Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RegRun Log states ZeroAcces Rootkit on my PC


  • This topic is locked This topic is locked
24 replies to this topic

#1 ag.dabears

ag.dabears

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dinuba, Ca
  • Local time:08:06 PM

Posted 06 April 2015 - 11:36 AM

RegRun NTFS Checker 1.0.13
Processing T:\Windows


Failed to open:
T:\Windows\CSC\v2.0.6

Error:5 Access is denied.



Failed to open:
T:\Windows\CSC\v2.0.6

Error:5 Access is denied.



Failed to open:
T:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat

Error:5 Access is denied.



Access was denied by ZeroAccess Rootkit!

Failed to open:
T:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1

Error:5 Access is denied.



Access was denied by ZeroAccess Rootkit!

Failed to open:
T:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2

Error:5 Access is denied.



Access was denied by ZeroAccess Rootkit!

Failed to open:
T:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{6d43a5fd-82ec-11e4-b3ce-0011d81857fb}.TM.blf

Error:5 Access is denied.



Access was denied by ZeroAccess Rootkit!

Failed to open:
T:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{6d43a5fd-82ec-11e4-b3ce-0011d81857fb}.TMContainer00000000000000000001.regtrans-ms

Error:5 Access is denied.



Access was denied by ZeroAccess Rootkit!

Failed to open:
T:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{6d43a5fd-82ec-11e4-b3ce-0011d81857fb}.TMContainer00000000000000000002.regtrans-ms

Error:5 Access is denied.



Access was denied by ZeroAccess Rootkit!

Failed to open:
T:\Windows\System32\Tasks\RealPlayer Cloud (32-bit)

Error:2 The system cannot find the file specified.
 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:06 PM

Posted 07 April 2015 - 07:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 ag.dabears

ag.dabears
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dinuba, Ca
  • Local time:08:06 PM

Posted 08 April 2015 - 11:00 AM

Roguekiller will not run in normal mode and safe mode.

 

 

# AdwCleaner v4.113 - Logfile created 02/04/2015 at 15:21:26
# Updated 22/03/2015 by Xplode
# Database : 2015-03-22.2 [Local]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : Administrator - ANTHONY-PC
# Running from : T:\Users\Administrator\Desktop\adwcleaner_4.113.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : T:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\4pre0k5n.default\user.js
Folder Found : T:\ProgramData\ytd video downloader

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v36.0.4 (x86 en-US)

*************************

AdwCleaner[R0].txt - [767 bytes] - [14/03/2015 00:20:20]
AdwCleaner[R1].txt - [932 bytes] - [28/03/2015 23:52:24]
AdwCleaner[R2].txt - [995 bytes] - [02/04/2015 15:21:26]
AdwCleaner[S0].txt - [999 bytes] - [29/03/2015 00:05:16]

########## EOF - T:\AdwCleaner\AdwCleaner[R2].txt - [1111 bytes] ##########
# AdwCleaner v4.200 - Logfile created 08/04/2015 at 08:21:42
# Updated 29/03/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : Administrator - ANTHONY-PC
# Running from : T:\Users\Administrator\Desktop\adwcleaner_4.200.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : T:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\YTD Video Downloader.lnk
File Found : T:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\4pre0k5n.default\user.js
File Found : T:\Users\Public\Desktop\YTD Video Downloader.lnk
Folder Found : T:\Program Files\GreenTree Applications
Folder Found : T:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Folder Found : T:\ProgramData\ytd video downloader

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v37.0.1 (x86 en-US)


*************************

AdwCleaner[R0].txt - [767 bytes] - [14/03/2015 00:20:20]
AdwCleaner[R1].txt - [1318 bytes] - [28/03/2015 23:52:24]
AdwCleaner[R2].txt - [2556 bytes] - [02/04/2015 15:21:26]
AdwCleaner[S0].txt - [999 bytes] - [29/03/2015 00:05:16]

########## EOF - T:\AdwCleaner\AdwCleaner[R2].txt - [2673 bytes] ##########

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Administrator (administrator) on ANTHONY-PC on 08-04-2015 08:54:39
Running from T:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available profiles: AnThOnY & Administrator)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) T:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) T:\Program Files\SUPERAntiSpyware\SASCore.exe
(Malwarebytes Corporation) T:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Safer-Networking Ltd.) T:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) T:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) T:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avast Software s.r.o.) T:\Program Files\AVAST Software\Avast\AvastUI.exe
(Ruiware LLC) T:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Piriform Ltd) T:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) T:\Windows\System32\dllhost.exe
(Microsoft Corporation) T:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) T:\Windows\System32\taskmgr.exe
(Mozilla Corporation) T:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => T:\Program Files\AVAST Software\Avast\AvastUI.exe [5533000 2015-03-26] (Avast Software s.r.o.)
HKU\S-1-5-21-1948536570-1018607628-4051628676-500\...\Run: [WinPatrol] => T:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-1948536570-1018607628-4051628676-500\...\Run: [CCleaner Monitoring] => T:\Program Files\CCleaner\CCleaner.exe [5529880 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1948536570-1018607628-4051628676-500\...\Run: [BitTorrent] => T:\Users\Administrator\AppData\Roaming\BitTorrent\BitTorrent.exe [1744472 2015-03-01] (BitTorrent Inc.)
HKU\S-1-5-21-1948536570-1018607628-4051628676-500\...\MountPoints2: D - D:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1948536570-1018607628-4051628676-500\...\MountPoints2: {9e9b3619-ccff-11e4-94a2-0011d81857fb} - D:\VZW_Software_upgrade_assistant.exe
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => T:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => T:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => T:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => T:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => T:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => T:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => T:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => T:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => T:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)
BootExecute: autocheck autochk * Partizan

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-1948536570-1018607628-4051628676-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-1948536570-1018607628-4051628676-500\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1948536570-1018607628-4051628676-500 -> {5DE136B6-50F3-4493-8047-0BA5603D117F} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1948536570-1018607628-4051628676-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> T:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-26] (Avast Software s.r.o.)
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.7.254

FireFox:
========
FF ProfilePath: T:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\4pre0k5n.default
FF DefaultSearchEngine: Yahoo!
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> T:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-15] ()
FF Plugin: @java.com/DTPlugin,version=10.75.2 -> T:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-03-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.75.2 -> T:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-03-10] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 -> T:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> T:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF user.js: detected! => T:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\4pre0k5n.default\user.js [2015-04-02]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - T:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - T:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-18]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - T:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - T:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; T:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; T:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-26] (Avast Software s.r.o.)
S4 LiveUpdateSvc; T:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
R2 MBAMScheduler; T:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; T:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 SDScannerService; T:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; T:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; T:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; T:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S4 RealPlayer Cloud Service; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; T:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R2 aswHwid; T:\Windows\system32\drivers\aswHwid.sys [24144 2015-03-26] ()
R2 aswMonFlt; T:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-03-26] (Avast Software s.r.o.)
R1 aswRdr; T:\Windows\system32\drivers\aswRdr2.sys [81728 2015-03-26] (Avast Software s.r.o.)
R0 aswRvrt; T:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-03-26] ()
R1 aswSnx; T:\Windows\system32\drivers\aswSnx.sys [788272 2015-03-26] (Avast Software s.r.o.)
R1 aswSP; T:\Windows\system32\drivers\aswSP.sys [427736 2015-03-26] (Avast Software s.r.o.)
R2 aswStm; T:\Windows\system32\drivers\aswStm.sys [106912 2015-03-26] (Avast Software s.r.o.)
R0 aswVmm; T:\Windows\system32\Drivers\aswVmm.sys [208024 2015-03-26] ()
S3 FETNDIS; T:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-13] (VIA Technologies, Inc.              )
R1 mbamchameleon; T:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; T:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; T:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-04-08] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; T:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
U3 Partizan; T:\Windows\System32\drivers\Partizan.sys [35864 2015-04-02] (Greatis Software)
R3 rt61x86; T:\Windows\System32\DRIVERS\WMP54Gv41x86.sys [376160 2010-04-07] (Ralink Technology, Corp.)
R1 SASDIFSV; T:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; T:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; T:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)
S3 USBAAPL; T:\Windows\System32\Drivers\usbaapl.sys [45056 2014-06-10] (Apple, Inc.) [File not signed]
R0 videX32; T:\Windows\System32\DRIVERS\videX32.sys [13976 2014-09-03] (VIA Technologies, Inc.)
R0 xfilt; T:\Windows\System32\DRIVERS\xfilt.sys [23192 2014-09-03] (VIA Technologies, Inc.)
S3 cleanhlp; No ImagePath
S1 fwwfp; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Administrator at 2015-04-08 08:50:37
Running from T:\Users\Administrator\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1948536570-1018607628-4051628676-500\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
7LogonChanger 1.2 (HKLM\...\{E55EA905-E2BA-4C3E-8E05-1696E1A4F851}) (Version: 1.2 - Krishnanblr)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2215 - AVAST Software)
AVG PC TuneUp 2015 (en-US) (Version: 15.0.1001.403 - AVG Technologies) Hidden
BitTorrent (HKU\S-1-5-21-1948536570-1018607628-4051628676-500\...\BitTorrent) (Version: 7.9.2.38914 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Driver Booster 2 (HKLM\...\Driver Booster_is1) (Version: 2.0 - IObit)
Dropbox (HKU\S-1-5-21-1948536570-1018607628-4051628676-500\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FileAlyzer 2 (HKLM\...\{29D3773E-54F4-23C2-D523-236A4453B845}_is1) (Version: 2.0.5.57 - Safer Networking Limited)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HxD Hex Editor version 1.7.7.0 (HKLM\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.2.6.2 - IObit)
Java 7 Update 75 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217075FF}) (Version: 7.0.750 - Oracle)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MiniTool Power Data Recovery (HKLM\...\MiniTool Power Data Recovery_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version:  - )
RegRun Reanimator (HKLM\...\UnHackMe Update - Reanimator_is1) (Version:  - Greatis Software, LLC.)
Resource Hacker Version 3.6.0 (HKLM\...\ResourceHacker_is1) (Version:  - )
Smart Defrag 3 (HKLM\...\Smart Defrag 3_is1) (Version: 3.2 - IObit)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
Tweaking.com - Technicians Toolbox (HKLM\...\Tweaking.com - Technicians Toolbox) (Version: 1.0.0 - Tweaking.com)
Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.20 beta 4 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.4 - win.rar GmbH)
YTD Video Downloader 4.8.9 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.9 - GreenTree Applications SRL) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1948536570-1018607628-4051628676-500_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> T:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1948536570-1018607628-4051628676-500_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> T:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1948536570-1018607628-4051628676-500_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> T:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1948536570-1018607628-4051628676-500_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> T:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1948536570-1018607628-4051628676-500_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> T:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1948536570-1018607628-4051628676-500_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> T:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1948536570-1018607628-4051628676-500_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> T:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1948536570-1018607628-4051628676-500_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> T:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1948536570-1018607628-4051628676-500_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> T:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

02-04-2015 23:57:57 Windows Update
04-04-2015 11:18:51 Installed 7LogonChanger 1.2
05-04-2015 00:49:36 RegRun Virus Scan
05-04-2015 22:50:14 RegRun Virus Scan
05-04-2015 22:55:20 RegRun Virus Scan
07-04-2015 14:39:10 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2015-02-14 20:29 - 00000795 ____A T:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {15C62CA2-8981-40A1-8896-C17E4F711101} - \Driver Booster Update No Task File <==== ATTENTION
Task: {520E0C05-BA01-4A67-A635-567AB3BD61D1} - System32\Tasks\GoogleUpdateTaskMachineUA => T:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-20] (Google Inc.)
Task: {6130A763-8E13-4789-927B-79D3B9E3489E} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => T:\Program Files\AVG\AVG PC TuneUp\OneClick.exe
Task: {63C1FDBE-23A5-46A8-9003-6E39764E450A} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => T:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {6C650131-0518-43DD-A549-07C42FEA97BD} - System32\Tasks\GoogleUpdateTaskMachineCore => T:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-20] (Google Inc.)
Task: {77B4468F-CDED-450F-8E37-30D011E7F923} - \Driver Booster Scan No Task File <==== ATTENTION
Task: {7AC9262B-8B17-4CA6-A0AA-DF6D717F4629} - System32\Tasks\avast! Emergency Update => T:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-26] (Avast Software s.r.o.)
Task: {9A5E91C4-7A3A-483D-830B-C3494C521A6D} - \RealPlayer Cloud (32-bit)  No Task File <==== ATTENTION
Task: {A69934AE-5C6E-4C41-B250-49A399336A5C} - System32\Tasks\ASC7_SkipUac_AnThOnY => T:\Program Files\IObit\Advanced SystemCare 7\ASC.exe
Task: {B72F98F6-DF84-4CCC-9E39-B099F340AE11} - System32\Tasks\CCleanerSkipUAC => T:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {B8471DC1-B00D-4AAD-A314-F07043904526} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => T:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {C96340EA-EDF3-4104-B6DF-4CF9493D426D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => T:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {CE9DB0A2-D075-4E3E-82F4-C050DC5D6C39} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => T:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {CF055AB5-73A9-429E-8229-82F367AE42DC} - \Driver Booster SkipUAC (Administrator) No Task File <==== ATTENTION
Task: {E2711B04-116E-4E36-9D85-028570513589} - System32\Tasks\Uninstaller_SkipUac_Administrator => T:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)
Task: {EE08C181-A27D-43A2-BB04-EE74D948C03A} - \Driver Booster SkipUAC (AnThOnY) No Task File <==== ATTENTION
Task: {F93DF039-F72B-4318-A764-1AEB11FF5E0B} - System32\Tasks\Adobe Flash Player Updater => T:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-02] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: T:\Windows\Tasks\avast! Emergency Update.job => T:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: T:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => T:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: T:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => T:\Program Files\Google\Update\GoogleUpdate.exe
Task: T:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => T:\Program Files\Google\Update\GoogleUpdate.exe
Task: T:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => T:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: T:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => T:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: T:\Windows\Tasks\UnHackMe Task Scheduler.job => T:\Program Files\UnHackMe\hackmon.exe$(Arg0)Greatis Software, LLC.?Part of RegRun Suite/UnHackMe software. http:/www.greatis.com
Task: T:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job => T:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-26 18:05 - 2015-03-26 18:05 - 00104400 _____ () T:\Program Files\AVAST Software\Avast\log.dll
2015-03-26 18:05 - 2015-03-26 18:05 - 00081728 _____ () T:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-07 16:08 - 2015-04-07 16:08 - 02924544 _____ () T:\Program Files\AVAST Software\Avast\defs\15040701\algo.dll
2015-04-08 08:21 - 2015-04-08 08:21 - 02925056 _____ () T:\Program Files\AVAST Software\Avast\defs\15040801\algo.dll
2015-03-03 21:35 - 2014-05-13 13:04 - 00109400 _____ () T:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-03-03 21:35 - 2014-05-13 13:04 - 00416600 _____ () T:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-03-03 21:35 - 2014-05-13 13:04 - 00167768 _____ () T:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-03-03 21:35 - 2012-08-23 11:38 - 00574840 _____ () T:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-03-03 21:35 - 2012-04-03 18:06 - 00565640 _____ () T:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-03-19 11:46 - 2015-03-19 11:46 - 38327808 _____ () T:\Program Files\AVAST Software\Avast\libcef.dll
2015-04-08 01:41 - 2015-04-08 01:43 - 02208768 _____ () T:\Users\Administrator\Desktop\adwcleaner_4.200.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\19035463.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\41800603.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\62433212.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\96717948.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\19035463.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\41800603.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\62433212.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\96717948.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR430 => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1948536570-1018607628-4051628676-500\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.7.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AlcxMonitor => alcxmntr.exe
MSCONFIG\startupreg: BitTorrent => "T:\Users\Administrator\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: SUPERAntiSpyware => T:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: uTorrent => "T:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

==================== Accounts: =============================

Administrator (S-1-5-21-1948536570-1018607628-4051628676-500 - Administrator - Enabled) => T:\Users\Administrator
AnThOnY (S-1-5-21-1948536570-1018607628-4051628676-1001 - Administrator - Enabled) => T:\Users\AnThOnY
Guest (S-1-5-21-1948536570-1018607628-4051628676-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: VIA Rhine II Compatible Fast Ethernet Adapter
Description: VIA Rhine II Compatible Fast Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VIA Technologies, Inc.
Service: FETNDIS
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/08/2015 08:19:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2015 01:44:55 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program RogueKiller.exe because of this error.

Program: RogueKiller.exe
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (04/08/2015 01:44:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RogueKiller.exe, version: 10.5.9.0, time stamp: 0x5523d586
Faulting module name: RogueKiller.exe, version: 10.5.9.0, time stamp: 0x5523d586
Exception code: 0xc000001d
Fault offset: 0x001c91e0
Faulting process id: 0xf4c
Faulting application start time: 0xRogueKiller.exe0
Faulting application path: RogueKiller.exe1
Faulting module path: RogueKiller.exe2
Report Id: RogueKiller.exe3

Error: (04/08/2015 01:38:44 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program RogueKiller.exe because of this error.

Program: RogueKiller.exe
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (04/08/2015 01:38:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RogueKiller.exe, version: 10.5.9.0, time stamp: 0x5523d586
Faulting module name: RogueKiller.exe, version: 10.5.9.0, time stamp: 0x5523d586
Exception code: 0xc000001d
Fault offset: 0x001c91e0
Faulting process id: 0xffc
Faulting application start time: 0xRogueKiller.exe0
Faulting application path: RogueKiller.exe1
Faulting module path: RogueKiller.exe2
Report Id: RogueKiller.exe3

Error: (04/07/2015 10:25:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.1.5570, time stamp: 0x551e23ee
Faulting module name: mozalloc.dll, version: 37.0.1.5570, time stamp: 0x551e1536
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0xe94
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (04/07/2015 00:01:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2015 11:26:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.1.5570, time stamp: 0x551e23ee
Faulting module name: mozalloc.dll, version: 37.0.1.5570, time stamp: 0x551e1536
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x948
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (04/05/2015 10:51:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1032.

Error: (04/05/2015 10:51:29 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Catalog Database (1264) Catalog Database: An attempt to open the file "T:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (04/08/2015 08:19:26 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
fwwfp

Error: (04/07/2015 10:04:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/07/2015 00:01:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
fwwfp

Error: (04/06/2015 11:25:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/05/2015 07:50:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
fwwfp

Error: (04/05/2015 07:49:27 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:45:16 PM on ‎4/‎5/‎2015 was unexpected.

Error: (04/05/2015 06:28:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/05/2015 06:27:29 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error:
%%1056

Error: (04/05/2015 06:25:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 3 time(s).

Error: (04/05/2015 06:25:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 3 time(s).


Microsoft Office Sessions:
=========================
Error: (04/08/2015 08:19:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2015 01:44:55 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: RogueKiller.exe000000000

Error: (04/08/2015 01:44:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: RogueKiller.exe10.5.9.05523d586RogueKiller.exe10.5.9.05523d586c000001d001c91e0f4c01d071d845719fafT:\Users\Administrator\Desktop\RogueKiller.exeT:\Users\Administrator\Desktop\RogueKiller.exe8734d3df-ddcb-11e4-93b4-d73a7cd6de02

Error: (04/08/2015 01:38:44 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: RogueKiller.exe000000000

Error: (04/08/2015 01:38:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: RogueKiller.exe10.5.9.05523d586RogueKiller.exe10.5.9.05523d586c000001d001c91e0ffc01d071d7657e72fcT:\Users\Administrator\Desktop\RogueKiller.exeT:\Users\Administrator\Desktop\RogueKiller.exea9d2cb52-ddca-11e4-93b4-d73a7cd6de02

Error: (04/07/2015 10:25:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.1.5570551e23eemozalloc.dll37.0.1.5570551e15368000000300001aa1e9401d0719a708a5976T:\Program Files\Mozilla Firefox\plugin-container.exeT:\Program Files\Mozilla Firefox\mozalloc.dllb07cea22-ddaf-11e4-93b4-d73a7cd6de02

Error: (04/07/2015 00:01:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2015 11:26:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.1.5570551e23eemozalloc.dll37.0.1.5570551e15368000000300001aa194801d070971e009910T:\Program Files\Mozilla Firefox\plugin-container.exeT:\Program Files\Mozilla Firefox\mozalloc.dll6d60bc80-dc8a-11e4-b762-0011d81857fb

Error: (04/05/2015 10:51:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -1032

Error: (04/05/2015 10:51:29 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Catalog Database1264Catalog Database: T:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.


CodeIntegrity Errors:
===================================
  Date: 2014-09-18 15:19:50.074
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\$WINDOWS.~BT\Windows\WinSxS\x86_microsoft-windows-d..ellman_software_csp_31bf3856ad364e35_6.3.9600.16384_none_d098800aa07e4294\dssenh.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-18 15:19:50.027
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\$WINDOWS.~BT\Windows\WinSxS\x86_microsoft-windows-d..ellman_software_csp_31bf3856ad364e35_6.3.9600.16384_none_d098800aa07e4294\dssenh.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-18 15:19:49.996
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\$WINDOWS.~BT\Windows\WinSxS\x86_microsoft-windows-d..ellman_software_csp_31bf3856ad364e35_6.3.9600.16384_none_d098800aa07e4294\dssenh.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-18 15:19:49.933
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\$WINDOWS.~BT\Windows\WinSxS\x86_microsoft-windows-d..ellman_software_csp_31bf3856ad364e35_6.3.9600.16384_none_d098800aa07e4294\dssenh.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-18 14:58:31.847
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\$WINDOWS.~BT\Windows\WinSxS\x86_microsoft-windows-openwith_31bf3856ad364e35_6.3.9600.16384_none_01c093338e4d7ad8\OpenWith.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-18 14:58:30.463
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\$WINDOWS.~BT\Windows\WinSxS\x86_microsoft-windows-openwith_31bf3856ad364e35_6.3.9600.16384_none_01c093338e4d7ad8\OpenWith.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-18 14:58:29.495
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\$WINDOWS.~BT\Windows\WinSxS\x86_microsoft-windows-openwith_31bf3856ad364e35_6.3.9600.16384_none_01c093338e4d7ad8\OpenWith.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-18 14:58:28.555
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\$WINDOWS.~BT\Windows\WinSxS\x86_microsoft-windows-openwith_31bf3856ad364e35_6.3.9600.16384_none_01c093338e4d7ad8\OpenWith.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-18 14:53:35.154
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\$WINDOWS.~BT\Windows\WinSxS\x86_microsoft-windows-rpc-remote-extension_31bf3856ad364e35_6.3.9600.16384_none_5dea75a18da545da\RpcRtRemote.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-18 14:53:35.138
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\$WINDOWS.~BT\Windows\WinSxS\x86_microsoft-windows-rpc-remote-extension_31bf3856ad364e35_6.3.9600.16384_none_5dea75a18da545da\RpcRtRemote.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon™ XP 3200+
Percentage of memory in use: 73%
Total physical RAM: 959.55 MB
Available physical RAM: 257.1 MB
Total Pagefile: 1983.55 MB
Available Pagefile: 1104.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:9.77 GB) (Free:3.86 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive t: (bleepOfF) (Fixed) (Total:117.19 GB) (Free:72.45 GB) NTFS
Drive z: (New Volume) (Fixed) (Total:804.55 GB) (Free:400.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0DF90DF8)
Partition 1: (Active) - (Size=9.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=117.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=804.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:06 PM

Posted 09 April 2015 - 07:15 AM


Remove this Video Downloader using the Add/Remove programs applet.
YTD Video Downloader 4.8.9 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.9 - GreenTree Applications SRL) <==== ATTENTION
===



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

SearchScopes: HKU\S-1-5-21-1948536570-1018607628-4051628676-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF user.js: detected! => T:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\4pre0k5n.default\user.js [2015-04-02]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - T:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-19]
S4 RealPlayer Cloud Service; No ImagePath
S3 cleanhlp; No ImagePath
S1 fwwfp; No ImagePath

Task: {15C62CA2-8981-40A1-8896-C17E4F711101} - \Driver Booster Update No Task File <==== ATTENTION
Task: {77B4468F-CDED-450F-8E37-30D011E7F923} - \Driver Booster Scan No Task File <==== ATTENTION
Task: {9A5E91C4-7A3A-483D-830B-C3494C521A6D} - \RealPlayer Cloud (32-bit)  No Task File <==== ATTENTION
Task: {CF055AB5-73A9-429E-8229-82F367AE42DC} - \Driver Booster SkipUAC (Administrator) No Task File <==== ATTENTION
Task: {EE08C181-A27D-43A2-BB04-EE74D948C03A} - \Driver Booster SkipUAC (AnThOnY) No Task File <==== ATTENTION

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Run the AdwCleaner tool and clean everything that will be found.

===

How is the computer running now?

#5 ag.dabears

ag.dabears
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dinuba, Ca
  • Local time:08:06 PM

Posted 09 April 2015 - 12:45 PM

Is youtube downloader a backdoor trojan? RegRun Renaimanator keeps on telling me it is malicious program but i never removed it.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Administrator at 2015-04-09 10:37:38 Run:1
Running from T:\Users\Administrator\Desktop\FRST
Loaded Profiles: Administrator (Available profiles: AnThOnY & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start

CloseProcesses:

SearchScopes: HKU\S-1-5-21-1948536570-1018607628-4051628676-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF user.js: detected! => T:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\4pre0k5n.default\user.js [2015-04-02]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - T:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-19]
S4 RealPlayer Cloud Service; No ImagePath
S3 cleanhlp; No ImagePath
S1 fwwfp; No ImagePath

Task: {15C62CA2-8981-40A1-8896-C17E4F711101} - \Driver Booster Update No Task File <==== ATTENTION
Task: {77B4468F-CDED-450F-8E37-30D011E7F923} - \Driver Booster Scan No Task File <==== ATTENTION
Task: {9A5E91C4-7A3A-483D-830B-C3494C521A6D} - \RealPlayer Cloud (32-bit)  No Task File <==== ATTENTION
Task: {CF055AB5-73A9-429E-8229-82F367AE42DC} - \Driver Booster SkipUAC (Administrator) No Task File <==== ATTENTION
Task: {EE08C181-A27D-43A2-BB04-EE74D948C03A} - \Driver Booster SkipUAC (AnThOnY) No Task File <==== ATTENTION

End
*****************

Processes closed successfully.
"HKU\S-1-5-21-1948536570-1018607628-4051628676-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
T:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\4pre0k5n.default\user.js => not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => Key deleted successfully.
Could not move "T:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
RealPlayer Cloud Service => Service deleted successfully.
cleanhlp => Service deleted successfully.
fwwfp => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{15C62CA2-8981-40A1-8896-C17E4F711101}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15C62CA2-8981-40A1-8896-C17E4F711101}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{77B4468F-CDED-450F-8E37-30D011E7F923}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77B4468F-CDED-450F-8E37-30D011E7F923}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scan" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A5E91C4-7A3A-483D-830B-C3494C521A6D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A5E91C4-7A3A-483D-830B-C3494C521A6D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayer Cloud (32-bit) " => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF055AB5-73A9-429E-8229-82F367AE42DC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF055AB5-73A9-429E-8229-82F367AE42DC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Administrator)" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE08C181-A27D-43A2-BB04-EE74D948C03A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE08C181-A27D-43A2-BB04-EE74D948C03A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (AnThOnY)" => Key deleted successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-09 10:39:40)<=

"T:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => File could not move.

==== End of Fixlog 10:39:41 ====



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:06 PM

Posted 10 April 2015 - 06:57 AM

It it considered malware
Read about it.
http://www.systemlookup.com/search.php?type=clsid&client=malwaresearch-chrome&search=F3FEE66E-E034-436A-86E4-9690573BEE8A

The AdwCleaner tool reports it also.

Your call if you want to keep it.
===

How is the computer running now?

#7 ag.dabears

ag.dabears
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dinuba, Ca
  • Local time:08:06 PM

Posted 10 April 2015 - 01:08 PM

its running much better thankz.. for my first log i posted from regrun do i have a zeroaccess rootkit?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:06 PM

Posted 11 April 2015 - 08:26 AM

Try to run the RogueKiller tool. Right click on the .exe file and run as an Administrator.

If the tool is blocked run this ZeroAccess removal tool from AVG.


http://free.avg.com/ca-en/remove-win32-zeroacces

Follow the instructions on the page.

Download the executable file rmzeroaccess.exe
Then run the tool for removal of infected files. The tool will automatically scan all available discs and will try to heal the infected files. If an active virus is found in memory, the tool will ask the user to reboot the computer. Healing will be performed during operating system boot-up sequence, so any active virus cannot interfere with the healing process.


Keep me posted.

#9 ag.dabears

ag.dabears
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dinuba, Ca
  • Local time:08:06 PM

Posted 13 April 2015 - 06:47 PM

roguekiller still will not run im gonna try the avg zeroaccess removal



#10 ag.dabears

ag.dabears
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dinuba, Ca
  • Local time:08:06 PM

Posted 13 April 2015 - 10:35 PM

avg found no infected files as well as symantec zeroaccess removal tool didnt find any



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:06 PM

Posted 14 April 2015 - 08:13 AM

How is the computer running.

#12 ag.dabears

ag.dabears
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dinuba, Ca
  • Local time:08:06 PM

Posted 18 April 2015 - 03:09 AM

its running a little better but at times firefox or svchost.exe seem to run at a high memory and computer freezes



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:06 PM

Posted 18 April 2015 - 08:36 AM

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

One question, are you overclocking this computer?

Wait for further instructions.

#14 ag.dabears

ag.dabears
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dinuba, Ca
  • Local time:08:06 PM

Posted 20 April 2015 - 11:33 PM

10:39:34.0063 0x0830  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
10:39:38.0245 0x0830  ============================================================
10:39:38.0245 0x0830  Current date / time: 2015/04/20 10:39:38.0245
10:39:38.0245 0x0830  SystemInfo:
10:39:38.0245 0x0830  
10:39:38.0245 0x0830  OS Version: 6.1.7601 ServicePack: 1.0
10:39:38.0245 0x0830  Product type: Workstation
10:39:38.0246 0x0830  ComputerName: ANTHONY-PC
10:39:38.0247 0x0830  UserName: Administrator
10:39:38.0247 0x0830  Windows directory: T:\Windows
10:39:38.0247 0x0830  System windows directory: T:\Windows
10:39:38.0247 0x0830  Processor architecture: Intel x86
10:39:38.0247 0x0830  Number of processors: 1
10:39:38.0247 0x0830  Page size: 0x1000
10:39:38.0247 0x0830  Boot type: Normal boot
10:39:38.0247 0x0830  ============================================================
10:39:40.0129 0x0830  KLMD registered as T:\Windows\system32\drivers\19396352.sys
10:39:40.0704 0x0830  System UUID: {947F09A5-D810-E8E0-F9FC-BD7EE78BF14F}
10:39:42.0838 0x0830  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
10:39:43.0187 0x0830  ============================================================
10:39:43.0187 0x0830  \Device\Harddisk0\DR0:
10:39:43.0187 0x0830  MBR partitions:
10:39:43.0188 0x0830  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1389D71
10:39:43.0188 0x0830  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1389DB0, BlocksNum 0xEA601E0
10:39:43.0188 0x0830  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xFDE9F90, BlocksNum 0x6491B680
10:39:43.0188 0x0830  ============================================================
10:39:43.0220 0x0830  C: <-> \Device\Harddisk0\DR0\Partition1
10:39:43.0258 0x0830  T: <-> \Device\Harddisk0\DR0\Partition2
10:39:43.0521 0x0830  Z: <-> \Device\Harddisk0\DR0\Partition3
10:39:43.0522 0x0830  ============================================================
10:39:43.0522 0x0830  Initialize success
10:39:43.0522 0x0830  ============================================================
10:39:45.0135 0x0f08  ============================================================
10:39:45.0135 0x0f08  Scan started
10:39:45.0135 0x0f08  Mode: Manual;
10:39:45.0135 0x0f08  ============================================================
10:39:45.0135 0x0f08  KSN ping started
10:39:48.0226 0x0f08  KSN ping finished: true
10:39:49.0953 0x0f08  ================ Scan system memory ========================
10:39:49.0953 0x0f08  System memory - ok
10:39:49.0962 0x0f08  ================ Scan services =============================
10:39:50.0065 0x0f08  [ 72D6D8E2D4F82C6E829125C7EC2A88F9, F357CFC3D04EB3F8E1A504D531D099698C6E2B29EB6CEDF75C08BF8917C46573 ] !SASCORE        T:\Program Files\SUPERAntiSpyware\SASCORE.EXE
10:39:50.0074 0x0f08  !SASCORE - ok
10:39:50.0423 0x0f08  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        T:\Windows\system32\DRIVERS\1394ohci.sys
10:39:50.0435 0x0f08  1394ohci - ok
10:39:50.0504 0x0f08  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            T:\Windows\system32\drivers\ACPI.sys
10:39:50.0526 0x0f08  ACPI - ok
10:39:50.0593 0x0f08  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         T:\Windows\system32\drivers\acpipmi.sys
10:39:50.0598 0x0f08  AcpiPmi - ok
10:39:50.0688 0x0f08  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         T:\Windows\system32\drivers\adp94xx.sys
10:39:50.0710 0x0f08  adp94xx - ok
10:39:50.0813 0x0f08  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         T:\Windows\system32\drivers\adpahci.sys
10:39:50.0831 0x0f08  adpahci - ok
10:39:50.0890 0x0f08  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         T:\Windows\system32\drivers\adpu320.sys
10:39:50.0936 0x0f08  adpu320 - ok
10:39:50.0997 0x0f08  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     T:\Windows\System32\aelupsvc.dll
10:39:51.0056 0x0f08  AeLookupSvc - ok
10:39:51.0164 0x0f08  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             T:\Windows\system32\drivers\afd.sys
10:39:51.0184 0x0f08  AFD - ok
10:39:51.0439 0x0f08  [ 7E10E3BB9B258AD8A9300F91214D67B9, CE5FAD7BF78234B64EAADF64DB23F3C342AADB9C5E3B0168E57863F494F30318 ] AgereSoftModem  T:\Windows\system32\DRIVERS\AGRSM.sys
10:39:51.0530 0x0f08  AgereSoftModem - ok
10:39:51.0616 0x0f08  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         T:\Windows\system32\drivers\djsvs.sys
10:39:51.0667 0x0f08  aic78xx - ok
10:39:52.0073 0x0f08  [ 7997B6F02CBDA0E31FA18CC85871B938, 1960717C0328ADCEDEEF281FB98E1DD899BFFF9FBEC025B732E20D9E9F3A956B ] ALCXWDM         T:\Windows\system32\drivers\RTKVAC.SYS
10:39:52.0620 0x0f08  ALCXWDM - ok
10:39:52.0767 0x0f08  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             T:\Windows\System32\alg.exe
10:39:52.0791 0x0f08  ALG - ok
10:39:52.0843 0x0f08  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          T:\Windows\system32\drivers\aliide.sys
10:39:52.0846 0x0f08  aliide - ok
10:39:52.0916 0x0f08  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          T:\Windows\system32\drivers\amdagp.sys
10:39:52.0922 0x0f08  amdagp - ok
10:39:52.0952 0x0f08  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          T:\Windows\system32\drivers\amdide.sys
10:39:52.0956 0x0f08  amdide - ok
10:39:52.0999 0x0f08  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           T:\Windows\system32\drivers\amdk8.sys
10:39:53.0006 0x0f08  AmdK8 - ok
10:39:53.0040 0x0f08  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          T:\Windows\system32\DRIVERS\amdppm.sys
10:39:53.0057 0x0f08  AmdPPM - ok
10:39:53.0103 0x0f08  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         T:\Windows\system32\drivers\amdsata.sys
10:39:53.0110 0x0f08  amdsata - ok
10:39:53.0146 0x0f08  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          T:\Windows\system32\drivers\amdsbs.sys
10:39:53.0156 0x0f08  amdsbs - ok
10:39:53.0231 0x0f08  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         T:\Windows\system32\drivers\amdxata.sys
10:39:53.0237 0x0f08  amdxata - ok
10:39:53.0287 0x0f08  [ 81F97D8F8B3FB94A451CC6F7CF8B2965, 8DEBA4E47E1016D69740C0BB7CDD23852D86E0D42C1C1EA5A847ECB115C38CB1 ] AppID           T:\Windows\system32\drivers\appid.sys
10:39:53.0291 0x0f08  AppID - ok
10:39:53.0333 0x0f08  [ F5090F8FA6757C58E17BAEAA86093636, 5E14CF3032DF5801240F45C59AA93962EA41AA5648A0C6458D16D9B9D95A131F ] AppIDSvc        T:\Windows\System32\appidsvc.dll
10:39:53.0336 0x0f08  AppIDSvc - ok
10:39:53.0387 0x0f08  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         T:\Windows\System32\appinfo.dll
10:39:53.0419 0x0f08  Appinfo - ok
10:39:53.0492 0x0f08  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         T:\Windows\System32\appmgmts.dll
10:39:53.0501 0x0f08  AppMgmt - ok
10:39:53.0534 0x0f08  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             T:\Windows\system32\drivers\arc.sys
10:39:53.0540 0x0f08  arc - ok
10:39:53.0573 0x0f08  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          T:\Windows\system32\drivers\arcsas.sys
10:39:53.0581 0x0f08  arcsas - ok
10:39:53.0798 0x0f08  [ 537B2948976F5D9B5767B74A63EBB395, 1A14F8B582E74AD15B612EDA5B707AA3CB0B2A107ED14572B4232EAA7383B634 ] aspnet_state    T:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:39:53.0864 0x0f08  aspnet_state - ok
10:39:53.0923 0x0f08  [ FE99FCB91E93BC4A7E222928A06411DE, C0F9A2A6324B17D435A7C62EB133E3E529D5622ED83C65E48F092CAB79D9A787 ] aswHwid         T:\Windows\system32\drivers\aswHwid.sys
10:39:53.0929 0x0f08  aswHwid - ok
10:39:53.0973 0x0f08  [ 5D70C1C6C61C5A034BD086AD219A0237, 318C3CC5AF2A4B99C6C3938B36C95ECA63EABC5E93A2A3D7C729BA0BF191CDF1 ] aswMonFlt       T:\Windows\system32\drivers\aswMonFlt.sys
10:39:53.0990 0x0f08  aswMonFlt - ok
10:39:54.0041 0x0f08  [ 456106F51D03D99A8C65BFC0E37E3D0B, AC616957C299DF452E37ACB1C77F20A50AD4B23AD07BF09951817EF8B460A6D6 ] aswRdr          T:\Windows\system32\drivers\aswRdr2.sys
10:39:54.0054 0x0f08  aswRdr - ok
10:39:54.0095 0x0f08  [ 74E84C8CEB52042E8A1EA3104D151843, B9D1ADC6A0FF31EE18E2EECCCC3D98C41FAE9E37295A0F555DAB59D0B6028A6E ] aswRvrt         T:\Windows\system32\drivers\aswRvrt.sys
10:39:54.0103 0x0f08  aswRvrt - ok
10:39:54.0286 0x0f08  [ 48FA0C8E04A37A619C894A1C02D5AB96, F79C7252D0C578F827EED28630D97F2B5E3B361F920AF626343D8A71CDD86288 ] aswSnx          T:\Windows\system32\drivers\aswSnx.sys
10:39:54.0320 0x0f08  aswSnx - ok
10:39:54.0403 0x0f08  [ 2AB454C9C10C427738426C06D3749361, BC604BC9006CF52520FA962055F391A806B7452639640F13516B151E34517643 ] aswSP           T:\Windows\system32\drivers\aswSP.sys
10:39:54.0438 0x0f08  aswSP - ok
10:39:54.0481 0x0f08  [ F7D2CE852966935E2F85C3DB4D50D3A5, BE41E9849380BC047B145B8AC7A402C223A901D39CA349F5D2A070C890B7DCE6 ] aswStm          T:\Windows\system32\drivers\aswStm.sys
10:39:54.0561 0x0f08  aswStm - ok
10:39:54.0613 0x0f08  [ 0AE22EAD6B30E448160338E708BCB71D, 4657A7C60635B916FFBC0A731D52E944FDDE6B052AD0DBD0848C3C7A5C15DD0D ] aswVmm          T:\Windows\system32\drivers\aswVmm.sys
10:39:54.0625 0x0f08  aswVmm - ok
10:39:54.0676 0x0f08  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        T:\Windows\system32\DRIVERS\asyncmac.sys
10:39:54.0681 0x0f08  AsyncMac - ok
10:39:54.0731 0x0f08  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           T:\Windows\system32\drivers\atapi.sys
10:39:54.0734 0x0f08  atapi - ok
10:39:54.0803 0x0f08  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder T:\Windows\System32\Audiosrv.dll
10:39:54.0827 0x0f08  AudioEndpointBuilder - ok
10:39:54.0907 0x0f08  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv        T:\Windows\System32\Audiosrv.dll
10:39:54.0935 0x0f08  Audiosrv - ok
10:39:55.0036 0x0f08  [ 210A326658D72D7F2EE2267F3D9C44D4, 25BC620209B5F4BCF5C3F323290E41255F68660F3DFF901FA5A78423A7293D73 ] avast! Antivirus T:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:39:55.0056 0x0f08  avast! Antivirus - ok
10:39:55.0115 0x0f08  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        T:\Windows\System32\AxInstSV.dll
10:39:55.0123 0x0f08  AxInstSV - ok
10:39:55.0210 0x0f08  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         T:\Windows\system32\drivers\bxvbdx.sys
10:39:55.0233 0x0f08  b06bdrv - ok
10:39:55.0290 0x0f08  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        T:\Windows\system32\DRIVERS\b57nd60x.sys
10:39:55.0304 0x0f08  b57nd60x - ok
10:39:55.0362 0x0f08  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          T:\Windows\System32\bdesvc.dll
10:39:55.0369 0x0f08  BDESVC - ok
10:39:55.0408 0x0f08  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            T:\Windows\system32\drivers\Beep.sys
10:39:55.0412 0x0f08  Beep - ok
10:39:55.0524 0x0f08  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             T:\Windows\System32\bfe.dll
10:39:55.0558 0x0f08  BFE - ok
10:39:55.0633 0x0f08  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            T:\Windows\System32\qmgr.dll
10:39:55.0706 0x0f08  BITS - ok
10:39:55.0755 0x0f08  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        T:\Windows\system32\DRIVERS\blbdrive.sys
10:39:55.0768 0x0f08  blbdrive - ok
10:39:55.0822 0x0f08  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          T:\Windows\system32\DRIVERS\bowser.sys
10:39:55.0842 0x0f08  bowser - ok
10:39:55.0883 0x0f08  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        T:\Windows\system32\drivers\BrFiltLo.sys
10:39:55.0887 0x0f08  BrFiltLo - ok
10:39:55.0922 0x0f08  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        T:\Windows\system32\drivers\BrFiltUp.sys
10:39:55.0930 0x0f08  BrFiltUp - ok
10:39:56.0017 0x0f08  [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP        T:\Windows\system32\DRIVERS\bridge.sys
10:39:56.0039 0x0f08  BridgeMP - ok
10:39:56.0091 0x0f08  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         T:\Windows\System32\browser.dll
10:39:56.0108 0x0f08  Browser - ok
10:39:56.0222 0x0f08  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         T:\Windows\System32\Drivers\Brserid.sys
10:39:56.0253 0x0f08  Brserid - ok
10:39:56.0285 0x0f08  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        T:\Windows\System32\Drivers\BrSerWdm.sys
10:39:56.0290 0x0f08  BrSerWdm - ok
10:39:56.0338 0x0f08  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        T:\Windows\System32\Drivers\BrUsbMdm.sys
10:39:56.0342 0x0f08  BrUsbMdm - ok
10:39:56.0372 0x0f08  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        T:\Windows\System32\Drivers\BrUsbSer.sys
10:39:56.0375 0x0f08  BrUsbSer - ok
10:39:56.0405 0x0f08  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        T:\Windows\system32\drivers\bthmodem.sys
10:39:56.0410 0x0f08  BTHMODEM - ok
10:39:56.0476 0x0f08  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         T:\Windows\system32\bthserv.dll
10:39:56.0487 0x0f08  bthserv - ok
10:39:56.0544 0x0f08  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            T:\Windows\system32\DRIVERS\cdfs.sys
10:39:56.0552 0x0f08  cdfs - ok
10:39:56.0607 0x0f08  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           T:\Windows\system32\DRIVERS\cdrom.sys
10:39:56.0631 0x0f08  cdrom - ok
10:39:56.0682 0x0f08  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     T:\Windows\System32\certprop.dll
10:39:56.0689 0x0f08  CertPropSvc - ok
10:39:56.0717 0x0f08  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        T:\Windows\system32\drivers\circlass.sys
10:39:56.0722 0x0f08  circlass - ok
10:39:56.0806 0x0f08  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            T:\Windows\system32\CLFS.sys
10:39:56.0822 0x0f08  CLFS - ok
10:39:56.0916 0x0f08  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 T:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:39:56.0927 0x0f08  clr_optimization_v2.0.50727_32 - ok
10:39:56.0993 0x0f08  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 T:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:39:57.0094 0x0f08  clr_optimization_v4.0.30319_32 - ok
10:39:57.0167 0x0f08  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          T:\Windows\system32\drivers\CmBatt.sys
10:39:57.0172 0x0f08  CmBatt - ok
10:39:57.0204 0x0f08  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          T:\Windows\system32\drivers\cmdide.sys
10:39:57.0214 0x0f08  cmdide - ok
10:39:57.0299 0x0f08  [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG             T:\Windows\system32\Drivers\cng.sys
10:39:57.0320 0x0f08  CNG - ok
10:39:57.0374 0x0f08  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        T:\Windows\system32\drivers\compbatt.sys
10:39:57.0377 0x0f08  Compbatt - ok
10:39:57.0432 0x0f08  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    T:\Windows\system32\DRIVERS\CompositeBus.sys
10:39:57.0437 0x0f08  CompositeBus - ok
10:39:57.0485 0x0f08  COMSysApp - ok
10:39:57.0528 0x0f08  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         T:\Windows\system32\drivers\crcdisk.sys
10:39:57.0554 0x0f08  crcdisk - ok
10:39:57.0618 0x0f08  [ 49474B3E37969AF4B5C076F42B623AFF, BDA6B57E9B60EF1B67C74099263D33A367AAA035667239F76AB8B268FD3E8F23 ] CryptSvc        T:\Windows\system32\cryptsvc.dll
10:39:57.0627 0x0f08  CryptSvc - ok
10:39:57.0698 0x0f08  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             T:\Windows\system32\drivers\csc.sys
10:39:57.0717 0x0f08  CSC - ok
10:39:57.0785 0x0f08  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      T:\Windows\System32\cscsvc.dll
10:39:57.0833 0x0f08  CscService - ok
10:39:57.0918 0x0f08  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      T:\Windows\system32\rpcss.dll
10:39:57.0953 0x0f08  DcomLaunch - ok
10:39:58.0009 0x0f08  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       T:\Windows\System32\defragsvc.dll
10:39:58.0024 0x0f08  defragsvc - ok
10:39:58.0060 0x0f08  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            T:\Windows\system32\Drivers\dfsc.sys
10:39:58.0086 0x0f08  DfsC - ok
10:39:58.0196 0x0f08  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            T:\Windows\system32\dhcpcore.dll
10:39:58.0219 0x0f08  Dhcp - ok
10:39:58.0258 0x0f08  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        T:\Windows\system32\drivers\discache.sys
10:39:58.0262 0x0f08  discache - ok
10:39:58.0348 0x0f08  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            T:\Windows\system32\drivers\disk.sys
10:39:58.0354 0x0f08  Disk - ok
10:39:58.0409 0x0f08  [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc           T:\Windows\system32\drivers\dmvsc.sys
10:39:58.0426 0x0f08  dmvsc - ok
10:39:58.0475 0x0f08  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        T:\Windows\System32\dnsrslvr.dll
10:39:58.0485 0x0f08  Dnscache - ok
10:39:58.0569 0x0f08  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         T:\Windows\System32\dot3svc.dll
10:39:58.0583 0x0f08  dot3svc - ok
10:39:58.0650 0x0f08  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             T:\Windows\system32\dps.dll
10:39:58.0661 0x0f08  DPS - ok
10:39:58.0711 0x0f08  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         T:\Windows\system32\drivers\drmkaud.sys
10:39:58.0715 0x0f08  drmkaud - ok
10:39:58.0821 0x0f08  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         T:\Windows\System32\drivers\dxgkrnl.sys
10:39:58.0963 0x0f08  DXGKrnl - ok
10:39:59.0030 0x0f08  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         T:\Windows\System32\eapsvc.dll
10:39:59.0039 0x0f08  EapHost - ok
10:39:59.0309 0x0f08  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           T:\Windows\system32\drivers\evbdx.sys
10:39:59.0519 0x0f08  ebdrv - ok
10:39:59.0701 0x0f08  [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] EFS             T:\Windows\System32\lsass.exe
10:39:59.0708 0x0f08  EFS - ok
10:39:59.0802 0x0f08  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         T:\Windows\ehome\ehRecvr.exe
10:39:59.0830 0x0f08  ehRecvr - ok
10:39:59.0883 0x0f08  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         T:\Windows\ehome\ehsched.exe
10:39:59.0890 0x0f08  ehSched - ok
10:39:59.0982 0x0f08  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         T:\Windows\system32\drivers\elxstor.sys
10:40:00.0011 0x0f08  elxstor - ok
10:40:00.0069 0x0f08  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          T:\Windows\system32\drivers\errdev.sys
10:40:00.0080 0x0f08  ErrDev - ok
10:40:00.0229 0x0f08  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     T:\Windows\system32\es.dll
10:40:00.0246 0x0f08  EventSystem - ok
10:40:00.0306 0x0f08  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           T:\Windows\system32\drivers\exfat.sys
10:40:00.0316 0x0f08  exfat - ok
10:40:00.0453 0x0f08  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         T:\Windows\system32\drivers\fastfat.sys
10:40:00.0466 0x0f08  fastfat - ok
10:40:00.0548 0x0f08  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             T:\Windows\system32\fxssvc.exe
10:40:00.0583 0x0f08  Fax - ok
10:40:00.0632 0x0f08  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             T:\Windows\system32\drivers\fdc.sys
10:40:00.0636 0x0f08  fdc - ok
10:40:00.0685 0x0f08  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         T:\Windows\system32\fdPHost.dll
10:40:00.0712 0x0f08  fdPHost - ok
10:40:00.0748 0x0f08  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        T:\Windows\system32\fdrespub.dll
10:40:00.0754 0x0f08  FDResPub - ok
10:40:00.0826 0x0f08  [ F5CB6CB6D12F495516BE27CFFCCDE4BF, 52F61636E9C7CD967A78DC4401C4CF7D7768B9C940F1DCC01EB4DD1A48837E89 ] FETNDIS         T:\Windows\system32\DRIVERS\fetnd6.sys
10:40:00.0832 0x0f08  FETNDIS - ok
10:40:00.0875 0x0f08  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        T:\Windows\system32\drivers\fileinfo.sys
10:40:00.0881 0x0f08  FileInfo - ok
10:40:00.0918 0x0f08  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       T:\Windows\system32\drivers\filetrace.sys
10:40:00.0924 0x0f08  Filetrace - ok
10:40:00.0963 0x0f08  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        T:\Windows\system32\drivers\flpydisk.sys
10:40:00.0967 0x0f08  flpydisk - ok
10:40:01.0032 0x0f08  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          T:\Windows\system32\drivers\fltmgr.sys
10:40:01.0053 0x0f08  FltMgr - ok
10:40:01.0217 0x0f08  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       T:\Windows\system32\FntCache.dll
10:40:01.0266 0x0f08  FontCache - ok
10:40:01.0352 0x0f08  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 T:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:40:01.0361 0x0f08  FontCache3.0.0.0 - ok
10:40:01.0459 0x0f08  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       T:\Windows\system32\drivers\FsDepends.sys
10:40:01.0465 0x0f08  FsDepends - ok
10:40:01.0512 0x0f08  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          T:\Windows\system32\drivers\Fs_Rec.sys
10:40:01.0516 0x0f08  Fs_Rec - ok
10:40:01.0586 0x0f08  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          T:\Windows\system32\DRIVERS\fvevol.sys
10:40:01.0598 0x0f08  fvevol - ok
10:40:01.0653 0x0f08  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        T:\Windows\system32\drivers\gagp30kx.sys
10:40:01.0666 0x0f08  gagp30kx - ok
10:40:01.0732 0x0f08  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     T:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:40:01.0789 0x0f08  GEARAspiWDM - ok
10:40:01.0908 0x0f08  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           T:\Windows\System32\gpsvc.dll
10:40:01.0951 0x0f08  gpsvc - ok
10:40:02.0054 0x0f08  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         T:\Program Files\Google\Update\GoogleUpdate.exe
10:40:02.0075 0x0f08  gupdate - ok
10:40:02.0102 0x0f08  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        T:\Program Files\Google\Update\GoogleUpdate.exe
10:40:02.0112 0x0f08  gupdatem - ok
10:40:02.0142 0x0f08  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        T:\Windows\system32\drivers\hcw85cir.sys
10:40:02.0146 0x0f08  hcw85cir - ok
10:40:02.0180 0x0f08  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        T:\Windows\system32\drivers\HDAudBus.sys
10:40:02.0188 0x0f08  HDAudBus - ok
10:40:02.0256 0x0f08  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         T:\Windows\system32\drivers\HidBatt.sys
10:40:02.0261 0x0f08  HidBatt - ok
10:40:02.0313 0x0f08  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          T:\Windows\system32\drivers\hidbth.sys
10:40:02.0320 0x0f08  HidBth - ok
10:40:02.0364 0x0f08  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           T:\Windows\system32\drivers\hidir.sys
10:40:02.0369 0x0f08  HidIr - ok
10:40:02.0406 0x0f08  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         T:\Windows\System32\hidserv.dll
10:40:02.0414 0x0f08  hidserv - ok
10:40:02.0463 0x0f08  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          T:\Windows\system32\DRIVERS\hidusb.sys
10:40:02.0468 0x0f08  HidUsb - ok
10:40:02.0520 0x0f08  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          T:\Windows\system32\kmsvc.dll
10:40:02.0529 0x0f08  hkmsvc - ok
10:40:02.0585 0x0f08  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener T:\Windows\system32\ListSvc.dll
10:40:02.0647 0x0f08  HomeGroupListener - ok
10:40:02.0698 0x0f08  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider T:\Windows\system32\provsvc.dll
10:40:02.0712 0x0f08  HomeGroupProvider - ok
10:40:02.0748 0x0f08  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          T:\Windows\system32\drivers\HpSAMD.sys
10:40:02.0753 0x0f08  HpSAMD - ok
10:40:02.0817 0x0f08  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            T:\Windows\system32\drivers\HTTP.sys
10:40:02.0897 0x0f08  HTTP - ok
10:40:02.0941 0x0f08  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        T:\Windows\system32\drivers\hwpolicy.sys
10:40:02.0945 0x0f08  hwpolicy - ok
10:40:02.0989 0x0f08  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        T:\Windows\system32\drivers\i8042prt.sys
10:40:02.0998 0x0f08  i8042prt - ok
10:40:03.0051 0x0f08  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         T:\Windows\system32\drivers\iaStorV.sys
10:40:03.0085 0x0f08  iaStorV - ok
10:40:03.0261 0x0f08  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           T:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:40:03.0305 0x0f08  idsvc - ok
10:40:03.0379 0x0f08  IEEtwCollectorService - ok
10:40:03.0418 0x0f08  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           T:\Windows\system32\drivers\iirsp.sys
10:40:03.0426 0x0f08  iirsp - ok
10:40:03.0607 0x0f08  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          T:\Windows\System32\ikeext.dll
10:40:03.0658 0x0f08  IKEEXT - ok
10:40:03.0730 0x0f08  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        T:\Windows\system32\drivers\intelide.sys
10:40:03.0741 0x0f08  intelide - ok
10:40:03.0777 0x0f08  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        T:\Windows\system32\drivers\intelppm.sys
10:40:03.0783 0x0f08  intelppm - ok
10:40:03.0856 0x0f08  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       T:\Windows\system32\ipbusenum.dll
10:40:03.0866 0x0f08  IPBusEnum - ok
10:40:03.0932 0x0f08  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  T:\Windows\system32\DRIVERS\ipfltdrv.sys
10:40:03.0940 0x0f08  IpFilterDriver - ok
10:40:04.0057 0x0f08  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        T:\Windows\System32\iphlpsvc.dll
10:40:04.0089 0x0f08  iphlpsvc - ok
10:40:04.0131 0x0f08  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         T:\Windows\system32\drivers\IPMIDrv.sys
10:40:04.0139 0x0f08  IPMIDRV - ok
10:40:04.0185 0x0f08  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           T:\Windows\system32\drivers\ipnat.sys
10:40:04.0266 0x0f08  IPNAT - ok
10:40:04.0314 0x0f08  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          T:\Windows\system32\drivers\irenum.sys
10:40:04.0319 0x0f08  IRENUM - ok
10:40:04.0349 0x0f08  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          T:\Windows\system32\drivers\isapnp.sys
10:40:04.0355 0x0f08  isapnp - ok
10:40:04.0436 0x0f08  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        T:\Windows\system32\drivers\msiscsi.sys
10:40:04.0477 0x0f08  iScsiPrt - ok
10:40:04.0522 0x0f08  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        T:\Windows\system32\DRIVERS\kbdclass.sys
10:40:04.0529 0x0f08  kbdclass - ok
10:40:04.0576 0x0f08  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          T:\Windows\system32\DRIVERS\kbdhid.sys
10:40:04.0580 0x0f08  kbdhid - ok
10:40:04.0621 0x0f08  [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] KeyIso          T:\Windows\system32\lsass.exe
10:40:04.0626 0x0f08  KeyIso - ok
10:40:04.0710 0x0f08  [ 4DAC97CF81FAE4B2988AEF0DF40D04AE, 5560304972693DE5D5B21CE010A76067FA5B64AD5968122EE9F8248B3EA4878E ] KSecDD          T:\Windows\system32\Drivers\ksecdd.sys
10:40:04.0724 0x0f08  KSecDD - ok
10:40:04.0803 0x0f08  [ 9EED5E0B7BF784C491C2289A09920BDA, 9E82EB777A01AB32EDA2AE0420546602A82C850D68D2C0AEDB4EA5ADEDF835E6 ] KSecPkg         T:\Windows\system32\Drivers\ksecpkg.sys
10:40:04.0812 0x0f08  KSecPkg - ok
10:40:04.0876 0x0f08  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           T:\Windows\system32\msdtckrm.dll
10:40:04.0896 0x0f08  KtmRm - ok
10:40:04.0965 0x0f08  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    T:\Windows\System32\srvsvc.dll
10:40:05.0123 0x0f08  LanmanServer - ok
10:40:05.0169 0x0f08  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation T:\Windows\System32\wkssvc.dll
10:40:05.0203 0x0f08  LanmanWorkstation - ok
10:40:05.0705 0x0f08  [ D9BC2278A381A8F8465596CB84D33320, 13E5CE3FD84604077B06E0B111F0345FA300FE4CBFCFCDAFFFAC6D838BB43E3A ] LiveUpdateSvc   T:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
10:40:05.0866 0x0f08  LiveUpdateSvc - ok
10:40:05.0964 0x0f08  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          T:\Windows\system32\DRIVERS\lltdio.sys
10:40:05.0969 0x0f08  lltdio - ok
10:40:06.0017 0x0f08  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         T:\Windows\System32\lltdsvc.dll
10:40:06.0037 0x0f08  lltdsvc - ok
10:40:06.0113 0x0f08  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         T:\Windows\System32\lmhsvc.dll
10:40:06.0120 0x0f08  lmhosts - ok
10:40:06.0199 0x0f08  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          T:\Windows\system32\drivers\lsi_fc.sys
10:40:06.0206 0x0f08  LSI_FC - ok
10:40:06.0240 0x0f08  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         T:\Windows\system32\drivers\lsi_sas.sys
10:40:06.0250 0x0f08  LSI_SAS - ok
10:40:06.0283 0x0f08  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        T:\Windows\system32\drivers\lsi_sas2.sys
10:40:06.0288 0x0f08  LSI_SAS2 - ok
10:40:06.0329 0x0f08  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        T:\Windows\system32\drivers\lsi_scsi.sys
10:40:06.0337 0x0f08  LSI_SCSI - ok
10:40:06.0390 0x0f08  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           T:\Windows\system32\drivers\luafv.sys
10:40:06.0435 0x0f08  luafv - ok
10:40:06.0479 0x0f08  [ 9BD41E40039098BF5F8FE878A9A6989E, 755BA961FFABDAEBDA1F54E6A465AEEA2FE94ABDA18440FD15F3E72674D6145C ] mbamchameleon   T:\Windows\system32\drivers\mbamchameleon.sys
10:40:06.0523 0x0f08  mbamchameleon - ok
10:40:06.0598 0x0f08  [ A3F4391DFDF2F9E9FE4EAD193265A5AD, A60A1A345622F4758181FB0B6EE784B0B718105FEE7B0F6FEDE5AD59FE448EE1 ] MBAMProtector   T:\Windows\system32\drivers\mbam.sys
10:40:06.0619 0x0f08  MBAMProtector - ok
10:40:06.0864 0x0f08  [ 0BB29DE40C9D9529793DCDB59A43CF5B, 251001A407D32EF22F64915EEFFAAEC229073C4549BF7D9D1D4209B7D15B4681 ] MBAMScheduler   T:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
10:40:06.0969 0x0f08  MBAMScheduler - ok
10:40:07.0101 0x0f08  [ 5F82D8188B370B0CF185D4AE2B9B4A0E, 549B53DD989A069E1C38347C4CEF5283DF9B428CE102799B06A20D3D8F23825F ] MBAMService     T:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
10:40:07.0143 0x0f08  MBAMService - ok
10:40:07.0240 0x0f08  [ 8E2E9CCD873ABF180F48BCAEEEBE347D, 35DBBB8E63B480151EA5701D9DB7C90642FA2391D044DB400D3644F3E21BB0C1 ] MBAMSwissArmy   T:\Windows\system32\drivers\MBAMSwissArmy.sys
10:40:07.0306 0x0f08  MBAMSwissArmy - ok
10:40:07.0349 0x0f08  [ 312CD3307F600E7CD340B79B3DCB3A01, 861A6DFC53C69743129DAAFE73DECDE8D842475503E8D713E7CE5D22AC8D1370 ] MBAMWebAccessControl T:\Windows\system32\drivers\mwac.sys
10:40:07.0375 0x0f08  MBAMWebAccessControl - ok
10:40:07.0518 0x0f08  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         T:\Windows\system32\Mcx2Svc.dll
10:40:07.0534 0x0f08  Mcx2Svc - ok
10:40:07.0583 0x0f08  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         T:\Windows\system32\drivers\megasas.sys
10:40:07.0599 0x0f08  megasas - ok
10:40:07.0668 0x0f08  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          T:\Windows\system32\drivers\MegaSR.sys
10:40:07.0683 0x0f08  MegaSR - ok
10:40:07.0735 0x0f08  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           T:\Windows\system32\mmcss.dll
10:40:07.0747 0x0f08  MMCSS - ok
10:40:07.0805 0x0f08  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           T:\Windows\system32\drivers\modem.sys
10:40:07.0840 0x0f08  Modem - ok
10:40:07.0949 0x0f08  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         T:\Windows\system32\DRIVERS\monitor.sys
10:40:07.0965 0x0f08  monitor - ok
10:40:08.0002 0x0f08  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        T:\Windows\system32\DRIVERS\mouclass.sys
10:40:08.0011 0x0f08  mouclass - ok
10:40:08.0068 0x0f08  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          T:\Windows\system32\DRIVERS\mouhid.sys
10:40:08.0083 0x0f08  mouhid - ok
10:40:08.0147 0x0f08  [ 644905A19D0F37F2233DFCE53BC4BC19, F52CB40AA0FD1EBF8CBF0F3BFB20C47142C637719840877FB93F10D085EB8C2B ] mountmgr        T:\Windows\system32\drivers\mountmgr.sys
10:40:08.0158 0x0f08  mountmgr - ok
10:40:08.0257 0x0f08  [ 269BDB3CB77EB77BABE2862BEAB1F208, EC693365C73D59244CB77E181042128A9901BA5C1109CD4F1B9A2008DF1F9582 ] MozillaMaintenance T:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:40:08.0267 0x0f08  MozillaMaintenance - ok
10:40:08.0304 0x0f08  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            T:\Windows\system32\drivers\mpio.sys
10:40:08.0315 0x0f08  mpio - ok
10:40:08.0401 0x0f08  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          T:\Windows\system32\drivers\mpsdrv.sys
10:40:08.0416 0x0f08  mpsdrv - ok
10:40:08.0494 0x0f08  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          T:\Windows\system32\mpssvc.dll
10:40:08.0525 0x0f08  MpsSvc - ok
10:40:08.0584 0x0f08  [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV          T:\Windows\system32\drivers\mrxdav.sys
10:40:08.0600 0x0f08  MRxDAV - ok
10:40:08.0663 0x0f08  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          T:\Windows\system32\DRIVERS\mrxsmb.sys
10:40:08.0676 0x0f08  mrxsmb - ok
10:40:08.0738 0x0f08  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        T:\Windows\system32\DRIVERS\mrxsmb10.sys
10:40:08.0753 0x0f08  mrxsmb10 - ok
10:40:08.0789 0x0f08  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        T:\Windows\system32\DRIVERS\mrxsmb20.sys
10:40:08.0806 0x0f08  mrxsmb20 - ok
10:40:08.0842 0x0f08  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          T:\Windows\system32\drivers\msahci.sys
10:40:08.0847 0x0f08  msahci - ok
10:40:08.0882 0x0f08  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           T:\Windows\system32\drivers\msdsm.sys
10:40:08.0891 0x0f08  msdsm - ok
10:40:08.0967 0x0f08  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           T:\Windows\System32\msdtc.exe
10:40:08.0991 0x0f08  MSDTC - ok
10:40:09.0065 0x0f08  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            T:\Windows\system32\drivers\Msfs.sys
10:40:09.0070 0x0f08  Msfs - ok
10:40:09.0111 0x0f08  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       T:\Windows\System32\drivers\mshidkmdf.sys
10:40:09.0117 0x0f08  mshidkmdf - ok
10:40:09.0164 0x0f08  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        T:\Windows\system32\drivers\msisadrv.sys
10:40:09.0168 0x0f08  msisadrv - ok
10:40:09.0238 0x0f08  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         T:\Windows\system32\iscsiexe.dll
10:40:09.0249 0x0f08  MSiSCSI - ok
10:40:09.0284 0x0f08  msiserver - ok
10:40:09.0335 0x0f08  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         T:\Windows\system32\drivers\MSKSSRV.sys
10:40:09.0340 0x0f08  MSKSSRV - ok
10:40:09.0378 0x0f08  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        T:\Windows\system32\drivers\MSPCLOCK.sys
10:40:09.0387 0x0f08  MSPCLOCK - ok
10:40:09.0432 0x0f08  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           T:\Windows\system32\drivers\MSPQM.sys
10:40:09.0438 0x0f08  MSPQM - ok
10:40:09.0488 0x0f08  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           T:\Windows\system32\drivers\MsRPC.sys
10:40:09.0503 0x0f08  MsRPC - ok
10:40:09.0558 0x0f08  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        T:\Windows\system32\DRIVERS\mssmbios.sys
10:40:09.0568 0x0f08  mssmbios - ok
10:40:09.0611 0x0f08  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           T:\Windows\system32\drivers\MSTEE.sys
10:40:09.0615 0x0f08  MSTEE - ok
10:40:09.0655 0x0f08  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        T:\Windows\system32\drivers\MTConfig.sys
10:40:09.0660 0x0f08  MTConfig - ok
10:40:09.0703 0x0f08  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             T:\Windows\system32\Drivers\mup.sys
10:40:09.0710 0x0f08  Mup - ok
10:40:09.0830 0x0f08  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        T:\Windows\system32\qagentRT.dll
10:40:09.0853 0x0f08  napagent - ok
10:40:09.0922 0x0f08  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     T:\Windows\system32\DRIVERS\nwifi.sys
10:40:09.0939 0x0f08  NativeWifiP - ok
10:40:10.0056 0x0f08  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            T:\Windows\system32\drivers\ndis.sys
10:40:10.0097 0x0f08  NDIS - ok
10:40:10.0154 0x0f08  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         T:\Windows\system32\DRIVERS\ndiscap.sys
10:40:10.0174 0x0f08  NdisCap - ok
10:40:10.0224 0x0f08  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        T:\Windows\system32\DRIVERS\ndistapi.sys
10:40:10.0228 0x0f08  NdisTapi - ok
10:40:10.0279 0x0f08  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         T:\Windows\system32\DRIVERS\ndisuio.sys
10:40:10.0291 0x0f08  Ndisuio - ok
10:40:10.0356 0x0f08  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         T:\Windows\system32\DRIVERS\ndiswan.sys
10:40:10.0382 0x0f08  NdisWan - ok
10:40:10.0431 0x0f08  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         T:\Windows\system32\drivers\NDProxy.sys
10:40:10.0442 0x0f08  NDProxy - ok
10:40:10.0531 0x0f08  [ 9213AA35BCA94EB79D366DA254E4BDF5, 5E1C71BEB6CFFF5A6F149E9FE6E169D087A6CBE63A504FEE8D42170284952F85 ] Netaapl         T:\Windows\system32\DRIVERS\netaapl.sys
10:40:10.0590 0x0f08  Netaapl - ok
10:40:10.0622 0x0f08  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         T:\Windows\system32\DRIVERS\netbios.sys
10:40:10.0629 0x0f08  NetBIOS - ok
10:40:10.0677 0x0f08  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           T:\Windows\system32\DRIVERS\netbt.sys
10:40:10.0690 0x0f08  NetBT - ok
10:40:10.0739 0x0f08  [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] Netlogon        T:\Windows\system32\lsass.exe
10:40:10.0746 0x0f08  Netlogon - ok
10:40:10.0872 0x0f08  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          T:\Windows\System32\netman.dll
10:40:10.0912 0x0f08  Netman - ok
10:40:11.0006 0x0f08  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator T:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:40:11.0222 0x0f08  NetMsmqActivator - ok
10:40:11.0265 0x0f08  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator T:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:40:11.0273 0x0f08  NetPipeActivator - ok
10:40:11.0380 0x0f08  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        T:\Windows\System32\netprofm.dll
10:40:11.0455 0x0f08  netprofm - ok
10:40:11.0535 0x0f08  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator T:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:40:11.0542 0x0f08  NetTcpActivator - ok
10:40:11.0607 0x0f08  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing T:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:40:11.0616 0x0f08  NetTcpPortSharing - ok
10:40:11.0670 0x0f08  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         T:\Windows\system32\drivers\nfrd960.sys
10:40:11.0677 0x0f08  nfrd960 - ok
10:40:11.0735 0x0f08  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          T:\Windows\System32\nlasvc.dll
10:40:11.0754 0x0f08  NlaSvc - ok
10:40:11.0849 0x0f08  [ 25401B0C9576C8456B3E0BBD74FF0771, BB569C99360A631850537DC2EDA0BF85D091CC30BD98B3FD2AC9DABDFB7741DA ] NPF             T:\Windows\system32\drivers\npf.sys
10:40:11.0876 0x0f08  NPF - ok
10:40:11.0942 0x0f08  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            T:\Windows\system32\drivers\Npfs.sys
10:40:11.0963 0x0f08  Npfs - ok
10:40:12.0013 0x0f08  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             T:\Windows\system32\nsisvc.dll
10:40:12.0022 0x0f08  nsi - ok
10:40:12.0084 0x0f08  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        T:\Windows\system32\drivers\nsiproxy.sys
10:40:12.0103 0x0f08  nsiproxy - ok
10:40:12.0344 0x0f08  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            T:\Windows\system32\drivers\Ntfs.sys
10:40:12.0405 0x0f08  Ntfs - ok
10:40:12.0457 0x0f08  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            T:\Windows\system32\drivers\Null.sys
10:40:12.0460 0x0f08  Null - ok
10:40:12.0514 0x0f08  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          T:\Windows\system32\drivers\nvraid.sys
10:40:12.0527 0x0f08  nvraid - ok
10:40:12.0601 0x0f08  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          T:\Windows\system32\drivers\nvstor.sys
10:40:12.0613 0x0f08  nvstor - ok
10:40:12.0664 0x0f08  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          T:\Windows\system32\drivers\nv_agp.sys
10:40:12.0674 0x0f08  nv_agp - ok
10:40:12.0705 0x0f08  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        T:\Windows\system32\drivers\ohci1394.sys
10:40:12.0710 0x0f08  ohci1394 - ok
10:40:12.0791 0x0f08  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        T:\Windows\system32\pnrpsvc.dll
10:40:12.0825 0x0f08  p2pimsvc - ok
10:40:12.0879 0x0f08  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          T:\Windows\system32\p2psvc.dll
10:40:12.0908 0x0f08  p2psvc - ok
10:40:12.0957 0x0f08  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         T:\Windows\system32\DRIVERS\parport.sys
10:40:12.0964 0x0f08  Parport - ok
10:40:13.0073 0x0f08  [ C00A00A39C2CCBD84F0817C0E248DA26, CEBBA152F9EC88B1D7B65242F5D046DD04872DE8BD964BF28411907CF48F788B ] Partizan        T:\Windows\system32\drivers\Partizan.sys
10:40:13.0121 0x0f08  Partizan - ok
10:40:13.0177 0x0f08  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         T:\Windows\system32\drivers\partmgr.sys
10:40:13.0184 0x0f08  partmgr - ok
10:40:13.0226 0x0f08  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          T:\Windows\system32\DRIVERS\parvdm.sys
10:40:13.0230 0x0f08  Parvdm - ok
10:40:13.0318 0x0f08  [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc          T:\Windows\System32\pcasvc.dll
10:40:13.0332 0x0f08  PcaSvc - ok
10:40:13.0406 0x0f08  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             T:\Windows\system32\drivers\pci.sys
10:40:13.0431 0x0f08  pci - ok
10:40:13.0486 0x0f08  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          T:\Windows\system32\drivers\pciide.sys
10:40:13.0493 0x0f08  pciide - ok
10:40:13.0528 0x0f08  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          T:\Windows\system32\drivers\pcmcia.sys
10:40:13.0552 0x0f08  pcmcia - ok
10:40:13.0613 0x0f08  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             T:\Windows\system32\drivers\pcw.sys
10:40:13.0619 0x0f08  pcw - ok
10:40:13.0761 0x0f08  [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH          T:\Windows\system32\drivers\peauth.sys
10:40:13.0808 0x0f08  PEAUTH - ok
10:40:14.0019 0x0f08  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     T:\Windows\system32\peerdistsvc.dll
10:40:14.0081 0x0f08  PeerDistSvc - ok
10:40:14.0337 0x0f08  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             T:\Windows\system32\pla.dll
10:40:14.0421 0x0f08  pla - ok
10:40:14.0540 0x0f08  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        T:\Windows\system32\umpnpmgr.dll
10:40:14.0588 0x0f08  PlugPlay - ok
10:40:14.0750 0x0f08  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     T:\Windows\system32\pnrpauto.dll
10:40:14.0758 0x0f08  PNRPAutoReg - ok
10:40:14.0796 0x0f08  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         T:\Windows\system32\pnrpsvc.dll
10:40:14.0818 0x0f08  PNRPsvc - ok
10:40:14.0926 0x0f08  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     T:\Windows\System32\ipsecsvc.dll
10:40:14.0997 0x0f08  PolicyAgent - ok
10:40:15.0105 0x0f08  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           T:\Windows\system32\umpo.dll
10:40:15.0180 0x0f08  Power - ok
10:40:15.0259 0x0f08  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    T:\Windows\system32\DRIVERS\raspptp.sys
10:40:15.0292 0x0f08  PptpMiniport - ok
10:40:15.0359 0x0f08  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       T:\Windows\system32\drivers\processr.sys
10:40:15.0388 0x0f08  Processor - ok
10:40:15.0719 0x0f08  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc         T:\Windows\system32\profsvc.dll
10:40:15.0761 0x0f08  ProfSvc - ok
10:40:15.0833 0x0f08  [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] ProtectedStorage T:\Windows\system32\lsass.exe
10:40:15.0843 0x0f08  ProtectedStorage - ok
10:40:16.0009 0x0f08  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          T:\Windows\system32\DRIVERS\pacer.sys
10:40:16.0093 0x0f08  Psched - ok
10:40:17.0278 0x0f08  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          T:\Windows\system32\drivers\ql2300.sys
10:40:17.0747 0x0f08  ql2300 - ok
10:40:17.0820 0x0f08  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          T:\Windows\system32\drivers\ql40xx.sys
10:40:17.0847 0x0f08  ql40xx - ok
10:40:17.0917 0x0f08  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           T:\Windows\system32\qwave.dll
10:40:17.0971 0x0f08  QWAVE - ok
10:40:18.0029 0x0f08  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        T:\Windows\system32\drivers\qwavedrv.sys
10:40:18.0035 0x0f08  QWAVEdrv - ok
10:40:18.0069 0x0f08  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          T:\Windows\system32\DRIVERS\rasacd.sys
10:40:18.0074 0x0f08  RasAcd - ok
10:40:18.0116 0x0f08  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     T:\Windows\system32\DRIVERS\AgileVpn.sys
10:40:18.0123 0x0f08  RasAgileVpn - ok
10:40:18.0166 0x0f08  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         T:\Windows\System32\rasauto.dll
10:40:18.0180 0x0f08  RasAuto - ok
10:40:18.0207 0x0f08  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         T:\Windows\system32\DRIVERS\rasl2tp.sys
10:40:18.0216 0x0f08  Rasl2tp - ok
10:40:18.0277 0x0f08  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          T:\Windows\System32\rasmans.dll
10:40:18.0319 0x0f08  RasMan - ok
10:40:18.0368 0x0f08  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        T:\Windows\system32\DRIVERS\raspppoe.sys
10:40:18.0376 0x0f08  RasPppoe - ok
10:40:18.0404 0x0f08  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         T:\Windows\system32\DRIVERS\rassstp.sys
10:40:18.0417 0x0f08  RasSstp - ok
10:40:18.0490 0x0f08  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           T:\Windows\system32\DRIVERS\rdbss.sys
10:40:18.0527 0x0f08  rdbss - ok
10:40:18.0582 0x0f08  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          T:\Windows\system32\DRIVERS\rdpbus.sys
10:40:18.0605 0x0f08  rdpbus - ok
10:40:18.0640 0x0f08  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          T:\Windows\system32\DRIVERS\RDPCDD.sys
10:40:18.0666 0x0f08  RDPCDD - ok
10:40:18.0737 0x0f08  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           T:\Windows\system32\drivers\rdpdr.sys
10:40:18.0760 0x0f08  RDPDR - ok
10:40:18.0833 0x0f08  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        T:\Windows\system32\drivers\rdpencdd.sys
10:40:18.0854 0x0f08  RDPENCDD - ok
10:40:18.0899 0x0f08  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        T:\Windows\system32\drivers\rdprefmp.sys
10:40:18.0903 0x0f08  RDPREFMP - ok
10:40:19.0035 0x0f08  [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport T:\Windows\system32\drivers\rdpvideominiport.sys
10:40:19.0133 0x0f08  RdpVideoMiniport - ok
10:40:19.0193 0x0f08  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           T:\Windows\system32\drivers\RDPWD.sys
10:40:19.0238 0x0f08  RDPWD - ok
10:40:19.0357 0x0f08  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        T:\Windows\system32\drivers\rdyboost.sys
10:40:19.0403 0x0f08  rdyboost - ok
10:40:19.0500 0x0f08  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    T:\Windows\System32\mprdim.dll
10:40:19.0546 0x0f08  RemoteAccess - ok
10:40:19.0616 0x0f08  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  T:\Windows\system32\regsvc.dll
10:40:19.0642 0x0f08  RemoteRegistry - ok
10:40:19.0876 0x0f08  [ 83A6C2CAFE236652D1559640594A0EA8, 52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5 ] rpcapd          T:\Program Files\WinPcap\rpcapd.exe
10:40:19.0890 0x0f08  rpcapd - ok
10:40:20.0253 0x0f08  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    T:\Windows\System32\RpcEpMap.dll
10:40:20.0267 0x0f08  RpcEptMapper - ok
10:40:20.0345 0x0f08  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      T:\Windows\system32\locator.exe
10:40:20.0364 0x0f08  RpcLocator - ok
10:40:21.0367 0x0f08  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           T:\Windows\system32\rpcss.dll
10:40:21.0402 0x0f08  RpcSs - ok
10:40:21.0469 0x0f08  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          T:\Windows\system32\DRIVERS\rspndr.sys
10:40:21.0484 0x0f08  rspndr - ok
10:40:21.0913 0x0f08  [ E70DAB50DC67D4037A612384D649313F, 6B75C7366C573B881656CE98BE8BE6DFEB859A8FE125333BC3EA28BDB725E4F1 ] rt61x86         T:\Windows\system32\DRIVERS\WMP54Gv41x86.sys
10:40:22.0588 0x0f08  rt61x86 - ok
10:40:23.0083 0x0f08  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           T:\Windows\system32\drivers\vms3cap.sys
10:40:23.0103 0x0f08  s3cap - ok
10:40:23.0151 0x0f08  [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] SamSs           T:\Windows\system32\lsass.exe
10:40:23.0158 0x0f08  SamSs - ok
10:40:23.0286 0x0f08  [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV        T:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
10:40:23.0345 0x0f08  SASDIFSV - ok
10:40:23.0399 0x0f08  [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL        T:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
10:40:23.0477 0x0f08  SASKUTIL - ok
10:40:23.0548 0x0f08  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        T:\Windows\system32\drivers\sbp2port.sys
10:40:23.0562 0x0f08  sbp2port - ok
10:40:23.0660 0x0f08  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        T:\Windows\System32\SCardSvr.dll
10:40:23.0684 0x0f08  SCardSvr - ok
10:40:23.0813 0x0f08  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        T:\Windows\system32\DRIVERS\scfilter.sys
10:40:23.0849 0x0f08  scfilter - ok
10:40:24.0069 0x0f08  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        T:\Windows\system32\schedsvc.dll
10:40:24.0177 0x0f08  Schedule - ok
10:40:24.0254 0x0f08  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     T:\Windows\System32\certprop.dll
10:40:24.0274 0x0f08  SCPolicySvc - ok
10:40:24.0346 0x0f08  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          T:\Windows\System32\SDRSVC.dll
10:40:24.0373 0x0f08  SDRSVC - ok
10:40:24.0889 0x0f08  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService T:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
10:40:25.0052 0x0f08  SDScannerService - ok
10:40:25.0627 0x0f08  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService T:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
10:40:25.0764 0x0f08  SDUpdateService - ok
10:40:26.0083 0x0f08  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    T:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
10:40:26.0100 0x0f08  SDWSCService - ok
10:40:26.0226 0x0f08  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          T:\Windows\system32\drivers\secdrv.sys
10:40:26.0244 0x0f08  secdrv - ok
10:40:26.0322 0x0f08  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        T:\Windows\system32\seclogon.dll
10:40:26.0335 0x0f08  seclogon - ok
10:40:26.0386 0x0f08  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            T:\Windows\System32\sens.dll
10:40:26.0403 0x0f08  SENS - ok
10:40:26.0526 0x0f08  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        T:\Windows\system32\sensrsvc.dll
10:40:26.0578 0x0f08  SensrSvc - ok
10:40:26.0643 0x0f08  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         T:\Windows\system32\DRIVERS\serenum.sys
10:40:26.0670 0x0f08  Serenum - ok
10:40:26.0711 0x0f08  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          T:\Windows\system32\DRIVERS\serial.sys
10:40:26.0728 0x0f08  Serial - ok
10:40:26.0765 0x0f08  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        T:\Windows\system32\drivers\sermouse.sys
10:40:26.0776 0x0f08  sermouse - ok
10:40:26.0854 0x0f08  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      T:\Windows\system32\sessenv.dll
10:40:26.0876 0x0f08  SessionEnv - ok
10:40:27.0012 0x0f08  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         T:\Windows\system32\drivers\sffdisk.sys
10:40:27.0018 0x0f08  sffdisk - ok
10:40:27.0096 0x0f08  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        T:\Windows\system32\drivers\sffp_mmc.sys
10:40:27.0105 0x0f08  sffp_mmc - ok
10:40:27.0193 0x0f08  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         T:\Windows\system32\drivers\sffp_sd.sys
10:40:27.0198 0x0f08  sffp_sd - ok
10:40:27.0222 0x0f08  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         T:\Windows\system32\drivers\sfloppy.sys
10:40:27.0233 0x0f08  sfloppy - ok
10:40:27.0332 0x0f08  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    T:\Windows\System32\ipnathlp.dll
10:40:27.0354 0x0f08  SharedAccess - ok
10:40:27.0424 0x0f08  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection T:\Windows\System32\shsvcs.dll
10:40:27.0451 0x0f08  ShellHWDetection - ok
10:40:27.0511 0x0f08  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        T:\Windows\system32\drivers\SiSRaid2.sys
10:40:27.0533 0x0f08  SiSRaid2 - ok
10:40:27.0572 0x0f08  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        T:\Windows\system32\drivers\sisraid4.sys
10:40:27.0587 0x0f08  SiSRaid4 - ok
10:40:27.0681 0x0f08  [ 01411333E125717D9D0C1193FC08EDD5, B2D956671BEF49FE1FB52C79ADC5FE43DB28ECE2F5FA313307F74B4C0483FBC8 ] SmartDefragDriver T:\Windows\system32\Drivers\SmartDefragDriver.sys
10:40:27.0732 0x0f08  SmartDefragDriver - ok
10:40:27.0847 0x0f08  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             T:\Windows\system32\DRIVERS\smb.sys
10:40:27.0874 0x0f08  Smb - ok
10:40:28.0016 0x0f08  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        T:\Windows\System32\snmptrap.exe
10:40:28.0059 0x0f08  SNMPTRAP - ok
10:40:28.0154 0x0f08  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           T:\Windows\system32\drivers\spldr.sys
10:40:28.0200 0x0f08  spldr - ok
10:40:28.0288 0x0f08  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         T:\Windows\System32\spoolsv.exe
10:40:28.0340 0x0f08  Spooler - ok
10:40:28.0929 0x0f08  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          T:\Windows\system32\sppsvc.exe
10:40:29.0178 0x0f08  sppsvc - ok
10:40:29.0311 0x0f08  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     T:\Windows\system32\sppuinotify.dll
10:40:29.0337 0x0f08  sppuinotify - ok
10:40:29.0447 0x0f08  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             T:\Windows\system32\DRIVERS\srv.sys
10:40:29.0477 0x0f08  srv - ok
10:40:29.0556 0x0f08  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            T:\Windows\system32\DRIVERS\srv2.sys
10:40:29.0584 0x0f08  srv2 - ok
10:40:29.0651 0x0f08  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          T:\Windows\system32\DRIVERS\srvnet.sys
10:40:29.0663 0x0f08  srvnet - ok
10:40:29.0734 0x0f08  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         T:\Windows\System32\ssdpsrv.dll
10:40:29.0768 0x0f08  SSDPSRV - ok
10:40:29.0815 0x0f08  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         T:\Windows\system32\sstpsvc.dll
10:40:29.0841 0x0f08  SstpSvc - ok
10:40:29.0901 0x0f08  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        T:\Windows\system32\drivers\stexstor.sys
10:40:29.0906 0x0f08  stexstor - ok
10:40:30.0024 0x0f08  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          T:\Windows\System32\wiaservc.dll
10:40:30.0090 0x0f08  StiSvc - ok
10:40:30.0156 0x0f08  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         T:\Windows\system32\drivers\vmstorfl.sys
10:40:30.0167 0x0f08  storflt - ok
10:40:30.0226 0x0f08  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         T:\Windows\system32\drivers\storvsc.sys
10:40:30.0235 0x0f08  storvsc - ok
10:40:30.0292 0x0f08  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          T:\Windows\system32\DRIVERS\swenum.sys
10:40:30.0343 0x0f08  swenum - ok
10:40:30.0473 0x0f08  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           T:\Windows\System32\swprv.dll
10:40:30.0511 0x0f08  swprv - ok
10:40:30.0578 0x0f08  [ F2AD8960812FD111E20E84659EF19D43, FAC91E940D3735738908447E58792C32E6F86427612114A624041B7213831105 ] Synth3dVsc      T:\Windows\system32\drivers\synth3dvsc.sys
10:40:30.0589 0x0f08  Synth3dVsc - ok
10:40:30.0744 0x0f08  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         T:\Windows\system32\sysmain.dll
10:40:30.0815 0x0f08  SysMain - ok
10:40:30.0878 0x0f08  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService T:\Windows\System32\TabSvc.dll
10:40:30.0895 0x0f08  TabletInputService - ok
10:40:30.0932 0x0f08  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         T:\Windows\System32\tapisrv.dll
10:40:30.0957 0x0f08  TapiSrv - ok
10:40:30.0996 0x0f08  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             T:\Windows\System32\tbssvc.dll
10:40:31.0037 0x0f08  TBS - ok
10:40:31.0525 0x0f08  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           T:\Windows\system32\drivers\tcpip.sys
10:40:31.0715 0x0f08  Tcpip - ok
10:40:32.0230 0x0f08  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          T:\Windows\system32\DRIVERS\tcpip.sys
10:40:32.0283 0x0f08  TCPIP6 - ok
10:40:32.0405 0x0f08  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        T:\Windows\system32\drivers\tcpipreg.sys
10:40:32.0435 0x0f08  tcpipreg - ok
10:40:32.0520 0x0f08  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          T:\Windows\system32\drivers\tdpipe.sys
10:40:32.0529 0x0f08  TDPIPE - ok
10:40:32.0654 0x0f08  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           T:\Windows\system32\drivers\tdtcp.sys
10:40:32.0663 0x0f08  TDTCP - ok
10:40:32.0737 0x0f08  [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx             T:\Windows\system32\DRIVERS\tdx.sys
10:40:32.0752 0x0f08  tdx - ok
10:40:32.0841 0x0f08  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          T:\Windows\system32\DRIVERS\termdd.sys
10:40:32.0869 0x0f08  TermDD - ok
10:40:32.0916 0x0f08  [ E951866BAC5A23403F62A349EDBB6EEB, BE6FB3C09D1CF8952B4D041F45B4DEE53D78EE7D27A5135012BC92B2F7CFBEA3 ] terminpt        T:\Windows\system32\drivers\terminpt.sys
10:40:32.0925 0x0f08  terminpt - ok
10:40:33.0002 0x0f08  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     T:\Windows\System32\termsrv.dll
10:40:33.0190 0x0f08  TermService - ok
10:40:33.0259 0x0f08  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          T:\Windows\system32\themeservice.dll
10:40:33.0270 0x0f08  Themes - ok
10:40:33.0313 0x0f08  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     T:\Windows\system32\mmcss.dll
10:40:33.0333 0x0f08  THREADORDER - ok
10:40:33.0388 0x0f08  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          T:\Windows\System32\trkwks.dll
10:40:33.0401 0x0f08  TrkWks - ok
10:40:33.0467 0x0f08  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller T:\Windows\servicing\TrustedInstaller.exe
10:40:33.0517 0x0f08  TrustedInstaller - ok
10:40:33.0581 0x0f08  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        T:\Windows\system32\DRIVERS\tssecsrv.sys
10:40:33.0596 0x0f08  tssecsrv - ok
10:40:33.0673 0x0f08  [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt        T:\Windows\system32\drivers\tsusbflt.sys
10:40:33.0707 0x0f08  TsUsbFlt - ok
10:40:33.0765 0x0f08  [ 01246F0BAAD7B68EC0F472AA41E33282, 51F975AF029AD015576FFFA3E88F5DBB8B40C7CD30ECDEDE8AFABCB08C954199 ] TsUsbGD         T:\Windows\system32\drivers\TsUsbGD.sys
10:40:33.0809 0x0f08  TsUsbGD - ok
10:40:33.0899 0x0f08  [ 045ACB987C650D8186C6B4A692223860, C1CDDF7DABAE531C53290C7C70F35DD65751B399D269711865AD65F9E4E43B0B ] tsusbhub        T:\Windows\system32\drivers\tsusbhub.sys
10:40:33.0924 0x0f08  tsusbhub - ok
10:40:34.0029 0x0f08  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          T:\Windows\system32\DRIVERS\tunnel.sys
10:40:34.0087 0x0f08  tunnel - ok
10:40:34.0124 0x0f08  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          T:\Windows\system32\DRIVERS\uagp35.sys
10:40:34.0131 0x0f08  uagp35 - ok
10:40:34.0194 0x0f08  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            T:\Windows\system32\DRIVERS\udfs.sys
10:40:34.0208 0x0f08  udfs - ok
10:40:34.0289 0x0f08  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       T:\Windows\system32\UI0Detect.exe
10:40:34.0304 0x0f08  UI0Detect - ok
10:40:34.0373 0x0f08  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        T:\Windows\system32\drivers\uliagpkx.sys
10:40:34.0378 0x0f08  uliagpkx - ok
10:40:34.0416 0x0f08  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           T:\Windows\system32\DRIVERS\umbus.sys
10:40:34.0422 0x0f08  umbus - ok
10:40:34.0467 0x0f08  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          T:\Windows\system32\drivers\umpass.sys
10:40:34.0472 0x0f08  UmPass - ok
10:40:34.0547 0x0f08  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    T:\Windows\System32\umrdp.dll
10:40:34.0565 0x0f08  UmRdpService - ok
10:40:34.0631 0x0f08  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        T:\Windows\System32\upnphost.dll
10:40:34.0653 0x0f08  upnphost - ok
10:40:34.0690 0x0f08  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         T:\Windows\system32\Drivers\usbaapl.sys
10:40:34.0755 0x0f08  USBAAPL - ok
10:40:34.0829 0x0f08  [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio        T:\Windows\system32\drivers\usbaudio.sys
10:40:34.0873 0x0f08  usbaudio - ok
10:40:34.0911 0x0f08  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         T:\Windows\system32\DRIVERS\usbccgp.sys
10:40:34.0917 0x0f08  usbccgp - ok
10:40:34.0955 0x0f08  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          T:\Windows\system32\drivers\usbcir.sys
10:40:34.0961 0x0f08  usbcir - ok
10:40:35.0000 0x0f08  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         T:\Windows\system32\DRIVERS\usbehci.sys
10:40:35.0009 0x0f08  usbehci - ok
10:40:35.0075 0x0f08  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          T:\Windows\system32\DRIVERS\usbhub.sys
10:40:35.0100 0x0f08  usbhub - ok
10:40:35.0141 0x0f08  [ A6FB7957EA7AFB1165991E54CE934B74, 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689 ] usbohci         T:\Windows\system32\drivers\usbohci.sys
10:40:35.0179 0x0f08  usbohci - ok
10:40:35.0209 0x0f08  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        T:\Windows\system32\drivers\usbprint.sys
10:40:35.0215 0x0f08  usbprint - ok
10:40:35.0250 0x0f08  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         T:\Windows\system32\DRIVERS\USBSTOR.SYS
10:40:35.0256 0x0f08  USBSTOR - ok
10:40:35.0296 0x0f08  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         T:\Windows\system32\DRIVERS\usbuhci.sys
10:40:35.0303 0x0f08  usbuhci - ok
10:40:35.0354 0x0f08  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        T:\Windows\system32\Drivers\usbvideo.sys
10:40:35.0364 0x0f08  usbvideo - ok
10:40:35.0416 0x0f08  [ AF77716205C97E902E6C5B78DECE2CCA, ED99EABED1C7F323EE2A76413E2B260F8EE1D76FDF1E60EE35136D060E756735 ] usb_rndisx      T:\Windows\system32\DRIVERS\usb8023x.sys
10:40:35.0423 0x0f08  usb_rndisx - ok
10:40:35.0462 0x0f08  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           T:\Windows\System32\uxsms.dll
10:40:35.0522 0x0f08  UxSms - ok
10:40:35.0563 0x0f08  [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] VaultSvc        T:\Windows\system32\lsass.exe
10:40:35.0569 0x0f08  VaultSvc - ok
10:40:35.0616 0x0f08  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        T:\Windows\system32\drivers\vdrvroot.sys
10:40:35.0622 0x0f08  vdrvroot - ok
10:40:35.0686 0x0f08  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             T:\Windows\System32\vds.exe
10:40:35.0714 0x0f08  vds - ok
10:40:35.0770 0x0f08  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             T:\Windows\system32\DRIVERS\vgapnp.sys
10:40:35.0776 0x0f08  vga - ok
10:40:35.0835 0x0f08  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         T:\Windows\System32\drivers\vga.sys
10:40:35.0841 0x0f08  VgaSave - ok
10:40:35.0879 0x0f08  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           T:\Windows\system32\drivers\vhdmp.sys
10:40:35.0889 0x0f08  vhdmp - ok
10:40:35.0932 0x0f08  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          T:\Windows\system32\drivers\viaagp.sys
10:40:35.0938 0x0f08  viaagp - ok
10:40:35.0970 0x0f08  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           T:\Windows\system32\drivers\viac7.sys
10:40:35.0977 0x0f08  ViaC7 - ok
10:40:36.0016 0x0f08  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          T:\Windows\system32\drivers\viaide.sys
10:40:36.0021 0x0f08  viaide - ok
10:40:36.0056 0x0f08  [ C147AFA614B9925479D47CD173329789, FAB1282921BDBBB5199AC5E7C51A76B5503893BA5F8EBE13A6C4250612155147 ] videX32         T:\Windows\system32\DRIVERS\videX32.sys
10:40:36.0085 0x0f08  videX32 - ok
10:40:36.0164 0x0f08  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           T:\Windows\system32\drivers\vmbus.sys
10:40:36.0254 0x0f08  vmbus - ok
10:40:36.0299 0x0f08  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        T:\Windows\system32\drivers\VMBusHID.sys
10:40:36.0315 0x0f08  VMBusHID - ok
10:40:36.0348 0x0f08  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          T:\Windows\system32\drivers\volmgr.sys
10:40:36.0354 0x0f08  volmgr - ok
10:40:36.0420 0x0f08  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         T:\Windows\system32\drivers\volmgrx.sys
10:40:36.0439 0x0f08  volmgrx - ok
10:40:36.0488 0x0f08  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         T:\Windows\system32\drivers\volsnap.sys
10:40:36.0511 0x0f08  volsnap - ok
10:40:36.0553 0x0f08  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         T:\Windows\system32\drivers\vsmraid.sys
10:40:36.0563 0x0f08  vsmraid - ok
10:40:36.0656 0x0f08  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             T:\Windows\system32\vssvc.exe
10:40:36.0755 0x0f08  VSS - ok
10:40:36.0805 0x0f08  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        T:\Windows\System32\drivers\vwifibus.sys
10:40:36.0811 0x0f08  vwifibus - ok
10:40:36.0866 0x0f08  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         T:\Windows\system32\w32time.dll
10:40:36.0889 0x0f08  W32Time - ok
10:40:36.0946 0x0f08  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        T:\Windows\system32\drivers\wacompen.sys
10:40:36.0951 0x0f08  WacomPen - ok
10:40:37.0034 0x0f08  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          T:\Windows\system32\DRIVERS\wanarp.sys
10:40:37.0042 0x0f08  WANARP - ok
10:40:37.0072 0x0f08  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        T:\Windows\system32\DRIVERS\wanarp.sys
10:40:37.0077 0x0f08  Wanarpv6 - ok
10:40:37.0281 0x0f08  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     T:\Windows\system32\Wat\WatAdminSvc.exe
10:40:37.0350 0x0f08  WatAdminSvc - ok
10:40:37.0473 0x0f08  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        T:\Windows\system32\wbengine.exe
10:40:37.0623 0x0f08  wbengine - ok
10:40:37.0693 0x0f08  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        T:\Windows\System32\wbiosrvc.dll
10:40:37.0710 0x0f08  WbioSrvc - ok
10:40:37.0763 0x0f08  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         T:\Windows\System32\wcncsvc.dll
10:40:37.0785 0x0f08  wcncsvc - ok
10:40:37.0826 0x0f08  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService T:\Windows\System32\WcsPlugInService.dll
10:40:37.0871 0x0f08  WcsPlugInService - ok
10:40:37.0974 0x0f08  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              T:\Windows\system32\drivers\wd.sys
10:40:38.0037 0x0f08  Wd - ok
10:40:38.0163 0x0f08  [ D6EFAF429FD30C5DF613D220E344CCE7, 807D4563E8AD4073688691078EB13AF240E14BA5E0C8506A48B3060A20B90082 ] WDC_SAM         T:\Windows\system32\DRIVERS\wdcsam.sys
10:40:38.0224 0x0f08  WDC_SAM - ok
10:40:38.0373 0x0f08  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        T:\Windows\system32\drivers\Wdf01000.sys
10:40:38.0407 0x0f08  Wdf01000 - ok
10:40:38.0481 0x0f08  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost  T:\Windows\system32\wdi.dll
10:40:38.0514 0x0f08  WdiServiceHost - ok
10:40:38.0558 0x0f08  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost   T:\Windows\system32\wdi.dll
10:40:38.0570 0x0f08  WdiSystemHost - ok
10:40:38.0623 0x0f08  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       T:\Windows\System32\webclnt.dll
10:40:38.0641 0x0f08  WebClient - ok
10:40:38.0710 0x0f08  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          T:\Windows\system32\wecsvc.dll
10:40:38.0734 0x0f08  Wecsvc - ok
10:40:38.0822 0x0f08  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   T:\Windows\System32\wercplsupport.dll
10:40:38.0888 0x0f08  wercplsupport - ok
10:40:38.0957 0x0f08  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          T:\Windows\System32\WerSvc.dll
10:40:38.0969 0x0f08  WerSvc - ok
10:40:39.0020 0x0f08  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          T:\Windows\system32\DRIVERS\wfplwf.sys
10:40:39.0024 0x0f08  WfpLwf - ok
10:40:39.0066 0x0f08  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        T:\Windows\system32\drivers\wimmount.sys
10:40:39.0071 0x0f08  WIMMount - ok
10:40:39.0206 0x0f08  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       T:\Program Files\Windows Defender\mpsvc.dll
10:40:39.0267 0x0f08  WinDefend - ok
10:40:39.0338 0x0f08  WinHttpAutoProxySvc - ok
10:40:39.0454 0x0f08  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         T:\Windows\system32\wbem\WMIsvc.dll
10:40:39.0465 0x0f08  Winmgmt - ok
10:40:39.0707 0x0f08  [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM           T:\Windows\system32\WsmSvc.dll
10:40:39.0802 0x0f08  WinRM - ok
10:40:39.0882 0x0f08  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          T:\Windows\system32\DRIVERS\WinUsb.sys
10:40:39.0909 0x0f08  WinUsb - ok
10:40:40.0125 0x0f08  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         T:\Windows\System32\wlansvc.dll
10:40:40.0188 0x0f08  Wlansvc - ok
10:40:40.0233 0x0f08  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         T:\Windows\system32\drivers\wmiacpi.sys
10:40:40.0239 0x0f08  WmiAcpi - ok
10:40:40.0295 0x0f08  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        T:\Windows\system32\wbem\WmiApSrv.exe
10:40:40.0307 0x0f08  wmiApSrv - ok
10:40:40.0524 0x0f08  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   T:\Program Files\Windows Media Player\wmpnetwk.exe
10:40:40.0593 0x0f08  WMPNetworkSvc - ok
10:40:40.0685 0x0f08  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          T:\Windows\System32\wpcsvc.dll
10:40:40.0704 0x0f08  WPCSvc - ok
10:40:40.0744 0x0f08  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      T:\Windows\system32\wpdbusenum.dll
10:40:40.0761 0x0f08  WPDBusEnum - ok
10:40:40.0827 0x0f08  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         T:\Windows\system32\drivers\ws2ifsl.sys
10:40:40.0836 0x0f08  ws2ifsl - ok
10:40:40.0911 0x0f08  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          T:\Windows\system32\wscsvc.dll
10:40:40.0945 0x0f08  wscsvc - ok
10:40:40.0974 0x0f08  WSearch - ok
10:40:41.0345 0x0f08  [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv        T:\Windows\system32\wuaueng.dll
10:40:41.0481 0x0f08  wuauserv - ok
10:40:41.0549 0x0f08  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          T:\Windows\system32\drivers\WudfPf.sys
10:40:41.0574 0x0f08  WudfPf - ok
10:40:41.0657 0x0f08  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          T:\Windows\system32\DRIVERS\WUDFRd.sys
10:40:41.0668 0x0f08  WUDFRd - ok
10:40:41.0748 0x0f08  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         T:\Windows\System32\WUDFSvc.dll
10:40:41.0760 0x0f08  wudfsvc - ok
10:40:41.0814 0x0f08  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         T:\Windows\System32\wwansvc.dll
10:40:41.0833 0x0f08  WwanSvc - ok
10:40:41.0874 0x0f08  [ C7F0D7AA3A3C2DF333AFDD593106F39F, A022156CECF5E1B5385C8AE1F907140F515F1243288D36F1F591B0578F2A6410 ] xfilt           T:\Windows\system32\DRIVERS\xfilt.sys
10:40:41.0905 0x0f08  xfilt - ok
10:40:42.0007 0x0f08  ================ Scan global ===============================
10:40:42.0052 0x0f08  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] T:\Windows\system32\basesrv.dll
10:40:42.0142 0x0f08  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] T:\Windows\system32\winsrv.dll
10:40:42.0195 0x0f08  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] T:\Windows\system32\winsrv.dll
10:40:42.0253 0x0f08  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] T:\Windows\system32\sxssrv.dll
10:40:42.0319 0x0f08  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] T:\Windows\system32\services.exe
10:40:42.0354 0x0f08  [ Global ] - ok
10:40:42.0367 0x0f08  ================ Scan MBR ==================================
10:40:42.0392 0x0f08  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:40:43.0523 0x0f08  \Device\Harddisk0\DR0 - ok
10:40:43.0534 0x0f08  ================ Scan VBR ==================================
10:40:43.0558 0x0f08  [ 3AEC71139E28719BB3E1DECD89E19A2F ] \Device\Harddisk0\DR0\Partition1
10:40:43.0701 0x0f08  \Device\Harddisk0\DR0\Partition1 - ok
10:40:43.0728 0x0f08  [ 877503B3D0ADAD65FBEB50D5CD60C9A4 ] \Device\Harddisk0\DR0\Partition2
10:40:43.0823 0x0f08  \Device\Harddisk0\DR0\Partition2 - ok
10:40:43.0845 0x0f08  [ 818D39128654D8A49E612A95C94192C2 ] \Device\Harddisk0\DR0\Partition3
10:40:43.0938 0x0f08  \Device\Harddisk0\DR0\Partition3 - ok
10:40:43.0973 0x0f08  ================ Scan generic autorun ======================
10:40:44.0578 0x0f08  [ 90F1E5D49D55B11B4E4C3BFC58C1F9B4, 9FC6612EBF41794AB592DDCFE77442BE6A63B6E670923E50EBAD04E4FEE3F16A ] T:\Program Files\AVAST Software\Avast\AvastUI.exe
10:40:44.0895 0x0f08  AvastUI.exe - ok
10:40:45.0092 0x0f08  [ 059C2F55E82C8EDB20E8F26B2A7D2B19, BC323A8B8E0C3A5C2ABF23EDA0314A6117B9C2BC417A66CA5D6B25773E84E8F1 ] T:\Program Files\Ruiware\WinPatrol\winpatrol.exe
10:40:45.0160 0x0f08  WinPatrol - ok
10:40:45.0945 0x0f08  [ A75228DE9117A017BC7A3B44953B2648, 9AA3D2F883F187620612CD7CA3871187B8181ACE9EF918C31A74DBAAF2F81A60 ] T:\Program Files\CCleaner\CCleaner.exe
10:40:46.0278 0x0f08  CCleaner Monitoring - ok
10:40:46.0609 0x0f08  [ C93C775C0C2D608CE080D5C4D1489F61, B0E6A0B83944B1A6DED869704F71658046F636841CB5D17F234B7DCECA5EAE45 ] T:\Users\Administrator\AppData\Roaming\BitTorrent\BitTorrent.exe
10:40:46.0754 0x0f08  BitTorrent - ok
10:40:46.0778 0x0f08  Waiting for KSN requests completion. In queue: 66
10:40:47.0778 0x0f08  Waiting for KSN requests completion. In queue: 4
10:40:48.0778 0x0f08  Waiting for KSN requests completion. In queue: 4
10:40:49.0778 0x0f08  Waiting for KSN requests completion. In queue: 4
10:40:50.0986 0x0f08  AV detected via SS2: avast! Antivirus, T:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2215.880 ), 0x41000 ( enabled : updated )
10:40:51.0060 0x0f08  Win FW state via NFP2: enabled
10:40:53.0959 0x0f08  ============================================================
10:40:53.0960 0x0f08  Scan finished
10:40:53.0960 0x0f08  ============================================================
10:40:54.0003 0x0e30  Detected object count: 0
10:40:54.0003 0x0e30  Actual detected object count: 0

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-04-20 10:44:56
-----------------------------
10:44:56.234    OS Version: Windows 6.1.7601 Service Pack 1
10:44:56.234    Number of processors: 1 586 0xA00
10:44:56.250    ComputerName: ANTHONY-PC  UserName:
10:45:21.562    Initialize success
10:45:21.796    VM: initialized successfully
10:45:21.796    VM: Amd CPU virtualization not supported
10:45:27.718    AVAST engine defs: 15041901
10:45:33.593    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:45:33.593    Disk 0 Vendor: ST31000528AS CC3E Size: 953869MB BusType: 3
10:45:33.687    Disk 0 MBR read successfully
10:45:33.703    Disk 0 MBR scan
10:45:33.734    Disk 0 Windows 7 default MBR code
10:45:33.734    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        10003 MB offset 63
10:45:33.765    Disk 0 Boot: NTFS     code=1
10:45:33.781    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       120000 MB offset 20487600
10:45:33.812    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       823862 MB offset 266248080
10:45:33.843    Disk 0 scanning sectors +1953519120
10:45:33.921    Disk 0 scanning T:\Windows\system32\drivers
10:45:47.265    Service scanning
10:46:17.171    Modules scanning
10:46:17.187    Disk 0 trace - called modules:
10:46:17.218    ntoskrnl.exe CLASSPNP.SYS disk.sys xfilt.sys ACPI.sys halmacpi.dll ataport.SYS videX32.sys PCIIDEX.SYS atapi.sys
10:46:17.234    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b86030]
10:46:17.250    3 CLASSPNP.SYS[886ac59e] -> nt!IofCallDriver -> [0x85ae18d0]
10:46:17.265    5 xfilt.sys[83f21026] -> nt!IofCallDriver -> [0x85ad4608]
10:46:17.281    7 ACPI.sys[83d813d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85ad9610]
10:46:18.656    AVAST engine scan T:\Windows
10:46:20.937    AVAST engine scan T:\Windows\system32
10:50:14.862    AVAST engine scan T:\Windows\system32\drivers
10:50:40.971    AVAST engine scan T:\Users\Administrator
11:05:55.450    AVAST engine scan T:\ProgramData
11:09:01.043    Disk 0 statistics 2732882/0/0 @ 1.94 MB/s
11:09:01.075    Scan finished successfully
21:33:04.392    Disk 0 MBR has been saved successfully to "T:\Users\Administrator\Desktop\MBR.dat"
21:33:04.439    The log file has been saved successfully to "T:\Users\Administrator\Desktop\aswMBR.txt"

 



#15 ag.dabears

ag.dabears
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dinuba, Ca
  • Local time:08:06 PM

Posted 20 April 2015 - 11:39 PM

mbr.zip file

Attached Files

  • Attached File  MBR.zip   568bytes   0 downloads





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users