Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random character DLL CLSID


  • This topic is locked This topic is locked
16 replies to this topic

#1 sgfc

sgfc

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 PM

Posted 26 March 2015 - 07:46 AM

I use CCleaner's Registry Cleaner and it keeps showing me a random character DLL that is selected for deletion. Because the actual DLL file is deleted or missing. The CLSID stays the same each time but the DLL name changes each time. I am concerned that this might be a virus.

 

This is what CCleaner shows me;

ActiveX/COM Issue    InProcServer32\%SystemRoot%\SysWow64\poklcrfjgp.dll    HKCR\CLSID\{3798FCE4-426F-C256-500A-35A34FBF273C}

 

The bolded part is what keeps changing each time. I've looked into my registry and this entry does appear there.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by name (administrator) on AMDFXWIN8 on 26-03-2015 07:09:09
Running from C:\Users\name\Desktop
Loaded Profiles: name (Available profiles: name)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-03-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1497896480-3515547300-4059256532-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [132608 2014-10-28] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Camera Monitor HD.lnk
ShortcutTarget: Camera Monitor HD.lnk -> C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe (PIXELA CORPORATION)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1497896480-3515547300-4059256532-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
SearchScopes: HKU\S-1-5-21-1497896480-3515547300-4059256532-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NS&chn=retail&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.1.0.9\coIEPlg.dll [2014-12-05] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-12] (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-12] (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\coIEPlg.dll [2014-12-05] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-12] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-12] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.1.0.9\coIEPlg.dll [2014-12-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\coIEPlg.dll [2014-12-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1497896480-3515547300-4059256532-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.1.0.9\coIEPlg.dll [2014-12-05] (Symantec Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.199

FireFox:
========
FF ProfilePath: C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\8lg42ub4.default
FF Homepage: https://www.google.ca
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-12] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-12] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-12] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Extension: Flashblock - C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\8lg42ub4.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-03-20]
FF Extension: Tweak Network - C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\8lg42ub4.default\Extensions\{DAD0F81A-CF67-4eed-98D6-26F6E47274CA} [2015-03-20]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\8lg42ub4.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-03-20]
FF Extension: Flagfox - C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\8lg42ub4.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2015-03-20]
FF Extension: SmoothWheel (mozdev.org) - C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\8lg42ub4.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2015-03-20]
FF Extension: Adblock Plus - C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\8lg42ub4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-20]
FF Extension: Greasemonkey - C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\8lg42ub4.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-03-20]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-12-17]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFPlgn [2015-03-26]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\Exts\Chrome.crx [2015-02-21]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\Exts\Chrome.crx [2015-02-21]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-06-02] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-03-13] (NVIDIA Corporation)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed]
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe [282528 2014-12-10] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-03-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-03-13] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2008-07-18] (Hewlett-Packard) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [1622744 2015-02-03] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1601000.009\ccSetx64.sys [165080 2014-09-09] (Symantec Corporation)
R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows ® Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows ® Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-11-25] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\IPSDefs\20150324.005\IDSvia64.sys [671448 2015-03-25] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150325.017\ENG64.SYS [129752 2014-11-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150325.017\EX64.SYS [2137304 2014-11-15] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-02-05] (NVIDIA Corporation)
R3 SRTSP; C:\Windows\system32\drivers\NSx64\1601000.009\SRTSP64.SYS [914648 2014-12-02] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1601000.009\SRTSPX64.SYS [42200 2014-12-02] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NSx64\1601000.009\SYMDS64.SYS [490712 2014-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NSx64\1601000.009\SYMEFA64.SYS [1151704 2014-09-09] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\1601000.009\SymELAM.sys [23568 2014-09-09] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [102616 2015-02-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1601000.009\Ironx64.SYS [271576 2014-09-09] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NSx64\1601000.009\SYMNETS.SYS [565464 2014-09-09] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-26 07:09 - 2015-03-26 07:09 - 00016985 _____ () C:\Users\name\Desktop\FRST.txt
2015-03-26 07:08 - 2015-03-26 07:09 - 00000000 ____D () C:\FRST
2015-03-26 07:07 - 2015-03-26 07:07 - 02095616 _____ (Farbar) C:\Users\name\Desktop\FRST64.exe
2015-03-26 06:39 - 2015-03-26 06:39 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-20 16:56 - 2015-03-25 23:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-20 16:56 - 2015-03-20 16:56 - 00001163 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-20 16:56 - 2015-03-20 16:56 - 00000000 ____D () C:\Users\name\AppData\Roaming\Mozilla
2015-03-20 16:56 - 2015-03-20 16:56 - 00000000 ____D () C:\Users\name\AppData\Local\Mozilla
2015-03-19 14:52 - 2015-03-19 14:52 - 00000000 ____D () C:\Users\name\AppData\Local\NVIDIA Corporation
2015-03-19 14:52 - 2015-03-19 14:52 - 00000000 ____D () C:\Users\name\AppData\Local\NVIDIA
2015-03-19 14:51 - 2015-03-19 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-19 14:51 - 2015-03-19 14:51 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-03-19 14:51 - 2015-03-13 14:41 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-03-19 14:51 - 2015-03-13 14:41 - 01514528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-03-19 14:51 - 2015-03-13 14:41 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-03-19 14:51 - 2015-03-13 14:41 - 01278920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-03-19 14:50 - 2015-03-26 05:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-19 14:50 - 2015-03-19 14:51 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-03-19 14:50 - 2015-03-19 14:51 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-19 14:50 - 2015-03-13 14:41 - 32114888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 25460880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 24775368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 20466376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 18580512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 17258024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 16022016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 14121624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 13297144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 13210080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 10775080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 10715864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 10262160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-03-19 14:50 - 2015-03-13 14:41 - 03611792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 03303448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 03249352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 02906928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 01896136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434788.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434788.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 01540240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 00997856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 00970384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 00944784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 00930448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 00909512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 00878328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 00833680 _____ () C:\WINDOWS\system32\nvmcumd.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 00354112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 00306208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 00178512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 00164568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 00073872 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 00060560 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-03-19 14:50 - 2015-03-13 14:41 - 00027441 _____ () C:\WINDOWS\system32\nvinfo.pb
2015-03-19 14:50 - 2015-03-13 11:16 - 06861968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-03-19 14:50 - 2015-03-13 11:16 - 03526856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-03-19 14:50 - 2015-03-13 11:16 - 02559808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-03-19 14:50 - 2015-03-13 11:16 - 00935056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-03-19 14:50 - 2015-03-13 11:16 - 00386248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-03-19 14:50 - 2015-03-13 11:16 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-03-19 14:50 - 2015-03-13 10:38 - 00622224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-03-19 14:50 - 2015-03-11 08:10 - 04246327 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-03-19 14:49 - 2015-03-19 14:51 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-12 14:42 - 2015-03-12 14:42 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-03-12 14:42 - 2015-03-12 14:42 - 00000000 ____D () C:\Program Files\Java
2015-03-12 14:42 - 2015-03-12 14:41 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-03-12 14:41 - 2015-03-12 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-12 14:41 - 2015-03-12 14:41 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-12 14:35 - 2015-03-12 14:35 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe
2015-03-12 14:34 - 2015-03-12 14:34 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-03-12 14:34 - 2015-03-12 14:34 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-03-10 12:18 - 2015-03-05 21:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-10 12:18 - 2015-03-05 21:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-10 12:18 - 2015-02-25 18:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-10 12:18 - 2015-02-20 20:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-10 12:18 - 2015-02-20 19:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-10 12:18 - 2015-02-20 19:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-10 12:18 - 2015-02-20 19:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-10 12:18 - 2015-02-20 19:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-10 12:18 - 2015-02-20 18:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-10 12:18 - 2015-02-20 18:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-10 12:18 - 2015-02-19 22:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-10 12:18 - 2015-02-19 21:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-10 12:18 - 2015-02-19 21:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-10 12:18 - 2015-02-19 21:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-10 12:18 - 2015-02-19 21:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-10 12:18 - 2015-02-19 21:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-10 12:18 - 2015-02-19 21:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-10 12:18 - 2015-02-19 21:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-10 12:18 - 2015-02-19 21:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-10 12:18 - 2015-02-19 21:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-10 12:18 - 2015-02-19 21:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-10 12:18 - 2015-02-19 21:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-10 12:18 - 2015-02-19 21:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-10 12:18 - 2015-02-19 21:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-10 12:18 - 2015-02-19 21:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-10 12:18 - 2015-02-19 20:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-10 12:18 - 2015-02-19 20:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-10 12:18 - 2015-02-19 20:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-10 12:18 - 2015-02-19 20:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-10 12:18 - 2015-02-19 20:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-10 12:18 - 2015-02-19 20:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-10 12:18 - 2015-02-19 20:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-10 12:18 - 2015-02-19 20:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-10 12:18 - 2015-02-19 20:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-10 12:18 - 2015-02-19 20:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-10 12:18 - 2015-02-19 20:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-10 12:18 - 2015-02-19 20:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-10 12:18 - 2015-02-19 20:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-10 12:18 - 2015-02-19 20:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-10 12:18 - 2015-02-19 20:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-10 12:18 - 2015-02-19 20:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-10 12:18 - 2015-02-19 20:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-10 12:18 - 2015-02-19 19:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-10 12:18 - 2015-02-19 19:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-10 12:18 - 2015-02-12 12:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-10 12:18 - 2015-02-12 12:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-10 12:18 - 2015-02-06 18:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-10 12:18 - 2015-02-05 20:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-03-10 12:18 - 2015-02-05 20:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-03-10 12:18 - 2015-02-05 15:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-10 12:18 - 2015-02-03 18:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-10 12:18 - 2015-02-03 18:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-10 12:18 - 2015-02-03 18:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-10 12:18 - 2015-02-02 19:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-10 12:18 - 2015-02-02 19:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-03-10 12:18 - 2015-02-02 18:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-10 12:18 - 2015-02-02 18:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-10 12:18 - 2015-01-30 18:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-03-10 12:18 - 2015-01-30 18:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-03-10 12:18 - 2015-01-30 18:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-10 12:18 - 2015-01-29 22:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-10 12:18 - 2015-01-29 21:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-03-10 12:18 - 2015-01-29 21:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-03-10 12:18 - 2015-01-29 20:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-10 12:18 - 2015-01-29 20:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-10 12:18 - 2015-01-29 20:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-10 12:18 - 2015-01-29 13:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-10 12:18 - 2015-01-29 13:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-10 12:18 - 2015-01-28 20:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-03-10 12:18 - 2015-01-28 20:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-10 12:18 - 2015-01-28 20:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-10 12:18 - 2015-01-28 20:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-10 12:18 - 2015-01-28 20:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-10 12:18 - 2015-01-28 20:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-10 12:18 - 2015-01-28 19:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-10 12:18 - 2015-01-28 19:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-10 12:18 - 2015-01-28 19:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-03-10 12:18 - 2015-01-28 19:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-03-10 12:18 - 2015-01-28 10:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-10 12:18 - 2015-01-28 10:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-10 12:18 - 2015-01-28 10:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-10 12:18 - 2015-01-27 21:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-03-10 12:18 - 2015-01-27 20:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-10 12:18 - 2015-01-27 20:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-10 12:18 - 2015-01-27 20:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-10 12:18 - 2015-01-27 18:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-10 12:18 - 2015-01-27 18:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-03-10 12:18 - 2015-01-26 23:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-10 12:18 - 2015-01-26 22:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-03-10 12:18 - 2015-01-26 21:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-10 12:18 - 2015-01-23 20:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-03-10 12:18 - 2015-01-23 02:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-03-10 12:18 - 2015-01-23 00:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-03-10 12:18 - 2015-01-21 00:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-10 12:18 - 2015-01-21 00:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-10 12:17 - 2015-02-07 18:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-10 12:17 - 2015-02-07 18:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-10 12:17 - 2015-01-29 21:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-03-10 12:17 - 2015-01-29 20:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-03-10 12:17 - 2015-01-29 20:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-03-10 12:17 - 2015-01-29 20:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-03-10 12:17 - 2015-01-29 20:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-03-10 12:17 - 2015-01-29 20:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-03-10 12:17 - 2015-01-29 20:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-03-10 12:17 - 2015-01-29 20:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-03-10 12:17 - 2014-12-11 00:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-05 14:13 - 2015-03-05 14:13 - 00000000 ____D () C:\Users\name\AppData\Roaming\Sony Creative Software Inc
2015-03-04 07:03 - 2015-03-04 07:04 - 00000000 ____D () C:\Users\name\AppData\Local\Sony
2015-03-04 07:03 - 2015-03-04 07:03 - 00001054 _____ () C:\Users\name\Desktop\Vegas Pro 13.0 (64-bit).lnk
2015-03-04 07:03 - 2015-03-04 07:03 - 00000000 ____D () C:\ProgramData\Sony
2015-03-04 07:03 - 2015-03-04 07:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-03-04 07:03 - 2015-03-04 07:03 - 00000000 ____D () C:\Program Files\Sony
2015-03-04 07:03 - 2015-03-04 07:03 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-03-04 07:02 - 2015-03-05 09:04 - 00000000 ____D () C:\Users\name\AppData\Roaming\Sony
2015-02-24 18:16 - 2014-12-13 16:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-24 18:16 - 2014-12-13 16:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-26 07:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-26 06:48 - 2014-12-17 02:57 - 00000000 ____D () C:\Users\name\AppData\Roaming\Skype
2015-03-26 06:39 - 2014-06-01 04:17 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-26 05:20 - 2014-06-01 03:47 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1497896480-3515547300-4059256532-1001
2015-03-26 05:17 - 2014-03-18 05:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-26 05:10 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-26 03:42 - 2014-08-13 23:32 - 00000000 ____D () C:\Users\name\AppData\Local\Adobe
2015-03-26 00:27 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-25 23:29 - 2015-02-21 02:48 - 00000000 ____D () C:\ProgramData\Norton
2015-03-25 23:05 - 2014-10-04 15:31 - 00000020 ____H () C:\ProgramData\PKP_DLev.DAT
2015-03-25 23:05 - 2014-10-04 15:31 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT
2015-03-22 00:09 - 2014-06-10 05:34 - 00007168 _____ () C:\Users\name\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-19 14:50 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Help
2015-03-19 14:43 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-17 15:35 - 2014-06-10 18:50 - 00000000 ____D () C:\Users\name\AppData\Local\CrashDumps
2015-03-14 07:47 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-12 14:42 - 2014-10-14 19:21 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-12 14:34 - 2014-06-01 03:54 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-11 15:15 - 2014-12-17 02:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-11 15:15 - 2014-12-17 02:57 - 00000000 ____D () C:\ProgramData\Skype
2015-03-11 09:17 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-10 12:24 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-10 12:24 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-10 12:24 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-10 12:24 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-10 12:24 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-10 12:24 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-03-10 12:24 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-10 12:24 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-10 12:22 - 2014-06-01 04:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-10 12:22 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-10 12:21 - 2014-06-01 04:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-10 12:20 - 2014-06-01 04:10 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-04 16:24 - 2013-08-22 10:38 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-04 16:24 - 2013-08-22 10:38 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-03 00:13 - 2014-06-01 09:02 - 00007602 _____ () C:\Users\name\AppData\Local\Resmon.ResmonCfg

==================== Files in the root of some directories =======

2014-10-04 15:31 - 2014-10-04 15:31 - 0000268 ___RH () C:\Users\name\AppData\Roaming\Synth Pads
2014-10-04 15:32 - 2014-10-04 15:32 - 0000268 ___RH () C:\Users\name\AppData\Roaming\Synth Textures
2014-10-04 15:31 - 2014-10-04 15:31 - 0000268 ___RH () C:\Users\name\AppData\Roaming\System Image Utility
2014-10-04 15:30 - 2014-10-04 15:30 - 0000268 ___RH () C:\Users\name\AppData\Roaming\Tremolo
2014-06-10 05:34 - 2015-03-22 00:09 - 0007168 _____ () C:\Users\name\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-01 09:02 - 2015-03-03 00:13 - 0007602 _____ () C:\Users\name\AppData\Local\Resmon.ResmonCfg
2014-10-04 15:30 - 2014-10-04 15:30 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2014-10-04 15:32 - 2014-10-04 15:32 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-10-04 15:31 - 2015-03-25 23:05 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-10-04 15:31 - 2015-03-25 23:05 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-10-04 15:31 - 2014-10-04 15:31 - 0000268 ___RH () C:\ProgramData\Tables
2014-10-04 15:32 - 2014-10-04 15:32 - 0000268 ___RH () C:\ProgramData\Techno Kit
2014-10-04 15:30 - 2014-10-04 15:31 - 0000012 ___RH () C:\ProgramData\URLs
2014-10-04 15:32 - 2014-10-04 15:32 - 0000012 ___RH () C:\ProgramData\User Pictures
2014-10-04 15:31 - 2014-10-04 15:31 - 0000012 ___RH () C:\ProgramData\Vocal Transformer

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-26 05:20

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 sgfc

sgfc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 PM

Posted 26 March 2015 - 07:53 AM

I forgot to mention. I ran Norton Power Eraser and MBAM and both showed zero results except for one PUP which I know what it is and deem it safe.



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 PM

Posted 27 March 2015 - 10:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists

--RogueKiller--
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

How is the computer running now?

#4 sgfc

sgfc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 PM

Posted 27 March 2015 - 02:20 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by name at 2015-03-27 14:14:12 Run:1
Running from C:\Users\name\Desktop\New folder
Loaded Profiles: name (Available profiles: name)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx

End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.


The system needed a reboot.

==== End of Fixlog 14:14:12 ====

 

I will keep an eye on the computer for a few days to see if the problem is gone and report back.

 

*Edit - Both of the entries that FRST was supposed to have deleted are still there.

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif

 

But they're related to Norton Security's web browser toolbar (Norton Toolbar). It's Norton Toolbar for Google Chrome. Even though I don't have Google Chrome installed.

 

**Edit - The problem is back CCleaner found this;

ActiveX/COM Issue    InProcServer32\%SystemRoot%\SysWow64\sziajx.dll    HKCR\CLSID\{3798FCE4-426F-C256-500A-35A34FBF273C}

 

Is it possible the part that is bolded is a Prefetch file?


Edited by sgfc, 27 March 2015 - 02:36 PM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 PM

Posted 28 March 2015 - 07:25 AM

But they're related to Norton Security's web browser toolbar (Norton Toolbar). It's Norton Toolbar for Google Chrome. Even though I don't have Google Chrome installed.
Nothing to worry about. They will be used only if and when you install Norton.

===

**Edit - The problem is back CCleaner found this;
ActiveX/COM Issue InProcServer32\%SystemRoot%\SysWow64\sziajx.dll HKCR\CLSID\{3798FCE4-426F-C256-500A-35A34FBF273C}


I want to check further.
I need you to run the --RogueKiller-- as previously requested.
===

#6 sgfc

sgfc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 PM

Posted 28 March 2015 - 02:36 PM

That piece of bleep program created a folder user's files on my desktop. I tried to hide it or get rid of it. I decided to delete it. It deleted all of my data from my user account my desktop icons, documents, videos, pictures, music and my program settings are gone too from appdata.

 

RogueKiller V10.5.7.0 [Mar 22 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : name [Administrator]
Started from : C:\Users\name\Desktop\RogueKiller.exe
Mode : Scan -- Date : 03/28/2015  14:06:59

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD1500HLFS-01G6U0 +++++
Error reading User MBR! NOT VALID!
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! NOT VALID!

+++++ PhysicalDrive1: WDC WD1500HLFS-01G6U0 +++++
Error reading User MBR! NOT VALID!
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! NOT VALID!

+++++ PhysicalDrive2: WDC WD10EALS-00Z8A0 +++++
--- User ---
[MBR] ca50dca8e0cf0f86852bd423ccc926c1
[BSP] 46efe531bf028a6a4ad95f6113489e69 : Empty MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: OCZ-VERTEX3 +++++
--- User ---
[MBR] df63dd9364c96dc73bb2cd9765264176
[BSP] 0e910085da80765a19c15f887d34031c : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

==============================================

RogueKiller V10.5.7.0 [Mar 22 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : name [Administrator]
Started from : C:\Users\name\Desktop\RogueKiller.exe
Mode : Delete -- Date : 03/28/2015  14:11:45

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Replaced (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Replaced (0)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD1500HLFS-01G6U0 +++++
Error reading User MBR! NOT VALID!
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! NOT VALID!

+++++ PhysicalDrive1: WDC WD1500HLFS-01G6U0 +++++
Error reading User MBR! NOT VALID!
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! NOT VALID!

+++++ PhysicalDrive2: WDC WD10EALS-00Z8A0 +++++
--- User ---
[MBR] ca50dca8e0cf0f86852bd423ccc926c1
[BSP] 46efe531bf028a6a4ad95f6113489e69 : Empty MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: OCZ-VERTEX3 +++++
--- User ---
[MBR] df63dd9364c96dc73bb2cd9765264176
[BSP] 0e910085da80765a19c15f887d34031c : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_03282015_140659.log

============================================

The problem still exists. Is there anyway of knowing if the Windows Prefetch is causing this? Maybe it's not a virus or anything unsafe. Maybe it's just a Prefetch related DLL.

 

By the way the 4 registry entries RogueKiller supposedly replaced are still there. I think they're supposed to be there too. By replacing them it unhid that user's files folder I mentioned. I manually changed the entries mentioning "newstartpanel" to 0 and sure enough that folder re-appeared. After changing it back to 1 it hid that folder again.

 

So RogueKiller found nothing.


Edited by sgfc, 29 March 2015 - 05:56 AM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 PM

Posted 29 March 2015 - 07:41 AM

I suspect that it's coming from your MBR.

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Wait for further instructions.

#8 sgfc

sgfc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 PM

Posted 29 March 2015 - 06:01 PM

17:37:39.0622 0x0c6c  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
17:37:48.0556 0x0c6c  ============================================================
17:37:48.0556 0x0c6c  Current date / time: 2015/03/29 17:37:48.0556
17:37:48.0556 0x0c6c  SystemInfo:
17:37:48.0556 0x0c6c  
17:37:48.0556 0x0c6c  OS Version: 6.3.9600 ServicePack: 0.0
17:37:48.0556 0x0c6c  Product type: Workstation
17:37:48.0556 0x0c6c  ComputerName: AMDFXWIN8
17:37:48.0557 0x0c6c  UserName: name
17:37:48.0557 0x0c6c  Windows directory: C:\WINDOWS
17:37:48.0557 0x0c6c  System windows directory: C:\WINDOWS
17:37:48.0557 0x0c6c  Running under WOW64
17:37:48.0557 0x0c6c  Processor architecture: Intel x64
17:37:48.0557 0x0c6c  Number of processors: 8
17:37:48.0557 0x0c6c  Page size: 0x1000
17:37:48.0557 0x0c6c  Boot type: Normal boot
17:37:48.0557 0x0c6c  ============================================================
17:37:49.0247 0x0c6c  KLMD registered as C:\WINDOWS\system32\drivers\32174765.sys
17:37:50.0601 0x0c6c  System UUID: {2A03435F-0F7B-683B-9E49-EB29FF63D313}
17:37:53.0873 0x0c6c  Drive \Device\Harddisk0\DR0 - Size: 0x22EF13E000 ( 139.74 Gb ), SectorSize: 0x200, Cylinders: 0x4741, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:37:53.0882 0x0c6c  Drive \Device\Harddisk1\DR1 - Size: 0x22EF13E000 ( 139.74 Gb ), SectorSize: 0x200, Cylinders: 0x4741, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:37:53.0893 0x0c6c  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:37:53.0893 0x0c6c  Drive \Device\Harddisk3\DR3 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:37:53.0898 0x0c6c  ============================================================
17:37:53.0898 0x0c6c  \Device\Harddisk0\DR0:
17:37:53.0899 0x0c6c  Invalid mbr signature
17:37:53.0899 0x0c6c  \Device\Harddisk1\DR1:
17:37:53.0899 0x0c6c  Invalid mbr signature
17:37:53.0899 0x0c6c  \Device\Harddisk2\DR2:
17:37:53.0899 0x0c6c  MBR partitions:
17:37:53.0899 0x0c6c  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
17:37:53.0899 0x0c6c  \Device\Harddisk3\DR3:
17:37:53.0899 0x0c6c  MBR partitions:
17:37:53.0899 0x0c6c  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAF000
17:37:53.0899 0x0c6c  \Device\Harddisk3\DR3\Partition2: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0xDEE4800
17:37:53.0899 0x0c6c  ============================================================
17:37:53.0900 0x0c6c  C: <-> \Device\Harddisk3\DR3\Partition2
17:37:53.0916 0x0c6c  D: <-> \Device\Harddisk2\DR2\Partition1
17:37:53.0917 0x0c6c  ============================================================
17:37:53.0917 0x0c6c  Initialize success
17:37:53.0917 0x0c6c  ============================================================
17:38:00.0982 0x0248  ============================================================
17:38:00.0982 0x0248  Scan started
17:38:00.0982 0x0248  Mode: Manual;
17:38:00.0982 0x0248  ============================================================
17:38:00.0982 0x0248  KSN ping started
17:38:03.0360 0x0248  KSN ping finished: true
17:38:03.0545 0x0248  ================ Scan system memory ========================
17:38:03.0545 0x0248  System memory - ok
17:38:03.0546 0x0248  ================ Scan services =============================
17:38:03.0607 0x0248  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
17:38:03.0614 0x0248  1394ohci - ok
17:38:03.0633 0x0248  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
17:38:03.0636 0x0248  3ware - ok
17:38:03.0655 0x0248  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
17:38:03.0667 0x0248  ACPI - ok
17:38:03.0673 0x0248  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
17:38:03.0675 0x0248  acpiex - ok
17:38:03.0680 0x0248  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
17:38:03.0681 0x0248  acpipagr - ok
17:38:03.0686 0x0248  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
17:38:03.0686 0x0248  AcpiPmi - ok
17:38:03.0691 0x0248  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
17:38:03.0691 0x0248  acpitime - ok
17:38:03.0700 0x0248  [ C245E08EC469A52A622EFDC9787A0DCC, 378EFDFA1CC133123464F820805212ED73264EFD78511F1A0DDC8DCEEC176759 ] AdobeActiveFileMonitor10.0 C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
17:38:03.0704 0x0248  AdobeActiveFileMonitor10.0 - ok
17:38:03.0711 0x0248  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:38:03.0713 0x0248  AdobeARMservice - ok
17:38:03.0735 0x0248  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
17:38:03.0751 0x0248  ADP80XX - ok
17:38:03.0761 0x0248  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
17:38:03.0766 0x0248  AeLookupSvc - ok
17:38:03.0783 0x0248  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\WINDOWS\system32\drivers\afd.sys
17:38:03.0795 0x0248  AFD - ok
17:38:03.0802 0x0248  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
17:38:03.0803 0x0248  agp440 - ok
17:38:03.0809 0x0248  [ F0CB6DB513CAC393D04A0FCE0A59E1BF, E6EE159D0E6B1F666946B1FE421874044E89BB2EB60A521BAA111A1229FA7B2D ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
17:38:03.0811 0x0248  ahcache - ok
17:38:03.0817 0x0248  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\WINDOWS\System32\alg.exe
17:38:03.0819 0x0248  ALG - ok
17:38:03.0826 0x0248  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
17:38:03.0829 0x0248  AmdK8 - ok
17:38:03.0835 0x0248  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
17:38:03.0838 0x0248  AmdPPM - ok
17:38:03.0844 0x0248  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
17:38:03.0846 0x0248  amdsata - ok
17:38:03.0855 0x0248  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
17:38:03.0860 0x0248  amdsbs - ok
17:38:03.0865 0x0248  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
17:38:03.0866 0x0248  amdxata - ok
17:38:03.0872 0x0248  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\WINDOWS\system32\drivers\appid.sys
17:38:03.0874 0x0248  AppID - ok
17:38:03.0878 0x0248  [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
17:38:03.0880 0x0248  AppIDSvc - ok
17:38:03.0886 0x0248  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
17:38:03.0889 0x0248  Appinfo - ok
17:38:03.0897 0x0248  [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:38:03.0900 0x0248  Apple Mobile Device Service - ok
17:38:03.0907 0x0248  [ 1A8EA3500576DD4B43E9318F10709E0E, 85F8581C319DE241B223366F08A5F9301858DA9DA1A0CAA10ED387A2B99EC216 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
17:38:03.0911 0x0248  AppMgmt - ok
17:38:03.0927 0x0248  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
17:38:03.0939 0x0248  AppReadiness - ok
17:38:03.0973 0x0248  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
17:38:04.0000 0x0248  AppXSvc - ok
17:38:04.0008 0x0248  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
17:38:04.0011 0x0248  arcsas - ok
17:38:04.0016 0x0248  [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:38:04.0017 0x0248  AsyncMac - ok
17:38:04.0022 0x0248  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
17:38:04.0023 0x0248  atapi - ok
17:38:04.0032 0x0248  [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
17:38:04.0037 0x0248  AudioEndpointBuilder - ok
17:38:04.0063 0x0248  [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
17:38:04.0082 0x0248  Audiosrv - ok
17:38:04.0089 0x0248  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
17:38:04.0092 0x0248  AxInstSV - ok
17:38:04.0108 0x0248  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
17:38:04.0118 0x0248  b06bdrv - ok
17:38:04.0125 0x0248  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
17:38:04.0127 0x0248  BasicDisplay - ok
17:38:04.0132 0x0248  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
17:38:04.0133 0x0248  BasicRender - ok
17:38:04.0139 0x0248  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
17:38:04.0140 0x0248  bcmfn2 - ok
17:38:04.0150 0x0248  [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
17:38:04.0157 0x0248  BDESVC - ok
17:38:04.0162 0x0248  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
17:38:04.0163 0x0248  Beep - ok
17:38:04.0187 0x0248  [ 22A5582ACF0CEE97268D7868C69F35CE, 78A44C10966FE467D3FCC76BE37647AE2CC2BCA9DE5715AD9E643162B23C3A19 ] BFE             C:\WINDOWS\System32\bfe.dll
17:38:04.0205 0x0248  BFE - ok
17:38:04.0248 0x0248  [ 99EE5EB9FCBAD85F1992C47C5BB68649, 604B618F0106B09207B262E22E70E152C4104FB2602C009F19EBEB342D0E9CE7 ] BHDrvx64        C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150321.001_cdf\BHDrvx64.sys
17:38:04.0279 0x0248  BHDrvx64 - ok
17:38:04.0307 0x0248  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\WINDOWS\System32\qmgr.dll
17:38:04.0329 0x0248  BITS - ok
17:38:04.0346 0x0248  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:38:04.0356 0x0248  Bonjour Service - ok
17:38:04.0364 0x0248  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
17:38:04.0367 0x0248  bowser - ok
17:38:04.0378 0x0248  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
17:38:04.0384 0x0248  BrokerInfrastructure - ok
17:38:04.0392 0x0248  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\WINDOWS\System32\browser.dll
17:38:04.0395 0x0248  Browser - ok
17:38:04.0401 0x0248  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
17:38:04.0402 0x0248  BthAvrcpTg - ok
17:38:04.0409 0x0248  [ 67343511D80BF3D6D9EEDB5BA8D0B06B, 28436B2E62762686C4FF4FA3F9E7ABB56DA9D6884B6C924ACC544161400593DD ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
17:38:04.0410 0x0248  BthHFEnum - ok
17:38:04.0416 0x0248  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
17:38:04.0417 0x0248  bthhfhid - ok
17:38:04.0431 0x0248  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
17:38:04.0440 0x0248  BthHFSrv - ok
17:38:04.0446 0x0248  [ 66B791F6B11DC4303DD18A224A501542, 502AE4D6FFC6B0FCED081B0E0F61F699F96F20DFEE737B53828F5DEE3BD0FCB1 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
17:38:04.0448 0x0248  BTHMODEM - ok
17:38:04.0455 0x0248  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\WINDOWS\system32\bthserv.dll
17:38:04.0458 0x0248  bthserv - ok
17:38:04.0466 0x0248  [ 09A841B941CB375793AA174A60BEAAD5, BB961972EE4A8D5D9FA49FE211E5E114A36674992D56687670248229FCA797E8 ] ccSet_NS        C:\WINDOWS\system32\drivers\NSx64\1601000.009\ccSetx64.sys
17:38:04.0470 0x0248  ccSet_NS - ok
17:38:04.0476 0x0248  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
17:38:04.0478 0x0248  cdfs - ok
17:38:04.0487 0x0248  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
17:38:04.0491 0x0248  cdrom - ok
17:38:04.0499 0x0248  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
17:38:04.0503 0x0248  CertPropSvc - ok
17:38:04.0508 0x0248  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
17:38:04.0510 0x0248  circlass - ok
17:38:04.0522 0x0248  [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
17:38:04.0530 0x0248  CLFS - ok
17:38:04.0542 0x0248  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
17:38:04.0543 0x0248  CmBatt - ok
17:38:04.0560 0x0248  [ 3930E508DDA46C1FF68FD963F350AA0A, BF63F9C7AB30E2A8199D65EDD6DCBB797C93A4A0B972373643FBE1C38BCFA697 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
17:38:04.0572 0x0248  CNG - ok
17:38:04.0579 0x0248  [ 81F2B52C47B8AD32CC4FF967FC8D73DA, 13D84B4096E0F9AB9D04F6CD9E9C0DE4B6DF6F11D63C797266D719FD2429A655 ] CompFilter64    C:\WINDOWS\System32\drivers\lvbflt64.sys
17:38:04.0580 0x0248  CompFilter64 - ok
17:38:04.0585 0x0248  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
17:38:04.0586 0x0248  CompositeBus - ok
17:38:04.0590 0x0248  COMSysApp - ok
17:38:04.0595 0x0248  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
17:38:04.0596 0x0248  condrv - ok
17:38:04.0601 0x0248  [ C0EAD9F8AB83D41FF07303C75589C2B8, C89CAC39BCD2FA2DCC56D7EE84FF66127BCECCAE400E119FE41BF4C4D769504B ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
17:38:04.0603 0x0248  Creative Audio Engine Licensing Service - ok
17:38:04.0612 0x0248  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
17:38:04.0615 0x0248  CryptSvc - ok
17:38:04.0631 0x0248  [ 9DBC32A45CFA67074432D2AF6C2832B6, B3B26302961A95EDFD4F994D56B1E5A8452266E0C2161D15C1213BBE376227A2 ] CSC             C:\WINDOWS\system32\drivers\csc.sys
17:38:04.0642 0x0248  CSC - ok
17:38:04.0664 0x0248  [ 86079FF8A3B625ABAEB68841D2BF6FE6, 49FF4D458DF8FAB4ECA8CAD9BBF88C929C8B9AB7F063938A6A332B31F2C0F8EB ] CscService      C:\WINDOWS\System32\cscsvc.dll
17:38:04.0681 0x0248  CscService - ok
17:38:04.0693 0x0248  [ 69CDBA2B9C397E349A04FA70DD9170A2, 7879E58CB221063EF17A8A7677E81B47BFD600C3FC3353378690E4A2131327ED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
17:38:04.0700 0x0248  CTAudSvcService - ok
17:38:04.0705 0x0248  [ 389C998C64319CD97625B0550E52ECFA, DD0EDDD9C8412F78D2D2B648D67DA887C3040E05DF29F48F71299CB68FDDD0F8 ] dam             C:\WINDOWS\system32\drivers\dam.sys
17:38:04.0707 0x0248  dam - ok
17:38:04.0732 0x0248  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
17:38:04.0750 0x0248  DcomLaunch - ok
17:38:04.0767 0x0248  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
17:38:04.0778 0x0248  defragsvc - ok
17:38:04.0792 0x0248  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
17:38:04.0801 0x0248  DeviceAssociationService - ok
17:38:04.0807 0x0248  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
17:38:04.0811 0x0248  DeviceInstall - ok
17:38:04.0818 0x0248  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
17:38:04.0821 0x0248  Dfsc - ok
17:38:04.0833 0x0248  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
17:38:04.0842 0x0248  Dhcp - ok
17:38:04.0849 0x0248  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
17:38:04.0852 0x0248  disk - ok
17:38:04.0857 0x0248  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
17:38:04.0858 0x0248  dmvsc - ok
17:38:04.0867 0x0248  [ E9AE4FAE83FB38A2962F9032B24CEB3C, CC7D2D8C97CB779791613D76D6E4AF5D628C948C28BAC584C3C7F6A5A6036FBA ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
17:38:04.0873 0x0248  Dnscache - ok
17:38:04.0882 0x0248  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
17:38:04.0888 0x0248  dot3svc - ok
17:38:04.0896 0x0248  [ C0AA415718DDD13A136E353844628A65, 7E2F2A139E897EAE56038B920BDA9381094BC0AE9E626F6634E6B444B8B0C91F ] dot4            C:\WINDOWS\system32\DRIVERS\Dot4.sys
17:38:04.0899 0x0248  dot4 - ok
17:38:04.0904 0x0248  [ CC88A1D8A39752859101ECCE1F1BC888, F21C1D478180BC5E932BB2C2E4618E3ED463CA87ACEDEB139682D218435F82F1 ] Dot4Print       C:\WINDOWS\System32\drivers\Dot4Prt.sys
17:38:04.0906 0x0248  Dot4Print - ok
17:38:04.0911 0x0248  [ 292ADB7C57B5457F18F2FC06934B0B40, 12FFDF5F48A79B1B4ADBB88BA2CB6C59DD6719554E8EA6BEEFE99B3E3C66F1AC ] dot4usb         C:\WINDOWS\system32\DRIVERS\dot4usb.sys
17:38:04.0912 0x0248  dot4usb - ok
17:38:04.0920 0x0248  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\WINDOWS\system32\dps.dll
17:38:04.0925 0x0248  DPS - ok
17:38:04.0929 0x0248  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
17:38:04.0930 0x0248  drmkaud - ok
17:38:04.0938 0x0248  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
17:38:04.0943 0x0248  DsmSvc - ok
17:38:04.0985 0x0248  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
17:38:05.0016 0x0248  DXGKrnl - ok
17:38:05.0033 0x0248  [ FA988D76745C917CDFE20031C06DE860, B01AA3611869854D3BCA8B6CD7A6F48CC3537145DD3EBE50F5BEF72239924BF7 ] e1iexpress      C:\WINDOWS\system32\DRIVERS\e1i63x64.sys
17:38:05.0042 0x0248  e1iexpress - ok
17:38:05.0049 0x0248  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
17:38:05.0053 0x0248  Eaphost - ok
17:38:05.0133 0x0248  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
17:38:05.0201 0x0248  ebdrv - ok
17:38:05.0225 0x0248  [ 47A68B3DBBB34D4FE61DE221A8536627, BC61CE4BD4F3A12C75BA6EB9D239F24CD3F54495DE9D6C901F4DAF5D92E8366B ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
17:38:05.0235 0x0248  eeCtrl - ok
17:38:05.0242 0x0248  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\WINDOWS\System32\lsass.exe
17:38:05.0244 0x0248  EFS - ok
17:38:05.0250 0x0248  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
17:38:05.0252 0x0248  EhStorClass - ok
17:38:05.0259 0x0248  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
17:38:05.0262 0x0248  EhStorTcgDrv - ok
17:38:05.0268 0x0248  [ B9773081AAF65E6D553496BA0CADCBB3, 3A77A12544755BFA1ABAA6DC53E5F03522627F57EF7092E3CC54C6431C75076A ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:38:05.0272 0x0248  EraserUtilRebootDrv - ok
17:38:05.0276 0x0248  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
17:38:05.0277 0x0248  ErrDev - ok
17:38:05.0296 0x0248  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\WINDOWS\system32\es.dll
17:38:05.0306 0x0248  EventSystem - ok
17:38:05.0315 0x0248  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
17:38:05.0319 0x0248  exfat - ok
17:38:05.0330 0x0248  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
17:38:05.0335 0x0248  fastfat - ok
17:38:05.0355 0x0248  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\WINDOWS\system32\fxssvc.exe
17:38:05.0370 0x0248  Fax - ok
17:38:05.0377 0x0248  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
17:38:05.0378 0x0248  fdc - ok
17:38:05.0383 0x0248  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
17:38:05.0384 0x0248  fdPHost - ok
17:38:05.0389 0x0248  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
17:38:05.0390 0x0248  FDResPub - ok
17:38:05.0398 0x0248  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
17:38:05.0402 0x0248  fhsvc - ok
17:38:05.0408 0x0248  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
17:38:05.0410 0x0248  FileInfo - ok
17:38:05.0414 0x0248  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
17:38:05.0416 0x0248  Filetrace - ok
17:38:05.0420 0x0248  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
17:38:05.0421 0x0248  flpydisk - ok
17:38:05.0435 0x0248  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
17:38:05.0443 0x0248  FltMgr - ok
17:38:05.0482 0x0248  [ 7269C9013FCFA3C6E70F03E2630DBFC3, AAB282B4444CC17D197974D05063C7C97E5202E604681DD2DC3BCF0AE77D6057 ] FontCache       C:\WINDOWS\system32\FntCache.dll
17:38:05.0512 0x0248  FontCache - ok
17:38:05.0521 0x0248  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:38:05.0523 0x0248  FontCache3.0.0.0 - ok
17:38:05.0530 0x0248  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
17:38:05.0532 0x0248  FsDepends - ok
17:38:05.0537 0x0248  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:38:05.0538 0x0248  Fs_Rec - ok
17:38:05.0556 0x0248  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
17:38:05.0568 0x0248  fvevol - ok
17:38:05.0575 0x0248  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
17:38:05.0576 0x0248  FxPPM - ok
17:38:05.0582 0x0248  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
17:38:05.0584 0x0248  gagp30kx - ok
17:38:05.0589 0x0248  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:38:05.0590 0x0248  GEARAspiWDM - ok
17:38:05.0594 0x0248  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
17:38:05.0595 0x0248  gencounter - ok
17:38:05.0623 0x0248  [ 28D0B60C58D1F734449E735E2C4FCE94, 8DF2706EB0F6383BA44961440FDAA93B3756E48994FBF4AB2B13CDA66A6F3C3F ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
17:38:05.0645 0x0248  GfExperienceService - ok
17:38:05.0657 0x0248  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
17:38:05.0661 0x0248  GPIOClx0101 - ok
17:38:05.0698 0x0248  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
17:38:05.0727 0x0248  gpsvc - ok
17:38:05.0745 0x0248  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
17:38:05.0756 0x0248  HdAudAddService - ok
17:38:05.0763 0x0248  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
17:38:05.0765 0x0248  HDAudBus - ok
17:38:05.0770 0x0248  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
17:38:05.0771 0x0248  HidBatt - ok
17:38:05.0778 0x0248  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
17:38:05.0781 0x0248  HidBth - ok
17:38:05.0785 0x0248  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
17:38:05.0787 0x0248  hidi2c - ok
17:38:05.0792 0x0248  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
17:38:05.0793 0x0248  HidIr - ok
17:38:05.0797 0x0248  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\WINDOWS\system32\hidserv.dll
17:38:05.0799 0x0248  hidserv - ok
17:38:05.0804 0x0248  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
17:38:05.0805 0x0248  HidUsb - ok
17:38:05.0811 0x0248  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
17:38:05.0814 0x0248  hkmsvc - ok
17:38:05.0824 0x0248  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
17:38:05.0830 0x0248  HomeGroupListener - ok
17:38:05.0845 0x0248  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
17:38:05.0855 0x0248  HomeGroupProvider - ok
17:38:05.0861 0x0248  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
17:38:05.0863 0x0248  HpSAMD - ok
17:38:05.0890 0x0248  [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
17:38:05.0911 0x0248  HTTP - ok
17:38:05.0918 0x0248  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
17:38:05.0919 0x0248  hwpolicy - ok
17:38:05.0923 0x0248  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
17:38:05.0924 0x0248  hyperkbd - ok
17:38:05.0928 0x0248  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
17:38:05.0929 0x0248  HyperVideo - ok
17:38:05.0936 0x0248  [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
17:38:05.0939 0x0248  i8042prt - ok
17:38:05.0943 0x0248  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
17:38:05.0945 0x0248  iaLPSSi_GPIO - ok
17:38:05.0950 0x0248  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
17:38:05.0953 0x0248  iaLPSSi_I2C - ok
17:38:05.0971 0x0248  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
17:38:05.0984 0x0248  iaStorAV - ok
17:38:06.0000 0x0248  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
17:38:06.0009 0x0248  iaStorV - ok
17:38:06.0029 0x0248  [ 4A2CAA578E0A829A15CD76CEC66A1E41, 4F01D251EC8EE2AC99C7540C8D4636EFF89B3F72EDE26412EE741E01EE3B8E02 ] IDSVia64        C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\IPSDefs\20150327.001_cec\IDSvia64.sys
17:38:06.0042 0x0248  IDSVia64 - ok
17:38:06.0047 0x0248  IEEtwCollectorService - ok
17:38:06.0074 0x0248  [ 57322EBB67A59FB64E228F31A84CA43D, 258DA26BDFAB635F145E55CF65CDFCFE4EB91454E3F930489E92810250EF9FD7 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
17:38:06.0096 0x0248  IKEEXT - ok
17:38:06.0103 0x0248  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
17:38:06.0104 0x0248  intelide - ok
17:38:06.0109 0x0248  [ 7AA01AB1C110916825E6E1389F1B9AF2, E2885955AFA0908E194B1BC364C9582249B2B2AFFF93F17F3414F55B1E5F2C42 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
17:38:06.0110 0x0248  intelpep - ok
17:38:06.0117 0x0248  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
17:38:06.0120 0x0248  intelppm - ok
17:38:06.0125 0x0248  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:38:06.0127 0x0248  IpFilterDriver - ok
17:38:06.0151 0x0248  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
17:38:06.0170 0x0248  iphlpsvc - ok
17:38:06.0176 0x0248  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
17:38:06.0178 0x0248  IPMIDRV - ok
17:38:06.0185 0x0248  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
17:38:06.0188 0x0248  IPNAT - ok
17:38:06.0204 0x0248  [ A4857E8B1DEB9740FB5ADEDF05ED69E0, 24FC7A188D32B08CE4F10EEEF17F37C45DB5433158A7A97A07D43F6BEE58DFFC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:38:06.0216 0x0248  iPod Service - ok
17:38:06.0221 0x0248  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
17:38:06.0222 0x0248  IRENUM - ok
17:38:06.0226 0x0248  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
17:38:06.0227 0x0248  isapnp - ok
17:38:06.0240 0x0248  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
17:38:06.0247 0x0248  iScsiPrt - ok
17:38:06.0253 0x0248  [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
17:38:06.0255 0x0248  kbdclass - ok
17:38:06.0260 0x0248  [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
17:38:06.0262 0x0248  kbdhid - ok
17:38:06.0265 0x0248  [ DB7A09BC90DF20F44F16F8B0F9ED3491, 2DF5E042284D61368A5801B2557351B2C4B1044AA6F966DF4DDCE7B453D1B9AE ] kbldfltr        C:\WINDOWS\system32\drivers\kbldfltr.sys
17:38:06.0266 0x0248  kbldfltr - ok
17:38:06.0271 0x0248  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
17:38:06.0272 0x0248  kdnic - ok
17:38:06.0277 0x0248  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\WINDOWS\system32\lsass.exe
17:38:06.0278 0x0248  KeyIso - ok
17:38:06.0284 0x0248  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
17:38:06.0287 0x0248  KSecDD - ok
17:38:06.0294 0x0248  [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
17:38:06.0298 0x0248  KSecPkg - ok
17:38:06.0302 0x0248  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
17:38:06.0303 0x0248  ksthunk - ok
17:38:06.0315 0x0248  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
17:38:06.0323 0x0248  KtmRm - ok
17:38:06.0334 0x0248  [ 28A4BB5CCFA252FC1D9460E5FB22AB08, 85DC7F8191245FDBBD90DABC2D03D70B373550615125471C90C10550EF6D5EEB ] L4301_Solar     C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
17:38:06.0342 0x0248  L4301_Solar - ok
17:38:06.0352 0x0248  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
17:38:06.0360 0x0248  LanmanServer - ok
17:38:06.0370 0x0248  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
17:38:06.0378 0x0248  LanmanWorkstation - ok
17:38:06.0389 0x0248  [ 1D5C6790425CB6DBB1B3C2722C34E199, D8BCC31A443B77711A7CA468E754A73137C1CC47D6F3DA5BEE3735B654327B0C ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
17:38:06.0397 0x0248  LBTServ - ok
17:38:06.0404 0x0248  [ 5EA1731968F2FD0E950DDCE6D36C5134, 16C47AA60CB62F206DBF3B4FAF99FCA667E7193178D1B7ECB162FA87C008BAA3 ] LEqdUsb         C:\WINDOWS\system32\DRIVERS\LEqdUsb.Sys
17:38:06.0406 0x0248  LEqdUsb - ok
17:38:06.0420 0x0248  [ 2B7479EB47731A8ACBA28AF4C4BDA32D, 67AEB98E7B41337FEFD92CC81BFAD25FBB679998B318C110A4873B1AD8927A97 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
17:38:06.0431 0x0248  lfsvc - ok
17:38:06.0436 0x0248  [ 50AC0930F05DFB996F085B49E112E5C9, C5147E92656506981705AFCAA97B7BDAD0929FF39C1666E774BE1BD32FB08387 ] LHidEqd         C:\WINDOWS\system32\DRIVERS\LHidEqd.Sys
17:38:06.0437 0x0248  LHidEqd - ok
17:38:06.0442 0x0248  [ 96EB043E2843B5A87A486D0BC6921094, 0B339A18B2F536F12B2C1B4FEDEB3A815DC7F8E7B082144EE084B3E6ED067FBC ] LHidFilt        C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
17:38:06.0444 0x0248  LHidFilt - ok
17:38:06.0449 0x0248  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
17:38:06.0451 0x0248  lltdio - ok
17:38:06.0460 0x0248  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
17:38:06.0466 0x0248  lltdsvc - ok
17:38:06.0470 0x0248  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
17:38:06.0472 0x0248  lmhosts - ok
17:38:06.0477 0x0248  [ A5C1DA229B3B660BBF3BDC30ADBFBB61, B657092424C6BF418A6FA56353370C195D9CA67999B355E8EDD6AFCFD9FEF8E5 ] LMouFilt        C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
17:38:06.0479 0x0248  LMouFilt - ok
17:38:06.0486 0x0248  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
17:38:06.0489 0x0248  LSI_SAS - ok
17:38:06.0496 0x0248  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
17:38:06.0499 0x0248  LSI_SAS2 - ok
17:38:06.0504 0x0248  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
17:38:06.0506 0x0248  LSI_SAS3 - ok
17:38:06.0512 0x0248  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
17:38:06.0514 0x0248  LSI_SSS - ok
17:38:06.0537 0x0248  [ 9B231CD3E52DF29EE50086FF676D3D6F, A47449CA6C88FE089A6953D05FA33A55A55E0306335A7A102A4CD75429FF0515 ] LSM             C:\WINDOWS\System32\lsm.dll
17:38:06.0554 0x0248  LSM - ok
17:38:06.0562 0x0248  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
17:38:06.0565 0x0248  luafv - ok
17:38:06.0577 0x0248  [ A0A527569856B9814E8920F52EBB67F5, 4347277C84B47E4CC048850BDEFB258CFB3B476AA99FD503FD71FBB70FFF5ACF ] LVRS64          C:\WINDOWS\system32\DRIVERS\lvrs64.sys
17:38:06.0584 0x0248  LVRS64 - ok
17:38:06.0696 0x0248  [ 415E344294D1C0D04627B29146F68481, B4A1A05BDF07E8F226A98E51F62BE18BE2C046A084C495BD8A95CABC79FD0614 ] LVUVC64         C:\WINDOWS\system32\DRIVERS\lvuvc64.sys
17:38:06.0791 0x0248  LVUVC64 - ok
17:38:06.0805 0x0248  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
17:38:06.0807 0x0248  megasas - ok
17:38:06.0823 0x0248  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
17:38:06.0835 0x0248  megasr - ok
17:38:06.0842 0x0248  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\WINDOWS\system32\mmcss.dll
17:38:06.0845 0x0248  MMCSS - ok
17:38:06.0849 0x0248  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
17:38:06.0851 0x0248  Modem - ok
17:38:06.0855 0x0248  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
17:38:06.0856 0x0248  monitor - ok
17:38:06.0861 0x0248  [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
17:38:06.0863 0x0248  mouclass - ok
17:38:06.0868 0x0248  [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
17:38:06.0869 0x0248  mouhid - ok
17:38:06.0875 0x0248  [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
17:38:06.0877 0x0248  mountmgr - ok
17:38:06.0883 0x0248  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
17:38:06.0885 0x0248  mpsdrv - ok
17:38:06.0907 0x0248  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
17:38:06.0925 0x0248  MpsSvc - ok
17:38:06.0934 0x0248  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
17:38:06.0937 0x0248  MRxDAV - ok
17:38:06.0950 0x0248  [ 31233271EDE50D1BBB220F78AFA60486, 2122FAB5BD353DF63CF0FE9CEDBD5DFD1F26F2DE04303E1B3FFB03AA02AECED9 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:38:06.0959 0x0248  mrxsmb - ok
17:38:06.0969 0x0248  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
17:38:06.0975 0x0248  mrxsmb10 - ok
17:38:06.0983 0x0248  [ 6276AC2AA203CF47811F6EFBBD214FBF, AE55D87D863A626347B0074F4E962080F1989A94153DAF8475593249F616DA2F ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
17:38:06.0988 0x0248  mrxsmb20 - ok
17:38:06.0995 0x0248  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
17:38:06.0997 0x0248  MsBridge - ok
17:38:07.0005 0x0248  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
17:38:07.0009 0x0248  MSDTC - ok
17:38:07.0017 0x0248  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
17:38:07.0018 0x0248  Msfs - ok
17:38:07.0023 0x0248  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
17:38:07.0025 0x0248  msgpiowin32 - ok
17:38:07.0029 0x0248  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
17:38:07.0029 0x0248  mshidkmdf - ok
17:38:07.0033 0x0248  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
17:38:07.0034 0x0248  mshidumdf - ok
17:38:07.0038 0x0248  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
17:38:07.0039 0x0248  msisadrv - ok
17:38:07.0046 0x0248  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
17:38:07.0051 0x0248  MSiSCSI - ok
17:38:07.0054 0x0248  msiserver - ok
17:38:07.0060 0x0248  [ 4C1A0E9B4C6CC09E8C68FD33998013AA, 190ADFCCAE844DB9F807BD9668EB90BE0C9887719DF2820E66D121655AF27614 ] MsKeyboardFilter C:\WINDOWS\System32\KeyboardFilterSvc.dll
17:38:07.0063 0x0248  MsKeyboardFilter - ok
17:38:07.0066 0x0248  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:38:07.0067 0x0248  MSKSSRV - ok
17:38:07.0072 0x0248  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
17:38:07.0074 0x0248  MsLldp - ok
17:38:07.0078 0x0248  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:38:07.0079 0x0248  MSPCLOCK - ok
17:38:07.0083 0x0248  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
17:38:07.0083 0x0248  MSPQM - ok
17:38:07.0096 0x0248  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
17:38:07.0104 0x0248  MsRPC - ok
17:38:07.0110 0x0248  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
17:38:07.0111 0x0248  mssmbios - ok
17:38:07.0116 0x0248  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
17:38:07.0116 0x0248  MSTEE - ok
17:38:07.0120 0x0248  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
17:38:07.0121 0x0248  MTConfig - ok
17:38:07.0126 0x0248  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
17:38:07.0129 0x0248  Mup - ok
17:38:07.0134 0x0248  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
17:38:07.0136 0x0248  mvumis - ok
17:38:07.0148 0x0248  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\WINDOWS\system32\qagentRT.dll
17:38:07.0158 0x0248  napagent - ok
17:38:07.0171 0x0248  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
17:38:07.0180 0x0248  NativeWifiP - ok
17:38:07.0200 0x0248  [ 13AA2130F2A104DD775EAD0F0EE5417B, EBA07599FC2D10750CE6372EA6BA94EDDAFFF732223A1135F1971B958A6B57A2 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
17:38:07.0213 0x0248  NAUpdate - ok
17:38:07.0220 0x0248  [ 54F4B358F41C664CBDE4507D67EED1CD, CDCA0A778AF596933CD7CBF1119FCA551ECC03CBBD4F1E8213C3FD2FECA902F2 ] NAVENG          C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150328.002\ENG64.SYS
17:38:07.0223 0x0248  NAVENG - ok
17:38:07.0272 0x0248  [ A74D67EEEB3938FD2FA3B65B24C32C44, 4D780B70B57E23A3A155794C4DEEBD856E32D35B789BDF4673AAC8FC3AC4367B ] NAVEX15         C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150328.002\EX64.SYS
17:38:07.0314 0x0248  NAVEX15 - ok
17:38:07.0325 0x0248  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
17:38:07.0330 0x0248  NcaSvc - ok
17:38:07.0337 0x0248  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\WINDOWS\System32\ncbservice.dll
17:38:07.0341 0x0248  NcbService - ok
17:38:07.0347 0x0248  [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
17:38:07.0349 0x0248  NcdAutoSetup - ok
17:38:07.0376 0x0248  [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
17:38:07.0397 0x0248  NDIS - ok
17:38:07.0404 0x0248  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
17:38:07.0405 0x0248  NdisCap - ok
17:38:07.0412 0x0248  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
17:38:07.0415 0x0248  NdisImPlatform - ok
17:38:07.0419 0x0248  [ DC1D9F692C2AD84C214584C28501C1F7, 96FC0D1EC48FED963E02648541A2AAC8E72ED00D797EA8E3D0ED02F5EB4816C5 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:38:07.0420 0x0248  NdisTapi - ok
17:38:07.0425 0x0248  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:38:07.0426 0x0248  Ndisuio - ok
17:38:07.0430 0x0248  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
17:38:07.0431 0x0248  NdisVirtualBus - ok
17:38:07.0440 0x0248  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:38:07.0445 0x0248  NdisWan - ok
17:38:07.0452 0x0248  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:38:07.0456 0x0248  NdisWanLegacy - ok
17:38:07.0462 0x0248  [ 0BBE2FA30BAD58C9ADC01E4F84A3D2A1, 913AEC8A5F735C2EFDCB417E4077AB5A15457C601E6E88A1F4FA52C91E6E0BBF ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
17:38:07.0464 0x0248  NDProxy - ok
17:38:07.0470 0x0248  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
17:38:07.0473 0x0248  Ndu - ok
17:38:07.0478 0x0248  [ BD94210175C488F18ADD3E189EE9304C, 450E10FB0BD4F39477752EAC6088984D216757B7151981B382BE9AED33995BF2 ] Net Driver HPZ12 C:\Windows\System32\HPZinw12.dll
17:38:07.0481 0x0248  Net Driver HPZ12 - ok
17:38:07.0486 0x0248  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
17:38:07.0487 0x0248  NetBIOS - ok
17:38:07.0497 0x0248  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
17:38:07.0503 0x0248  NetBT - ok
17:38:07.0508 0x0248  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\WINDOWS\system32\lsass.exe
17:38:07.0509 0x0248  Netlogon - ok
17:38:07.0519 0x0248  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\WINDOWS\System32\netman.dll
17:38:07.0526 0x0248  Netman - ok
17:38:07.0542 0x0248  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
17:38:07.0554 0x0248  netprofm - ok
17:38:07.0564 0x0248  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:38:07.0569 0x0248  NetTcpPortSharing - ok
17:38:07.0574 0x0248  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\WINDOWS\System32\drivers\netvsc63.sys
17:38:07.0577 0x0248  netvsc - ok
17:38:07.0589 0x0248  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
17:38:07.0598 0x0248  NlaSvc - ok
17:38:07.0604 0x0248  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
17:38:07.0606 0x0248  Npfs - ok
17:38:07.0610 0x0248  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
17:38:07.0611 0x0248  npsvctrig - ok
17:38:07.0623 0x0248  [ 186BFE4D4B50860021C2B515A845EEEF, A49D214C770040205E88E1C06735B0F3F747099E496957CAC5356ABC00863464 ] NS              C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\NS.exe
17:38:07.0628 0x0248  NS - ok
17:38:07.0633 0x0248  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\WINDOWS\system32\nsisvc.dll
17:38:07.0635 0x0248  nsi - ok
17:38:07.0639 0x0248  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
17:38:07.0641 0x0248  nsiproxy - ok
17:38:07.0688 0x0248  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
17:38:07.0726 0x0248  Ntfs - ok
17:38:07.0732 0x0248  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
17:38:07.0733 0x0248  Null - ok
17:38:07.0740 0x0248  [ 7E4355930B28C2798D9F09AB9F81151F, 941C730F3B75BDF99639E76350031EDD15F18D8D860F3B1282C28B62096E7717 ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
17:38:07.0745 0x0248  NVHDA - ok
17:38:07.0961 0x0248  [ ECC732D5185408FCC323E56D30170848, 7A7A6C410B65DBB1D59653598D7E5414054588BB88505BE68BFFF0378FD555F3 ] nvlddmkm        C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
17:38:08.0151 0x0248  nvlddmkm - ok
17:38:08.0209 0x0248  [ 93C82F365F9C0A2058A211E305A5CCFA, 1B3FA9122377CF8C982EEE8719E2E295E3D118AC15646ACAB3A5BF78E1EE7E70 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
17:38:08.0240 0x0248  NvNetworkService - ok
17:38:08.0251 0x0248  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
17:38:08.0255 0x0248  nvraid - ok
17:38:08.0262 0x0248  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
17:38:08.0266 0x0248  nvstor - ok
17:38:08.0270 0x0248  [ 977C9F7656D07D36887814A7D570FE1A, 843032A0EB1A4B81E506F80C59E613F700A353DE2C3514566092E336FE608DAB ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
17:38:08.0271 0x0248  NvStreamKms - ok
17:38:08.0273 0x0248  NvStreamSvc - ok
17:38:08.0297 0x0248  [ 2AF7D8BCD8912FC16AA15268CDCF2454, 3A2E5ADFC6213A6EA83F78026518EC7EE0DD4BBA7C210CB7A41007BB57DC0636 ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
17:38:08.0315 0x0248  nvsvc - ok
17:38:08.0321 0x0248  [ DBFE7B2DF103F74AE51840B3C5F25FE9, 436CAA417FD24BA870F117FA4BABA2AB694825795508BCFCC8C927CC2D5BBC5E ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
17:38:08.0323 0x0248  nvvad_WaveExtensible - ok
17:38:08.0329 0x0248  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
17:38:08.0332 0x0248  nv_agp - ok
17:38:08.0344 0x0248  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:38:08.0353 0x0248  odserv - ok
17:38:08.0359 0x0248  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:38:08.0362 0x0248  ose - ok
17:38:08.0397 0x0248  [ 66A2C70DA35E8559982EE9D205329E1A, 0DE7971D0618ED1AD9EB42C13AA9348F5BA96EA6B3EF2BFF70D2522D748AD7E0 ] P17             C:\WINDOWS\system32\drivers\P17.sys
17:38:08.0424 0x0248  P17 - ok
17:38:08.0439 0x0248  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
17:38:08.0448 0x0248  p2pimsvc - ok
17:38:08.0461 0x0248  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
17:38:08.0470 0x0248  p2psvc - ok
17:38:08.0477 0x0248  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
17:38:08.0479 0x0248  Parport - ok
17:38:08.0485 0x0248  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
17:38:08.0488 0x0248  partmgr - ok
17:38:08.0503 0x0248  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
17:38:08.0516 0x0248  PcaSvc - ok
17:38:08.0528 0x0248  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\WINDOWS\system32\drivers\pci.sys
17:38:08.0536 0x0248  pci - ok
17:38:08.0544 0x0248  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
17:38:08.0545 0x0248  pciide - ok
17:38:08.0552 0x0248  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
17:38:08.0555 0x0248  pcmcia - ok
17:38:08.0560 0x0248  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
17:38:08.0562 0x0248  pcw - ok
17:38:08.0568 0x0248  [ ED54A75050211DC77F9B98C41E026858, F92FB59ADE88469EAA50E91D43165C68CC32FDE11595A0069FD43103A674FE44 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
17:38:08.0570 0x0248  pdc - ok
17:38:08.0589 0x0248  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
17:38:08.0603 0x0248  PEAUTH - ok
17:38:08.0660 0x0248  [ A35EC8F902475350DA31BDF0E1402A91, 5AB43B4BD70B44A62FFD21A9D3CB8D1BC035B6E001DBB1BAC30D6D7A07475D83 ] PeerDistSvc     C:\WINDOWS\system32\peerdistsvc.dll
17:38:08.0706 0x0248  PeerDistSvc - ok
17:38:08.0745 0x0248  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
17:38:08.0749 0x0248  PerfHost - ok
17:38:08.0797 0x0248  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\WINDOWS\system32\pla.dll
17:38:08.0826 0x0248  pla - ok
17:38:08.0835 0x0248  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
17:38:08.0838 0x0248  PlugPlay - ok
17:38:08.0844 0x0248  [ 7FE2AFB17D91CF39843D6766EA31CFC7, A4FF09302976CB204BC9E358ED470BDD54BCDA17E49617FCCCD2820D4C94D631 ] Pml Driver HPZ12 C:\Windows\System32\HPZipm12.dll
17:38:08.0847 0x0248  Pml Driver HPZ12 - ok
17:38:08.0851 0x0248  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
17:38:08.0853 0x0248  PNRPAutoReg - ok
17:38:08.0866 0x0248  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
17:38:08.0873 0x0248  PNRPsvc - ok
17:38:08.0886 0x0248  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
17:38:08.0895 0x0248  PolicyAgent - ok
17:38:08.0902 0x0248  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\WINDOWS\system32\umpo.dll
17:38:08.0905 0x0248  Power - ok
17:38:08.0912 0x0248  [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:38:08.0915 0x0248  PptpMiniport - ok
17:38:08.0982 0x0248  [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
17:38:09.0038 0x0248  PrintNotify - ok
17:38:09.0049 0x0248  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
17:38:09.0052 0x0248  Processor - ok
17:38:09.0061 0x0248  [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
17:38:09.0067 0x0248  ProfSvc - ok
17:38:09.0074 0x0248  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
17:38:09.0077 0x0248  Psched - ok
17:38:09.0082 0x0248  [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64        C:\WINDOWS\system32\Drivers\PxHlpa64.sys
17:38:09.0084 0x0248  PxHlpa64 - ok
17:38:09.0093 0x0248  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\WINDOWS\system32\qwave.dll
17:38:09.0101 0x0248  QWAVE - ok
17:38:09.0105 0x0248  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
17:38:09.0107 0x0248  QWAVEdrv - ok
17:38:09.0111 0x0248  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:38:09.0112 0x0248  RasAcd - ok
17:38:09.0119 0x0248  [ 3EE5097945A7F680E320953271EB2D4F, 0B9F2B458177A654F65C5E862B7C55B35E20271B76D5E20A20F30D3223A1216F ] RasAgileVpn     C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
17:38:09.0121 0x0248  RasAgileVpn - ok
17:38:09.0127 0x0248  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
17:38:09.0130 0x0248  RasAuto - ok
17:38:09.0137 0x0248  [ 1BD3022FD6E450B00DE560265638FD2A, 3878B443053DFFED62641BE8736891F426C7121EB8C4DB38FF0F218697133A6D ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:38:09.0140 0x0248  Rasl2tp - ok
17:38:09.0155 0x0248  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\WINDOWS\System32\rasmans.dll
17:38:09.0167 0x0248  RasMan - ok
17:38:09.0173 0x0248  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:38:09.0176 0x0248  RasPppoe - ok
17:38:09.0182 0x0248  [ 41F631007A158FEBB67F0E2AD1601BBA, EB5EA7277F4178BC27E55BF850AEBCD84B6BED80B2383CFB29548824AAFED135 ] RasSstp         C:\WINDOWS\system32\DRIVERS\rassstp.sys
17:38:09.0184 0x0248  RasSstp - ok
17:38:09.0197 0x0248  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:38:09.0206 0x0248  rdbss - ok
17:38:09.0213 0x0248  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
17:38:09.0214 0x0248  rdpbus - ok
17:38:09.0222 0x0248  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
17:38:09.0226 0x0248  RDPDR - ok
17:38:09.0234 0x0248  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
17:38:09.0235 0x0248  RdpVideoMiniport - ok
17:38:09.0243 0x0248  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
17:38:09.0249 0x0248  rdyboost - ok
17:38:09.0274 0x0248  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
17:38:09.0293 0x0248  ReFS - ok
17:38:09.0306 0x0248  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
17:38:09.0312 0x0248  RemoteAccess - ok
17:38:09.0321 0x0248  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
17:38:09.0327 0x0248  RemoteRegistry - ok
17:38:09.0333 0x0248  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
17:38:09.0336 0x0248  RpcEptMapper - ok
17:38:09.0340 0x0248  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\WINDOWS\system32\locator.exe
17:38:09.0341 0x0248  RpcLocator - ok
17:38:09.0364 0x0248  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
17:38:09.0379 0x0248  RpcSs - ok
17:38:09.0386 0x0248  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
17:38:09.0389 0x0248  rspndr - ok
17:38:09.0393 0x0248  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
17:38:09.0393 0x0248  s3cap - ok
17:38:09.0398 0x0248  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\WINDOWS\system32\lsass.exe
17:38:09.0400 0x0248  SamSs - ok
17:38:09.0407 0x0248  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
17:38:09.0410 0x0248  sbp2port - ok
17:38:09.0418 0x0248  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
17:38:09.0424 0x0248  SCardSvr - ok
17:38:09.0430 0x0248  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
17:38:09.0435 0x0248  ScDeviceEnum - ok
17:38:09.0439 0x0248  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
17:38:09.0442 0x0248  scfilter - ok
17:38:09.0474 0x0248  [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
17:38:09.0499 0x0248  Schedule - ok
17:38:09.0508 0x0248  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
17:38:09.0511 0x0248  SCPolicySvc - ok
17:38:09.0521 0x0248  [ 27FF998504DEF8D29A771FBB41707C5E, 82035EA15E5241C9C39B5474E5CBA49BB188B4B792B121ABF98659460A1EDE85 ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
17:38:09.0527 0x0248  sdbus - ok
17:38:09.0534 0x0248  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
17:38:09.0536 0x0248  sdstor - ok
17:38:09.0540 0x0248  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
17:38:09.0542 0x0248  secdrv - ok
17:38:09.0546 0x0248  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\WINDOWS\system32\seclogon.dll
17:38:09.0548 0x0248  seclogon - ok
17:38:09.0554 0x0248  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\WINDOWS\System32\sens.dll
17:38:09.0557 0x0248  SENS - ok
17:38:09.0566 0x0248  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
17:38:09.0573 0x0248  SensrSvc - ok
17:38:09.0578 0x0248  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
17:38:09.0580 0x0248  SerCx - ok
17:38:09.0586 0x0248  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
17:38:09.0589 0x0248  SerCx2 - ok
17:38:09.0594 0x0248  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
17:38:09.0595 0x0248  Serenum - ok
17:38:09.0601 0x0248  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
17:38:09.0604 0x0248  Serial - ok
17:38:09.0609 0x0248  [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
17:38:09.0610 0x0248  sermouse - ok
17:38:09.0625 0x0248  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
17:38:09.0633 0x0248  SessionEnv - ok
17:38:09.0638 0x0248  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
17:38:09.0639 0x0248  sfloppy - ok
17:38:09.0653 0x0248  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
17:38:09.0663 0x0248  SharedAccess - ok
17:38:09.0682 0x0248  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:38:09.0696 0x0248  ShellHWDetection - ok
17:38:09.0701 0x0248  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
17:38:09.0703 0x0248  SiSRaid2 - ok
17:38:09.0708 0x0248  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
17:38:09.0710 0x0248  SiSRaid4 - ok
17:38:09.0720 0x0248  [ A9C057A9463C25490CF99EA8DF8A4B35, 8F4D1C40D0F17EDBF84ED455B8946F782C7552383F0A07E410A9B6CFF7F51D63 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
17:38:09.0727 0x0248  SkypeUpdate - ok
17:38:09.0731 0x0248  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\WINDOWS\System32\smphost.dll
17:38:09.0733 0x0248  smphost - ok
17:38:09.0740 0x0248  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
17:38:09.0742 0x0248  SNMPTRAP - ok
17:38:09.0757 0x0248  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
17:38:09.0766 0x0248  spaceport - ok
17:38:09.0772 0x0248  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
17:38:09.0774 0x0248  SpbCx - ok
17:38:09.0796 0x0248  [ 2E3976C857D7230EC8D2B2276E688255, C0A6A84369CB3E709A6FFEBED2B38AB62D731B79D052D6D6FA8EF855BC428778 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
17:38:09.0813 0x0248  Spooler - ok
17:38:09.0966 0x0248  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
17:38:10.0097 0x0248  sppsvc - ok
17:38:10.0132 0x0248  [ 7F242B9CA9297A427E73C7D819DA2F73, 6516EC73685F7B1107DD7E664BAFA099828102965AF917D7E179CDC94681D7C5 ] SRTSP           C:\WINDOWS\system32\drivers\NSx64\1601000.009\SRTSP64.SYS
17:38:10.0149 0x0248  SRTSP - ok
17:38:10.0155 0x0248  [ 896088EAE00305E6BA9B081114B23DAE, 71D9A6113F1950B005009AAC374211CB218771A01AF9256A21420C1345C47F2F ] SRTSPX          C:\WINDOWS\system32\drivers\NSx64\1601000.009\SRTSPX64.SYS
17:38:10.0157 0x0248  SRTSPX - ok
17:38:10.0170 0x0248  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
17:38:10.0179 0x0248  srv - ok
17:38:10.0199 0x0248  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
17:38:10.0212 0x0248  srv2 - ok
17:38:10.0223 0x0248  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
17:38:10.0229 0x0248  srvnet - ok
17:38:10.0238 0x0248  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
17:38:10.0244 0x0248  SSDPSRV - ok
17:38:10.0251 0x0248  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
17:38:10.0255 0x0248  SstpSvc - ok
17:38:10.0267 0x0248  [ 6213F20854FB987119503F9F91C70B9F, E1683753D192B154DBFE1FD03625A2A56F8576CE2A7619B41159B1C718C73B88 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:38:10.0275 0x0248  Stereo Service - ok
17:38:10.0280 0x0248  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
17:38:10.0281 0x0248  stexstor - ok
17:38:10.0300 0x0248  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
17:38:10.0315 0x0248  stisvc - ok
17:38:10.0322 0x0248  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
17:38:10.0324 0x0248  storahci - ok
17:38:10.0329 0x0248  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
17:38:10.0331 0x0248  storflt - ok
17:38:10.0336 0x0248  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
17:38:10.0338 0x0248  stornvme - ok
17:38:10.0342 0x0248  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
17:38:10.0344 0x0248  StorSvc - ok
17:38:10.0349 0x0248  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
17:38:10.0350 0x0248  storvsc - ok
17:38:10.0356 0x0248  [ 03618F935379614837F915D04C45FC0E, 9CC0CBA7AFC58E7F921C13FA3F5269714F1F827535A311E11EA48689C4D539DE ] storvsp         C:\WINDOWS\System32\drivers\storvsp.sys
17:38:10.0357 0x0248  storvsp - ok
17:38:10.0362 0x0248  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\WINDOWS\system32\svsvc.dll
17:38:10.0364 0x0248  svsvc - ok
17:38:10.0368 0x0248  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
17:38:10.0369 0x0248  swenum - ok
17:38:10.0388 0x0248  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\WINDOWS\System32\swprv.dll
17:38:10.0404 0x0248  swprv - ok
17:38:10.0420 0x0248  [ 3E10ECB0188163B935273D5F8370FD04, 85F39A08A27C7A2E2CB5C1014A8172F935CB1B7E21FF8B30E7334E8DA3A32323 ] SymDS           C:\WINDOWS\system32\drivers\NSx64\1601000.009\SYMDS64.SYS
17:38:10.0431 0x0248  SymDS - ok
17:38:10.0461 0x0248  [ 642A53193D4767B3B6356E809A20EC7C, 1899A1016E235D6B09232FF0C09DB0E5695B7365AC0F24B1528B155F8771A247 ] SymEFA          C:\WINDOWS\system32\drivers\NSx64\1601000.009\SYMEFA64.SYS
17:38:10.0484 0x0248  SymEFA - ok
17:38:10.0490 0x0248  [ 20F758E6339A16F97DD83389D582E09A, 837016154B7952B645B5545AEB8E2A8878EFA8674E6B96471C3DB5E458B06960 ] SymELAM         C:\WINDOWS\system32\drivers\NSx64\1601000.009\SymELAM.sys
17:38:10.0491 0x0248  SymELAM - ok
17:38:10.0497 0x0248  [ 37DA6EC1E8C88C7D859989E668863712, 4236C405E907AFA5A303BCD9F385AB0C6419B250CBB5518C175CF01850576D1D ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
17:38:10.0500 0x0248  SymEvent - ok
17:38:10.0509 0x0248  [ 7828EABA7736518FAC675F36134B2EDB, 0AB47A8D9F2B3730AC2C9D1C80BFAF510A76E5962E35C2115EEDCEA26A0964BD ] SymIRON         C:\WINDOWS\system32\drivers\NSx64\1601000.009\Ironx64.SYS
17:38:10.0515 0x0248  SymIRON - ok
17:38:10.0532 0x0248  [ 52C0A3DDFE46CB238C74B136D522DEA3, 6478FD2BB21A738455DF3EB45106E5BF41337E7BDBE4E44BD5354C7DCF60F324 ] SymNetS         C:\WINDOWS\system32\drivers\NSx64\1601000.009\SYMNETS.SYS
17:38:10.0544 0x0248  SymNetS - ok
17:38:10.0577 0x0248  [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain         C:\WINDOWS\system32\sysmain.dll
17:38:10.0603 0x0248  SysMain - ok
17:38:10.0616 0x0248  [ 23BECB70654B192A7E378DEE3DBD8D42, 7596174AE7508B62C40A429645198F6A420D0CD5B62A10AB78516113584E7EDB ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
17:38:10.0623 0x0248  SystemEventsBroker - ok
17:38:10.0631 0x0248  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
17:38:10.0635 0x0248  TabletInputService - ok
17:38:10.0645 0x0248  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
17:38:10.0653 0x0248  TapiSrv - ok
17:38:10.0712 0x0248  [ 3C2DF97A21A9BBE6355B0A51F288EFFF, 47BBE47CFE2379B072AEEC360C4F207059BED9AD18C55FDF2AC0DA9CAD837BFB ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
17:38:10.0760 0x0248  Tcpip - ok
17:38:10.0820 0x0248  [ 3C2DF97A21A9BBE6355B0A51F288EFFF, 47BBE47CFE2379B072AEEC360C4F207059BED9AD18C55FDF2AC0DA9CAD837BFB ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:38:10.0861 0x0248  TCPIP6 - ok
17:38:10.0873 0x0248  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
17:38:10.0874 0x0248  tcpipreg - ok
17:38:10.0882 0x0248  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
17:38:10.0885 0x0248  tdx - ok
17:38:10.0890 0x0248  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
17:38:10.0892 0x0248  terminpt - ok
17:38:10.0921 0x0248  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService     C:\WINDOWS\System32\termsrv.dll
17:38:10.0943 0x0248  TermService - ok
17:38:10.0950 0x0248  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\WINDOWS\system32\themeservice.dll
17:38:10.0953 0x0248  Themes - ok
17:38:10.0959 0x0248  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
17:38:10.0961 0x0248  THREADORDER - ok
17:38:10.0972 0x0248  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
17:38:10.0978 0x0248  TimeBroker - ok
17:38:10.0987 0x0248  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
17:38:10.0991 0x0248  TPM - ok
17:38:10.0998 0x0248  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
17:38:11.0002 0x0248  TrkWks - ok
17:38:11.0008 0x0248  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
17:38:11.0010 0x0248  TrustedInstaller - ok
17:38:11.0016 0x0248  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
17:38:11.0018 0x0248  TsUsbFlt - ok
17:38:11.0023 0x0248  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
17:38:11.0024 0x0248  TsUsbGD - ok
17:38:11.0031 0x0248  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
17:38:11.0035 0x0248  tunnel - ok
17:38:11.0040 0x0248  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
17:38:11.0042 0x0248  uagp35 - ok
17:38:11.0048 0x0248  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
17:38:11.0050 0x0248  UASPStor - ok
17:38:11.0059 0x0248  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
17:38:11.0064 0x0248  UCX01000 - ok
17:38:11.0075 0x0248  [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
17:38:11.0082 0x0248  udfs - ok
17:38:11.0087 0x0248  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
17:38:11.0088 0x0248  UEFI - ok
17:38:11.0095 0x0248  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
17:38:11.0098 0x0248  UI0Detect - ok
17:38:11.0103 0x0248  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
17:38:11.0104 0x0248  uliagpkx - ok
17:38:11.0109 0x0248  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
17:38:11.0111 0x0248  umbus - ok
17:38:11.0115 0x0248  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
17:38:11.0116 0x0248  UmPass - ok
17:38:11.0126 0x0248  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
17:38:11.0133 0x0248  UmRdpService - ok
17:38:11.0147 0x0248  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\WINDOWS\System32\upnphost.dll
17:38:11.0157 0x0248  upnphost - ok
17:38:11.0162 0x0248  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\WINDOWS\System32\Drivers\usbaapl64.sys
17:38:11.0164 0x0248  USBAAPL64 - ok
17:38:11.0171 0x0248  [ DF355EB0199198728027962DCFCDE5FB, 9E158BD07389B4CFF99674716647FA3AABEECBD1A98EDF20E544E099A99A8768 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
17:38:11.0174 0x0248  usbaudio - ok
17:38:11.0182 0x0248  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
17:38:11.0186 0x0248  usbccgp - ok
17:38:11.0192 0x0248  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
17:38:11.0195 0x0248  usbcir - ok
17:38:11.0201 0x0248  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
17:38:11.0204 0x0248  usbehci - ok
17:38:11.0220 0x0248  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
17:38:11.0231 0x0248  usbhub - ok
17:38:11.0248 0x0248  [ FAA564A13576F9284546BF016D27B551, 1D2CD13DC0B02DD40657EE4F93F4A13C78D2F2EF91685E563D78E217C96DF544 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
17:38:11.0259 0x0248  USBHUB3 - ok
17:38:11.0265 0x0248  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
17:38:11.0267 0x0248  usbohci - ok
17:38:11.0271 0x0248  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
17:38:11.0273 0x0248  usbprint - ok
17:38:11.0281 0x0248  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
17:38:11.0285 0x0248  USBSTOR - ok
17:38:11.0289 0x0248  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
17:38:11.0291 0x0248  usbuhci - ok
17:38:11.0304 0x0248  [ 1A20F03700D2B2ED775E38D751EF2F63, 76F8BE9F412D4397437E60A7E6231C80EA9B4F5436C9A8FAB967C78604994AE9 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
17:38:11.0312 0x0248  USBXHCI - ok
17:38:11.0317 0x0248  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\WINDOWS\system32\lsass.exe
17:38:11.0318 0x0248  VaultSvc - ok
17:38:11.0323 0x0248  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
17:38:11.0325 0x0248  vdrvroot - ok
17:38:11.0355 0x0248  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\WINDOWS\System32\vds.exe
17:38:11.0381 0x0248  vds - ok
17:38:11.0390 0x0248  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
17:38:11.0395 0x0248  VerifierExt - ok
17:38:11.0413 0x0248  [ F6ECFD6128A16A4851CFE98D4E01B011, C349893E8D7FB9B510A3FAD040F70C3C72B0ACDD5F6EB336951849F9E953717D ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
17:38:11.0426 0x0248  vhdmp - ok
17:38:11.0431 0x0248  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
17:38:11.0433 0x0248  viaide - ok
17:38:11.0441 0x0248  [ 3CE922E34DB12D9F3C0EA856BC09687C, E50A1885FBC775E49614989ECFEA4ACBBDDA16AF459CC5361EED9E23CC7CD42C ] Vid             C:\WINDOWS\System32\drivers\Vid.sys
17:38:11.0446 0x0248  Vid - ok
17:38:11.0452 0x0248  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
17:38:11.0455 0x0248  vmbus - ok
17:38:11.0459 0x0248  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
17:38:11.0460 0x0248  VMBusHID - ok
17:38:11.0467 0x0248  [ 68F8C26DEA2D42E8DEC0778943433C80, 81E8F9D62815F94952CEEABD0689473CC330F7890F66872DCD35A43C06ED33CD ] vmbusr          C:\WINDOWS\System32\drivers\vmbusr.sys
17:38:11.0470 0x0248  vmbusr - ok
17:38:11.0485 0x0248  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
17:38:11.0496 0x0248  vmicguestinterface - ok
17:38:11.0511 0x0248  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
17:38:11.0520 0x0248  vmicheartbeat - ok
17:38:11.0534 0x0248  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
17:38:11.0544 0x0248  vmickvpexchange - ok
17:38:11.0558 0x0248  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
17:38:11.0567 0x0248  vmicrdv - ok
17:38:11.0581 0x0248  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
17:38:11.0591 0x0248  vmicshutdown - ok
17:38:11.0605 0x0248  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
17:38:11.0614 0x0248  vmictimesync - ok
17:38:11.0628 0x0248  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
17:38:11.0637 0x0248  vmicvss - ok
17:38:11.0644 0x0248  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
17:38:11.0646 0x0248  volmgr - ok
17:38:11.0659 0x0248  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
17:38:11.0667 0x0248  volmgrx - ok
17:38:11.0680 0x0248  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
17:38:11.0688 0x0248  volsnap - ok
17:38:11.0693 0x0248  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
17:38:11.0696 0x0248  vpci - ok
17:38:11.0701 0x0248  [ ADBE96C33D1A5BB1BBAF90B4BC84F523, 6E9C9ED3D51E4B6E494D42ECA6F824AD86D676C12C39BBE6B8BD96366BCB02DA ] vpcivsp         C:\WINDOWS\System32\drivers\vpcivsp.sys
17:38:11.0702 0x0248  vpcivsp - ok
17:38:11.0710 0x0248  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
17:38:11.0713 0x0248  vsmraid - ok
17:38:11.0746 0x0248  [ 3B7F9612439EA47151EC5EAB232C1C3F, CA08CCB14CB46512F72E2C20454242B18BC57E34C55B42A37B7EC27B79242CDC ] VSS             C:\WINDOWS\system32\vssvc.exe
17:38:11.0775 0x0248  VSS - ok
17:38:11.0787 0x0248  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
17:38:11.0792 0x0248  VSTXRAID - ok
17:38:11.0798 0x0248  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
17:38:11.0800 0x0248  vwifibus - ok
17:38:11.0812 0x0248  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\WINDOWS\system32\w32time.dll
17:38:11.0821 0x0248  W32Time - ok
17:38:11.0826 0x0248  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
17:38:11.0827 0x0248  WacomPen - ok
17:38:11.0833 0x0248  [ B41F3E5780D97CFD44A717153AD9CF2C, 6133104D9E5BCFDCDF55E3C52AA701766102A8F86D3F2667BBBF7168E3B3E2AB ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:38:11.0835 0x0248  Wanarp - ok
17:38:11.0839 0x0248  [ B41F3E5780D97CFD44A717153AD9CF2C, 6133104D9E5BCFDCDF55E3C52AA701766102A8F86D3F2667BBBF7168E3B3E2AB ] Wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:38:11.0841 0x0248  Wanarpv6 - ok
17:38:11.0883 0x0248  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
17:38:11.0916 0x0248  wbengine - ok
17:38:11.0933 0x0248  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
17:38:11.0944 0x0248  WbioSrvc - ok
17:38:11.0955 0x0248  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
17:38:11.0964 0x0248  Wcmsvc - ok
17:38:11.0977 0x0248  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
17:38:11.0987 0x0248  wcncsvc - ok
17:38:11.0992 0x0248  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
17:38:11.0995 0x0248  WcsPlugInService - ok
17:38:12.0000 0x0248  [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
17:38:12.0002 0x0248  WdBoot - ok
17:38:12.0026 0x0248  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
17:38:12.0043 0x0248  Wdf01000 - ok
17:38:12.0053 0x0248  [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
17:38:12.0058 0x0248  WdFilter - ok
17:38:12.0064 0x0248  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
17:38:12.0068 0x0248  WdiServiceHost - ok
17:38:12.0073 0x0248  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
17:38:12.0075 0x0248  WdiSystemHost - ok
17:38:12.0082 0x0248  [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
17:38:12.0084 0x0248  WdNisDrv - ok
17:38:12.0087 0x0248  WdNisSvc - ok
17:38:12.0097 0x0248  [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient       C:\WINDOWS\System32\webclnt.dll
17:38:12.0104 0x0248  WebClient - ok
17:38:12.0113 0x0248  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
17:38:12.0119 0x0248  Wecsvc - ok
17:38:12.0124 0x0248  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
17:38:12.0126 0x0248  WEPHOSTSVC - ok
17:38:12.0131 0x0248  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
17:38:12.0134 0x0248  wercplsupport - ok
17:38:12.0140 0x0248  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
17:38:12.0145 0x0248  WerSvc - ok
17:38:12.0152 0x0248  [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
17:38:12.0155 0x0248  WFPLWFS - ok
17:38:12.0160 0x0248  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
17:38:12.0164 0x0248  WiaRpc - ok
17:38:12.0168 0x0248  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
17:38:12.0170 0x0248  WIMMount - ok
17:38:12.0172 0x0248  WinDefend - ok
17:38:12.0198 0x0248  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
17:38:12.0216 0x0248  WinHttpAutoProxySvc - ok
17:38:12.0229 0x0248  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
17:38:12.0234 0x0248  Winmgmt - ok
17:38:12.0292 0x0248  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
17:38:12.0349 0x0248  WinRM - ok
17:38:12.0366 0x0248  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\WINDOWS\System32\drivers\WinUsb.sys
17:38:12.0368 0x0248  WinUsb - ok
17:38:12.0410 0x0248  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
17:38:12.0443 0x0248  WlanSvc - ok
17:38:12.0483 0x0248  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
17:38:12.0515 0x0248  wlidsvc - ok
17:38:12.0522 0x0248  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
17:38:12.0523 0x0248  WmiAcpi - ok
17:38:12.0533 0x0248  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
17:38:12.0538 0x0248  wmiApSrv - ok
17:38:12.0540 0x0248  WMPNetworkSvc - ok
17:38:12.0549 0x0248  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
17:38:12.0553 0x0248  Wof - ok
17:38:12.0594 0x0248  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
17:38:12.0628 0x0248  workfolderssvc - ok
17:38:12.0636 0x0248  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
17:38:12.0637 0x0248  wpcfltr - ok
17:38:12.0641 0x0248  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
17:38:12.0644 0x0248  WPCSvc - ok
17:38:12.0650 0x0248  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
17:38:12.0654 0x0248  WPDBusEnum - ok
17:38:12.0659 0x0248  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
17:38:12.0659 0x0248  WpdUpFltr - ok
17:38:12.0664 0x0248  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
17:38:12.0665 0x0248  ws2ifsl - ok
17:38:12.0671 0x0248  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
17:38:12.0676 0x0248  wscsvc - ok
17:38:12.0679 0x0248  WSearch - ok
17:38:12.0765 0x0248  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\WINDOWS\System32\WSService.dll
17:38:12.0837 0x0248  WSService - ok
17:38:12.0932 0x0248  [ FCF3912833E1B7F4EE61F07E79A7BBAC, D0E9F8969560BF2CF0BAA13C34AB4299F64841B2CF765537A72236BAAB86771E ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
17:38:13.0006 0x0248  wuauserv - ok
17:38:13.0018 0x0248  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
17:38:13.0021 0x0248  WudfPf - ok
17:38:13.0027 0x0248  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
17:38:13.0032 0x0248  wudfsvc - ok
17:38:13.0040 0x0248  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\WINDOWS\System32\drivers\WUDFRd.sys
17:38:13.0045 0x0248  WUDFWpdFs - ok
17:38:13.0052 0x0248  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp      C:\WINDOWS\System32\drivers\WUDFRd.sys
17:38:13.0056 0x0248  WUDFWpdMtp - ok
17:38:13.0072 0x0248  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
17:38:13.0084 0x0248  WwanSvc - ok
17:38:13.0089 0x0248  ================ Scan global ===============================
17:38:13.0094 0x0248  [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\WINDOWS\system32\basesrv.dll
17:38:13.0103 0x0248  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
17:38:13.0113 0x0248  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
17:38:13.0126 0x0248  [ 5BF02EBEFEDC706318C96E2E60EDCB91, DC866C5BC3A887CAAA7169AB9BB2992F6F877B3EA04B62B4F95B6BD54943155F ] C:\WINDOWS\system32\services.exe
17:38:13.0136 0x0248  [ Global ] - ok
17:38:13.0136 0x0248  ================ Scan MBR ==================================
17:38:13.0138 0x0248  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
17:38:13.0163 0x0248  \Device\Harddisk0\DR0 - ok
17:38:13.0165 0x0248  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
17:38:13.0169 0x0248  \Device\Harddisk1\DR1 - ok
17:38:13.0172 0x0248  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
17:38:13.0176 0x0248  \Device\Harddisk2\DR2 - ok
17:38:13.0178 0x0248  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
17:38:13.0278 0x0248  \Device\Harddisk3\DR3 - ok
17:38:13.0279 0x0248  ================ Scan VBR ==================================
17:38:13.0281 0x0248  [ FD686786F694805B4634FEA6F0EA9E34 ] \Device\Harddisk2\DR2\Partition1
17:38:13.0317 0x0248  \Device\Harddisk2\DR2\Partition1 - ok
17:38:13.0319 0x0248  [ 657F02AF9E4ED5303C4D9B8F97D7F265 ] \Device\Harddisk3\DR3\Partition1
17:38:13.0321 0x0248  \Device\Harddisk3\DR3\Partition1 - ok
17:38:13.0323 0x0248  [ B16EEBA964CDABB2B282053297BE3FCE ] \Device\Harddisk3\DR3\Partition2
17:38:13.0324 0x0248  \Device\Harddisk3\DR3\Partition2 - ok
17:38:13.0325 0x0248  ================ Scan generic autorun ======================
17:38:13.0329 0x0248  [ 6C308D32AFA41D26CE2A0EA8F7B79565, 5CC2C563D89257964C4B446F54AFE1E57BBEE49315A9FC001FF5A6BCB6650393 ] C:\Windows\system32\rundll32.exe
17:38:13.0332 0x0248  Logitech Download Assistant - ok
17:38:13.0345 0x0248  [ 320681DF28D82CDCA7E3EED0846625DB, 7F709ADFB0FE36BEC857A928E9CB29BB5B6C0BAD98824D0302C7BB7185100CB9 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
17:38:13.0353 0x0248  AdobeAAMUpdater-1.0 - ok
17:38:13.0428 0x0248  [ 2433692BFC2631DC28B0705C1B760FF2, BBDE902F984E0968A3062F3EEA624E804B03095C67C280CDA4E85D02F46B7CDC ] C:\Program Files\Logitech\SetPointP\SetPoint.exe
17:38:13.0486 0x0248  EvtMgr6 - ok
17:38:13.0495 0x0248  [ D0B542256A968DFCB8896C140FCE6047, 3F92A9871B521BCCCDFE6D9BFF88930B26C5DB86F6F6578554A3F2ECC5C5EBA0 ] C:\Program Files\iTunes\iTunesHelper.exe
17:38:13.0498 0x0248  iTunesHelper - ok
17:38:13.0554 0x0248  [ 059E588FDF6B7E83227D45D026D21874, 211B5E85D84562E11F3A676686E7C716BB59912F7764A49D9164277EB3991AC3 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
17:38:13.0599 0x0248  NvBackend - ok
17:38:13.0607 0x0248  [ 6C308D32AFA41D26CE2A0EA8F7B79565, 5CC2C563D89257964C4B446F54AFE1E57BBEE49315A9FC001FF5A6BCB6650393 ] C:\WINDOWS\system32\rundll32.exe
17:38:13.0609 0x0248  ShadowPlay - ok
17:38:13.0612 0x0248  P17RunE - ok
17:38:13.0616 0x0248  [ 9F60097061F79620C9C59FF37A61D852, 9B94C00CAA1F4DF95485F994576DA68B30635C628CFE3D6AE1811E6FEB1A56CA ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
17:38:13.0617 0x0248  APSDaemon - ok
17:38:13.0624 0x0248  [ 8FFDB89A0FB7C8ABC3A8825E38047341, B9107FAA3A885CD9A08C20F78D31C3642FA76812E417F41C4F2ADF7D90CA8C72 ] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
17:38:13.0628 0x0248  LWS - ok
17:38:13.0643 0x0248  [ 5183EC20A788D7A78C7B408FDEA6F303, E93956ED56889FC0EA736A1787CF44CE09D21022B12DBDCD47A754EAB5A1A797 ] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe
17:38:13.0654 0x0248  Nikon Message Center 2 - ok
17:38:13.0666 0x0248  [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\QTTask.exe
17:38:13.0674 0x0248  QuickTime Task - ok
17:38:13.0684 0x0248  [ 3FDCA1F725CA8E367B9DBBC43F983423, 95DCC1C68433FA8E0223F0A798A2BEC269564C6107E246222202757E2503E6DA ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
17:38:13.0690 0x0248  SunJavaUpdateSched - ok
17:38:13.0691 0x0248  Waiting for KSN requests completion. In queue: 321
17:38:14.0692 0x0248  Waiting for KSN requests completion. In queue: 321
17:38:15.0692 0x0248  Waiting for KSN requests completion. In queue: 321
17:38:16.0703 0x0248  AV detected via SS2: Norton Security, C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\WSCStub.exe ( 22.1.0.0 ), 0x51000 ( enabled : updated )
17:38:16.0705 0x0248  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
17:38:16.0706 0x0248  FW detected via SS2: Norton Security, C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\WSCStub.exe ( 22.1.0.0 ), 0x51010 ( enabled )
17:38:19.0208 0x0248  ============================================================
17:38:19.0208 0x0248  Scan finished
17:38:19.0208 0x0248  ============================================================
17:38:19.0216 0x0a44  Detected object count: 0
17:38:19.0216 0x0a44  Actual detected object count: 0
17:39:18.0218 0x0448  Deinitialize success

----------------------------------------------------------------------
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-03-29 17:39:41
-----------------------------
17:39:41.409    OS Version: Windows x64 6.2.9200
17:39:41.409    Number of processors: 8 586 0x102
17:39:41.410    ComputerName: AMDFXWIN8  UserName: name
17:39:42.137    Initialize success
17:39:42.593    VM: initialized successfully
17:39:42.595    VM: Amd CPU supported
17:44:00.168    AVAST engine defs: 15032901
17:45:38.568    Disk 0  \Device\Harddisk0\DR0 -> \Device\0000002e
17:45:38.568    Disk 0 Vendor: WDC_WD1500HLFS-01G6U0 04.04V01 Size: 143089MB BusType: 11
17:45:38.568    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000030
17:45:38.568    Disk 1 Vendor: WDC_WD1500HLFS-01G6U0 04.04V01 Size: 143089MB BusType: 11
17:45:38.584    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000031
17:45:38.584    Disk 2 Vendor: WDC_WD10EALS-00Z8A0 05.01D05 Size: 953869MB BusType: 11
17:45:38.584    Disk 3 (boot) \Device\Harddisk3\DR3 -> \Device\00000032
17:45:38.584    Disk 3 Vendor: OCZ-VERTEX3 2.15 Size: 114473MB BusType: 11
17:45:38.599    Disk 3 MBR read successfully
17:45:38.599    Disk 3 MBR scan
17:45:38.599    Disk 3 Windows 7 default MBR code
17:45:38.615    Disk 3 Partition 1 80 (A) 07    HPFS/NTFS NTFS          350 MB offset 2048
17:45:38.615    Disk 3 Partition 2 00     07    HPFS/NTFS NTFS       114121 MB offset 718848
17:45:38.631    Disk 3 scanning C:\WINDOWS\system32\drivers
17:45:41.803    Service scanning
17:45:42.459    Service BHDrvx64 C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150321.001_cdf\BHDrvx64.sys **LOCKED** 5
17:45:43.272    Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
17:45:43.303    Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
17:45:44.037    Service IDSVia64 C:\Program Files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\IPSDefs\20150327.001_cec\IDSvia64.sys **LOCKED** 5
17:45:51.003    Modules scanning
17:45:51.003    Disk 3 trace - called modules:
17:45:51.003    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll storahci.sys
17:45:51.019    1 nt!IofCallDriver -> \Device\Harddisk3\DR3[0xffffe00135f45060]
17:45:51.019    3 CLASSPNP.SYS[fffff80074d2c170] -> nt!IofCallDriver -> \Device\00000032[0xffffe00135d01060]
17:45:51.207    AVAST engine scan C:\WINDOWS
17:45:51.587    AVAST engine scan C:\WINDOWS\system32
17:47:02.029    AVAST engine scan C:\WINDOWS\system32\drivers
17:47:07.810    AVAST engine scan C:\Users\name
17:47:47.657    AVAST engine scan C:\ProgramData
17:49:01.242    Disk 3 statistics 3326847/0/0 @ 13.32 MB/s
17:49:01.257    Scan finished successfully
17:49:15.408    Disk 3 MBR has been saved successfully to "C:\Users\name\Desktop\MBR.dat"
17:49:15.408    The log file has been saved successfully to "C:\Users\name\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   559bytes   0 downloads

Edited by sgfc, 30 March 2015 - 12:41 AM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 PM

Posted 30 March 2015 - 08:25 AM

From the Start > run box execute
Regedit.exe

This will open the registry.
Natigate to this this key.

HKey_CLasses_Root
Open the CLSID key
Select this key.
{3798FCE4-426F-C256-500A-35A34FBF273C}

What do you see in the data list.

Post it for my review.

p.s.
Close the Registry.

#10 sgfc

sgfc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 PM

Posted 30 March 2015 - 06:58 PM

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3798FCE4-426F-C256-500A-35A34FBF273C}
Name (Default) Type REG_SZ Data (value not set)
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3798FCE4-426F-C256-500A-35A34FBF273C}\InprocServer32
Name (Default) Type REG_SZ Data %SystemRoot%\SysWow64\iwoevrejks.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3798FCE4-426F-C256-500A-35A34FBF273C}
Name (Default) Type REG_SZ Data (value not set)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3798FCE4-426F-C256-500A-35A34FBF273C}\InprocServer32
Name (Default) Type REG_SZ Data %SystemRoot%\SysWow64\iwoevrejks.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3798FCE4-426F-C256-500A-35A34FBF273C}
Name (Default) Type REG_SZ Data (value not set)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3798FCE4-426F-C256-500A-35A34FBF273C}\InprocServer32
Name (Default) Type REG_SZ Data %SystemRoot%\SysWow64\iwoevrejks.dll

HKEY_CLASSES_ROOT\CLSID\{3798FCE4-426F-C256-500A-35A34FBF273C}
Name (Default) Type REG_SZ Data (value not set)
HKEY_CLASSES_ROOT\CLSID\{3798FCE4-426F-C256-500A-35A34FBF273C}\InprocServer32
Name (Default) Type REG_SZ Data %SystemRoot%\SysWow64\iwoevrejks.dll

 

iwoevrejks.dll the name of the dll will change everytime CCleaner removes the registry entry. There is some time in between it re-appearing. It doesn't instantly re-appear.

 

*Edit - If I don't delete the registry entry nothing new is created the dll name remains the same I'm guessing.


Edited by sgfc, 31 March 2015 - 06:24 AM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 PM

Posted 31 March 2015 - 08:09 AM

Before proceeding please create a restore point. Windows 7.
http://windows.microsoft.com/en-ca/windows7/create-a-restore-point
===

Copy the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.
 

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3798FCE4-426F-C256-500A-35A34FBF273C}]
[-HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3798FCE4-426F-C256-500A-35A34FBF273C}\InprocServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3798FCE4-426F-C256-500A-35A34FBF273C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3798FCE4-426F-C256-500A-35A34FBF273C}\InprocServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3798FCE4-426F-C256-500A-35A34FBF273C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3798FCE4-426F-C256-500A-35A34FBF273C}\InprocServer32]
[-HKEY_CLASSES_ROOT\CLSID\{3798FCE4-426F-C256-500A-35A34FBF273C}]
[-HKEY_CLASSES_ROOT\CLSID\{3798FCE4-426F-C256-500A-35A34FBF273C}\InprocServer32]


Restart the when completed.

You can delete the fixme.reg file when done.

If you use the computer and a similar key is created then one of the programs you use is creating it.
If all is well then I would leave it alone.

Keep me posted.

#12 sgfc

sgfc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 PM

Posted 31 March 2015 - 08:55 AM

It came back;

ActiveX/COM Issue    InProcServer32\%SystemRoot%\SysWow64\rkzumx.dll    HKCR\CLSID\{3798FCE4-426F-C256-500A-35A34FBF273C}

 

I only used Skype, Windows Live Mail and Firefox.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 PM

Posted 01 April 2015 - 06:50 AM

I do not have such a key and searching Google for 3798FCE4-426F-C256-500A-35A34FBF273C report very few hits.
That key may be unique to your computer.

If all is well I would leave it alone.

Create a restore point.
Remove Skype and if the key is still around delete it.
Your call.

Re-install Skype and see if a similar key returns.

#14 sgfc

sgfc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 PM

Posted 01 April 2015 - 07:03 AM

I don't think re-installing Skype will solve anything. The only thing I could think of is Firefox's health report option under data choices. I tried to find the CLSID myself but found nothing.

 

So do we consider this clean then?



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:13 PM

Posted 01 April 2015 - 07:54 AM

Yes. I will keep this topic open for 5 days if you need to return please do.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users