Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUM.dns infection, cannot remove after reformat


  • This topic is locked This topic is locked
19 replies to this topic

#1 rich.m

rich.m

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 02 September 2015 - 06:48 AM

Hi

 

I was first infected with Opencandy from downloading free pdf software and I believe I got this removed after the reformat. However, when I ran RogueKiller I managed to identify PUM.dns.

 

After downloading many programs and reformatting multiple times, I get messages like 'Secure Boot Violation: The system found unauthorized changes on the firmware, operating system or UEFI driver...' and my nvidia drivers don't install.

 

Could I please get some help with removing PUM.dns, it's proving to be quite tricky. Appreciate any assistance.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
Ran by rdm-970 (administrator) on RDM-970-PC (02-09-2015 21:33:13)
Running from C:\Users\rdm-970\Downloads
Loaded Profiles: rdm-970 (Available Profiles: rdm-970)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\A6210\A6210.EXE
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [A6210] => C:\Program Files (x86)\NETGEAR\A6210\A6210.EXE [6210368 2014-07-01] (NETGEAR)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-09-02] (AVAST Software)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134792 2015-08-11] (Check Point Software Technologies Ltd.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-02] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 61.9.133.193 61.9.134.49
Tcpip\..\Interfaces\{53D13274-90E4-4C17-B0BA-61924F3899B9}: [DhcpNameServer] 61.9.133.193 61.9.134.49
 
Internet Explorer:
==================
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-09-02] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-02] (AVAST Software)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll [2015-09-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll [2015-09-02] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-02]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Profile: C:\Users\rdm-970\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\rdm-970\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-02]
CHR Extension: (Google Search) - C:\Users\rdm-970\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-02]
CHR Extension: (Avast Online Security) - C:\Users\rdm-970\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-09-02]
CHR Extension: (Gmail) - C:\Users\rdm-970\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-02]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-02] (AVAST Software)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NetgearSwitchUSB; C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe [210648 2014-05-13] ()
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3722912 2015-08-11] (Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-14] (Check Point Software Technologies, Ltd.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 1394ohci; C:\Windows\system32\DRIVERS\1394ohci.sys [227840 2009-07-14] () [File not signed]
R3 A6210; C:\Windows\System32\DRIVERS\A6210.sys [2208984 2014-06-20] () [File not signed]
R0 ACPI; C:\Windows\System32\DRIVERS\ACPI.sys [334416 2009-07-14] () [File not signed]
S3 AcpiPmi; C:\Windows\system32\DRIVERS\acpipmi.sys [12288 2009-07-14] () [File not signed]
S3 adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [491088 2009-07-14] () [File not signed]
S3 adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [339536 2009-07-14] () [File not signed]
S3 adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [182864 2009-07-14] () [File not signed]
R1 AFD; C:\Windows\system32\drivers\afd.sys [500224 2009-07-14] () [File not signed]
S3 agp440; C:\Windows\system32\DRIVERS\agp440.sys [61008 2009-07-14] () [File not signed]
S3 aliide; C:\Windows\system32\DRIVERS\aliide.sys [15440 2009-07-14] () [File not signed]
S3 amdide; C:\Windows\system32\DRIVERS\amdide.sys [15440 2009-07-14] () [File not signed]
S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [64512 2009-07-14] () [File not signed]
S3 AmdPPM; C:\Windows\system32\DRIVERS\amdppm.sys [60928 2009-07-14] () [File not signed]
S3 amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [106576 2009-07-14] () [File not signed]
S3 amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [194128 2009-07-14] () [File not signed]
R0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [28752 2009-07-14] () [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2009-07-14] () [File not signed]
S3 arc; C:\Windows\system32\DRIVERS\arc.sys [87632 2009-07-14] () [File not signed]
S3 arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [97856 2009-07-14] () [File not signed]
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] () [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-02] () [File not signed]
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-02] () [File not signed]
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-02] () [File not signed]
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-09-02] () [File not signed]
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-09-02] () [File not signed]
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-09-02] () [File not signed]
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-02] ()
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] () [File not signed]
R0 atapi; C:\Windows\System32\DRIVERS\atapi.sys [24128 2009-07-14] () [File not signed]
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-11] () [File not signed]
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-11] () [File not signed]
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28240 2009-07-14] () [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-14] ()
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-14] () [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2009-07-14] () [File not signed]
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [18432 2009-06-11] () [File not signed]
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [8704 2009-06-11] () [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] () [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-11] () [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-11] () [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-11] () [File not signed]
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [72192 2009-07-14] () [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] () [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2009-07-14] () [File not signed]
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [45568 2009-07-14] () [File not signed]
R0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] () [File not signed]
S3 CmBatt; C:\Windows\system32\DRIVERS\CmBatt.sys [17664 2009-07-14] () [File not signed]
S3 cmdide; C:\Windows\system32\DRIVERS\cmdide.sys [17488 2009-07-14] () [File not signed]
R0 CNG; C:\Windows\System32\Drivers\cng.sys [460504 2009-07-14] () [File not signed]
S3 Compbatt; C:\Windows\system32\DRIVERS\compbatt.sys [21584 2009-07-14] () [File not signed]
R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2009-07-14] () [File not signed]
S4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [24144 2009-07-14] () [File not signed]
R1 CSC; C:\Windows\System32\drivers\csc.sys [514048 2009-07-14] () [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2009-07-14] () [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] () [File not signed]
R0 Disk; C:\Windows\System32\DRIVERS\disk.sys [73280 2009-07-14] () [File not signed]
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2009-07-14] () [File not signed]
S3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [974848 2009-07-14] () [File not signed]
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2014-03-14] () [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] () [File not signed]
S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [530496 2009-07-14] () [File not signed]
S3 ErrDev; C:\Windows\system32\DRIVERS\errdev.sys [9728 2009-07-14] () [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] () [File not signed]
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] () [File not signed]
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [29696 2009-07-14] () [File not signed]
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] () [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] () [File not signed]
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [24576 2009-07-14] () [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [290368 2009-07-14] () [File not signed]
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] () [File not signed]
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23104 2009-07-14] ()
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223448 2009-07-14] () [File not signed]
S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [65088 2009-07-14] () [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-11] () [File not signed]
R3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2009-07-14] () [File not signed]
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2009-07-14] () [File not signed]
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [26624 2009-07-14] () [File not signed]
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [100864 2009-07-14] () [File not signed]
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [46592 2009-07-14] () [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2009-07-14] () [File not signed]
S3 HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [77888 2009-07-14] () [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [751616 2009-07-14] () [File not signed]
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14416 2009-07-14] () [File not signed]
S3 i8042prt; C:\Windows\system32\DRIVERS\i8042prt.sys [105472 2009-07-14] () [File not signed]
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [672104 2014-05-28] () [File not signed]
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] () [File not signed]
S3 iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys [410688 2009-07-14] () [File not signed]
S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [44112 2009-07-14] () [File not signed]
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [3976792 2014-05-27] () [File not signed]
S3 intelide; C:\Windows\system32\DRIVERS\intelide.sys [16960 2009-07-14] () [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] () [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2009-07-14] () [File not signed]
S3 IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [78848 2009-07-14] () [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] () [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] () [File not signed]
S3 isapnp; C:\Windows\system32\DRIVERS\isapnp.sys [20544 2009-07-14] () [File not signed]
S3 iScsiPrt; C:\Windows\system32\DRIVERS\msiscsi.sys [224832 2009-07-14] () [File not signed]
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [20464 2014-02-21] () [File not signed]
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [370672 2014-02-21] () [File not signed]
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [791024 2014-02-21] () [File not signed]
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-14] () [File not signed]
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2009-07-14] () [File not signed]
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95312 2009-07-14] () [File not signed]
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [153152 2009-07-14] () [File not signed]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] () [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] () [File not signed]
S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [114752 2009-07-14] () [File not signed]
S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [106560 2009-07-14] () [File not signed]
S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [65600 2009-07-14] () [File not signed]
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [115776 2009-07-14] () [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] () [File not signed]
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-02] () [File not signed]
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] () [File not signed]
S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [35392 2009-07-14] () [File not signed]
S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [284736 2009-07-14] () [File not signed]
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] () [File not signed]
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] () [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] () [File not signed]
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] () [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] () [File not signed]
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94784 2009-07-14] () [File not signed]
S3 mpio; C:\Windows\system32\DRIVERS\mpio.sys [155216 2009-07-14] () [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] () [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2009-07-14] () [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [157184 2009-07-14] () [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [285696 2009-07-14] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [125952 2009-07-14] () [File not signed]
R0 msahci; C:\Windows\System32\DRIVERS\msahci.sys [30272 2009-07-14] () [File not signed]
S3 msdsm; C:\Windows\system32\DRIVERS\msdsm.sys [140352 2009-07-14] () [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] ()
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () [File not signed]
R0 msisadrv; C:\Windows\System32\DRIVERS\msisadrv.sys [15424 2009-07-14] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [File not signed]
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [367168 2009-07-14] ()
R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-14] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [947776 2009-07-14] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56320 2009-07-14] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2009-07-14] () [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2009-07-14] ()
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [259072 2009-07-14] () [File not signed]
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-14] () [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] ()
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] () [File not signed]
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1659984 2009-07-14] ()
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] () [File not signed]
S3 nvraid; C:\Windows\system32\DRIVERS\nvraid.sys [149056 2009-07-14] () [File not signed]
S3 nvstor; C:\Windows\system32\DRIVERS\nvstor.sys [167488 2009-07-14] () [File not signed]
S3 nv_agp; C:\Windows\system32\DRIVERS\nv_agp.sys [122960 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\DRIVERS\ohci1394.sys [72832 2009-07-14] () [File not signed]
R3 Parport; C:\Windows\System32\DRIVERS\parport.sys [97280 2009-07-14] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75840 2009-07-14] () [File not signed]
R0 pci; C:\Windows\System32\DRIVERS\pci.sys [183872 2009-07-14] () [File not signed]
S3 pciide; C:\Windows\system32\DRIVERS\pciide.sys [12352 2009-07-14] () [File not signed]
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-14] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111616 2009-07-14] () [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2009-07-14] () [File not signed]
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-14] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [130048 2009-07-14] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2009-07-14] () [File not signed]
R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-14] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [File not signed]
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [165376 2009-07-14] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [204800 2009-07-14] ()
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [214096 2009-07-14] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [File not signed]
S3 s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [6656 2009-07-14] () [File not signed]
S3 sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [104016 2009-07-14] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2009-07-14] () [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-11] ()
R3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [23552 2009-07-14] () [File not signed]
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] () [File not signed]
S3 sffdisk; C:\Windows\system32\DRIVERS\sffdisk.sys [14336 2009-07-14] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\DRIVERS\sffp_mmc.sys [13824 2009-07-14] () [File not signed]
S3 sffp_sd; C:\Windows\system32\DRIVERS\sffp_sd.sys [14336 2009-07-14] () [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-14] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [File not signed]
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] ()
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [465408 2009-07-14] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [407040 2009-07-14] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [162816 2009-07-14] () [File not signed]
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-14] () [File not signed]
R0 storflt; C:\Windows\System32\DRIVERS\vmstorfl.sys [46672 2009-07-14] () [File not signed]
S3 storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [34896 2009-07-14] () [File not signed]
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12496 2009-07-14] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1898376 2010-04-09] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1898376 2010-04-09] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [44544 2009-07-14] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2009-07-14] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [99840 2009-07-14] () [File not signed]
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [62544 2009-07-14] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [38400 2009-07-14] () [File not signed]
S3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2009-07-14] () [File not signed]
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-14] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [327168 2009-07-14] () [File not signed]
S3 uliagpkx; C:\Windows\system32\DRIVERS\uliagpkx.sys [64592 2009-07-14] () [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2009-07-14] () [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-14] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [98816 2009-07-14] () [File not signed]
S3 usbcir; C:\Windows\system32\DRIVERS\usbcir.sys [100352 2009-07-14] () [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [51200 2009-07-14] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2009-07-14] () [File not signed]
S3 usbohci; C:\Windows\system32\DRIVERS\usbohci.sys [25600 2009-07-14] () [File not signed]
S3 usbprint; C:\Windows\system32\DRIVERS\usbprint.sys [25088 2009-07-14] () [File not signed]
R3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [89600 2009-07-14] () [File not signed]
S3 usbuhci; C:\Windows\system32\DRIVERS\usbuhci.sys [30720 2009-07-14] () [File not signed]
R2 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [461792 2015-08-11] (Check Point Software Technologies Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-03 12:59 - 2015-09-02 19:02 - 00000000 ____D C:\Windows\Panther
2015-09-02 21:33 - 2015-09-02 21:33 - 00031158 _____ C:\Users\rdm-970\Downloads\FRST.txt
2015-09-02 21:32 - 2015-09-02 21:33 - 00000000 ____D C:\FRST
2015-09-02 21:09 - 2015-09-02 21:09 - 00004508 _____ C:\Users\rdm-970\Downloads\rk_9C3F.tmp.txt
2015-09-02 21:02 - 2015-09-02 21:02 - 05635829 _____ (Swearware) C:\Users\rdm-970\Downloads\ComboFix.exe
2015-09-02 20:55 - 2015-09-02 20:55 - 02188800 _____ (Farbar) C:\Users\rdm-970\Downloads\FRST64.exe
2015-09-02 20:53 - 2015-09-02 20:53 - 00000000 ____D C:\NVIDIA
2015-09-02 20:50 - 2015-09-02 20:51 - 302380336 _____ (NVIDIA Corporation) C:\Users\rdm-970\Downloads\355.82-desktop-win8-win7-winvista-64bit-international-whql.exe
2015-09-02 20:25 - 2015-09-02 20:25 - 00000000 ____D C:\Program Files (x86)\ESET
2015-09-02 20:24 - 2015-09-02 20:25 - 02870984 _____ (ESET) C:\Users\rdm-970\Downloads\esetsmartinstaller_enu.exe
2015-09-02 20:00 - 2015-09-02 21:03 - 00003548 _____ C:\Users\rdm-970\Desktop\Rkill.txt
2015-09-02 19:59 - 2015-09-02 20:48 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-02 19:58 - 2015-09-02 19:58 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\rdm-970\Downloads\rkill.exe
2015-09-02 19:58 - 2015-09-02 19:58 - 00001098 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-02 19:58 - 2015-09-02 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-02 19:58 - 2015-09-02 19:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-02 19:58 - 2015-09-02 19:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-02 19:58 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-02 19:58 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-02 19:58 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-02 19:57 - 2015-09-02 19:58 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\rdm-970\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-02 19:56 - 2015-06-23 13:30 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-09-02 19:51 - 2015-09-02 21:03 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-09-02 19:51 - 2015-09-02 20:13 - 00000000 ____D C:\ProgramData\RogueKiller
2015-09-02 19:47 - 2015-09-02 19:49 - 22722120 _____ C:\Users\rdm-970\Downloads\RogueKillerX64.exe
2015-09-02 19:36 - 2015-09-02 19:37 - 00430869 _____ C:\Windows\system32\Drivers\vsconfig.xml
2015-09-02 19:36 - 2015-09-02 19:36 - 00000762 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2015-09-02 19:36 - 2015-09-02 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2015-09-02 19:36 - 2010-04-09 21:06 - 01898376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-09-02 19:36 - 2010-04-09 21:06 - 00374664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-09-02 19:34 - 2015-09-02 19:36 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2015-09-02 19:34 - 2015-09-02 19:34 - 00000000 ____D C:\Users\rdm-970\AppData\Roaming\AVAST Software
2015-09-02 19:34 - 2015-09-02 19:34 - 00000000 ____D C:\ProgramData\CheckPoint
2015-09-02 19:33 - 2015-09-02 19:33 - 01048344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-09-02 19:33 - 2015-09-02 19:33 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-09-02 19:33 - 2015-09-02 19:33 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-09-02 19:33 - 2015-09-02 19:33 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-09-02 19:33 - 2015-09-02 19:33 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-09-02 19:33 - 2015-09-02 19:33 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-09-02 19:33 - 2015-09-02 19:33 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-09-02 19:33 - 2015-09-02 19:33 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-09-02 19:33 - 2015-09-02 19:33 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-09-02 19:33 - 2015-09-02 19:33 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-09-02 19:33 - 2015-09-02 19:33 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-09-02 19:33 - 2015-09-02 19:33 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-09-02 19:33 - 2015-09-02 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-09-02 19:32 - 2015-09-02 19:32 - 05685712 _____ (AVAST Software) C:\Users\rdm-970\Downloads\avast_free_antivirus_setup_online.exe
2015-09-02 19:32 - 2015-09-02 19:32 - 03387352 _____ (Check Point Software Technologies Ltd.) C:\Users\rdm-970\Downloads\zafwSetupWeb_140_508_000.exe
2015-09-02 19:32 - 2015-09-02 19:32 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-02 19:32 - 2015-09-02 19:32 - 00000000 ____D C:\Program Files\AVAST Software
2015-09-02 19:30 - 2015-09-02 19:30 - 00000000 ____D C:\ProgramData\Ralink
2015-09-02 19:29 - 2015-09-02 19:30 - 00002651 _____ C:\Windows\system32\RaCoInst.log
2015-09-02 19:29 - 2015-09-02 19:29 - 00004512 _____ C:\Windows\system32\Drivers\NtgrPwrTable_5.dat
2015-09-02 19:29 - 2015-09-02 19:29 - 00000000 ____D C:\Windows\Downloaded Installations
2015-09-02 19:29 - 2015-09-02 19:29 - 00000000 ____D C:\ProgramData\NETGEAR
2015-09-02 19:29 - 2015-09-02 19:29 - 00000000 ____D C:\Program Files (x86)\NETGEAR
2015-09-02 19:27 - 2015-09-02 20:50 - 00006464 _____ C:\Windows\SysWOW64\Gms.log
2015-09-02 19:24 - 2015-09-02 19:24 - 00057560 _____ C:\Users\rdm-970\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-02 19:24 - 2015-09-02 19:24 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2015-09-02 19:24 - 2015-09-02 19:24 - 00000000 ____D C:\Users\rdm-970\AppData\Roaming\Intel Corporation
2015-09-02 19:24 - 2015-09-02 19:24 - 00000000 ____D C:\Temp
2015-09-02 19:24 - 2014-02-21 15:56 - 00791024 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2015-09-02 19:24 - 2014-02-21 15:56 - 00370672 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2015-09-02 19:24 - 2014-02-21 15:56 - 00020464 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys
2015-09-02 19:23 - 2015-09-02 19:23 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-09-02 19:20 - 2015-09-02 19:24 - 00000000 ____D C:\Program Files (x86)\Intel
2015-09-02 19:20 - 2015-09-02 19:20 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-09-02 19:20 - 2015-09-02 19:20 - 00000000 ____D C:\Users\rdm-970\Intel
2015-09-02 19:20 - 2015-09-02 19:20 - 00000000 ____D C:\ProgramData\Intel
2015-09-02 19:19 - 2012-07-26 14:55 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2015-09-02 19:19 - 2012-07-26 14:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2015-09-02 19:19 - 2012-07-26 12:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2015-09-02 19:19 - 2012-06-03 00:35 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2015-09-02 19:18 - 2014-03-14 13:34 - 00003114 _____ C:\Windows\system32\e1d62x64.din
2015-09-02 19:18 - 2014-03-14 13:23 - 00487704 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1d62x64.sys
2015-09-02 19:18 - 2014-03-12 15:16 - 00403256 ____R (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2015-09-02 19:18 - 2014-03-12 15:02 - 00001904 ____N C:\Windows\system32\SetupBD.din
2015-09-02 19:18 - 2013-12-06 08:12 - 00091936 _____ (Intel Corporation) C:\Windows\system32\NicInstD.dll
2015-09-02 19:18 - 2013-11-22 06:57 - 00073480 _____ (Intel Corporation) C:\Windows\system32\e1dmsg.dll
2015-09-02 19:18 - 2009-05-26 12:05 - 00036472 _____ (Intel Corporation) C:\Windows\system32\NicCo36.dll
2015-09-02 19:17 - 2015-09-02 19:17 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-09-02 19:17 - 2015-09-02 19:17 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-09-02 19:17 - 2015-09-02 19:17 - 00000000 ____D C:\Program Files\Realtek
2015-09-02 19:16 - 2015-09-02 19:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-02 19:16 - 2015-09-02 19:23 - 00000000 ____D C:\Program Files\Intel
2015-09-02 19:16 - 2015-09-02 19:17 - 00000206 _____ C:\Windows\audio.log
2015-09-02 19:16 - 2015-09-02 19:17 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-09-02 19:16 - 2015-09-02 19:16 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-09-02 19:16 - 2014-05-30 16:21 - 02119472 _____ C:\Windows\system32\SStudio.dll
2015-09-02 19:16 - 2014-05-27 21:23 - 01136807 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-09-02 19:16 - 2014-05-27 21:17 - 03976792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-09-02 19:16 - 2014-05-26 17:00 - 62006272 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-09-02 19:16 - 2014-05-26 16:46 - 02800344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-09-02 19:16 - 2014-05-23 15:54 - 00948952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-09-02 19:16 - 2014-05-22 18:24 - 00096568 _____ C:\Windows\system32\audioLibVc.dll
2015-09-02 19:16 - 2014-05-22 15:21 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-09-02 19:16 - 2014-05-19 19:16 - 02843352 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-09-02 19:16 - 2014-05-19 12:47 - 02080472 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-09-02 19:16 - 2014-05-09 13:17 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-09-02 19:16 - 2014-04-17 19:42 - 01317976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2015-09-02 19:16 - 2014-04-17 19:42 - 01168472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2015-09-02 19:16 - 2014-04-17 19:42 - 01136728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2015-09-02 19:16 - 2014-04-10 14:20 - 12894808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2015-09-02 19:16 - 2014-04-10 14:20 - 01934424 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2015-09-02 19:16 - 2014-04-10 14:19 - 28343384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2015-09-02 19:16 - 2014-04-10 14:19 - 14863448 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2015-09-02 19:16 - 2014-04-10 14:19 - 03959384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2015-09-02 19:16 - 2014-04-10 14:19 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2015-09-02 19:16 - 2014-04-10 14:19 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-09-02 19:16 - 2014-04-10 14:19 - 01063512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-09-02 19:16 - 2014-04-10 14:19 - 00900696 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxAudioAPOShell.dll
2015-09-02 19:16 - 2014-04-09 18:39 - 00942384 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOSettingsIPC.dll
2015-09-02 19:16 - 2014-04-09 18:38 - 05751048 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2015-09-02 19:16 - 2014-04-07 18:03 - 06218072 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-09-02 19:16 - 2014-04-07 18:03 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-09-02 19:16 - 2014-04-07 18:03 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-09-02 19:16 - 2014-04-07 18:03 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-09-02 19:16 - 2014-04-01 16:41 - 00001332 ____R C:\Windows\system32\Drivers\DTSU2P.DAT
2015-09-02 19:16 - 2014-03-21 16:17 - 00291488 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2015-09-02 19:16 - 2014-03-19 21:19 - 00956504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2015-09-02 19:16 - 2014-03-06 18:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-09-02 19:16 - 2014-03-05 07:11 - 01048824 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2015-09-02 19:16 - 2014-03-05 07:11 - 00889592 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2015-09-02 19:16 - 2014-03-05 07:11 - 00724728 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2015-09-02 19:16 - 2014-03-05 07:11 - 00246008 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2015-09-02 19:16 - 2014-02-27 22:02 - 02162992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2015-09-02 19:16 - 2014-02-18 19:04 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-09-02 19:16 - 2014-02-06 13:28 - 05804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2015-09-02 19:16 - 2014-01-31 19:27 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2015-09-02 19:16 - 2014-01-28 13:48 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-09-02 19:16 - 2013-10-16 05:43 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-09-02 19:16 - 2013-10-11 14:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-09-02 19:16 - 2013-10-11 13:31 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-09-02 19:16 - 2013-10-07 02:26 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2015-09-02 19:16 - 2013-10-07 02:26 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2015-09-02 19:16 - 2013-10-07 02:26 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2015-09-02 19:16 - 2013-08-14 17:36 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-09-02 19:16 - 2013-08-14 17:35 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-09-02 19:16 - 2013-06-25 14:47 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2015-09-02 19:16 - 2013-06-25 14:47 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2015-09-02 19:16 - 2013-06-25 14:46 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2015-09-02 19:16 - 2013-06-21 13:01 - 00109848 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2015-09-02 19:16 - 2013-04-03 16:13 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2015-09-02 19:16 - 2012-08-31 21:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-09-02 19:16 - 2012-08-31 21:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-09-02 19:16 - 2012-08-31 21:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-09-02 19:16 - 2012-08-31 21:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-09-02 19:16 - 2012-08-31 21:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-09-02 19:16 - 2012-03-08 13:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-09-02 19:16 - 2012-01-30 13:43 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-09-02 19:16 - 2012-01-10 12:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-09-02 19:16 - 2011-12-20 17:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-09-02 19:16 - 2011-11-22 18:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-09-02 19:16 - 2011-09-02 16:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-09-02 19:16 - 2011-09-02 16:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-09-02 19:16 - 2011-09-02 16:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-09-02 19:16 - 2011-08-23 19:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-09-02 19:16 - 2011-05-31 11:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-09-02 19:16 - 2011-05-31 11:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-09-02 19:16 - 2011-05-31 11:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-09-02 19:16 - 2011-05-31 11:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-09-02 19:16 - 2011-05-31 11:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-09-02 19:16 - 2011-05-31 11:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-09-02 19:16 - 2011-05-31 11:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-09-02 19:16 - 2011-05-31 11:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-09-02 19:16 - 2011-05-31 11:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-09-02 19:16 - 2011-05-31 11:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-09-02 19:16 - 2011-05-31 11:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-09-02 19:16 - 2011-05-31 11:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-09-02 19:16 - 2011-03-17 14:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-09-02 19:16 - 2011-03-07 19:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-09-02 19:16 - 2010-11-08 09:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-09-02 19:16 - 2010-11-08 09:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-09-02 19:16 - 2010-11-08 09:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-09-02 19:16 - 2010-11-08 09:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-09-02 19:16 - 2010-11-08 09:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-09-02 19:16 - 2010-11-08 09:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-09-02 19:16 - 2010-11-03 20:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-09-02 19:16 - 2010-09-27 11:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-09-02 19:16 - 2010-07-22 18:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-09-02 19:16 - 2009-11-24 11:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-09-02 19:16 - 2009-11-24 11:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-09-02 19:16 - 2009-11-24 11:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-09-02 19:16 - 2009-11-24 11:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-09-02 19:15 - 2015-09-02 19:24 - 00789792 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-09-02 19:15 - 2015-09-02 19:15 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-02 19:15 - 2009-11-25 12:47 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-09-02 19:15 - 2009-11-25 12:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-09-02 19:15 - 2009-11-25 12:47 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2015-09-02 19:15 - 2009-11-25 12:47 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2015-09-02 19:15 - 2009-11-25 12:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2015-09-02 19:15 - 2009-11-25 12:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2015-09-02 19:15 - 2009-11-25 12:47 - 00109912 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2015-09-02 19:15 - 2009-11-25 12:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2015-09-02 19:15 - 2009-11-25 12:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2015-09-02 19:15 - 2009-11-25 12:47 - 00048960 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2015-09-02 19:14 - 2015-09-02 20:17 - 00001578 _____ C:\Windows\PFRO.log
2015-09-02 19:13 - 2015-09-02 19:13 - 00002285 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-02 19:13 - 2015-09-02 19:13 - 00000000 ____H C:\Windows\system32\Drivers\MsftWdf_user_01_11_00.Wdf
2015-09-02 19:13 - 2015-09-02 19:13 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_ASMBSW_01_11_00.Wdf
2015-09-02 19:13 - 2015-09-02 19:13 - 00000000 ____D C:\Windows\AsusInstAll
2015-09-02 19:13 - 2015-09-02 19:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-02 19:13 - 2015-09-02 19:13 - 00000000 ____D C:\Program Files\ASUS
2015-09-02 19:13 - 2015-09-02 19:13 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-09-02 19:13 - 2014-01-28 13:16 - 00028672 _____ (ASUSTek Computer Inc.) C:\Windows\SysWOW64\AsIO.dll
2015-09-02 19:13 - 2014-01-28 13:16 - 00015232 _____ C:\Windows\SysWOW64\Drivers\AsIO.sys
2015-09-02 19:13 - 2012-08-17 12:57 - 02356592 _____ (Microsoft Corporation) C:\Windows\system32\WudfUpdate_01011.dll
2015-09-02 19:13 - 2012-07-26 13:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2015-09-02 19:13 - 2012-07-26 13:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2015-09-02 19:13 - 2012-07-26 13:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2015-09-02 19:13 - 2012-07-26 13:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2015-09-02 19:13 - 2012-07-26 13:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2015-09-02 19:13 - 2012-07-26 12:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2015-09-02 19:13 - 2012-07-26 12:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2015-09-02 19:13 - 2012-06-03 00:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2015-09-02 19:13 - 2011-02-25 16:36 - 00295296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2015-09-02 19:12 - 2015-09-02 21:17 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-02 19:12 - 2015-09-02 20:48 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-02 19:12 - 2015-09-02 19:31 - 00000000 ____D C:\Users\rdm-970\AppData\Local\Google
2015-09-02 19:12 - 2015-09-02 19:24 - 00062120 _____ C:\Windows\Ascd_log.ini
2015-09-02 19:12 - 2015-09-02 19:13 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-02 19:12 - 2015-09-02 19:12 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-02 19:12 - 2015-09-02 19:12 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-02 19:12 - 2015-09-02 19:12 - 00001769 _____ C:\Windows\Language_trs.ini
2015-09-02 19:12 - 2015-09-02 19:12 - 00000463 _____ C:\Windows\scd.ini
2015-09-02 19:12 - 2015-09-02 19:12 - 00000000 _____ C:\Windows\Ascd_err.ini
2015-09-02 19:11 - 2015-09-02 19:11 - 00044559 _____ C:\Windows\Ascd_tmp.ini
2015-09-02 19:11 - 2015-09-02 19:11 - 00000096 _____ C:\Windows\As_Utilities.log
2015-09-02 19:04 - 2015-09-02 20:51 - 00097799 _____ C:\Windows\WindowsUpdate.log
2015-09-02 19:02 - 2015-09-02 19:20 - 00000000 ____D C:\Users\rdm-970
2015-09-02 19:02 - 2015-09-02 19:02 - 00001439 _____ C:\Users\rdm-970\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-02 19:02 - 2015-09-02 19:02 - 00001405 _____ C:\Users\rdm-970\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-09-02 19:02 - 2015-09-02 19:02 - 00000020 ___SH C:\Users\rdm-970\ntuser.ini
2015-09-02 19:02 - 2015-09-02 19:02 - 00000000 __SHD C:\Recovery
2015-09-02 19:02 - 2015-09-02 19:02 - 00000000 ____D C:\Users\rdm-970\AppData\Local\VirtualStore
2015-09-02 19:02 - 2009-07-14 14:54 - 00000000 ___RD C:\Users\rdm-970\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-02 19:02 - 2009-07-14 14:49 - 00000000 ___RD C:\Users\rdm-970\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-02 19:01 - 2015-09-02 19:01 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-09-02 19:01 - 2015-09-02 19:01 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-09-02 19:01 - 2015-09-02 19:01 - 00001313 _____ C:\Windows\TSSysprep.log
2015-08-11 03:39 - 2015-08-11 03:39 - 00461792 _____ (Check Point Software Technologies Ltd.) C:\Windows\system32\Drivers\vsdatant.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-03 12:59 - 2009-07-14 15:38 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2015-09-03 12:59 - 2009-07-14 15:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2015-09-02 20:53 - 2009-07-14 15:13 - 00783114 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-02 20:48 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-02 20:48 - 2009-07-14 14:51 - 00020740 _____ C:\Windows\setupact.log
2015-09-02 20:48 - 2009-07-14 14:45 - 00013776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-02 20:48 - 2009-07-14 14:45 - 00013776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-02 19:36 - 2009-07-14 13:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-09-02 19:13 - 2009-07-14 15:32 - 00000000 ____D C:\Windows\system32\restore
2015-09-02 19:02 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\rescache
2015-09-02 19:01 - 2009-07-14 15:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-09-02 19:01 - 2009-07-14 14:46 - 00001774 _____ C:\Windows\DtcInstall.log
2015-09-02 19:01 - 2009-07-14 14:45 - 00274320 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-02 19:01 - 2009-07-14 13:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-02 19:01 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\sysprep
2015-09-02 18:59 - 2009-07-14 17:46 - 00000000 ____D C:\Windows\CSC
 
==================== Files in the root of some directories =======
 
2015-09-02 19:17 - 2015-09-02 19:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\rdm-970\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys
[2015-09-02 19:13] - [2011-02-25 16:36] - 0295296 ____A () C9D0EAF58D6BA71E128E715EA43AD87D
 
C:\Windows\system32\Drivers\volsnap.sys => no Company Name <===== ATTENTION
 
 
 
LastRegBack: 2015-09-02 18:59
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:00 PM

Posted 02 September 2015 - 09:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR Extension: (Avast Online Security) - C:\Users\rdm-970\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-09-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-02]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

How is the computer running now?

#3 rich.m

rich.m
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 02 September 2015 - 08:36 PM

Hello nasdaq, thank you for lending a hand to assist me with my issue. The FRST log is shown below:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by rdm-970 (2015-09-03 11:29:15) Run:1
Running from C:\Users\rdm-970\Downloads
Loaded Profiles: rdm-970 (Available Profiles: rdm-970)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
CHR Extension: (Avast Online Security) - C:\Users\rdm-970\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-09-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-02]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\rdm-970\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
EmptyTemp: => 159.2 MB temporary data Removed.
 
=======
 
One thing I need to mention, Malwarebytes picked up some trojans and I let it clean:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/09/2015
Scan Time: 11:20 AM
Logfile: malwarebytes trojans.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.09.02.04
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x64
File System: NTFS
User: rdm-970
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332838
Time Elapsed: 2 min, 50 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
Trojan.Patched, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Modem, , [5ac2d655e5a689ad1678dbad897aff01], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
Fake.Beep.sys, C:\Windows\System32\drivers\beep.sys, , [c15b16156823231325c9602732d15ca4], 
Trojan.Patched, C:\Windows\System32\drivers\cdrom.sys, , [8e8e4cdf8dfee254d1342c5c7093e41c], 
Trojan.Patched, C:\Windows\System32\drivers\modem.sys, , [5ac2d655e5a689ad1678dbad897aff01], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
=======
 
Now onto the ADWcleaner part...


#4 rich.m

rich.m
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 02 September 2015 - 08:42 PM

The issue I had with adwcleaner was that it couldn't detect anything and I had to use RogueKiller to see the PUM.dns. I'll run RogueKiller as well to see if it detects PUM.dns still too, but for the meantime log file from adwcleaner below:

 

 

# AdwCleaner v5.005 - Logfile created 03/09/2015 at 11:39:36
# Updated 31/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Windows 7 Ultimate  (x64)
# Username : rdm-970 - RDM-970-PC
# Running from : C:\Users\rdm-970\Downloads\adwcleaner_5.005.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [553 bytes] ##########


#5 rich.m

rich.m
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 02 September 2015 - 08:53 PM

Ahh yes, RogueKiller is still detecting it:

 

 

RogueKiller V10.10.3.0 (x64) [Aug 31 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7600) 64 bits version
Started in : Normal mode
User : rdm-970 [Administrator]
Started from : C:\Users\rdm-970\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 09/03/2015 11:51:50
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 61.9.133.193 61.9.134.49 ([X][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 61.9.133.193 61.9.134.49 ([X][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 61.9.133.193 61.9.134.49 ([X][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{53D13274-90E4-4C17-B0BA-61924F3899B9} | DhcpNameServer : 61.9.133.193 61.9.134.49 ([X][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{53D13274-90E4-4C17-B0BA-61924F3899B9} | DhcpNameServer : 61.9.133.193 61.9.134.49 ([X][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{53D13274-90E4-4C17-B0BA-61924F3899B9} | DhcpNameServer : 61.9.133.193 61.9.134.49 ([X][-])  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 850 EVO 500G SCSI Disk Device +++++
--- User ---
[MBR] 3adcff565576bec08869c6143a01a5ff
[BSP] 647ac6a1af6a94e09cef33b80cd230bd : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 219900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 450562048 | Size: 256938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:00 PM

Posted 03 September 2015 - 07:10 AM


The IP Address in the Roguekiller log is from Australia.
http://whatismyipaddress.com/ip/61.9.133.193

All should be good if you are from the area.

===

Quoted from the MBAM log.

Files: 3
Fake.Beep.sys, C:\Windows\System32\drivers\beep.sys, , [c15b16156823231325c9602732d15ca4],
Trojan.Patched, C:\Windows\System32\drivers\cdrom.sys, , [8e8e4cdf8dfee254d1342c5c7093e41c],
Trojan.Patched, C:\Windows\System32\drivers\modem.sys, , [5ac2d655e5a689ad1678dbad897aff01],



Check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833

Run Malwarebytes one more time and lets find out if this is still an issue.

Keep me posted on any issues with this computer.

#7 rich.m

rich.m
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 03 September 2015 - 09:27 AM

That's correct, the IP seems ok.

 

My computer can't detect my USB DVD-ROM now.

 

I ran the checker and it seemed to be fine. However, the nvidia drivers are still not installing. Is there a way/software I can use to wipe out the SSD, so I can start from scratch again? A simple reformat from the Windows 7 boot disk did not do clear the remnants of PUM.dns and that's why after reinstalling, issues persisted.

 

I'm just worried that the PUN.dns has attacked the bios. Is there software that could check the integrity of the BIOs? I might have to explore the option of clearing my bios too.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:00 PM

Posted 03 September 2015 - 01:32 PM

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Wait for further instructions.

#9 rich.m

rich.m
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 04 September 2015 - 08:57 PM

Thanks nasdaq

 

TDSSKiller didn't find anything:

 

 

11:54:43.0024 0x113c  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
11:54:47.0495 0x113c  ============================================================
11:54:47.0495 0x113c  Current date / time: 2015/09/05 11:54:47.0495
11:54:47.0495 0x113c  SystemInfo:
11:54:47.0495 0x113c  
11:54:47.0495 0x113c  OS Version: 6.1.7600 ServicePack: 0.0
11:54:47.0495 0x113c  Product type: Workstation
11:54:47.0495 0x113c  ComputerName: RDM970-PC
11:54:47.0495 0x113c  UserName: rdm970
11:54:47.0495 0x113c  Windows directory: C:\Windows
11:54:47.0495 0x113c  System windows directory: C:\Windows
11:54:47.0495 0x113c  Running under WOW64
11:54:47.0495 0x113c  Processor architecture: Intel x64
11:54:47.0495 0x113c  Number of processors: 4
11:54:47.0495 0x113c  Page size: 0x1000
11:54:47.0495 0x113c  Boot type: Normal boot
11:54:47.0495 0x113c  ============================================================
11:54:48.0079 0x113c  KLMD registered as C:\Windows\system32\drivers\87458312.sys
11:54:48.0236 0x113c  System UUID: {1DC9B8D0-8AC9-BE2E-674A-0130E2C2DF47}
11:54:48.0650 0x113c  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:54:48.0654 0x113c  ============================================================
11:54:48.0654 0x113c  \Device\Harddisk0\DR0:
11:54:48.0654 0x113c  MBR partitions:
11:54:48.0654 0x113c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:54:48.0654 0x113c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x15F5E000
11:54:48.0654 0x113c  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x15F90800, BlocksNum 0x243F5000
11:54:48.0654 0x113c  ============================================================
11:54:48.0654 0x113c  C: <-> \Device\Harddisk0\DR0\Partition2
11:54:48.0655 0x113c  D: <-> \Device\Harddisk0\DR0\Partition3
11:54:48.0655 0x113c  ============================================================
11:54:48.0655 0x113c  Initialize success
11:54:48.0655 0x113c  ============================================================
11:54:50.0723 0x1398  ============================================================
11:54:50.0723 0x1398  Scan started
11:54:50.0723 0x1398  Mode: Manual; 
11:54:50.0723 0x1398  ============================================================
11:54:50.0723 0x1398  KSN ping started
11:55:05.0557 0x1398  KSN ping finished: true
11:55:05.0832 0x1398  ================ Scan system memory ========================
11:55:05.0832 0x1398  System memory - ok
11:55:05.0832 0x1398  ================ Scan services =============================
11:55:05.0837 0x1398  [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
11:55:05.0839 0x1398  !SASCORE - ok
11:55:05.0873 0x1398  [ 1B00662092F9F9568B995902F0CC40D5, D345014CF146FA57B2682C189D5E7F27D4C78F321F2723D912D623E777C2BB70 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
11:55:05.0876 0x1398  1394ohci - ok
11:55:05.0908 0x1398  [ 76C0D63592621EB5E844D3B438AD4C4E, BD622A3804FC5CE6485EB1476F13D42F27BDADF65C1BDB67EC0B24FA49E8379C ] A6210           C:\Windows\system32\DRIVERS\A6210.sys
11:55:05.0932 0x1398  A6210 - ok
11:55:05.0940 0x1398  [ 6F11E88748CDEFD2F76AA215F97DDFE5, BD0B3561EDCDE5EFD89372793CFD09DF879709BF469542F4A049705CBA9FD060 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
11:55:05.0944 0x1398  ACPI - ok
11:55:05.0946 0x1398  [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
11:55:05.0947 0x1398  AcpiPmi - ok
11:55:05.0955 0x1398  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
11:55:05.0961 0x1398  adp94xx - ok
11:55:05.0968 0x1398  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
11:55:05.0972 0x1398  adpahci - ok
11:55:05.0976 0x1398  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
11:55:05.0979 0x1398  adpu320 - ok
11:55:05.0982 0x1398  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:55:05.0984 0x1398  AeLookupSvc - ok
11:55:05.0993 0x1398  [ B9384E03479D2506BC924C16A3DB87BC, AB5FD2BC1F005E7D664F5DE3D5CB54499024A83B716DD52C56582DB7EFB4F01B ] AFD             C:\Windows\system32\drivers\afd.sys
11:55:06.0000 0x1398  AFD - ok
11:55:06.0003 0x1398  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
11:55:06.0004 0x1398  agp440 - ok
11:55:06.0006 0x1398  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
11:55:06.0007 0x1398  ALG - ok
11:55:06.0009 0x1398  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
11:55:06.0010 0x1398  aliide - ok
11:55:06.0012 0x1398  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
11:55:06.0013 0x1398  amdide - ok
11:55:06.0016 0x1398  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
11:55:06.0017 0x1398  AmdK8 - ok
11:55:06.0019 0x1398  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
11:55:06.0020 0x1398  AmdPPM - ok
11:55:06.0023 0x1398  [ 7A4B413614C055935567CF88A9734D38, A3BB7CDF3EE0EEF67F89263E81145E73C7142EF5F0AF265375C2ECCE74F932C4 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
11:55:06.0025 0x1398  amdsata - ok
11:55:06.0029 0x1398  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
11:55:06.0032 0x1398  amdsbs - ok
11:55:06.0034 0x1398  [ B4AD0CACBAB298671DD6F6EF7E20679D, FB566C892D0A3DC0A523AE20F35011996958D670937DD5C1A1FCCD36AAC714D7 ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
11:55:06.0035 0x1398  amdxata - ok
11:55:06.0037 0x1398  [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID           C:\Windows\system32\drivers\appid.sys
11:55:06.0038 0x1398  AppID - ok
11:55:06.0041 0x1398  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:55:06.0042 0x1398  AppIDSvc - ok
11:55:06.0045 0x1398  [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo         C:\Windows\System32\appinfo.dll
11:55:06.0046 0x1398  Appinfo - ok
11:55:06.0051 0x1398  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
11:55:06.0053 0x1398  AppMgmt - ok
11:55:06.0056 0x1398  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
11:55:06.0058 0x1398  arc - ok
11:55:06.0061 0x1398  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
11:55:06.0062 0x1398  arcsas - ok
11:55:06.0077 0x1398  [ BBF8F831C7720DD5135D8C4C8325187A, 2630C68200D7BD49A5772830D6B369C0EC337C2558A9562DD564DF042249ECC0 ] asComSvc        C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
11:55:06.0088 0x1398  asComSvc - ok
11:55:06.0103 0x1398  [ 798DE15F187C1F013095BBBEB6FB6197, 436CCAB6F62FA2D29827916E054ADE7ACAE485B3DE1D3E5C6C62D3DEBF1480E7 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
11:55:06.0104 0x1398  AsIO - ok
11:55:06.0112 0x1398  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:55:06.0113 0x1398  aspnet_state - ok
11:55:06.0115 0x1398  [ 525F5989C095F5757414E1F4B39175B2, 0CA28553AE4BF07C3952A6E2355FAB2B0CB862CFD88DEFD7232FD48ABA99CFCB ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
11:55:06.0116 0x1398  aswHwid - ok
11:55:06.0119 0x1398  [ 76D585093398DB973470BB83FCF0CE52, F7135232E7F50270A253C9F04574F22B827A42B2BE42DE6E391CE3A56B2EA51F ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
11:55:06.0121 0x1398  aswMonFlt - ok
11:55:06.0124 0x1398  [ 719FF5568B5E71832541636E2A7DFE27, C49ADB31B5DE6FCFB252290D5B831A90E555F86058500538BBD288B10CDCC46F ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
11:55:06.0125 0x1398  aswRdr - ok
11:55:06.0128 0x1398  [ 21C13E3C9B801C8AE172FABBD235221E, 0AE02CB0F4A87C6065159B68545DD536C4E98C8C23E954ED3392A7CE5F28868C ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
11:55:06.0129 0x1398  aswRvrt - ok
11:55:06.0146 0x1398  [ E0F47617EB31CD205BF68B55CE88862D, EE3ED93E51E310E1D713F8692CF2A61147C0EFCFA465969C04B85DA2E271F3E6 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
11:55:06.0158 0x1398  aswSnx - ok
11:55:06.0167 0x1398  [ C43A0929DE32035499D6BB39A7F44439, 6269380D25D6BFFB7C234758114B700A75BD55D654B6D93ED44D50660A86FCA7 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
11:55:06.0172 0x1398  aswSP - ok
11:55:06.0176 0x1398  [ 763C27EA21875F54615A0174EEC78FC4, 4EE48D475B183DD2066781137F46A4BEE2E510B3A085B9B1385F8C0043A5BE08 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
11:55:06.0178 0x1398  aswStm - ok
11:55:06.0184 0x1398  [ C85B35201A253B99199C0A9F5B98FC18, 18FF49D52035C79AD70A96FBD4663C41A58830D432DD4B9EDA6E7FCDFD12C18F ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
11:55:06.0187 0x1398  aswVmm - ok
11:55:06.0190 0x1398  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:55:06.0190 0x1398  AsyncMac - ok
11:55:06.0192 0x1398  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
11:55:06.0193 0x1398  atapi - ok
11:55:06.0204 0x1398  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:55:06.0212 0x1398  AudioEndpointBuilder - ok
11:55:06.0223 0x1398  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
11:55:06.0231 0x1398  AudioSrv - ok
11:55:06.0236 0x1398  [ 4956380A54B1C9E6BFDF3D80DACB9698, 0B0F9807EEF0F3BFE4F862876633D241DBA8F72A1373445976FF388678C4734C ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:55:06.0238 0x1398  avast! Antivirus - ok
11:55:06.0241 0x1398  [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:55:06.0243 0x1398  AxInstSV - ok
11:55:06.0251 0x1398  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
11:55:06.0257 0x1398  b06bdrv - ok
11:55:06.0263 0x1398  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
11:55:06.0266 0x1398  b57nd60a - ok
11:55:06.0270 0x1398  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
11:55:06.0271 0x1398  BDESVC - ok
11:55:06.0274 0x1398  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:55:06.0275 0x1398  Beep - ok
11:55:06.0286 0x1398  [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE             C:\Windows\System32\bfe.dll
11:55:06.0295 0x1398  BFE - ok
11:55:06.0309 0x1398  [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS            C:\Windows\System32\qmgr.dll
11:55:06.0320 0x1398  BITS - ok
11:55:06.0323 0x1398  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
11:55:06.0323 0x1398  blbdrive - ok
11:55:06.0326 0x1398  [ 91CE0D3DC57DD377E690A2D324022B08, 61874463956C0BCA5139522F34E974E5F638A092E0FD5C59DD30DE61D9AB8B0E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:55:06.0328 0x1398  bowser - ok
11:55:06.0329 0x1398  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:55:06.0330 0x1398  BrFiltLo - ok
11:55:06.0332 0x1398  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:55:06.0332 0x1398  BrFiltUp - ok
11:55:06.0336 0x1398  [ 94FBC06F294D58D02361918418F996E3, 62C7CC2AF8F5A0BB0C262DACDE3F72C6AC318C3840CE60E46EE2064B32BDA5EF ] Browser         C:\Windows\System32\browser.dll
11:55:06.0337 0x1398  Browser - ok
11:55:06.0343 0x1398  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:55:06.0347 0x1398  Brserid - ok
11:55:06.0349 0x1398  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:55:06.0350 0x1398  BrSerWdm - ok
11:55:06.0352 0x1398  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:55:06.0352 0x1398  BrUsbMdm - ok
11:55:06.0354 0x1398  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:55:06.0355 0x1398  BrUsbSer - ok
11:55:06.0358 0x1398  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
11:55:06.0359 0x1398  BTHMODEM - ok
11:55:06.0363 0x1398  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
11:55:06.0364 0x1398  bthserv - ok
11:55:06.0367 0x1398  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:55:06.0368 0x1398  cdfs - ok
11:55:06.0372 0x1398  [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:55:06.0374 0x1398  cdrom - ok
11:55:06.0377 0x1398  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc     C:\Windows\System32\certprop.dll
11:55:06.0378 0x1398  CertPropSvc - ok
11:55:06.0380 0x1398  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
11:55:06.0381 0x1398  circlass - ok
11:55:06.0388 0x1398  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
11:55:06.0392 0x1398  CLFS - ok
11:55:06.0396 0x1398  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:55:06.0397 0x1398  clr_optimization_v2.0.50727_32 - ok
11:55:06.0401 0x1398  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:55:06.0403 0x1398  clr_optimization_v2.0.50727_64 - ok
11:55:06.0410 0x1398  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:55:06.0412 0x1398  clr_optimization_v4.0.30319_32 - ok
11:55:06.0415 0x1398  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:55:06.0417 0x1398  clr_optimization_v4.0.30319_64 - ok
11:55:06.0419 0x1398  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
11:55:06.0419 0x1398  CmBatt - ok
11:55:06.0421 0x1398  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
11:55:06.0422 0x1398  cmdide - ok
11:55:06.0430 0x1398  [ F95FD4CB7DA00BA2A63CE9F6B5C053E1, D1FBCA0416D38B9CA510FB01CF251E60B244D38080E6668948ED927D2350ED49 ] CNG             C:\Windows\system32\Drivers\cng.sys
11:55:06.0435 0x1398  CNG - ok
11:55:06.0438 0x1398  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
11:55:06.0438 0x1398  Compbatt - ok
11:55:06.0440 0x1398  [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
11:55:06.0441 0x1398  CompositeBus - ok
11:55:06.0443 0x1398  COMSysApp - ok
11:55:06.0445 0x1398  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
11:55:06.0445 0x1398  crcdisk - ok
11:55:06.0450 0x1398  [ 8C57411B66282C01533CB776F98AD384, 65BCF1B0BA521CBE39E974C7ACAEA9C9E3F89D86754275C6B2616E7691876AEE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:55:06.0452 0x1398  CryptSvc - ok
11:55:06.0461 0x1398  [ 4A6173C2279B498CD8F57CAE504564CB, FF3CD404FD91EDE38C21780362CE892BFBBC2526B146BEBD139C7413EB29A216 ] CSC             C:\Windows\system32\drivers\csc.sys
11:55:06.0467 0x1398  CSC - ok
11:55:06.0479 0x1398  [ 873FBF927C06E5CEE04DEC617502F8FD, 8B452ED5D003337E66634EEC3D5C9FBA4D05FF5AE776239F3B769FAA505E729C ] CscService      C:\Windows\System32\cscsvc.dll
11:55:06.0488 0x1398  CscService - ok
11:55:06.0498 0x1398  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:55:06.0505 0x1398  DcomLaunch - ok
11:55:06.0512 0x1398  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
11:55:06.0515 0x1398  defragsvc - ok
11:55:06.0519 0x1398  [ 3F1DC527070ACB87E40AFE46EF6DA749, 5CB9CB94854AF06BEA02AF3E0562B8ECF72B2B23ED657A3F5E17CD3552F3EF84 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:55:06.0520 0x1398  DfsC - ok
11:55:06.0527 0x1398  [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:55:06.0531 0x1398  Dhcp - ok
11:55:06.0534 0x1398  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
11:55:06.0534 0x1398  discache - ok
11:55:06.0537 0x1398  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
11:55:06.0538 0x1398  Disk - ok
11:55:06.0543 0x1398  [ 676108C4E3AA6F6B34633748BD0BEBD9, 953286126E482EF3A9A1833680EFF86D657BD6C5411B9AEC2D7828ADE63D25AD ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:55:06.0546 0x1398  Dnscache - ok
11:55:06.0551 0x1398  [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:55:06.0555 0x1398  dot3svc - ok
11:55:06.0560 0x1398  [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS             C:\Windows\system32\dps.dll
11:55:06.0562 0x1398  DPS - ok
11:55:06.0564 0x1398  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:55:06.0564 0x1398  drmkaud - ok
11:55:06.0579 0x1398  [ 7CB7D2B73813CE05C7BC0F5F95D27CEC, F80AD7E946B8C8C27A0EB8A99B3A61C3F09E5442372D64EB4886D86B8D0AFCFD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:55:06.0590 0x1398  DXGKrnl - ok
11:55:06.0599 0x1398  [ A16FD7174C8D5A4021F8C5ED45C4EC82, 57080E6926C8E2E2589FD29B823F62A9ED38FD97284E3ACAA55B183BAA7621C4 ] e1dexpress      C:\Windows\system32\DRIVERS\e1d62x64.sys
11:55:06.0605 0x1398  e1dexpress - ok
11:55:06.0609 0x1398  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
11:55:06.0611 0x1398  EapHost - ok
11:55:06.0656 0x1398  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
11:55:06.0693 0x1398  ebdrv - ok
11:55:06.0699 0x1398  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] EFS             C:\Windows\System32\lsass.exe
11:55:06.0701 0x1398  EFS - ok
11:55:06.0713 0x1398  [ B91D81B3B54A54CCAFC03733DBC2E29E, B08CFD3136F678CF902722B32CA55C4983EEE5AEBDCEE036BEB746914742141C ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:55:06.0721 0x1398  ehRecvr - ok
11:55:06.0724 0x1398  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
11:55:06.0726 0x1398  ehSched - ok
11:55:06.0735 0x1398  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
11:55:06.0741 0x1398  elxstor - ok
11:55:06.0743 0x1398  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
11:55:06.0744 0x1398  ErrDev - ok
11:55:06.0753 0x1398  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
11:55:06.0758 0x1398  EventSystem - ok
11:55:06.0762 0x1398  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
11:55:06.0765 0x1398  exfat - ok
11:55:06.0769 0x1398  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:55:06.0771 0x1398  fastfat - ok
11:55:06.0783 0x1398  [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax             C:\Windows\system32\fxssvc.exe
11:55:06.0792 0x1398  Fax - ok
11:55:06.0795 0x1398  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
11:55:06.0795 0x1398  fdc - ok
11:55:06.0797 0x1398  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
11:55:06.0798 0x1398  fdPHost - ok
11:55:06.0800 0x1398  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:55:06.0802 0x1398  FDResPub - ok
11:55:06.0804 0x1398  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:55:06.0805 0x1398  FileInfo - ok
11:55:06.0808 0x1398  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:55:06.0809 0x1398  Filetrace - ok
11:55:06.0811 0x1398  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
11:55:06.0812 0x1398  flpydisk - ok
11:55:06.0817 0x1398  [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:55:06.0821 0x1398  FltMgr - ok
11:55:06.0838 0x1398  [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A, 6587B22ED91F98D3E3614967F62D7A58F42C12F45F8E1D47835D195CD350BC54 ] FontCache       C:\Windows\system32\FntCache.dll
11:55:06.0852 0x1398  FontCache - ok
11:55:06.0855 0x1398  [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:55:06.0856 0x1398  FontCache3.0.0.0 - ok
11:55:06.0858 0x1398  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:55:06.0859 0x1398  FsDepends - ok
11:55:06.0862 0x1398  [ E95EF8547DE20CF0603557C0CF7A9462, 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:55:06.0862 0x1398  Fs_Rec - ok
11:55:06.0867 0x1398  [ B8B2A6E1558F8F5DE5CE431C5B2C7B09, 24A9F04A0622681A4E4B6BCC47C45016787C6036EAD828920812D9FAD49A71E3 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:55:06.0870 0x1398  fvevol - ok
11:55:06.0872 0x1398  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
11:55:06.0874 0x1398  gagp30kx - ok
11:55:06.0886 0x1398  [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc           C:\Windows\System32\gpsvc.dll
11:55:06.0896 0x1398  gpsvc - ok
11:55:06.0901 0x1398  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:55:06.0902 0x1398  gupdate - ok
11:55:06.0906 0x1398  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:55:06.0908 0x1398  gupdatem - ok
11:55:06.0910 0x1398  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:55:06.0911 0x1398  hcw85cir - ok
11:55:06.0917 0x1398  [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:55:06.0922 0x1398  HdAudAddService - ok
11:55:06.0925 0x1398  [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
11:55:06.0927 0x1398  HDAudBus - ok
11:55:06.0929 0x1398  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
11:55:06.0929 0x1398  HidBatt - ok
11:55:06.0932 0x1398  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
11:55:06.0934 0x1398  HidBth - ok
11:55:06.0936 0x1398  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
11:55:06.0937 0x1398  HidIr - ok
11:55:06.0939 0x1398  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
11:55:06.0940 0x1398  hidserv - ok
11:55:06.0942 0x1398  [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:55:06.0943 0x1398  HidUsb - ok
11:55:06.0945 0x1398  [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:55:06.0947 0x1398  hkmsvc - ok
11:55:06.0952 0x1398  [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:55:06.0955 0x1398  HomeGroupListener - ok
11:55:06.0960 0x1398  [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:55:06.0963 0x1398  HomeGroupProvider - ok
11:55:06.0966 0x1398  [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
11:55:06.0968 0x1398  HpSAMD - ok
11:55:06.0980 0x1398  [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:55:06.0989 0x1398  HTTP - ok
11:55:06.0991 0x1398  [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:55:06.0991 0x1398  hwpolicy - ok
11:55:06.0994 0x1398  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
11:55:06.0996 0x1398  i8042prt - ok
11:55:07.0009 0x1398  [ 9EBE1AE8B3DA91D06BE1971EB37F7DA0, 55B0E66139C966AF0D4955B44363123198C559968C864DA85F6610CF1C844E8D ] iaStorA         C:\Windows\system32\DRIVERS\iaStorA.sys
11:55:07.0016 0x1398  iaStorA - ok
11:55:07.0019 0x1398  [ D524B034148F14C60F1CA66D267EE56A, 18045270C5CA718501285EE05EDED8B0EF998A881ACF19D9602F91A2A30E40AB ] IAStorDataMgrSvc C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
11:55:07.0020 0x1398  IAStorDataMgrSvc - ok
11:55:07.0022 0x1398  [ C018747131B4E90E9267BA5B31EB43A7, 0FA045B63500D6AA98CADD72BA8052BD2631387FD1270A9FD5A77EB7A7A14536 ] iaStorF         C:\Windows\system32\DRIVERS\iaStorF.sys
11:55:07.0022 0x1398  iaStorF - ok
11:55:07.0030 0x1398  [ D83EFB6FD45DF9D55E9A1AFC63640D50, 0494F8F7CB3ED11FD8D0B838CB71271AF7A3CBFCB7F2CB043A9392B5106A3C7B ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
11:55:07.0035 0x1398  iaStorV - ok
11:55:07.0049 0x1398  [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:55:07.0059 0x1398  idsvc - ok
11:55:07.0062 0x1398  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
11:55:07.0063 0x1398  iirsp - ok
11:55:07.0077 0x1398  [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT          C:\Windows\System32\ikeext.dll
11:55:07.0088 0x1398  IKEEXT - ok
11:55:07.0146 0x1398  [ B92AA1DFD257F2FD9501E0C2DE0A6C0D, E900F3592B72713B4586B3E1CB00DFAA80D62CFC4A7DC7ABE4A9D1A3F7550571 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:55:07.0193 0x1398  IntcAzAudAddService - ok
11:55:07.0212 0x1398  [ 4C17F57E43645E75800E9E84787E34E5, 6A1531D97462BA3B3DBDAD472AF15B717C958AA8C5CE2373DE0B2A41C35BE33E ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
11:55:07.0222 0x1398  Intel® Capability Licensing Service TCP IP Interface - ok
11:55:07.0228 0x1398  [ E42505363945956ECB5D38A4EB21CB39, C6A46A7621721EB1EA46E5F7D2E560D8022A97241F0792814015F803D96A2C92 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
11:55:07.0232 0x1398  Intel® PROSet Monitoring Service - ok
11:55:07.0234 0x1398  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
11:55:07.0235 0x1398  intelide - ok
11:55:07.0237 0x1398  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:55:07.0238 0x1398  intelppm - ok
11:55:07.0241 0x1398  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:55:07.0244 0x1398  IPBusEnum - ok
11:55:07.0246 0x1398  [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:55:07.0248 0x1398  IpFilterDriver - ok
11:55:07.0257 0x1398  [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:55:07.0264 0x1398  iphlpsvc - ok
11:55:07.0268 0x1398  [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:55:07.0269 0x1398  IPMIDRV - ok
11:55:07.0272 0x1398  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
11:55:07.0274 0x1398  IPNAT - ok
11:55:07.0276 0x1398  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:55:07.0276 0x1398  IRENUM - ok
11:55:07.0277 0x1398  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
11:55:07.0277 0x1398  isapnp - ok
11:55:07.0277 0x1398  [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
11:55:07.0277 0x1398  iScsiPrt - ok
11:55:07.0277 0x1398  [ 45392E76EE30DC9C8F0181C785F0BA48, 7FB522E1AA9B877B9FB1A29C2ADC42EA794E8864AD2411AD275F00F00547F8F3 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
11:55:07.0277 0x1398  iusb3hcs - ok
11:55:07.0293 0x1398  [ C6E8FB7FF41877378CCB30DE6E9941DF, CA808A00C0CC21C1C7BE54F0D1E5D3F24C0032BE821C064E0A63901F20F3C6BC ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
11:55:07.0293 0x1398  iusb3hub - ok
11:55:07.0308 0x1398  [ 6FBA980433B2B21604CE990FBF542D3F, ACB35A5558DD9EF9A339C9D061207AF5527D3AEFC9AC99AB6CFBA1CE92F8B62D ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
11:55:07.0308 0x1398  iusb3xhc - ok
11:55:07.0327 0x1398  [ 0B93A01F786F37A4B1EDE84E639FFF10, 8747109A2FA2B80C8C5F5B6D2372C1B0DA4F4BF9DC1D551195ADF0715C260223 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
11:55:07.0329 0x1398  jhi_service - ok
11:55:07.0332 0x1398  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:55:07.0332 0x1398  kbdclass - ok
11:55:07.0335 0x1398  [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
11:55:07.0335 0x1398  kbdhid - ok
11:55:07.0338 0x1398  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] KeyIso          C:\Windows\system32\lsass.exe
11:55:07.0339 0x1398  KeyIso - ok
11:55:07.0342 0x1398  [ E8B6FCC9C83535C67F835D407620BD27, 74B63F3BFB756FF0B0AD6A6C1535C0A1A0630295ECCBC078B00F2449718B0870 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:55:07.0343 0x1398  KSecDD - ok
11:55:07.0347 0x1398  [ BBE1BF6D9B661C354D4857D5FADB943B, D2F6E52CCD0DF07B3D92669B941CEB9A59E16D3518226F11028A70DBDEFABBCF ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
11:55:07.0349 0x1398  KSecPkg - ok
11:55:07.0351 0x1398  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
11:55:07.0352 0x1398  ksthunk - ok
11:55:07.0358 0x1398  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:55:07.0364 0x1398  KtmRm - ok
11:55:07.0369 0x1398  [ C926920B8978DE6ACFE9E15C709E9B57, 33B8002ABC30372B1CA8B6EC046757794CD7C9DA3CA4715B515B6894DC7E45CA ] LanmanServer    C:\Windows\system32\srvsvc.dll
11:55:07.0373 0x1398  LanmanServer - ok
11:55:07.0376 0x1398  [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:55:07.0379 0x1398  LanmanWorkstation - ok
11:55:07.0383 0x1398  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:55:07.0384 0x1398  lltdio - ok
11:55:07.0390 0x1398  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:55:07.0394 0x1398  lltdsvc - ok
11:55:07.0396 0x1398  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:55:07.0398 0x1398  lmhosts - ok
11:55:07.0405 0x1398  [ C31139E0907170E2A3FA8D19DCC23D35, C504E93D2018E9E487A428483C646C67B4ECE122560CF0FA49A1626E1509EEAE ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
11:55:07.0410 0x1398  LMS - ok
11:55:07.0414 0x1398  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
11:55:07.0416 0x1398  LSI_FC - ok
11:55:07.0419 0x1398  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
11:55:07.0420 0x1398  LSI_SAS - ok
11:55:07.0423 0x1398  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:55:07.0424 0x1398  LSI_SAS2 - ok
11:55:07.0428 0x1398  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:55:07.0429 0x1398  LSI_SCSI - ok
11:55:07.0433 0x1398  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
11:55:07.0434 0x1398  luafv - ok
11:55:07.0436 0x1398  [ A8D28D5B3E2A528D1EF0E338E44F2820, 40D1EFDD253BC0A0D984A5AD8A2721C3E83B15F14D538204714E6D5B00D92CEB ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
11:55:07.0437 0x1398  MBAMProtector - ok
11:55:07.0464 0x1398  [ 301E3FDFCF33640BB8763BA444BC5093, 362B069BB9A313A06B376CE27E6F7F8D569F6CA39A8ABC96D9DF231EE462C604 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
11:55:07.0485 0x1398  MBAMScheduler - ok
11:55:07.0504 0x1398  [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
11:55:07.0517 0x1398  MBAMService - ok
11:55:07.0522 0x1398  [ 8F22037D3F5A6BB676525D825A1388B9, 2AAC748D46136DFA1BE45150BF0AB7707D45391CAC1F63B964D341D11B135C91 ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
11:55:07.0523 0x1398  MBAMSwissArmy - ok
11:55:07.0526 0x1398  [ AE757332EA130E94E646621CC695B52A, E688CF34A4206F32B5C7301119D8459C3456FC178FA1DAA6215CE15F2C824C43 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
11:55:07.0527 0x1398  MBAMWebAccessControl - ok
11:55:07.0530 0x1398  [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:55:07.0532 0x1398  Mcx2Svc - ok
11:55:07.0534 0x1398  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
11:55:07.0534 0x1398  megasas - ok
11:55:07.0540 0x1398  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
11:55:07.0544 0x1398  MegaSR - ok
11:55:07.0547 0x1398  [ 8751062F2F7EC78DE92D778A08099DDE, F10BE771FF9E02A51CF3A167BB967167DE4F66647D7F1508CB27D8FDD8623700 ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
11:55:07.0549 0x1398  MEIx64 - ok
11:55:07.0552 0x1398  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
11:55:07.0554 0x1398  MMCSS - ok
11:55:07.0556 0x1398  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
11:55:07.0556 0x1398  Modem - ok
11:55:07.0559 0x1398  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:55:07.0559 0x1398  monitor - ok
11:55:07.0562 0x1398  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:55:07.0562 0x1398  mouclass - ok
11:55:07.0564 0x1398  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:55:07.0565 0x1398  mouhid - ok
11:55:07.0568 0x1398  [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:55:07.0569 0x1398  mountmgr - ok
11:55:07.0573 0x1398  [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
11:55:07.0575 0x1398  mpio - ok
11:55:07.0578 0x1398  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:55:07.0579 0x1398  mpsdrv - ok
11:55:07.0593 0x1398  [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:55:07.0603 0x1398  MpsSvc - ok
11:55:07.0608 0x1398  [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:55:07.0610 0x1398  MRxDAV - ok
11:55:07.0614 0x1398  [ CFDCD8CA87C2A657DEBC150AC35B5E08, 8870DCC8CF4E452E25BFE38113ADBDBC4014036B25E567FC262178DAA808049A ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:55:07.0616 0x1398  mrxsmb - ok
11:55:07.0622 0x1398  [ 1BEE517B220B7F024F411AEC1571DD5A, 6DC7638D056DFDE36803BCD691BF73A4AAFD59DE63C0ACD7EA860997FFA3C6E7 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:55:07.0626 0x1398  mrxsmb10 - ok
11:55:07.0630 0x1398  [ 6B2D5FEF385828B6E485C1C90AFB8195, A960CC0351F200FA56FAC0534C0F9D7F79AAC9CF18A4390CDCA7EA4EE22ED6B6 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:55:07.0631 0x1398  mrxsmb20 - ok
11:55:07.0634 0x1398  [ 5C37497276E3B3A5488B23A326A754B7, 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
11:55:07.0635 0x1398  msahci - ok
11:55:07.0638 0x1398  [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
11:55:07.0640 0x1398  msdsm - ok
11:55:07.0644 0x1398  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
11:55:07.0646 0x1398  MSDTC - ok
11:55:07.0650 0x1398  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:55:07.0651 0x1398  Msfs - ok
11:55:07.0652 0x1398  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
11:55:07.0653 0x1398  mshidkmdf - ok
11:55:07.0655 0x1398  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
11:55:07.0655 0x1398  msisadrv - ok
11:55:07.0659 0x1398  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:55:07.0662 0x1398  MSiSCSI - ok
11:55:07.0664 0x1398  msiserver - ok
11:55:07.0666 0x1398  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:55:07.0667 0x1398  MSKSSRV - ok
11:55:07.0669 0x1398  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:55:07.0669 0x1398  MSPCLOCK - ok
11:55:07.0671 0x1398  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:55:07.0671 0x1398  MSPQM - ok
11:55:07.0678 0x1398  [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:55:07.0682 0x1398  MsRPC - ok
11:55:07.0686 0x1398  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
11:55:07.0686 0x1398  mssmbios - ok
11:55:07.0688 0x1398  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:55:07.0689 0x1398  MSTEE - ok
11:55:07.0694 0x1398  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
11:55:07.0695 0x1398  MTConfig - ok
11:55:07.0698 0x1398  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
11:55:07.0699 0x1398  Mup - ok
11:55:07.0708 0x1398  [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent        C:\Windows\system32\qagentRT.dll
11:55:07.0714 0x1398  napagent - ok
11:55:07.0721 0x1398  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:55:07.0725 0x1398  NativeWifiP - ok
11:55:07.0741 0x1398  [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:55:07.0752 0x1398  NDIS - ok
11:55:07.0754 0x1398  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
11:55:07.0755 0x1398  NdisCap - ok
11:55:07.0757 0x1398  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:55:07.0758 0x1398  NdisTapi - ok
11:55:07.0760 0x1398  [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:55:07.0761 0x1398  Ndisuio - ok
11:55:07.0765 0x1398  [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:55:07.0767 0x1398  NdisWan - ok
11:55:07.0769 0x1398  [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:55:07.0770 0x1398  NDProxy - ok
11:55:07.0772 0x1398  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:55:07.0773 0x1398  NetBIOS - ok
11:55:07.0778 0x1398  [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
11:55:07.0781 0x1398  NetBT - ok
11:55:07.0787 0x1398  [ 6D5405A8DB7E14034BB1FCD5AE0E7C8C, A3BF30B279054E73C773CB6996E897799664CB017E9C11C36410487F100F8BA6 ] NetgearSwitchUSB C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe
11:55:07.0789 0x1398  NetgearSwitchUSB - ok
11:55:07.0792 0x1398  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] Netlogon        C:\Windows\system32\lsass.exe
11:55:07.0793 0x1398  Netlogon - ok
11:55:07.0800 0x1398  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
11:55:07.0805 0x1398  Netman - ok
11:55:07.0808 0x1398  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:55:07.0810 0x1398  NetMsmqActivator - ok
11:55:07.0814 0x1398  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:55:07.0816 0x1398  NetPipeActivator - ok
11:55:07.0824 0x1398  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
11:55:07.0830 0x1398  netprofm - ok
11:55:07.0834 0x1398  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:55:07.0836 0x1398  NetTcpActivator - ok
11:55:07.0839 0x1398  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:55:07.0841 0x1398  NetTcpPortSharing - ok
11:55:07.0843 0x1398  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
11:55:07.0844 0x1398  nfrd960 - ok
11:55:07.0850 0x1398  [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:55:07.0855 0x1398  NlaSvc - ok
11:55:07.0857 0x1398  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:55:07.0858 0x1398  Npfs - ok
11:55:07.0860 0x1398  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
11:55:07.0862 0x1398  nsi - ok
11:55:07.0864 0x1398  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:55:07.0864 0x1398  nsiproxy - ok
11:55:07.0889 0x1398  [ 356698A13C4630D5B31C37378D469196, BF5704AADE5C3DA370501747F12ED6E9C3349E342CCF89005AAE132B570BB42B ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:55:07.0908 0x1398  Ntfs - ok
11:55:07.0911 0x1398  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
11:55:07.0912 0x1398  Null - ok
11:55:07.0915 0x1398  [ 3E38712941E9BB4DDBEE00AFFE3FED3D, 03F27CC0EF0A86D0B2DAAB6F72838CB2AB57FE5D40074828D5B7F118CD5CBEE7 ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
11:55:07.0917 0x1398  nvraid - ok
11:55:07.0921 0x1398  [ 477DC4D6DEB99BE37084C9AC6D013DA1, E58C4D621CAAB1C68FB4A056576F48BC87913A5EBF0B511EFFB8F38C7D3E516E ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
11:55:07.0924 0x1398  nvstor - ok
11:55:07.0927 0x1398  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
11:55:07.0929 0x1398  nv_agp - ok
11:55:07.0931 0x1398  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
11:55:07.0933 0x1398  ohci1394 - ok
11:55:07.0939 0x1398  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:55:07.0944 0x1398  p2pimsvc - ok
11:55:07.0952 0x1398  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
11:55:07.0958 0x1398  p2psvc - ok
11:55:07.0962 0x1398  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
11:55:07.0963 0x1398  Parport - ok
11:55:07.0966 0x1398  [ 7DAA117143316C4A1537E074A5A9EAF0, D4F31F67BE09B6904C1B9702DC042BC0DAB628055B956C79FF760A9027679E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:55:07.0967 0x1398  partmgr - ok
11:55:07.0971 0x1398  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:55:07.0975 0x1398  PcaSvc - ok
11:55:07.0979 0x1398  [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci             C:\Windows\system32\DRIVERS\pci.sys
11:55:07.0981 0x1398  pci - ok
11:55:07.0983 0x1398  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
11:55:07.0984 0x1398  pciide - ok
11:55:07.0988 0x1398  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
11:55:07.0991 0x1398  pcmcia - ok
11:55:07.0994 0x1398  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
11:55:07.0995 0x1398  pcw - ok
11:55:08.0005 0x1398  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:55:08.0013 0x1398  PEAUTH - ok
11:55:08.0034 0x1398  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
11:55:08.0051 0x1398  PeerDistSvc - ok
11:55:08.0067 0x1398  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
11:55:08.0068 0x1398  PerfHost - ok
11:55:08.0091 0x1398  [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla             C:\Windows\system32\pla.dll
11:55:08.0109 0x1398  pla - ok
11:55:08.0118 0x1398  [ 23157D583244400E1D7FBAEE2E4B31B7, 4E8D93F746C727CE1A89B53FEFFCFB080AC3CC8F3CF2F8613E692E989794C52F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:55:08.0125 0x1398  PlugPlay - ok
11:55:08.0127 0x1398  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
11:55:08.0129 0x1398  PNRPAutoReg - ok
11:55:08.0135 0x1398  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
11:55:08.0141 0x1398  PNRPsvc - ok
11:55:08.0150 0x1398  [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:55:08.0156 0x1398  PolicyAgent - ok
11:55:08.0162 0x1398  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
11:55:08.0165 0x1398  Power - ok
11:55:08.0168 0x1398  [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:55:08.0170 0x1398  PptpMiniport - ok
11:55:08.0172 0x1398  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
11:55:08.0174 0x1398  Processor - ok
11:55:08.0178 0x1398  [ F381975E1F4346DE875CB07339CE8D3A, 867BFC2E9A08E026289794019B8DE651A8604D06DD6A9BF166C29AFC24B6D26E ] ProfSvc         C:\Windows\system32\profsvc.dll
11:55:08.0182 0x1398  ProfSvc - ok
11:55:08.0184 0x1398  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] ProtectedStorage C:\Windows\system32\lsass.exe
11:55:08.0186 0x1398  ProtectedStorage - ok
11:55:08.0189 0x1398  [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:55:08.0191 0x1398  Psched - ok
11:55:08.0214 0x1398  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
11:55:08.0232 0x1398  ql2300 - ok
11:55:08.0236 0x1398  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
11:55:08.0238 0x1398  ql40xx - ok
11:55:08.0243 0x1398  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
11:55:08.0247 0x1398  QWAVE - ok
11:55:08.0250 0x1398  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:55:08.0251 0x1398  QWAVEdrv - ok
11:55:08.0253 0x1398  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:55:08.0253 0x1398  RasAcd - ok
11:55:08.0256 0x1398  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
11:55:08.0257 0x1398  RasAgileVpn - ok
11:55:08.0260 0x1398  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
11:55:08.0263 0x1398  RasAuto - ok
11:55:08.0266 0x1398  [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:55:08.0268 0x1398  Rasl2tp - ok
11:55:08.0275 0x1398  [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan          C:\Windows\System32\rasmans.dll
11:55:08.0280 0x1398  RasMan - ok
11:55:08.0283 0x1398  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:55:08.0284 0x1398  RasPppoe - ok
11:55:08.0287 0x1398  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:55:08.0289 0x1398  RasSstp - ok
11:55:08.0295 0x1398  [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:55:08.0299 0x1398  rdbss - ok
11:55:08.0301 0x1398  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
11:55:08.0302 0x1398  rdpbus - ok
11:55:08.0303 0x1398  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:55:08.0304 0x1398  RDPCDD - ok
11:55:08.0309 0x1398  [ 9706B84DBABFC4B4CA46C5A82B14DFA3, AFDC07C257BCB768861483A1842FFB647523946B16DA2812EFAE4FD3252BA303 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
11:55:08.0311 0x1398  RDPDR - ok
11:55:08.0313 0x1398  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:55:08.0314 0x1398  RDPENCDD - ok
11:55:08.0316 0x1398  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:55:08.0317 0x1398  RDPREFMP - ok
11:55:08.0321 0x1398  [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7, 02179089E0816AD544F370A8A3557498D09981F60CC94E497DC4A5A2BBBE1E48 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:55:08.0324 0x1398  RDPWD - ok
11:55:08.0329 0x1398  [ 634B9A2181D98F15941236886164EC8B, 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:55:08.0332 0x1398  rdyboost - ok
11:55:08.0335 0x1398  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:55:08.0337 0x1398  RemoteAccess - ok
11:55:08.0341 0x1398  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:55:08.0345 0x1398  RemoteRegistry - ok
11:55:08.0347 0x1398  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:55:08.0350 0x1398  RpcEptMapper - ok
11:55:08.0352 0x1398  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
11:55:08.0353 0x1398  RpcLocator - ok
11:55:08.0361 0x1398  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] RpcSs           C:\Windows\system32\rpcss.dll
11:55:08.0368 0x1398  RpcSs - ok
11:55:08.0371 0x1398  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:55:08.0373 0x1398  rspndr - ok
11:55:08.0375 0x1398  [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6, C890DCCC875F957CAAD4655EBFF384E3C5998040CA2BA360E92C96A647D1C399 ] s3cap           C:\Windows\system32\DRIVERS\vms3cap.sys
11:55:08.0375 0x1398  s3cap - ok
11:55:08.0377 0x1398  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] SamSs           C:\Windows\system32\lsass.exe
11:55:08.0378 0x1398  SamSs - ok
11:55:08.0380 0x1398  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
11:55:08.0381 0x1398  SASDIFSV - ok
11:55:08.0382 0x1398  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
11:55:08.0382 0x1398  SASKUTIL - ok
11:55:08.0385 0x1398  [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
11:55:08.0387 0x1398  sbp2port - ok
11:55:08.0391 0x1398  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:55:08.0395 0x1398  SCardSvr - ok
11:55:08.0397 0x1398  [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:55:08.0397 0x1398  scfilter - ok
11:55:08.0414 0x1398  [ EC56B171F85C7E855E7B0588AC503EEA, EDBC0E52DF00D73356F4B886D6CA2397B571A9D2245FEDC347A6D52A5467EA5D ] Schedule        C:\Windows\system32\schedsvc.dll
11:55:08.0428 0x1398  Schedule - ok
11:55:08.0432 0x1398  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:55:08.0433 0x1398  SCPolicySvc - ok
11:55:08.0438 0x1398  [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:55:08.0441 0x1398  SDRSVC - ok
11:55:08.0444 0x1398  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:55:08.0444 0x1398  secdrv - ok
11:55:08.0446 0x1398  [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon        C:\Windows\system32\seclogon.dll
11:55:08.0448 0x1398  seclogon - ok
11:55:08.0451 0x1398  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
11:55:08.0453 0x1398  SENS - ok
11:55:08.0456 0x1398  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:55:08.0457 0x1398  SensrSvc - ok
11:55:08.0460 0x1398  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
11:55:08.0460 0x1398  Serenum - ok
11:55:08.0463 0x1398  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
11:55:08.0465 0x1398  Serial - ok
11:55:08.0467 0x1398  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
11:55:08.0467 0x1398  sermouse - ok
11:55:08.0473 0x1398  [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE0 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:55:08.0475 0x1398  SessionEnv - ok
11:55:08.0477 0x1398  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
11:55:08.0478 0x1398  sffdisk - ok
11:55:08.0480 0x1398  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:55:08.0480 0x1398  sffp_mmc - ok
11:55:08.0482 0x1398  [ 5588B8C6193EB1522490C122EB94DFFA, 53AE3597D3305F2839130A2F3567F1690564B922035503EB418B9DE1586AEA43 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
11:55:08.0483 0x1398  sffp_sd - ok
11:55:08.0485 0x1398  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
11:55:08.0485 0x1398  sfloppy - ok
11:55:08.0492 0x1398  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:55:08.0497 0x1398  SharedAccess - ok
11:55:08.0504 0x1398  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:55:08.0509 0x1398  ShellHWDetection - ok
11:55:08.0512 0x1398  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:55:08.0513 0x1398  SiSRaid2 - ok
11:55:08.0515 0x1398  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
11:55:08.0517 0x1398  SiSRaid4 - ok
11:55:08.0519 0x1398  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:55:08.0521 0x1398  Smb - ok
11:55:08.0525 0x1398  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:55:08.0526 0x1398  SNMPTRAP - ok
11:55:08.0528 0x1398  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:55:08.0529 0x1398  spldr - ok
11:55:08.0538 0x1398  [ 89E8550C5862999FCF482EA562B0E98E, 11BC94FD879DCD22E80DB8FA73CEBD0F072917C546AD9C8B92CCFBF4E0B83056 ] Spooler         C:\Windows\System32\spoolsv.exe
11:55:08.0546 0x1398  Spooler - ok
11:55:08.0594 0x1398  [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc          C:\Windows\system32\sppsvc.exe
11:55:08.0634 0x1398  sppsvc - ok
11:55:08.0640 0x1398  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
11:55:08.0643 0x1398  sppuinotify - ok
11:55:08.0651 0x1398  [ EC8F67289105BF270498095F14963464, 454031C8AE06511DD13DBAA613B983516AF937590FB2B8C6ADC273D018D30858 ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:55:08.0656 0x1398  srv - ok
11:55:08.0663 0x1398  [ F773D2ED090B7BAA1C1A034F3CA476C8, C8DD8BE37CFEA0DB1B7FC94946381B60553848002E6170E0BEC3FEE40295DF1F ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:55:08.0668 0x1398  srv2 - ok
11:55:08.0673 0x1398  [ 26E84D3649019C3244622E654DFCD75B, 49BD7345AF744298698629E0D7C0C373AB2F75F542281268BCF91A6D2B278AA8 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:55:08.0675 0x1398  srvnet - ok
11:55:08.0680 0x1398  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:55:08.0684 0x1398  SSDPSRV - ok
11:55:08.0687 0x1398  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:55:08.0689 0x1398  SstpSvc - ok
11:55:08.0691 0x1398  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
11:55:08.0692 0x1398  stexstor - ok
11:55:08.0702 0x1398  [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc          C:\Windows\System32\wiaservc.dll
11:55:08.0710 0x1398  stisvc - ok
11:55:08.0713 0x1398  [ FFD7A6F15B14234B5B0E5D49E7961895, 9553BDB65D021DA621BDFF1C180B9F4C6355FC748BAE854CE114D4B3EFF307B7 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
11:55:08.0713 0x1398  storflt - ok
11:55:08.0716 0x1398  [ 8FCCBEFC5C440B3C23454656E551B09A, 392A38D0B18B7FD08ACBE3E56ADCB235FA49BDB99F81E0820434D57332FA8FF7 ] storvsc         C:\Windows\system32\DRIVERS\storvsc.sys
11:55:08.0716 0x1398  storvsc - ok
11:55:08.0718 0x1398  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
11:55:08.0719 0x1398  swenum - ok
11:55:08.0727 0x1398  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
11:55:08.0735 0x1398  swprv - ok
11:55:08.0761 0x1398  [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain         C:\Windows\system32\sysmain.dll
11:55:08.0781 0x1398  SysMain - ok
11:55:08.0786 0x1398  [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:55:08.0788 0x1398  TabletInputService - ok
11:55:08.0794 0x1398  [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:55:08.0799 0x1398  TapiSrv - ok
11:55:08.0802 0x1398  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
11:55:08.0805 0x1398  TBS - ok
11:55:08.0831 0x1398  [ 7FC877A25796D8ADF539E64703FCA7E1, 9099A131FA05DCC10733460F2923671E9B8F878D769755E10D0E7261EC2A15EC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:55:08.0853 0x1398  Tcpip - ok
11:55:08.0881 0x1398  [ 7FC877A25796D8ADF539E64703FCA7E1, 9099A131FA05DCC10733460F2923671E9B8F878D769755E10D0E7261EC2A15EC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:55:08.0902 0x1398  TCPIP6 - ok
11:55:08.0906 0x1398  [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:55:08.0907 0x1398  tcpipreg - ok
11:55:08.0910 0x1398  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:55:08.0911 0x1398  TDPIPE - ok
11:55:08.0913 0x1398  [ E4245BDA3190A582D55ED09E137401A9, F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:55:08.0914 0x1398  TDTCP - ok
11:55:08.0917 0x1398  [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:55:08.0919 0x1398  tdx - ok
11:55:08.0921 0x1398  [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
11:55:08.0922 0x1398  TermDD - ok
11:55:08.0934 0x1398  [ 0F05EC2887BFE197AD82A13287D2F404, 78C8A8FE9B1101430CA79875DA34413C35B6D7A5EE1932E454C50731335437A6 ] TermService     C:\Windows\System32\termsrv.dll
11:55:08.0943 0x1398  TermService - ok
11:55:08.0946 0x1398  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
11:55:08.0949 0x1398  Themes - ok
11:55:08.0951 0x1398  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
11:55:08.0953 0x1398  THREADORDER - ok
11:55:08.0956 0x1398  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
11:55:08.0959 0x1398  TrkWks - ok
11:55:08.0964 0x1398  [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:55:08.0966 0x1398  TrustedInstaller - ok
11:55:08.0969 0x1398  [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:55:08.0970 0x1398  tssecsrv - ok
11:55:08.0973 0x1398  [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:55:08.0975 0x1398  tunnel - ok
11:55:08.0977 0x1398  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
11:55:08.0978 0x1398  uagp35 - ok
11:55:08.0985 0x1398  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB, DBAEA010F11A5EFD961B1841308EA3F220A9FFB01F364BA9B8F72200DA2BBCD8 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:55:08.0989 0x1398  udfs - ok
11:55:08.0993 0x1398  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:55:08.0995 0x1398  UI0Detect - ok
11:55:08.0998 0x1398  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
11:55:08.0999 0x1398  uliagpkx - ok
11:55:09.0001 0x1398  [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
11:55:09.0002 0x1398  umbus - ok
11:55:09.0004 0x1398  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
11:55:09.0004 0x1398  UmPass - ok
11:55:09.0009 0x1398  [ AF0AC98EE5077EB844413EB54287FDE3, 1586326510DE94E2735EFAD94A68D06DB5B7347B68055A9EA8B95E19D91A2E69 ] UmRdpService    C:\Windows\System32\umrdp.dll
11:55:09.0013 0x1398  UmRdpService - ok
11:55:09.0019 0x1398  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
11:55:09.0025 0x1398  upnphost - ok
11:55:09.0028 0x1398  [ B26AFB54A534D634523C4FB66765B026, A219C9AE32D040BEA4DD69C2C826B1C52BACE26BEBFEE799BD56DFD442C5E0D8 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:55:09.0029 0x1398  usbccgp - ok
11:55:09.0033 0x1398  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
11:55:09.0034 0x1398  usbcir - ok
11:55:09.0037 0x1398  [ 2EA4AFF7BE7EB4632E3AA8595B0803B5, CBECE7CEC0EFA4B283C63E9B6A270D595F5F3D006306DA5E5121BBFDCAB16376 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
11:55:09.0038 0x1398  usbehci - ok
11:55:09.0045 0x1398  [ 4C9042B8DF86C1E8E6240C218B99B39B, D286633311C047B9C4FB1AA89D7B02B9F943FDDCE473255DC8E14DD07CC9B292 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:55:09.0049 0x1398  usbhub - ok
11:55:09.0051 0x1398  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
11:55:09.0052 0x1398  usbohci - ok
11:55:09.0054 0x1398  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:55:09.0055 0x1398  usbprint - ok
11:55:09.0058 0x1398  [ 080D3820DA6C046BE82FC8B45A893E83, EF4829A2D5B8D47AA7E06093EC85244042ED1CCFF43CC80DC44EF018B434197A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:55:09.0059 0x1398  USBSTOR - ok
11:55:09.0061 0x1398  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
11:55:09.0062 0x1398  usbuhci - ok
11:55:09.0064 0x1398  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
11:55:09.0066 0x1398  UxSms - ok
11:55:09.0068 0x1398  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] VaultSvc        C:\Windows\system32\lsass.exe
11:55:09.0069 0x1398  VaultSvc - ok
11:55:09.0072 0x1398  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
11:55:09.0073 0x1398  vdrvroot - ok
11:55:09.0082 0x1398  [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds             C:\Windows\System32\vds.exe
11:55:09.0089 0x1398  vds - ok
11:55:09.0092 0x1398  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:55:09.0093 0x1398  vga - ok
11:55:09.0095 0x1398  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:55:09.0096 0x1398  VgaSave - ok
11:55:09.0101 0x1398  [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
11:55:09.0104 0x1398  vhdmp - ok
11:55:09.0106 0x1398  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
11:55:09.0107 0x1398  viaide - ok
11:55:09.0111 0x1398  [ 1501699D7EDA984ABC4155A7DA5738D1, 448DFEFF565F1467F387E4EC9782DDD48B8FFDDF6B1EA46A790C2782C20BD952 ] vmbus           C:\Windows\system32\DRIVERS\vmbus.sys
11:55:09.0113 0x1398  vmbus - ok
11:55:09.0116 0x1398  [ AE10C35761889E65A6F7176937C5592C, 9DC27647B6149C9B2523799F85B18122CCE749264624FE2E5FE843FE00642BBE ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
11:55:09.0116 0x1398  VMBusHID - ok
11:55:09.0119 0x1398  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
11:55:09.0120 0x1398  volmgr - ok
11:55:09.0127 0x1398  [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:55:09.0131 0x1398  volmgrx - ok
11:55:09.0137 0x1398  [ C9D0EAF58D6BA71E128E715EA43AD87D, 3C7C9839AAE7FF8F1DC0EA0334EB29F977125D4D8E761F98CCD613B4732CA9FD ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
11:55:09.0141 0x1398  volsnap - ok
11:55:09.0149 0x1398  [ F67FFB57037CEABC3D10FDFCC3053796, 01DBAA127666D3C711C9A3725595D07CA189F213374A5BD0CEB7199347D37924 ] Vsdatant        C:\Windows\system32\DRIVERS\vsdatant.sys
11:55:09.0155 0x1398  Vsdatant - ok
11:55:09.0207 0x1398  [ 99A593538F49A854FAE4E0D82FBB61FA, C3F097469B40D7DDEF7280A87C9593F34F9B1BF15CAA9F140A3E9040F5D271D2 ] vsmon           C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
11:55:09.0248 0x1398  vsmon - ok
11:55:09.0256 0x1398  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
11:55:09.0258 0x1398  vsmraid - ok
11:55:09.0279 0x1398  [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS             C:\Windows\system32\vssvc.exe
11:55:09.0295 0x1398  VSS - ok
11:55:09.0295 0x1398  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
11:55:09.0295 0x1398  vwifibus - ok
11:55:09.0295 0x1398  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
11:55:09.0295 0x1398  vwififlt - ok
11:55:09.0310 0x1398  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
11:55:09.0310 0x1398  W32Time - ok
11:55:09.0310 0x1398  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
11:55:09.0310 0x1398  WacomPen - ok
11:55:09.0327 0x1398  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:55:09.0329 0x1398  WANARP - ok
11:55:09.0331 0x1398  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:55:09.0333 0x1398  Wanarpv6 - ok
11:55:09.0354 0x1398  [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine        C:\Windows\system32\wbengine.exe
11:55:09.0373 0x1398  wbengine - ok
11:55:09.0379 0x1398  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:55:09.0383 0x1398  WbioSrvc - ok
11:55:09.0390 0x1398  [ 8321C2CA3B62B61B293CDA3451984468, 856A079C2CCC75D633EA23E410D7F3ECDF368EAAAFF634CB82DDA545FD3A2F9C ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:55:09.0396 0x1398  wcncsvc - ok
11:55:09.0399 0x1398  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:55:09.0401 0x1398  WcsPlugInService - ok
11:55:09.0403 0x1398  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
11:55:09.0404 0x1398  Wd - ok
11:55:09.0417 0x1398  [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:55:09.0427 0x1398  Wdf01000 - ok
11:55:09.0431 0x1398  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:55:09.0434 0x1398  WdiServiceHost - ok
11:55:09.0436 0x1398  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:55:09.0439 0x1398  WdiSystemHost - ok
11:55:09.0444 0x1398  [ 8A438CBB8C032A0C798B0C642FFBE572, 3200B9B6A7B87C1C47295FA416C99DE1FBB2DBBA3DA78D5CC88C26DCC4189D45 ] WebClient       C:\Windows\System32\webclnt.dll
11:55:09.0449 0x1398  WebClient - ok
11:55:09.0454 0x1398  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:55:09.0458 0x1398  Wecsvc - ok
11:55:09.0461 0x1398  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:55:09.0464 0x1398  wercplsupport - ok
11:55:09.0467 0x1398  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:55:09.0470 0x1398  WerSvc - ok
11:55:09.0472 0x1398  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:55:09.0473 0x1398  WfpLwf - ok
11:55:09.0475 0x1398  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:55:09.0475 0x1398  WIMMount - ok
11:55:09.0477 0x1398  WinDefend - ok
11:55:09.0480 0x1398  WinHttpAutoProxySvc - ok
11:55:09.0487 0x1398  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:55:09.0490 0x1398  Winmgmt - ok
11:55:09.0520 0x1398  [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM           C:\Windows\system32\WsmSvc.dll
11:55:09.0544 0x1398  WinRM - ok
11:55:09.0561 0x1398  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:55:09.0572 0x1398  Wlansvc - ok
11:55:09.0575 0x1398  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
11:55:09.0575 0x1398  WmiAcpi - ok
11:55:09.0581 0x1398  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:55:09.0583 0x1398  wmiApSrv - ok
11:55:09.0585 0x1398  WMPNetworkSvc - ok
11:55:09.0587 0x1398  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:55:09.0589 0x1398  WPCSvc - ok
11:55:09.0593 0x1398  [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:55:09.0596 0x1398  WPDBusEnum - ok
11:55:09.0598 0x1398  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:55:09.0598 0x1398  ws2ifsl - ok
11:55:09.0602 0x1398  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
11:55:09.0605 0x1398  wscsvc - ok
11:55:09.0606 0x1398  WSearch - ok
11:55:09.0642 0x1398  [ 38340204A2D0228F1E87740FC5E554A7, 57181ED34E73DD17B590803C770A086C57754F229C6F587637B8FBB5D6519603 ] wuauserv        C:\Windows\system32\wuaueng.dll
11:55:09.0672 0x1398  wuauserv - ok
11:55:09.0677 0x1398  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:55:09.0679 0x1398  WudfPf - ok
11:55:09.0684 0x1398  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:55:09.0686 0x1398  WUDFRd - ok
11:55:09.0690 0x1398  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:55:09.0693 0x1398  wudfsvc - ok
11:55:09.0698 0x1398  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
11:55:09.0703 0x1398  WwanSvc - ok
11:55:09.0707 0x1398  [ CEC8ED565F3663F0B8A862561BF08D79, FDDBEDC79C7061B20AA450BB3D09EDADEDD5F531D8EA100BBF542A63BDFCE593 ] ZAPrivacyService C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe
11:55:09.0708 0x1398  ZAPrivacyService - ok
11:55:09.0710 0x1398  ================ Scan global ===============================
11:55:09.0713 0x1398  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
11:55:09.0718 0x1398  [ 457B44AB6D502E55F64A867D4F35C76C, 95FEC45E28DF394E778DA37719F7D579920531AD568E1C290B7F42CB03BEAA2C ] C:\Windows\system32\winsrv.dll
11:55:09.0726 0x1398  [ 457B44AB6D502E55F64A867D4F35C76C, 95FEC45E28DF394E778DA37719F7D579920531AD568E1C290B7F42CB03BEAA2C ] C:\Windows\system32\winsrv.dll
11:55:09.0731 0x1398  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
11:55:09.0738 0x1398  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
11:55:09.0743 0x1398  [ Global ] - ok
11:55:09.0743 0x1398  ================ Scan MBR ==================================
11:55:09.0744 0x1398  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:55:09.0764 0x1398  \Device\Harddisk0\DR0 - ok
11:55:09.0764 0x1398  ================ Scan VBR ==================================
11:55:09.0765 0x1398  [ CC62CF2A48B8B2229140313780B23296 ] \Device\Harddisk0\DR0\Partition1
11:55:09.0766 0x1398  \Device\Harddisk0\DR0\Partition1 - ok
11:55:09.0767 0x1398  [ F81E74F2BD4220D2253C0F87EBC36A40 ] \Device\Harddisk0\DR0\Partition2
11:55:09.0768 0x1398  \Device\Harddisk0\DR0\Partition2 - ok
11:55:09.0769 0x1398  [ 7379662B392841372FCD3CA06A7C3FBC ] \Device\Harddisk0\DR0\Partition3
11:55:09.0770 0x1398  \Device\Harddisk0\DR0\Partition3 - ok
11:55:09.0770 0x1398  ================ Scan generic autorun ======================
11:55:09.0870 0x1398  [ FEFB41BB37B9C41F8AD9CB07533C43EF, E7D78E186E6C1FCD144ABA986EEDB06FB700D9A5C4666A090DE6CF48B748855D ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
11:55:09.0951 0x1398  RTHDVCPL - ok
11:55:09.0959 0x1398  [ F14327BA386AAA2246585BFADD8FE8E8, 2804D7985B116C808942B4501362D4F4BAE4B540E9A6AC9B176B30DD448BA5AC ] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
11:55:09.0960 0x1398  IAStorIcon - ok
11:55:09.0965 0x1398  [ E4E7B29D050F5480071984FE6543C311, 9A4D8D1702AE74AB4FE4367EAF4AD6500F59D4F25B3CCACE3EF07613B7B5853C ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
11:55:09.0968 0x1398  USB3MON - ok
11:55:10.0052 0x1398  [ 76CEB554EA2FBF2CC1163C488A16C93B, E66F53DEACC42E53EC009F50CC85E9B13884B211474C0A4B3FA84FD91AC3C6E4 ] C:\Program Files (x86)\NETGEAR\A6210\A6210.EXE
11:55:10.0119 0x1398  A6210 - ok
11:55:10.0208 0x1398  [ F66203AF9C159E2CBD54DF981654F499, C28A7E3D4BB50F14D40C3AE9D1267D11015381A9615663BAAAB6C0084A72E607 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
11:55:10.0275 0x1398  AvastUI.exe - ok
11:55:10.0283 0x1398  [ 22BE77EE7C9D6C47499D65055B809BC2, A3F7672D9EF9BD412CAD1CDFE44C8EBB8144E5EA2A8E9FB7236D6189E5E8D25E ] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
11:55:10.0285 0x1398  ZoneAlarm - ok
11:55:10.0302 0x1398  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
11:55:10.0315 0x1398  Sidebar - ok
11:55:10.0318 0x1398  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
11:55:10.0320 0x1398  mctadmin - ok
11:55:10.0338 0x1398  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
11:55:10.0338 0x1398  Sidebar - ok
11:55:10.0354 0x1398  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
11:55:10.0354 0x1398  mctadmin - ok
11:55:10.0447 0x1398  [ 52BB1038DE18319F9AAC7B3603522AE4, 33F9054C58F6768327740EDCEBDAA05E6DD0692CCCA6284E89E715C2459B666E ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
11:55:10.0541 0x1398  SUPERAntiSpyware - ok
11:55:10.0541 0x1398  Waiting for KSN requests completion. In queue: 283
11:55:11.0555 0x1398  Waiting for KSN requests completion. In queue: 143
11:55:12.0555 0x1398  Waiting for KSN requests completion. In queue: 88
11:55:13.0556 0x1398  Waiting for KSN requests completion. In queue: 61
11:55:14.0572 0x1398  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.3.2225.1172 ), 0x41000 ( enabled : updated )
11:55:14.0584 0x1398  Win FW state via NFP2: enabled ( trusted )
11:55:17.0613 0x1398  ============================================================
11:55:17.0613 0x1398  Scan finished
11:55:17.0613 0x1398  ============================================================
11:55:17.0624 0x08e0  Detected object count: 0
11:55:17.0624 0x08e0  Actual detected object count: 0
 
 
=====
 
Now onto the MBR


#10 rich.m

rich.m
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 04 September 2015 - 09:01 PM

aswMBR results below:

 

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-09-05 11:57:51
-----------------------------
11:57:51.788    OS Version: Windows x64 6.1.7600 
11:57:51.788    Number of processors: 4 586 0x3C03
11:57:51.788    ComputerName: RDM970-PC  UserName: rdm970
11:57:52.599    Initialize success
11:57:52.600    VM: initialized successfully
11:57:52.600    VM: Intel CPU BiosDisabled 
11:57:55.728    AVAST engine defs: 15090402
11:58:14.281    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006d
11:58:14.283    Disk 0 Vendor:   Size: 0MB BusType: 0
11:58:14.288    Disk 0 MBR read successfully
11:58:14.289    Disk 0 MBR scan
11:58:14.291    Disk 0 Windows 7 default MBR code
11:58:14.293    Disk 0 MBR hidden
11:58:14.294    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
11:58:14.296    Disk 0 Boot: NTFS     code=1
11:58:14.298    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       179900 MB offset 206848
11:58:14.301    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       296938 MB offset 368642048
11:58:14.306    Disk 0 scanning C:\Windows\system32\drivers
11:58:15.946    Service scanning
11:58:19.426    Modules scanning
11:58:19.439    Disk 0 trace - called modules:
11:58:19.451    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys 
11:58:19.454    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009b8c060]
11:58:19.458    3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> [0xfffffa80099c39f0]
11:58:19.461    5 iaStorF.sys[fffff880019a2f84] -> nt!IofCallDriver -> \Device\0000006d[0xfffffa800719d060]
11:58:19.635    AVAST engine scan C:\Windows
11:58:19.814    AVAST engine scan C:\Windows\system32
11:58:47.139    AVAST engine scan C:\Windows\system32\drivers
11:58:49.389    AVAST engine scan C:\Users\rdm970
11:58:50.116    AVAST engine scan C:\ProgramData
11:58:50.845    Disk 0 statistics 3137823/0/0 @ 154.62 MB/s
11:58:50.845    Scan finished successfully
11:59:35.113    Disk 0 MBR has been saved successfully to "C:\Users\rdm970\Downloads\MBR.dat"
11:59:35.116    The log file has been saved successfully to "C:\Users\rdm970\Downloads\aswMBR.txt"
 
 

Attached Files

  • Attached File  MBR.zip   571bytes   0 downloads


#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:00 PM

Posted 05 September 2015 - 08:27 AM

The results of the TDSSKiller tool is not the same for these files that Malwarebytes reports.
One of the driver is your cdrom.sys

Fake.Beep.sys, C:\Windows\System32\drivers\beep.sys, , [c15b16156823231325c9602732d15ca4],
Trojan.Patched, C:\Windows\System32\drivers\cdrom.sys, , [8e8e4cdf8dfee254d1342c5c7093e41c],
Trojan.Patched, C:\Windows\System32\drivers\modem.sys, , [5ac2d655e5a689ad1678dbad897aff01],


Very strange that Scannow did not report anything about these files.

Lets check what versions are on your computer.


Please run the Farbar Recovery Scan Tool. Enter beep.sys;cdrom.sys;modem.sys in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.

#12 rich.m

rich.m
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 06 September 2015 - 02:39 AM

yeah it's a pain this one =\ results from FRST below:

 

Farbar Recovery Scan Tool (x64) Version:04-09-2015
Ran by rdm970 (2015-09-06 17:36:31)
Running from C:\Users\rdm970\Downloads
Boot Mode: Normal
 
================== Search Files: "beep.sys;cdrom.sys;modem.sys" =============
 
C:\Windows\winsxs\amd64_microsoft-windows-u..em-core-classdriver_31bf3856ad364e35_6.1.7600.16385_none_8bf97498085ce154\modem.sys
[2009-07-14 10:10][2009-07-14 10:10] 0040448 ____A () 800BA92F7010378B09F9ED9270F07137 [File not signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys
[2009-07-14 10:00][2009-07-14 10:00] 0006656 ____N () 16A47CE2DECC9B099349A5F840654746 [File not signed]
 
C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2009-07-14 09:19][2009-07-14 09:19] 0147456 ____A () 83D2D75E1EFB81B3450C18131443F7DB [File not signed]
 
C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009-07-14 09:19][2009-07-14 09:19] 0147456 ____A () 83D2D75E1EFB81B3450C18131443F7DB [File not signed]
 
C:\Windows\System32\drivers\cdrom.sys
[2009-07-14 09:19][2009-07-14 09:19] 0147456 ____A () 83D2D75E1EFB81B3450C18131443F7DB [File not signed]
 
C:\Windows\System32\drivers\modem.sys
[2009-07-14 10:10][2009-07-14 10:10] 0040448 ____A () 800BA92F7010378B09F9ED9270F07137 [File not signed]
 
====== End of Search ======
 
I've also attached the CBS log from the /scannow results and it did seem to identify that the files were corrupted. However, I think it may have been one of those items it could not fix, even after the reboot.

Attached Files

  • Attached File  CBS.zip   145.22KB   1 downloads

Edited by rich.m, 06 September 2015 - 03:18 AM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:00 PM

Posted 06 September 2015 - 09:17 AM

The beep.sys file should be in the System32 folder and is not being reported.

Lets fix that.

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

Replace: C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys C:\Windows\System32\drivers\beep.sys

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please run the Farbar Recovery Scan Tool. Enter beep.sys in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.

How is the computer running now?

#14 rich.m

rich.m
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 07 September 2015 - 06:16 AM

Thanks nasdaq, results of both scans below:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:06-09-2015 01
Ran by rdm970 (2015-09-07 21:08:17) Run:2
Running from C:\Users\rdm970\Downloads
Loaded Profiles: rdm970 (Available Profiles: rdm970)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
Replace: C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys C:\Windows\System32\drivers\beep.sys
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"C:\Windows\System32\drivers\beep.sys" => not found
C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys copied successfully to C:\Windows\System32\drivers\beep.sys
 
 
The system needed a reboot.. 
 
==== End of Fixlog 21:08:22 ====
 
Farbar Recovery Scan Tool (x64) Version:06-09-2015 01
Ran by rdm970 (2015-09-07 21:11:25)
Running from C:\Users\rdm970\Downloads
Boot Mode: Normal
 
================== Search Files: "beep.sys" =============
 
C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys
[2009-07-14 10:00][2009-07-14 10:00] 0006656 ____N (Microsoft Corporation) 16A47CE2DECC9B099349A5F840654746 [File is digitally signed]
 
C:\Windows\System32\drivers\beep.sys
[2015-09-07 21:08][2009-07-14 10:00] 0006656 ____A (Microsoft Corporation) 16A47CE2DECC9B099349A5F840654746 [File is digitally signed]
 
====== End of Search ======
 
will run some scans and see if there's any issues


#15 rich.m

rich.m
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 07 September 2015 - 06:44 AM

yep.. Roguekiller detected PUM.dns still and can't install the nvidia drivers.

 

 

RogueKiller V10.10.4.0 (x64) [Sep  4 2015] by Adlice Software

 
Operating System : Windows 7 (6.1.7600) 64 bits version
Started in : Normal mode
User : rdm970 [Administrator]
Started from : C:\Users\rdm970\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 09/07/2015 21:30:41
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 61.9.133.193 61.9.134.49 ([X][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 61.9.133.193 61.9.134.49 ([X][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 61.9.133.193 61.9.134.49 ([X][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A014BBBC-F47B-4159-B2A2-97117E0248F6} | DhcpNameServer : 61.9.133.193 61.9.134.49 ([X][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A014BBBC-F47B-4159-B2A2-97117E0248F6} | DhcpNameServer : 61.9.133.193 61.9.134.49 ([X][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A014BBBC-F47B-4159-B2A2-97117E0248F6} | DhcpNameServer : 61.9.133.193 61.9.134.49 ([X][-])  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 850 EVO 500G SCSI Disk Device +++++
--- User ---
[MBR] 99e5815fc22cc74cdabb8317a67cbc75
[BSP] 647ac6a1af6a94e09cef33b80cd230bd : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 179900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 368642048 | Size: 296938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
=======
 
I've also attached a screenshot of the windows security warning from installing nvidia drivers.
 
Could you possibly recommend a software that can wipe out my SSD to remove PUM.dns? I'm concerned if this thing has also latched onto the Bios too. But it seems to be undetectable from the methods above, except Roguekiller
 

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users