
Partition 1: (Active) - (Size=964 MB) - (Type=06)

==================== End Of Log ============================

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-01-19 12:51:27
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEKT-08PVMT1 rev.02.01A02 149.05GB
Running: dddek91i.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys


---- System - GMER 2.1 ----

SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                  ZwAddBootEntry [0x90C2BAC4]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwAdjustPrivilegesToken [0x90D35822]
SSDT    \SystemRoot\system32\drivers\aswSP.sys                                                                   ZwAllocateVirtualMemory [0x90D800BA]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwAlpcConnectPort [0x91B0DB06]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwAlpcCreatePort [0x91B0E404]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwAlpcSendWaitReceivePort [0x90CFF65C]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                  ZwAssignProcessToJobObject [0x90C2C5A2]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwClose [0x90CE93DE]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwConnectPort [0x91B0D51A]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwCreateEvent [0x90CE9954]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                  ZwCreateEventPair [0x90C38688]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwCreateFile [0x91B06D54]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                  ZwCreateIoCompletion [0x90C38822]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwCreateKey [0x91B28FFA]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwCreateMutant [0x90CE983A]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwCreatePort [0x91B0E084]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwCreateProcess [0x91B22D04]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwCreateProcessEx [0x91B23138]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwCreateSection [0x91B2D870]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwCreateSemaphore [0x90CE9A74]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwCreateSymbolicLinkObject [0x90D0E7A0]
SSDT    \SystemRoot\system32\drivers\aswSP.sys                                                                   ZwCreateThread [0x90D80724]
SSDT    \SystemRoot\system32\drivers\aswSP.sys                                                                   ZwCreateThreadEx [0x90D8080E]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                  ZwCreateTimer [0x90C387DC]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwCreateUserProcess [0x91B235B8]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwCreateWaitablePort [0x91B0E1EE]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwDebugActiveProcess [0x90D376F2]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                  ZwDeleteBootEntry [0x90C2BB2A]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwDeleteFile [0x91B07A94]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwDeleteKey [0x91B2AAEE]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwDeleteValueKey [0x91B2A3A0]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwDeviceIoControlFile [0x90CE9422]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwDuplicateObject [0x91B21ABE]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwLoadDriver [0x91B01614]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwLoadKey [0x91B2B580]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwLoadKey2 [0x91B2B7BE]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwLoadKeyEx [0x91B2BC70]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwMapViewOfSection [0x90D0E7C0]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                  ZwModifyBootEntry [0x90C2BB90]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwNotifyChangeKey [0x90CFD324]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                  ZwNotifyChangeMultipleKeys [0x90C2DE78]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwOpenEvent [0x90CE99EA]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                  ZwOpenEventPair [0x90C386AA]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwOpenFile [0x91B07644]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                  ZwOpenIoCompletion [0x90C38846]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwOpenMutant [0x90CE98CA]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwOpenProcess [0x91B25258]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwOpenSection [0x90D38970]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwOpenSemaphore [0x90CE9B0A]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwOpenThread [0x91B24E4A]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                  ZwOpenTimer [0x90C38800]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwPlugPlayControl [0x90D0E7B0]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwProtectVirtualMemory [0x91B3A18A]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwQueryDirectoryObject [0x90CE9B94]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwQueryIntervalProfile [0x90D0E7F0]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwQueryObject [0x90CFD532]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwQueueApcThread [0x90D38380]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                  ZwQueueApcThreadEx [0x90C2D9FA]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwRenameKey [0x91B2C658]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwReplaceKey [0x91B2BF3A]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwReplyPort [0x90CFF440]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwReplyWaitReceivePort [0x90CFF2CE]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwReplyWaitReceivePortEx [0x90CFF384]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwRequestWaitReplyPort [0x91B0D0AE]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwRestoreKey [0x91B2D0CC]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwResumeThread [0x90D380AA]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwSecureConnectPort [0x91B0D814]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                  ZwSetBootEntryOrder [0x90C2BBF6]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                  ZwSetBootOptions [0x90C2BC5C]
SSDT    \SystemRoot\system32\drivers\aswSP.sys                                                                   ZwSetContextThread [0x90D80670]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwSetInformationFile [0x91B07EA0]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwSetInformationObject [0x91B3A042]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwSetInformationToken [0x90CE9C36]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwSetSecurityObject [0x91B2CBE2]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwSetSystemInformation [0x91B00CC6]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                  ZwSetSystemPowerState [0x90C2B982]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwSetValueKey [0x91B29AC0]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                  ZwShutdownSystem [0x90C2B910]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwSuspendProcess [0x90D3743A]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwSuspendThread [0x90D37F52]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwSystemDebugControl [0x91B23E5A]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwTerminateProcess [0x91B23B7E]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwTerminateThread [0x90D37AFE]
SSDT    \SystemRoot\system32\DRIVERS\vsdatant.sys                                                                ZwUnloadDriver [0x91B01A98]
SSDT    \SystemRoot\system32\DRIVERS\klif.sys                                                                    ZwUnmapViewOfSection [0x90D38AD8]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                                  ZwVdmControl [0x90C2BCC2]
SSDT    \SystemRoot\system32\drivers\aswSP.sys                                                                   ZwWriteVirtualMemory [0x90D80244]

---- Devices - GMER 2.1 ----

Device  \Driver\BTHUSB \Device\0000007b                                                                          bthport.sys
Device  \Driver\BTHUSB \Device\0000007d                                                                          bthport.sys

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffaf06ba4                              
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffaf06ba4 (not active ControlSet)          
Reg     HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\8218A4D7-6F39-483C-8096-F3534608B3B7@Alive  0
Reg     HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\F435327C-5142-488C-8E3D-7E32B310822A@Alive  1
Reg     HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active                       
Reg     HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@227FB66A              75

---- EOF - GMER 2.1 ----

13:04:33.0502 0x0e6c  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
13:04:40.0869 0x0e6c  ============================================================
13:04:40.0869 0x0e6c  Current date / time: 2015/01/19 13:04:40.0869
13:04:40.0869 0x0e6c  SystemInfo:
13:04:40.0869 0x0e6c  
13:04:40.0869 0x0e6c  OS Version: 6.1.7601 ServicePack: 1.0
13:04:40.0869 0x0e6c  Product type: Workstation
13:04:40.0869 0x0e6c  ComputerName: USER-PC
13:04:40.0869 0x0e6c  UserName: user
13:04:40.0869 0x0e6c  Windows directory: C:\Windows
13:04:40.0869 0x0e6c  System windows directory: C:\Windows
13:04:40.0869 0x0e6c  Processor architecture: Intel x86
13:04:40.0869 0x0e6c  Number of processors: 4
13:04:40.0869 0x0e6c  Page size: 0x1000
13:04:40.0869 0x0e6c  Boot type: Normal boot
13:04:40.0869 0x0e6c  ============================================================
13:04:43.0752 0x0e6c  KLMD registered as C:\Windows\system32\drivers\62864354.sys
13:04:44.0142 0x0e6c  System UUID: {4CB8A6E0-B6C5-56F0-4317-C4A88A117865}
13:04:44.0789 0x0e6c  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
13:04:44.0836 0x0e6c  Drive \Device\Harddisk1\DR1 - Size: 0x3C3FFE00 ( 0.94 Gb ), SectorSize: 0x200, Cylinders: 0x7A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:04:44.0836 0x0e6c  ============================================================
13:04:44.0836 0x0e6c  \Device\Harddisk0\DR0:
13:04:44.0883 0x0e6c  MBR partitions:
13:04:44.0883 0x0e6c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:04:44.0883 0x0e6c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
13:04:44.0883 0x0e6c  \Device\Harddisk1\DR1:
13:04:44.0883 0x0e6c  MBR partitions:
13:04:44.0883 0x0e6c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x1E1FC0
13:04:44.0883 0x0e6c  ============================================================
13:04:44.0930 0x0e6c  C: <-> \Device\Harddisk0\DR0\Partition2
13:04:44.0930 0x0e6c  ============================================================
13:04:44.0930 0x0e6c  Initialize success
13:04:44.0930 0x0e6c  ============================================================
13:04:59.0813 0x119c  ============================================================
13:04:59.0813 0x119c  Scan started
13:04:59.0813 0x119c  Mode: Manual; 
13:04:59.0813 0x119c  ============================================================
13:04:59.0813 0x119c  KSN ping started
13:05:02.0285 0x119c  KSN ping finished: true
13:05:03.0073 0x119c  ================ Scan system memory ========================
13:05:03.0073 0x119c  System memory - ok
13:05:03.0073 0x119c  ================ Scan services =============================
13:05:03.0338 0x119c  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:05:03.0354 0x119c  1394ohci - ok
13:05:03.0400 0x119c  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:05:03.0416 0x119c  ACPI - ok
13:05:03.0463 0x119c  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:05:03.0463 0x119c  AcpiPmi - ok
13:05:03.0510 0x119c  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
13:05:03.0525 0x119c  adp94xx - ok
13:05:03.0556 0x119c  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
13:05:03.0556 0x119c  adpahci - ok
13:05:03.0572 0x119c  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
13:05:03.0588 0x119c  adpu320 - ok
13:05:03.0603 0x119c  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:05:03.0619 0x119c  AeLookupSvc - ok
13:05:03.0650 0x119c  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
13:05:03.0666 0x119c  AFD - ok
13:05:03.0681 0x119c  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
13:05:03.0681 0x119c  agp440 - ok
13:05:03.0697 0x119c  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
13:05:03.0697 0x119c  aic78xx - ok
13:05:03.0728 0x119c  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
13:05:03.0744 0x119c  ALG - ok
13:05:03.0759 0x119c  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:05:03.0775 0x119c  aliide - ok
13:05:03.0790 0x119c  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
13:05:03.0790 0x119c  amdagp - ok
13:05:03.0806 0x119c  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
13:05:03.0806 0x119c  amdide - ok
13:05:03.0837 0x119c  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
13:05:03.0837 0x119c  AmdK8 - ok
13:05:03.0853 0x119c  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
13:05:03.0853 0x119c  AmdPPM - ok
13:05:03.0884 0x119c  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:05:03.0884 0x119c  amdsata - ok
13:05:03.0900 0x119c  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
13:05:03.0915 0x119c  amdsbs - ok
13:05:03.0931 0x119c  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:05:03.0931 0x119c  amdxata - ok
13:05:03.0962 0x119c  [ E499E422412EF37576092A52648DB2B4, 95E9C11258CAF37060242BA4E1170CEDECF3376CF0A9A1E61D46706D7C7F36F8 ] AppID           C:\Windows\system32\drivers\appid.sys
13:05:03.0962 0x119c  AppID - ok
13:05:03.0978 0x119c  [ 89B6FA43B68A373B304DFB8F6776B255, 36ABD9AB89CBC7991DE9B04051B26014982953697862BC46EF8AE4ACC2404128 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:05:03.0978 0x119c  AppIDSvc - ok
13:05:04.0009 0x119c  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
13:05:04.0009 0x119c  Appinfo - ok
13:05:04.0024 0x119c  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
13:05:04.0040 0x119c  AppMgmt - ok
13:05:04.0056 0x119c  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
13:05:04.0056 0x119c  arc - ok
13:05:04.0087 0x119c  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
13:05:04.0087 0x119c  arcsas - ok
13:05:04.0180 0x119c  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:05:04.0180 0x119c  aspnet_state - ok
13:05:04.0212 0x119c  [ 9D23DE88C3B18BA87CD4587177CA6CEA, 46DBB867FC73E30320852F744F38B66906DD5B96C4EBB03F504CF33E867A8470 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
13:05:04.0212 0x119c  aswHwid - ok
13:05:04.0243 0x119c  [ 98F4C60F5C3E77B4A2CD1F06F7198D49, 00F04E8FB7625821837612FEACEE28AE2A5517F5BB7FBBA0DDD4C7E8FE36248B ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
13:05:04.0243 0x119c  aswMonFlt - ok
13:05:04.0258 0x119c  [ DE8D7912469E4BC5FAED78D9D1076888, 8545139B7A7D0B672A0225686BFB03EBEA6E7202D93B772CB2F74CA9E4D7F81D ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
13:05:04.0274 0x119c  aswRdr - ok
13:05:04.0305 0x119c  [ 6544697080421E62E97AAFBD0A8AA391, BB3F492BF828A147B82FDD1FC9EB9867D96DE0481554A59745D41C6BAB551700 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
13:05:04.0305 0x119c  aswRvrt - ok
13:05:04.0399 0x119c  [ E73CBE3420ECFA8FF7D0467E170E335D, B994342C92AE9167908B8CA3D03DC278E919C7073512461AFFD4C25E8D2D8D66 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
13:05:04.0414 0x119c  aswSnx - ok
13:05:04.0461 0x119c  [ 1624D5AD126B8AFE2B2E85E5B8364EB6, AB97A74C1CA9921F7753D98516D7E11750D5D3ACD143C83273B0B295625440A0 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
13:05:04.0477 0x119c  aswSP - ok
13:05:04.0539 0x119c  [ 401E663D9CBAFB580FF37A1A44AC84D9, EFF1DA23A1F316B0FA03467F6C04B83EA39D8484A1A7EDF5FCFF20F1CF8DC2E2 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
13:05:04.0539 0x119c  aswStm - ok
13:05:04.0586 0x119c  [ 0EFBC2962B156E8AC267F96D4D93EF06, 8A69672CE8B68A0A683D583287473BFAB7CF8B9771C22E398607CF2A151C7124 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
13:05:04.0602 0x119c  aswVmm - ok
13:05:04.0617 0x119c  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:05:04.0617 0x119c  AsyncMac - ok
13:05:04.0648 0x119c  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:05:04.0648 0x119c  atapi - ok
13:05:04.0695 0x119c  [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:05:04.0711 0x119c  AudioEndpointBuilder - ok
13:05:04.0742 0x119c  [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
13:05:04.0742 0x119c  Audiosrv - ok
13:05:04.0858 0x119c  [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:05:04.0858 0x119c  avast! Antivirus - ok
13:05:04.0905 0x119c  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:05:04.0905 0x119c  AxInstSV - ok
13:05:04.0952 0x119c  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
13:05:04.0967 0x119c  b06bdrv - ok
13:05:05.0014 0x119c  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
13:05:05.0014 0x119c  b57nd60x - ok
13:05:05.0045 0x119c  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
13:05:05.0045 0x119c  BDESVC - ok
13:05:05.0061 0x119c  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:05:05.0061 0x119c  Beep - ok
13:05:05.0108 0x119c  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
13:05:05.0123 0x119c  BFE - ok
13:05:05.0170 0x119c  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
13:05:05.0186 0x119c  BITS - ok
13:05:05.0201 0x119c  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:05:05.0201 0x119c  blbdrive - ok
13:05:05.0233 0x119c  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:05:05.0233 0x119c  bowser - ok
13:05:05.0248 0x119c  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:05:05.0264 0x119c  BrFiltLo - ok
13:05:05.0279 0x119c  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:05:05.0279 0x119c  BrFiltUp - ok
13:05:05.0342 0x119c  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
13:05:05.0357 0x119c  Browser - ok
13:05:05.0389 0x119c  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:05:05.0389 0x119c  Brserid - ok
13:05:05.0420 0x119c  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:05:05.0420 0x119c  BrSerWdm - ok
13:05:05.0420 0x119c  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:05:05.0435 0x119c  BrUsbMdm - ok
13:05:05.0435 0x119c  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:05:05.0451 0x119c  BrUsbSer - ok
13:05:05.0467 0x119c  [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
13:05:05.0467 0x119c  BthEnum - ok
13:05:05.0482 0x119c  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
13:05:05.0482 0x119c  BTHMODEM - ok
13:05:05.0513 0x119c  [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
13:05:05.0513 0x119c  BthPan - ok
13:05:05.0545 0x119c  [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
13:05:05.0545 0x119c  BTHPORT - ok
13:05:05.0560 0x119c  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
13:05:05.0560 0x119c  bthserv - ok
13:05:05.0576 0x119c  [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
13:05:05.0576 0x119c  BTHUSB - ok
13:05:05.0591 0x119c  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:05:05.0591 0x119c  cdfs - ok
13:05:05.0638 0x119c  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\drivers\cdrom.sys
13:05:05.0654 0x119c  cdrom - ok
13:05:05.0685 0x119c  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:05:05.0685 0x119c  CertPropSvc - ok
13:05:05.0701 0x119c  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
13:05:05.0701 0x119c  circlass - ok
13:05:05.0732 0x119c  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
13:05:05.0747 0x119c  CLFS - ok
13:05:05.0794 0x119c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:05:05.0794 0x119c  clr_optimization_v2.0.50727_32 - ok
13:05:05.0810 0x119c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:05:05.0825 0x119c  clr_optimization_v4.0.30319_32 - ok
13:05:05.0841 0x119c  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:05:05.0841 0x119c  CmBatt - ok
13:05:05.0857 0x119c  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:05:05.0857 0x119c  cmdide - ok
13:05:05.0903 0x119c  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
13:05:05.0919 0x119c  CNG - ok
13:05:05.0935 0x119c  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:05:05.0935 0x119c  Compbatt - ok
13:05:05.0950 0x119c  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
13:05:05.0950 0x119c  CompositeBus - ok
13:05:05.0966 0x119c  COMSysApp - ok
13:05:05.0981 0x119c  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
13:05:05.0981 0x119c  crcdisk - ok
13:05:06.0044 0x119c  [ 623E143F2DF17C0106A9988F5D7DC878, 9DA30262FF22FA9F1DB247CB3B4A2892D79730EF0ECC9589D399D24B4F58E565 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:05:06.0044 0x119c  CryptSvc - ok
13:05:06.0122 0x119c  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
13:05:06.0137 0x119c  CSC - ok
13:05:06.0169 0x119c  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
13:05:06.0200 0x119c  CscService - ok
13:05:06.0278 0x119c  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
13:05:06.0293 0x119c  cvhsvc - ok
13:05:06.0340 0x119c  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:05:06.0356 0x119c  DcomLaunch - ok
13:05:06.0387 0x119c  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
13:05:06.0403 0x119c  defragsvc - ok
13:05:06.0434 0x119c  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:05:06.0434 0x119c  DfsC - ok
13:05:06.0465 0x119c  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:05:06.0481 0x119c  Dhcp - ok
13:05:06.0496 0x119c  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
13:05:06.0496 0x119c  discache - ok
13:05:06.0527 0x119c  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
13:05:06.0527 0x119c  Disk - ok
13:05:06.0559 0x119c  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:05:06.0559 0x119c  Dnscache - ok
13:05:06.0590 0x119c  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:05:06.0590 0x119c  dot3svc - ok
13:05:06.0621 0x119c  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
13:05:06.0637 0x119c  DPS - ok
13:05:06.0668 0x119c  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:05:06.0668 0x119c  drmkaud - ok
13:05:06.0730 0x119c  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:05:06.0746 0x119c  DXGKrnl - ok
13:05:06.0793 0x119c  [ 341F236953B2ABBE8C9DBEFA1215ECD4, 5AF12066E14A9CBA5A2071DE76F00FD7ECE271289EFA78FFA3D7B5F259438276 ] e1kexpress      C:\Windows\system32\DRIVERS\e1k6232.sys
13:05:06.0808 0x119c  e1kexpress - ok
13:05:06.0839 0x119c  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
13:05:06.0844 0x119c  EapHost - ok
13:05:06.0987 0x119c  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
13:05:07.0049 0x119c  ebdrv - ok
13:05:07.0080 0x119c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS             C:\Windows\System32\lsass.exe
13:05:07.0080 0x119c  EFS - ok
13:05:07.0143 0x119c  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:05:07.0174 0x119c  ehRecvr - ok
13:05:07.0205 0x119c  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
13:05:07.0205 0x119c  ehSched - ok
13:05:07.0236 0x119c  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
13:05:07.0236 0x119c  elxstor - ok
13:05:07.0267 0x119c  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:05:07.0267 0x119c  ErrDev - ok
13:05:07.0314 0x119c  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
13:05:07.0314 0x119c  EventSystem - ok
13:05:07.0423 0x119c  [ 33ABDDB21DE2F4BB1B05A5A3A671BD64, 9A27823BE9C035F99729001AD765EF086DFAD7DB2DD546E7E1D0B9F347513A09 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:05:07.0455 0x119c  EvtEng - ok
13:05:07.0470 0x119c  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:05:07.0486 0x119c  exfat - ok
13:05:07.0501 0x119c  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:05:07.0501 0x119c  fastfat - ok
13:05:07.0548 0x119c  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
13:05:07.0564 0x119c  Fax - ok
13:05:07.0564 0x119c  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:05:07.0564 0x119c  fdc - ok
13:05:07.0579 0x119c  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
13:05:07.0579 0x119c  fdPHost - ok
13:05:07.0595 0x119c  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:05:07.0595 0x119c  FDResPub - ok
13:05:07.0611 0x119c  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:05:07.0611 0x119c  FileInfo - ok
13:05:07.0611 0x119c  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:05:07.0611 0x119c  Filetrace - ok
13:05:07.0642 0x119c  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:05:07.0642 0x119c  flpydisk - ok
13:05:07.0657 0x119c  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:05:07.0657 0x119c  FltMgr - ok
13:05:07.0704 0x119c  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
13:05:07.0735 0x119c  FontCache - ok
13:05:07.0767 0x119c  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:05:07.0782 0x119c  FontCache3.0.0.0 - ok
13:05:07.0798 0x119c  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:05:07.0798 0x119c  FsDepends - ok
13:05:07.0829 0x119c  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:05:07.0829 0x119c  Fs_Rec - ok
13:05:07.0876 0x119c  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:05:07.0876 0x119c  fvevol - ok
13:05:07.0907 0x119c  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
13:05:07.0907 0x119c  gagp30kx - ok
13:05:07.0969 0x119c  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:05:08.0001 0x119c  gpsvc - ok
13:05:08.0047 0x119c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
13:05:08.0063 0x119c  gupdate - ok
13:05:08.0063 0x119c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
13:05:08.0079 0x119c  gupdatem - ok
13:05:08.0094 0x119c  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:05:08.0094 0x119c  hcw85cir - ok
13:05:08.0141 0x119c  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:05:08.0157 0x119c  HdAudAddService - ok
13:05:08.0172 0x119c  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
13:05:08.0172 0x119c  HDAudBus - ok
13:05:08.0203 0x119c  [ A88485DC6A7136C10D9A6C7E38FDFE3C, B651823E5F6D13B086B00440AD17C7C2756F079DD9290E0FEB1A3A48D0104F8C ] HECI            C:\Windows\system32\DRIVERS\HECI.sys
13:05:08.0219 0x119c  HECI - ok
13:05:08.0235 0x119c  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
13:05:08.0235 0x119c  HidBatt - ok
13:05:08.0250 0x119c  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
13:05:08.0250 0x119c  HidBth - ok
13:05:08.0266 0x119c  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
13:05:08.0281 0x119c  HidIr - ok
13:05:08.0313 0x119c  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
13:05:08.0328 0x119c  hidserv - ok
13:05:08.0344 0x119c  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:05:08.0344 0x119c  HidUsb - ok
13:05:08.0375 0x119c  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:05:08.0375 0x119c  hkmsvc - ok
13:05:08.0406 0x119c  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:05:08.0422 0x119c  HomeGroupListener - ok
13:05:08.0484 0x119c  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:05:08.0484 0x119c  HomeGroupProvider - ok
13:05:08.0500 0x119c  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:05:08.0515 0x119c  HpSAMD - ok
13:05:08.0562 0x119c  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:05:08.0578 0x119c  HTTP - ok
13:05:08.0609 0x119c  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:05:08.0609 0x119c  hwpolicy - ok
13:05:08.0625 0x119c  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
13:05:08.0625 0x119c  i8042prt - ok
13:05:08.0656 0x119c  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:05:08.0671 0x119c  iaStorV - ok
13:05:08.0687 0x119c  [ E34EF65898A3529BE7C2AC9CB77B09D3, 7396166EB6AA5DAA978779093A1E09F300E91BACAB812163A9F35087F0A617C6 ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
13:05:08.0703 0x119c  IBMPMDRV - ok
13:05:08.0718 0x119c  [ C9D46BEA56C89778AFF1494F9CCF66AC, FF076093F275CFDC7ACFB864C0451C294D5179230F90A73975682DD812F608FA ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
13:05:08.0718 0x119c  IBMPMSVC - ok
13:05:08.0781 0x119c  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:05:08.0812 0x119c  idsvc - ok
13:05:08.0827 0x119c  IEEtwCollectorService - ok
13:05:09.0194 0x119c  [ 3E03360B3DC0264DE66EF496F44A7AE0, 634278BBE8A4B28DA76AF3688F7D63ECB5CE27258B03EB2D835FDF0A38186962 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
13:05:09.0397 0x119c  igfx - ok
13:05:09.0443 0x119c  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
13:05:09.0443 0x119c  iirsp - ok
13:05:09.0506 0x119c  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
13:05:09.0537 0x119c  IKEEXT - ok
13:05:09.0568 0x119c  [ E3C36AC5AE87EC970AE8EA2A93D59AE1, 8403A5243DF38EFC35A0200760EC081E42467744AF25A1F2168D5A8198AF6A5B ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
13:05:09.0568 0x119c  Impcd - ok
13:05:09.0599 0x119c  [ C4FA261B9B5C9822D26020949605AC43, BECBB28675759BEF7C86F1ACD66C6928BC86EF59FAE34F3067928AC0D2FB33A5 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
13:05:09.0599 0x119c  IntcDAud - ok
13:05:09.0631 0x119c  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:05:09.0631 0x119c  intelide - ok
13:05:09.0662 0x119c  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:05:09.0662 0x119c  intelppm - ok
13:05:09.0693 0x119c  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:05:09.0693 0x119c  IPBusEnum - ok
13:05:09.0709 0x119c  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:05:09.0709 0x119c  IpFilterDriver - ok
13:05:09.0755 0x119c  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:05:09.0771 0x119c  iphlpsvc - ok
13:05:09.0802 0x119c  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:05:09.0802 0x119c  IPMIDRV - ok
13:05:09.0818 0x119c  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:05:09.0818 0x119c  IPNAT - ok
13:05:09.0833 0x119c  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:05:09.0849 0x119c  IRENUM - ok
13:05:09.0865 0x119c  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:05:09.0865 0x119c  isapnp - ok
13:05:09.0880 0x119c  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:05:09.0896 0x119c  iScsiPrt - ok
13:05:09.0911 0x119c  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:05:09.0911 0x119c  kbdclass - ok
13:05:09.0927 0x119c  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:05:09.0927 0x119c  kbdhid - ok
13:05:09.0958 0x119c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso          C:\Windows\system32\lsass.exe
13:05:09.0958 0x119c  KeyIso - ok
13:05:10.0005 0x119c  [ 2AD446E7A867C48099227415DD66FB34, 7A5C80C19B870EC2AAB448949758972AD1AE2FD7C158ECF4E17DE54A5982B58A ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
13:05:10.0005 0x119c  KL1 - ok
13:05:10.0067 0x119c  [ CB7B98B51E2DDB6E519EB35DA0E7AFD2, 55C66955192D0D983F9D94C80104D7204103D993D937B140856AF5DB365B4B7D ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
13:05:10.0083 0x119c  KLIF - ok
13:05:10.0114 0x119c  [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:05:10.0114 0x119c  KSecDD - ok
13:05:10.0161 0x119c  [ 1E1845606C5A4579F7F3D95796CC1ED1, 26A478A0B5417CBC880A7F2D977AAC5FBF40EC4296426B757D6ACCBBC09486CC ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:05:10.0161 0x119c  KSecPkg - ok
13:05:10.0192 0x119c  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:05:10.0208 0x119c  KtmRm - ok
13:05:10.0223 0x119c  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:05:10.0239 0x119c  LanmanServer - ok
13:05:10.0239 0x119c  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:05:10.0255 0x119c  LanmanWorkstation - ok
13:05:10.0286 0x119c  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:05:10.0286 0x119c  lltdio - ok
13:05:10.0317 0x119c  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:05:10.0333 0x119c  lltdsvc - ok
13:05:10.0348 0x119c  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:05:10.0348 0x119c  lmhosts - ok
13:05:10.0411 0x119c  [ 25884CA77F8D926B69167BC231D3726E, 608D159303B2C64C33EA527FA837A6323728C17A71BFA67DC4F73723BBEBF38D ] LMS             C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:05:10.0426 0x119c  LMS - ok
13:05:10.0473 0x119c  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
13:05:10.0489 0x119c  LSI_FC - ok
13:05:10.0504 0x119c  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
13:05:10.0504 0x119c  LSI_SAS - ok
13:05:10.0520 0x119c  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:05:10.0520 0x119c  LSI_SAS2 - ok
13:05:10.0520 0x119c  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:05:10.0535 0x119c  LSI_SCSI - ok
13:05:10.0551 0x119c  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
13:05:10.0551 0x119c  luafv - ok
13:05:10.0582 0x119c  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:05:10.0582 0x119c  Mcx2Svc - ok
13:05:10.0598 0x119c  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
13:05:10.0598 0x119c  megasas - ok
13:05:10.0613 0x119c  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
13:05:10.0613 0x119c  MegaSR - ok
13:05:10.0645 0x119c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
13:05:10.0645 0x119c  MMCSS - ok
13:05:10.0660 0x119c  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
13:05:10.0660 0x119c  Modem - ok
13:05:10.0676 0x119c  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:05:10.0691 0x119c  monitor - ok
13:05:10.0723 0x119c  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:05:10.0723 0x119c  mouclass - ok
13:05:10.0754 0x119c  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:05:10.0754 0x119c  mouhid - ok
13:05:10.0785 0x119c  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:05:10.0801 0x119c  mountmgr - ok
13:05:10.0837 0x119c  [ 6460D4A5C981567E74A7AC1349DE10F5, 9C16035B9A9BE3D7077851621E9BDED223B4C6A156562076957B49B9FCAB3A05 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
13:05:10.0844 0x119c  MpFilter - ok
13:05:10.0870 0x119c  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:05:10.0870 0x119c  mpio - ok
13:05:10.0995 0x119c  [ 65C34426C83EFA32D48380A97717997B, CD7EB6BFBB0BE382BA21055460D9A72323F09AF3194A22D8EDB28D5DB3BAE8E7 ] MpKsl3c31363c   c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{63EBE45D-A34C-4F55-9868-8072AAE79BA0}\MpKsl3c31363c.sys
13:05:10.0995 0x119c  MpKsl3c31363c - ok
13:05:11.0010 0x119c  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:05:11.0010 0x119c  mpsdrv - ok
13:05:11.0057 0x119c  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:05:11.0073 0x119c  MpsSvc - ok
13:05:11.0104 0x119c  [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:05:11.0104 0x119c  MRxDAV - ok
13:05:11.0135 0x119c  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:05:11.0135 0x119c  mrxsmb - ok
13:05:11.0151 0x119c  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:05:11.0151 0x119c  mrxsmb10 - ok
13:05:11.0166 0x119c  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:05:11.0166 0x119c  mrxsmb20 - ok
13:05:11.0197 0x119c  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:05:11.0197 0x119c  msahci - ok
13:05:11.0213 0x119c  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:05:11.0213 0x119c  msdsm - ok
13:05:11.0244 0x119c  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
13:05:11.0244 0x119c  MSDTC - ok
13:05:11.0260 0x119c  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:05:11.0275 0x119c  Msfs - ok
13:05:11.0291 0x119c  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:05:11.0291 0x119c  mshidkmdf - ok
13:05:11.0307 0x119c  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:05:11.0307 0x119c  msisadrv - ok
13:05:11.0322 0x119c  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:05:11.0338 0x119c  MSiSCSI - ok
13:05:11.0338 0x119c  msiserver - ok
13:05:11.0369 0x119c  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:05:11.0369 0x119c  MSKSSRV - ok
13:05:11.0416 0x119c  [ A4B109D057E15A438CE74E5B71187417, C91568C1AE2863218988D4D7A2B64041AB2C1EE2E9DF3720407FCE513ADA056F ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:05:11.0416 0x119c  MsMpSvc - ok
13:05:11.0431 0x119c  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:05:11.0431 0x119c  MSPCLOCK - ok
13:05:11.0447 0x119c  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:05:11.0447 0x119c  MSPQM - ok
13:05:11.0478 0x119c  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:05:11.0478 0x119c  MsRPC - ok
13:05:11.0494 0x119c  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
13:05:11.0494 0x119c  mssmbios - ok
13:05:11.0509 0x119c  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:05:11.0525 0x119c  MSTEE - ok
13:05:11.0525 0x119c  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
13:05:11.0541 0x119c  MTConfig - ok
13:05:11.0556 0x119c  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:05:11.0556 0x119c  Mup - ok
13:05:11.0587 0x119c  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
13:05:11.0619 0x119c  napagent - ok
13:05:11.0665 0x119c  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:05:11.0681 0x119c  NativeWifiP - ok
13:05:11.0743 0x119c  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:05:11.0775 0x119c  NDIS - ok
13:05:11.0790 0x119c  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:05:11.0790 0x119c  NdisCap - ok
13:05:11.0806 0x119c  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:05:11.0806 0x119c  NdisTapi - ok
13:05:11.0821 0x119c  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:05:11.0837 0x119c  Ndisuio - ok
13:05:11.0853 0x119c  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:05:11.0868 0x119c  NdisWan - ok
13:05:11.0899 0x119c  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:05:11.0899 0x119c  NDProxy - ok
13:05:11.0931 0x119c  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:05:11.0931 0x119c  NetBIOS - ok
13:05:11.0946 0x119c  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:05:11.0946 0x119c  NetBT - ok
13:05:11.0977 0x119c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon        C:\Windows\system32\lsass.exe
13:05:11.0977 0x119c  Netlogon - ok
13:05:12.0009 0x119c  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
13:05:12.0024 0x119c  Netman - ok
13:05:12.0055 0x119c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:05:12.0071 0x119c  NetMsmqActivator - ok
13:05:12.0087 0x119c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:05:12.0087 0x119c  NetPipeActivator - ok
13:05:12.0118 0x119c  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
13:05:12.0149 0x119c  netprofm - ok
13:05:12.0149 0x119c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:05:12.0165 0x119c  NetTcpActivator - ok
13:05:12.0165 0x119c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:05:12.0165 0x119c  NetTcpPortSharing - ok
13:05:12.0414 0x119c  [ 83553135AD346D247C482F1B8ACA921F, 84CB2B77782F5222B81497BB592D6E2AA8991DBB9AFE1CD9131CBA883E5A11A4 ] NETwNs32        C:\Windows\system32\DRIVERS\NETwNs32.sys
13:05:12.0555 0x119c  NETwNs32 - ok
13:05:12.0601 0x119c  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
13:05:12.0601 0x119c  nfrd960 - ok
13:05:12.0633 0x119c  [ 6A83B8AF342E61DEE353BAA81F67B7DA, F883A69DC57A203CEF4A264ADA3669EFA11149FE479A32FF38A37C86D24D7DE7 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:05:12.0633 0x119c  NisDrv - ok
13:05:12.0679 0x119c  [ 877C975D6FED8B12C445312D1286771E, 2FD5F2FE0414D00B8E4EF389E1AD11356C14F700A906770B0AB88B464D963948 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
13:05:12.0695 0x119c  NisSrv - ok
13:05:12.0773 0x119c  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:05:12.0789 0x119c  NlaSvc - ok
13:05:12.0820 0x119c  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:05:12.0835 0x119c  Npfs - ok
13:05:12.0851 0x119c  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
13:05:12.0867 0x119c  nsi - ok
13:05:12.0912 0x119c  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:05:12.0915 0x119c  nsiproxy - ok
13:05:12.0982 0x119c  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:05:13.0029 0x119c  Ntfs - ok
13:05:13.0045 0x119c  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
13:05:13.0045 0x119c  Null - ok
13:05:13.0076 0x119c  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:05:13.0076 0x119c  nvraid - ok
13:05:13.0091 0x119c  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:05:13.0091 0x119c  nvstor - ok
13:05:13.0123 0x119c  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:05:13.0123 0x119c  nv_agp - ok
13:05:13.0154 0x119c  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:05:13.0154 0x119c  ohci1394 - ok
13:05:13.0185 0x119c  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:05:13.0185 0x119c  ose - ok
13:05:13.0372 0x119c  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:05:13.0466 0x119c  osppsvc - ok
13:05:13.0497 0x119c  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:05:13.0513 0x119c  p2pimsvc - ok
13:05:13.0544 0x119c  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:05:13.0544 0x119c  p2psvc - ok
13:05:13.0559 0x119c  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
13:05:13.0559 0x119c  Parport - ok
13:05:13.0591 0x119c  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:05:13.0591 0x119c  partmgr - ok
13:05:13.0606 0x119c  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
13:05:13.0606 0x119c  Parvdm - ok
13:05:13.0637 0x119c  [ 3A55D53687F16D9EF5BF307BBFEFCD9C, F1BB1B43442B151686500768C43A4D20CAA47427E78386953A42DDB42D9DDF0C ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:05:13.0653 0x119c  PcaSvc - ok
13:05:13.0669 0x119c  pccsmcfd - ok
13:05:13.0700 0x119c  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
13:05:13.0700 0x119c  pci - ok
13:05:13.0747 0x119c  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:05:13.0747 0x119c  pciide - ok
13:05:13.0778 0x119c  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
13:05:13.0778 0x119c  pcmcia - ok
13:05:13.0809 0x119c  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:05:13.0809 0x119c  pcw - ok
13:05:13.0840 0x119c  [ 344D1FA0438A967F1A2BAA42C86D6E19, E9CB31CBD9075B84BA771CF82A4C3AB5BF57ADEA3E76ABE8FE36FEACFD681D89 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:05:13.0871 0x119c  PEAUTH - ok
13:05:13.0918 0x119c  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
13:05:13.0949 0x119c  PeerDistSvc - ok
13:05:14.0059 0x119c  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
13:05:14.0105 0x119c  pla - ok
13:05:14.0137 0x119c  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:05:14.0168 0x119c  PlugPlay - ok
13:05:14.0183 0x119c  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:05:14.0183 0x119c  PNRPAutoReg - ok
13:05:14.0199 0x119c  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:05:14.0215 0x119c  PNRPsvc - ok
13:05:14.0246 0x119c  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:05:14.0246 0x119c  PolicyAgent - ok
13:05:14.0277 0x119c  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
13:05:14.0293 0x119c  Power - ok
13:05:14.0308 0x119c  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:05:14.0308 0x119c  PptpMiniport - ok
13:05:14.0324 0x119c  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
13:05:14.0324 0x119c  Processor - ok
13:05:14.0355 0x119c  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:05:14.0371 0x119c  ProfSvc - ok
13:05:14.0386 0x119c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:05:14.0386 0x119c  ProtectedStorage - ok
13:05:14.0402 0x119c  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:05:14.0417 0x119c  Psched - ok
13:05:14.0480 0x119c  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
13:05:14.0511 0x119c  ql2300 - ok
13:05:14.0527 0x119c  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
13:05:14.0527 0x119c  ql40xx - ok
13:05:14.0558 0x119c  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
13:05:14.0573 0x119c  QWAVE - ok
13:05:14.0589 0x119c  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:05:14.0589 0x119c  QWAVEdrv - ok
13:05:14.0605 0x119c  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:05:14.0605 0x119c  RasAcd - ok
13:05:14.0636 0x119c  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:05:14.0651 0x119c  RasAgileVpn - ok
13:05:14.0667 0x119c  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
13:05:14.0683 0x119c  RasAuto - ok
13:05:14.0698 0x119c  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:05:14.0698 0x119c  Rasl2tp - ok
13:05:14.0729 0x119c  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
13:05:14.0745 0x119c  RasMan - ok
13:05:14.0761 0x119c  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:05:14.0761 0x119c  RasPppoe - ok
13:05:14.0776 0x119c  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:05:14.0792 0x119c  RasSstp - ok
13:05:14.0807 0x119c  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:05:14.0807 0x119c  rdbss - ok
13:05:14.0823 0x119c  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:05:14.0823 0x119c  rdpbus - ok
13:05:14.0854 0x119c  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:05:14.0854 0x119c  RDPCDD - ok
13:05:14.0870 0x119c  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
13:05:14.0885 0x119c  RDPDR - ok
13:05:14.0908 0x119c  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:05:14.0908 0x119c  RDPENCDD - ok
13:05:14.0924 0x119c  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:05:14.0924 0x119c  RDPREFMP - ok
13:05:15.0002 0x119c  [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:05:15.0018 0x119c  RdpVideoMiniport - ok
13:05:15.0049 0x119c  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:05:15.0064 0x119c  RDPWD - ok
13:05:15.0096 0x119c  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:05:15.0111 0x119c  rdyboost - ok
13:05:15.0158 0x119c  [ 03D281098CE722210C48E1E8CAFEA260, 371BFCAF8AC64F321C853DFDC172998F8649B6EBBE515AFBB67AB8D1AE27740C ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:05:15.0174 0x119c  RegSrvc - ok
13:05:15.0189 0x119c  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:05:15.0205 0x119c  RemoteAccess - ok
13:05:15.0236 0x119c  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:05:15.0236 0x119c  RemoteRegistry - ok
13:05:15.0267 0x119c  [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
13:05:15.0267 0x119c  RFCOMM - ok
13:05:15.0298 0x119c  [ E891F07815AF88075705EF6A248711F6, E21FEAD2A2E5A036B87A1C38F5190B507B76A59486FF9FD70890D2EF9BD03612 ] rimspci         C:\Windows\system32\DRIVERS\rimspe86.sys
13:05:15.0298 0x119c  rimspci - ok
13:05:15.0314 0x119c  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:05:15.0330 0x119c  RpcEptMapper - ok
13:05:15.0345 0x119c  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
13:05:15.0361 0x119c  RpcLocator - ok
13:05:15.0376 0x119c  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
13:05:15.0392 0x119c  RpcSs - ok
13:05:15.0408 0x119c  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:05:15.0408 0x119c  rspndr - ok
13:05:15.0439 0x119c  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
13:05:15.0439 0x119c  s3cap - ok
13:05:15.0454 0x119c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs           C:\Windows\system32\lsass.exe
13:05:15.0454 0x119c  SamSs - ok
13:05:15.0486 0x119c  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:05:15.0486 0x119c  sbp2port - ok
13:05:15.0501 0x119c  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:05:15.0517 0x119c  SCardSvr - ok
13:05:15.0548 0x119c  sccrhrce - ok
13:05:15.0579 0x119c  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:05:15.0579 0x119c  scfilter - ok
13:05:15.0642 0x119c  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
13:05:15.0673 0x119c  Schedule - ok
13:05:15.0688 0x119c  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:05:15.0688 0x119c  SCPolicySvc - ok
13:05:15.0704 0x119c  [ 0328BE1C7F1CBA23848179F8762E391C, EA80853F04BAE6F46F658B3EFED34BFDDE20E6F2BDA349EBC17EC75DFF19855D ] sdbus           C:\Windows\system32\drivers\sdbus.sys
13:05:15.0720 0x119c  sdbus - ok
13:05:15.0751 0x119c  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:05:15.0751 0x119c  SDRSVC - ok
13:05:15.0766 0x119c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:05:15.0766 0x119c  secdrv - ok
13:05:15.0782 0x119c  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
13:05:15.0798 0x119c  seclogon - ok
13:05:15.0798 0x119c  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
13:05:15.0813 0x119c  SENS - ok
13:05:15.0829 0x119c  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:05:15.0829 0x119c  SensrSvc - ok
13:05:15.0844 0x119c  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:05:15.0844 0x119c  Serenum - ok
13:05:15.0876 0x119c  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:05:15.0876 0x119c  Serial - ok
13:05:15.0891 0x119c  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
13:05:15.0891 0x119c  sermouse - ok
13:05:15.0922 0x119c  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:05:15.0938 0x119c  SessionEnv - ok
13:05:15.0969 0x119c  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:05:15.0985 0x119c  sffdisk - ok
13:05:15.0985 0x119c  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:05:15.0985 0x119c  sffp_mmc - ok
13:05:16.0000 0x119c  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:05:16.0000 0x119c  sffp_sd - ok
13:05:16.0016 0x119c  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
13:05:16.0016 0x119c  sfloppy - ok
13:05:16.0063 0x119c  [ F6C80D43D4724B0CCC29187B400654BF, 696D2D3873DEED1B13A889FADEDB6836FBA6E59EA26D0E2D61F123FE8FB040D5 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfswin7.sys
13:05:16.0078 0x119c  Sftfs - ok
13:05:16.0141 0x119c  [ 1AEBDC693C74EA55FE05D51FA6573EBC, 92E3A6C8D3B5193BD2831DD47C4C58419F72ABC2C21C71A9A690CCFC2D05CBB0 ] sftlist         C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
13:05:16.0156 0x119c  sftlist - ok
13:05:16.0188 0x119c  [ 77D865B6272A650CF161DC85F037CE2D, DC303C3F216DDB017F3BC5409F0E643F065C165CD167E2DC15EF82DD0C140136 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaywin7.sys
13:05:16.0203 0x119c  Sftplay - ok
13:05:16.0203 0x119c  [ E00EE27741059EADCAD73C623193B547, 1592AC3B016615CAE259D64F6C550D3D153008D65B7B8F829AFD1296F7115A98 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirwin7.sys
13:05:16.0203 0x119c  Sftredir - ok
13:05:16.0234 0x119c  [ 8A96436B4D19C2A17EEB4C4EA648C055, 071C9CA7D540B384D532DCD29013B41EB55EE0520CFB0B1F6E11F99760039832 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvolwin7.sys
13:05:16.0234 0x119c  Sftvol - ok
13:05:16.0250 0x119c  [ 19D34534176E62F35DDB7DC7B7FF2A87, DBBB9155B62482E4782E5302193586514880734BD3617FDCB51798EB404758D6 ] sftvsa          C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
13:05:16.0250 0x119c  sftvsa - ok
13:05:16.0281 0x119c  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:05:16.0297 0x119c  SharedAccess - ok
13:05:16.0312 0x119c  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:05:16.0328 0x119c  ShellHWDetection - ok
13:05:16.0344 0x119c  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
13:05:16.0344 0x119c  sisagp - ok
13:05:16.0359 0x119c  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:05:16.0359 0x119c  SiSRaid2 - ok
13:05:16.0390 0x119c  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
13:05:16.0390 0x119c  SiSRaid4 - ok
13:05:16.0422 0x119c  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:05:16.0437 0x119c  Smb - ok
13:05:16.0484 0x119c  [ 3C4A61CCB2CF32ED6E09F559B4ADB6CF, DF499E3C6311349167A2D90F0B6AEC189B5BCFB9E4DE3DBE8F0E64BCBF5DBFF9 ] smihlp          C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
13:05:16.0484 0x119c  smihlp - ok
13:05:16.0515 0x119c  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:05:16.0515 0x119c  SNMPTRAP - ok
13:05:16.0531 0x119c  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:05:16.0531 0x119c  spldr - ok
13:05:16.0593 0x119c  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
13:05:16.0609 0x119c  Spooler - ok
13:05:16.0780 0x119c  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
13:05:16.0843 0x119c  sppsvc - ok
13:05:16.0874 0x119c  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:05:16.0874 0x119c  sppuinotify - ok
13:05:16.0913 0x119c  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:05:16.0913 0x119c  srv - ok
13:05:16.0928 0x119c  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:05:16.0944 0x119c  srv2 - ok
13:05:16.0975 0x119c  [ E00FDFAFF025E94F9821153750C35A6D, 6ECDC5F314A29B859B0DCB7FF114CACE0718612556299B16412C21F9539DC9B5 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL3.SYS
13:05:16.0975 0x119c  SrvHsfHDA - ok
13:05:17.0022 0x119c  [ CEB4E3B6890E1E42DCA6694D9E59E1A0, 00D841690A88F1051A238F67AACCE905E8A59C86070F215A8D31FA3E68C6BF35 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV3.SYS
13:05:17.0038 0x119c  SrvHsfV92 - ok
13:05:17.0100 0x119c  [ BC0C7EA89194C299F051C24119000E17, F5FB21F7AD7370F3D5DF7C23F33118ECF19865B995AF12E9A8A8D893E7E6264F ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
13:05:17.0116 0x119c  SrvHsfWinac - ok
13:05:17.0131 0x119c  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:05:17.0131 0x119c  srvnet - ok
13:05:17.0162 0x119c  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:05:17.0162 0x119c  SSDPSRV - ok
13:05:17.0178 0x119c  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:05:17.0178 0x119c  SstpSvc - ok
13:05:17.0272 0x119c  [ CC7ED069C2FC82B5B1555C2044C765CC, CE43363544A3EE2C5133CD0D47BF34AFAFA4EAD6AC9EB9A772EE55E89D4D89D4 ] Steam Client Service C:\Program Files\Common Files\Steam\SteamService.exe
13:05:17.0287 0x119c  Steam Client Service - ok
13:05:17.0303 0x119c  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
13:05:17.0303 0x119c  stexstor - ok
13:05:17.0334 0x119c  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
13:05:17.0350 0x119c  StiSvc - ok
13:05:17.0365 0x119c  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
13:05:17.0365 0x119c  storflt - ok
13:05:17.0381 0x119c  [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc         C:\Windows\system32\storsvc.dll
13:05:17.0396 0x119c  StorSvc - ok
13:05:17.0412 0x119c  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
13:05:17.0428 0x119c  storvsc - ok
13:05:17.0443 0x119c  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
13:05:17.0443 0x119c  swenum - ok
13:05:17.0474 0x119c  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
13:05:17.0490 0x119c  swprv - ok
13:05:17.0568 0x119c  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
13:05:17.0599 0x119c  SysMain - ok
13:05:17.0615 0x119c  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
13:05:17.0630 0x119c  TabletInputService - ok
13:05:17.0646 0x119c  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:05:17.0662 0x119c  TapiSrv - ok
13:05:17.0677 0x119c  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
13:05:17.0693 0x119c  TBS - ok
13:05:17.0755 0x119c  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:05:17.0771 0x119c  Tcpip - ok
13:05:17.0833 0x119c  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:05:17.0864 0x119c  TCPIP6 - ok
13:05:17.0896 0x119c  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:05:17.0896 0x119c  tcpipreg - ok
13:05:17.0911 0x119c  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:05:17.0911 0x119c  TDPIPE - ok
13:05:17.0927 0x119c  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:05:17.0927 0x119c  TDTCP - ok
13:05:17.0958 0x119c  [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:05:17.0958 0x119c  tdx - ok
13:05:17.0958 0x119c  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
13:05:17.0958 0x119c  TermDD - ok
13:05:18.0005 0x119c  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\Windows\System32\termsrv.dll
13:05:18.0020 0x119c  TermService - ok
13:05:18.0036 0x119c  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
13:05:18.0036 0x119c  Themes - ok
13:05:18.0052 0x119c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
13:05:18.0052 0x119c  THREADORDER - ok
13:05:18.0067 0x119c  [ 5AD05191DC8B444A7BA4D79B76C42A30, 6166E939A5A240388EBA5AF7FF335DC413F2BBCF74C2E1D310F4BE2A5454A610 ] TPM             C:\Windows\system32\drivers\tpm.sys
13:05:18.0067 0x119c  TPM - ok
13:05:18.0098 0x119c  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
13:05:18.0114 0x119c  TrkWks - ok
13:05:18.0161 0x119c  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:05:18.0176 0x119c  TrustedInstaller - ok
13:05:18.0192 0x119c  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:05:18.0208 0x119c  tssecsrv - ok
13:05:18.0223 0x119c  [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:05:18.0223 0x119c  TsUsbFlt - ok
13:05:18.0254 0x119c  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:05:18.0270 0x119c  tunnel - ok
13:05:18.0286 0x119c  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
13:05:18.0301 0x119c  uagp35 - ok
13:05:18.0332 0x119c  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:05:18.0332 0x119c  udfs - ok
13:05:18.0364 0x119c  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:05:18.0364 0x119c  UI0Detect - ok
13:05:18.0379 0x119c  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:05:18.0395 0x119c  uliagpkx - ok
13:05:18.0410 0x119c  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:05:18.0410 0x119c  umbus - ok
13:05:18.0426 0x119c  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
13:05:18.0426 0x119c  UmPass - ok
13:05:18.0457 0x119c  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
13:05:18.0473 0x119c  UmRdpService - ok
13:05:18.0629 0x119c  [ 2B971A72C0D6BD8A710E2748353773DD, 7EB100F9253B91A7A088582A80634248EE624091AA62881CFE53C41B3099E275 ] UNS             C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
13:05:18.0676 0x119c  UNS - ok
13:05:18.0707 0x119c  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
13:05:18.0722 0x119c  upnphost - ok
13:05:18.0754 0x119c  [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
13:05:18.0754 0x119c  usbaudio - ok
13:05:18.0785 0x119c  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:05:18.0785 0x119c  usbccgp - ok
13:05:18.0800 0x119c  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:05:18.0800 0x119c  usbcir - ok
13:05:18.0832 0x119c  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:05:18.0832 0x119c  usbehci - ok
13:05:18.0847 0x119c  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:05:18.0847 0x119c  usbhub - ok
13:05:18.0863 0x119c  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:05:18.0863 0x119c  usbohci - ok
13:05:18.0878 0x119c  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:05:18.0894 0x119c  usbprint - ok
13:05:18.0933 0x119c  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
13:05:18.0933 0x119c  usbscan - ok
13:05:18.0964 0x119c  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:05:18.0964 0x119c  USBSTOR - ok
13:05:18.0979 0x119c  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:05:18.0995 0x119c  usbuhci - ok
13:05:19.0026 0x119c  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
13:05:19.0026 0x119c  usbvideo - ok
13:05:19.0042 0x119c  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
13:05:19.0042 0x119c  UxSms - ok
13:05:19.0057 0x119c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc        C:\Windows\system32\lsass.exe
13:05:19.0057 0x119c  VaultSvc - ok
13:05:19.0073 0x119c  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:05:19.0073 0x119c  vdrvroot - ok
13:05:19.0104 0x119c  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
13:05:19.0120 0x119c  vds - ok
13:05:19.0120 0x119c  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:05:19.0135 0x119c  vga - ok
13:05:19.0135 0x119c  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:05:19.0135 0x119c  VgaSave - ok
13:05:19.0167 0x119c  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:05:19.0167 0x119c  vhdmp - ok
13:05:19.0182 0x119c  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
13:05:19.0198 0x119c  viaagp - ok
13:05:19.0213 0x119c  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
13:05:19.0213 0x119c  ViaC7 - ok
13:05:19.0229 0x119c  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:05:19.0229 0x119c  viaide - ok
13:05:19.0245 0x119c  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
13:05:19.0260 0x119c  vmbus - ok
13:05:19.0276 0x119c  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
13:05:19.0276 0x119c  VMBusHID - ok
13:05:19.0291 0x119c  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:05:19.0307 0x119c  volmgr - ok
13:05:19.0338 0x119c  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:05:19.0338 0x119c  volmgrx - ok
13:05:19.0369 0x119c  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:05:19.0385 0x119c  volsnap - ok
13:05:19.0432 0x119c  [ 8AEDAF658E36A863DDAA06A79FADECB0, 918495589C2593885F14257CAC7900B959F719331D5DD218A8DCC38F380B1A53 ] Vsdatant        C:\Windows\system32\DRIVERS\vsdatant.sys
13:05:19.0447 0x119c  Vsdatant - ok
13:05:19.0635 0x119c  [ 21D22AC9B8B33AF6EEEBDB10D1661C37, 56C7A8E5C3084163342A433FD20DE8E9931C1C293B49C0F9CD9C8F45A56D135B ] vsmon           C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
13:05:19.0697 0x119c  vsmon - ok
13:05:19.0728 0x119c  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
13:05:19.0728 0x119c  vsmraid - ok
13:05:19.0775 0x119c  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
13:05:19.0806 0x119c  VSS - ok
13:05:19.0822 0x119c  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
13:05:19.0822 0x119c  vwifibus - ok
13:05:19.0853 0x119c  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:05:19.0853 0x119c  vwififlt - ok
13:05:19.0900 0x119c  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
13:05:19.0931 0x119c  W32Time - ok
13:05:19.0978 0x119c  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
13:05:19.0978 0x119c  WacomPen - ok
13:05:20.0009 0x119c  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:05:20.0009 0x119c  WANARP - ok
13:05:20.0025 0x119c  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:05:20.0025 0x119c  Wanarpv6 - ok
13:05:20.0087 0x119c  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
13:05:20.0118 0x119c  wbengine - ok
13:05:20.0134 0x119c  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:05:20.0149 0x119c  WbioSrvc - ok
13:05:20.0165 0x119c  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:05:20.0181 0x119c  wcncsvc - ok
13:05:20.0196 0x119c  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:05:20.0196 0x119c  WcsPlugInService - ok
13:05:20.0212 0x119c  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
13:05:20.0212 0x119c  Wd - ok
13:05:20.0259 0x119c  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:05:20.0274 0x119c  Wdf01000 - ok
13:05:20.0290 0x119c  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:05:20.0305 0x119c  WdiServiceHost - ok
13:05:20.0305 0x119c  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:05:20.0321 0x119c  WdiSystemHost - ok
13:05:20.0352 0x119c  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
13:05:20.0352 0x119c  WebClient - ok
13:05:20.0383 0x119c  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:05:20.0383 0x119c  Wecsvc - ok
13:05:20.0399 0x119c  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:05:20.0415 0x119c  wercplsupport - ok
13:05:20.0430 0x119c  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
13:05:20.0430 0x119c  WerSvc - ok
13:05:20.0461 0x119c  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:05:20.0461 0x119c  WfpLwf - ok
13:05:20.0477 0x119c  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:05:20.0477 0x119c  WIMMount - ok
13:05:20.0539 0x119c  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
13:05:20.0571 0x119c  WinDefend - ok
13:05:20.0586 0x119c  WinHttpAutoProxySvc - ok
13:05:20.0649 0x119c  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:05:20.0649 0x119c  Winmgmt - ok
13:05:20.0727 0x119c  [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:05:20.0758 0x119c  WinRM - ok
13:05:20.0773 0x119c  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
13:05:20.0789 0x119c  WinUsb - ok
13:05:20.0836 0x119c  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:05:20.0867 0x119c  Wlansvc - ok
13:05:20.0883 0x119c  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:05:20.0883 0x119c  WmiAcpi - ok
13:05:20.0898 0x119c  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:05:20.0914 0x119c  wmiApSrv - ok
13:05:20.0997 0x119c  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
13:05:21.0028 0x119c  WMPNetworkSvc - ok
13:05:21.0106 0x119c  [ 017695393AFFFED8DE58ABD1B085BE6D, 447D65499426A745A85289F3EB7CABBC0CC64D2C6B60D612ED34885CFF94B765 ] WMZuneComm      C:\Users\user\Music\WMZuneComm.exe
13:05:21.0122 0x119c  WMZuneComm - ok
13:05:21.0137 0x119c  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:05:21.0153 0x119c  WPCSvc - ok
13:05:21.0168 0x119c  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:05:21.0184 0x119c  WPDBusEnum - ok
13:05:21.0215 0x119c  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:05:21.0215 0x119c  ws2ifsl - ok
13:05:21.0231 0x119c  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
13:05:21.0231 0x119c  wscsvc - ok
13:05:21.0231 0x119c  WSearch - ok
13:05:21.0340 0x119c  [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv        C:\Windows\system32\wuaueng.dll
13:05:21.0387 0x119c  wuauserv - ok
13:05:21.0465 0x119c  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:05:21.0465 0x119c  WudfPf - ok
13:05:21.0480 0x119c  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:05:21.0496 0x119c  WUDFRd - ok
13:05:21.0527 0x119c  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:05:21.0527 0x119c  wudfsvc - ok
13:05:21.0558 0x119c  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:05:21.0574 0x119c  WwanSvc - ok
13:05:21.0605 0x119c  [ CEC8ED565F3663F0B8A862561BF08D79, FDDBEDC79C7061B20AA450BB3D09EDADEDD5F531D8EA100BBF542A63BDFCE593 ] ZAPrivacyService C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe
13:05:21.0621 0x119c  ZAPrivacyService - ok
13:05:21.0870 0x119c  [ 1076DF9ADE4E13EA3BF39D2165AEB903, 2CC94E658D02A97D8C02D7748F30A87AD16005720EBE29B7D55B80012BBA63A2 ] ZuneNetworkSvc  C:\Users\user\Music\ZuneNss.exe
13:05:21.0995 0x119c  ZuneNetworkSvc - ok
13:05:22.0042 0x119c  [ DE1CDB333A402B279F04D627122FA08E, 4ACBC70BBF67F1DE4375543EE3F0D08C9FFCE6736A437E8B237D593F00DD3888 ] ZuneWlanCfgSvc  C:\Users\user\Music\ZuneWlanCfgSvc.exe
13:05:22.0058 0x119c  ZuneWlanCfgSvc - ok
13:05:22.0073 0x119c  ================ Scan global ===============================
13:05:22.0089 0x119c  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
13:05:22.0120 0x119c  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
13:05:22.0151 0x119c  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
13:05:22.0214 0x119c  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
13:05:22.0276 0x119c  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
13:05:22.0292 0x119c  [ Global ] - ok
13:05:22.0292 0x119c  ================ Scan MBR ==================================
13:05:22.0292 0x119c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:05:22.0619 0x119c  \Device\Harddisk0\DR0 - ok
13:05:22.0619 0x119c  [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR1
13:05:22.0635 0x119c  \Device\Harddisk1\DR1 - ok
13:05:22.0635 0x119c  ================ Scan VBR ==================================
13:05:22.0635 0x119c  [ 22E95BA54A8F2EFB6944FC6EE3D85EB3 ] \Device\Harddisk0\DR0\Partition1
13:05:22.0635 0x119c  \Device\Harddisk0\DR0\Partition1 - ok
13:05:22.0635 0x119c  [ A9F0069B1A479B496CF8E4112A2C25AA ] \Device\Harddisk0\DR0\Partition2
13:05:22.0635 0x119c  \Device\Harddisk0\DR0\Partition2 - ok
13:05:22.0650 0x119c  [ 8947165DC239928A242A4C6D9110F855 ] \Device\Harddisk1\DR1\Partition1
13:05:22.0650 0x119c  \Device\Harddisk1\DR1\Partition1 - ok
13:05:22.0650 0x119c  ================ Scan generic autorun ======================
13:05:22.0682 0x119c  [ 754562B05B01CFB5E682E293CAF47C79, 52DEB142F5EC336814DD0CF4C704D0E9D6803DB89267811DEF0861F5D3362B18 ] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
13:05:22.0682 0x119c  IMSS - ok
13:05:22.0713 0x119c  [ 85C9C46AE507AE5779D1C1D3AE3B24D7, 00CD9DC8F02C713EB651AE3C9352B7DAD8D948CB0FFD12098BC09A2E15A4ABD2 ] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe
13:05:22.0713 0x119c  PSQLLauncher - ok
13:05:22.0744 0x119c  [ BA59761B013B65B6DB008EA19A557B42, 641E5A4B836CC0FE35B836CBA6ADA79729558137C9D404BEDD221D13833E40A9 ] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
13:05:22.0744 0x119c  ZoneAlarm - ok
13:05:22.0760 0x119c  [ F5ECF788D4C3A56D15CAFF9667EC81B2, 7FA8604DD8B09D3C45E609B6A8328D0002A31C80869F4B9377751286880D0568 ] C:\Windows\system32\igfxtray.exe
13:05:22.0775 0x119c  IgfxTray - ok
13:05:22.0791 0x119c  [ 3BBBD36C5D935F3A63CC7D171E563331, 0BA9A8FC68E774F94E99F480344F10AF3C25B95AA14AE297FA00D131B72DCA27 ] C:\Windows\system32\hkcmd.exe
13:05:22.0791 0x119c  HotKeysCmds - ok
13:05:22.0806 0x119c  [ 01F4EFC92FFBD083B13D66D7FBB83405, 01B0F44247299FA714FD4E776BD3472BFF51C701876AC3B916C1AE44F6DAF57A ] C:\Windows\system32\igfxpers.exe
13:05:22.0806 0x119c  Persistence - ok
13:05:22.0869 0x119c  [ E279E55C0D5F5DA2E1FD268EBD12F268, 06C40AF999881699DD9B73440D2ED48F404864C3FB8FF7B36560759892CAAA12 ] c:\Program Files\Microsoft Security Client\msseces.exe
13:05:22.0884 0x119c  MSC - ok
13:05:22.0900 0x119c  [ 5BD2DA256A68E99622D6968330DCC461, BE001E893815CA2EEF5002DC797CFD5E689E8C6A114BB7150010E80ABDA0AD4A ] C:\Users\user\Music\ZuneLauncher.exe
13:05:22.0916 0x119c  Zune Launcher - ok
13:05:23.0186 0x119c  [ 312C7978F0A42DB0475CE31D884DCE88, 53DBEF2473F39754BB1BC352DB9A32607FD3A2E2DC5E7AA6AE821CABEC00CCD1 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
13:05:23.0279 0x119c  AvastUI.exe - ok
13:05:23.0357 0x119c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
13:05:23.0389 0x119c  Sidebar - ok
13:05:23.0420 0x119c  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
13:05:23.0420 0x119c  mctadmin - ok
13:05:23.0451 0x119c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
13:05:23.0482 0x119c  Sidebar - ok
13:05:23.0482 0x119c  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
13:05:23.0498 0x119c  mctadmin - ok
13:05:23.0716 0x119c  [ BE54A0470CD100BA08F051303675797C, 1E6050AE2C7A0889232ED6E57DF077C5D6108DD3EFD2A1B760F6CD53909506CC ] C:\Program Files\Driver Support\Driver Support\DriverSupport.exe
13:05:23.0825 0x119c  Driver Support - ok
13:05:24.0044 0x119c  [ 947835240308F523C9D980C89D35E76D, AC170D4185B7083E0433F21427C4D6EC4951958DCBE07CEC82515783E69B2646 ] C:\Program Files\CCleaner\CCleaner.exe
13:05:24.0137 0x119c  CCleaner Monitoring - ok
13:05:24.0137 0x119c  Waiting for KSN requests completion. In queue: 377
13:05:25.0143 0x119c  Waiting for KSN requests completion. In queue: 377
13:05:26.0157 0x119c  Waiting for KSN requests completion. In queue: 377
13:05:27.0163 0x119c  Waiting for KSN requests completion. In queue: 377
13:05:28.0177 0x119c  Waiting for KSN requests completion. In queue: 377
13:05:29.0183 0x119c  Waiting for KSN requests completion. In queue: 377
13:05:30.0197 0x119c  Waiting for KSN requests completion. In queue: 377
13:05:31.0203 0x119c  Waiting for KSN requests completion. In queue: 377
13:05:32.0217 0x119c  Waiting for KSN requests completion. In queue: 377
13:05:33.0228 0x119c  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )
13:05:33.0275 0x119c  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x42000 ( disabled : updated )
13:05:33.0337 0x119c  AV detected via SS2: ZoneAlarm Antivirus, C:\Program Files\CheckPoint\ZoneAlarm\\MultiFix.exe ( 13.3.209.0 ), 0x40000 ( disabled : updated )
13:05:33.0353 0x119c  FW detected via SS2: ZoneAlarm Firewall, C:\Program Files\CheckPoint\ZoneAlarm\\MultiFix.exe ( 13.3.209.0 ), 0x41010 ( enabled )
13:05:35.0856 0x119c  ============================================================
13:05:35.0856 0x119c  Scan finished
13:05:35.0856 0x119c  ============================================================
13:05:35.0856 0x15d4  Detected object count: 0
13:05:35.0856 0x15d4  Actual detected object count: 0
13:06:13.0398 0x1740  Deinitialize success



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:24 AM

Posted 19 January 2015 - 08:21 AM

Did you install this software?

 

 

Driver Support


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 ukman98

ukman98
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 19 January 2015 - 08:22 AM

I think so - when I bought this laptop (2nd hand via ebay), the drivers seemed to be out of date .... and I think I used this programme to detect more up-to-date ones.



#8 ukman98

ukman98
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 19 January 2015 - 08:25 AM

Also just to add that laptop at the moment seems to be running much faster again - but previously I had lots of problems .... 



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:24 AM

Posted 19 January 2015 - 08:26 AM

You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.

  • The logs can be found here:

-- XP: C:\Documents and Settings\\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd


  • Zip any and all of these logs and attach the file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 ukman98

ukman98
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 19 January 2015 - 08:43 AM

It was only one item: PUP.Optional.Astromenda

 

For some reason I could not find the Log file in the folder - I could find the logs though through the programme itself and scans over last month keep finding this particular item only. 


Edited by ukman98, 19 January 2015 - 08:47 AM.


#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:24 AM

Posted 19 January 2015 - 08:56 AM

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.


A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

 

 

 

System File Check

For Windows XP:

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.


For Windows Vista/7:

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"



Within the opening window, write the following:

sfc /scannow
(See the blank within).


  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 ukman98

ukman98
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 19 January 2015 - 11:16 AM

I've been running the disk check for the last 2 hours and it seems to be stuck .... but you did say that might happen. Should I just wait?

 

Edit: it's been stuck at the same point now for over 1 hour .... do I force a restart? And then what?

 

Re-edit: I forced a restart after it was stuck on same message (at 14%) for over 2 hours .... got back to 14% in about 5 minutes, so let's hope it keeps going this time. 

 

Update: it got stuck at 14% again .... been stuck now for about 4 hours .... 


Edited by ukman98, 19 January 2015 - 05:22 PM.


#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:24 AM

Posted 20 January 2015 - 06:28 AM

Please have a look to your windows event logs as described and post up the messages.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 ukman98

ukman98
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 20 January 2015 - 03:50 PM

Please have a look to your windows event logs as described and post up the messages.

 

It's still running - over 24 hours later .... it's still at 14% but it is moving forward, albeit very slowly. I'll let it run overnight and see if it finishes by tomorrow and then post logs. 



#15 ukman98

ukman98
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 21 January 2015 - 03:52 AM

It finally finished and now there is a major error message, entitled 'Windows Boot Manager':

 

Windows failed to start. A recent hardware or software change might be the cause. To fix the problem:

 

1. Insert your Windows installation disc and restart your computer.

 

Big problem - I bought this laptop on ebay with a legitimate Windows 7 installation, but no installation disc. Help!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users