Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tor proxy injected into srvhost.exe, AV disabled, anti-malware tools blocked


  • This topic is locked This topic is locked
29 replies to this topic

#1 Primo2

Primo2

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 10 September 2015 - 04:49 AM

I know I'm infected with some form of malware, as I have an instance of srvhost.exe listening on port 9050, opening TCP sessions to multiple remote (tor) addresses, and which contains the same text strings as tor.exe.

My AVG2015 antivirus has been disabled, and I can't restart it.  I tried to uninstall AVG via Control Panel, and nothing happened.  I have managed to uninstall it manually (deletes and regedits).

I am unable to reinstall AVG nor Norton 360.  The setup executable for each appears to be blocked, as when I run them nothing happens.  Similarly I can't install Malwarebytes Anti-Malware nor Malwarebytes Anti-Rootkit.

I have been able to run AVG_Remover.exe from a boot disk, but it doesn't report an infection.

Any help greatly appreciated.

 

------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015
Ran by Sally (administrator) on TV2 (10-09-2015 18:00:05)
Running from C:\Users\Sally\Desktop\BleepingComputer
Loaded Profiles: Sally (Available Profiles: Sally)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Angus Johnson) C:\Program Files (x86)\Internode\mum.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [796696 2009-07-24] (Intel Corporation)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3210176602-1362377787-484962830-1000\...\Run: [InternodeUsage] => C:\Program Files (x86)\Internode\mum.exe [2242560 2014-12-06] (Angus Johnson)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2014-08-08]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
GroupPolicyScripts: Group Policy detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{E9A69CD1-CB15-4B6A-83E0-4603EEC22B47}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-3210176602-1362377787-484962830-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.au/
HKU\S-1-5-21-3210176602-1362377787-484962830-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ninemsn.com.au/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3210176602-1362377787-484962830-1000 -> DefaultScope {9E659CAA-9D8F-4183-A4C3-593E49FBEA06} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3210176602-1362377787-484962830-1000 -> {9E659CAA-9D8F-4183-A4C3-593E49FBEA06} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-05] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-15] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-05] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-05] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-15] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-05] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-15] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-15] (Google Inc.)
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-05] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://eztv.it/"
CHR Profile: C:\Users\Sally\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Sally\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-24]
CHR Extension: (Google Drive) - C:\Users\Sally\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-24]
CHR Extension: (YouTube) - C:\Users\Sally\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-24]
CHR Extension: (Google Search) - C:\Users\Sally\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sally\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Sally\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-24]
CHR Extension: (Gmail) - C:\Users\Sally\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-07-24] (Intel Corporation)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-24] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-06-10] (Apple, Inc.) [File not signed]
S3 BS984931017; \??\C:\Users\Sally\AppData\Local\Temp\NTFS.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-10 17:59 - 2015-09-10 18:00 - 00000000 ____D C:\FRST
2015-09-10 17:47 - 2015-09-10 18:00 - 00000000 ____D C:\Users\Sally\Desktop\BleepingComputer
2015-09-09 19:53 - 2015-09-09 18:10 - 08803352 _____ (Symantec Corporation) C:\Users\Sally\Desktop\explorer.exe
2015-09-09 19:53 - 2015-09-09 18:09 - 05822560 _____ (Symantec Corporation) C:\Users\Sally\Desktop\blah.exe
2015-09-09 16:29 - 2015-09-09 16:32 - 129832416 _____ (Symantec Corporation) C:\Users\Sally\Desktop\N360-TW-22.5.0-EN-AU.exe
2015-09-09 16:07 - 2015-09-09 16:07 - 00001300 _____ C:\Users\Sally\Desktop\avg system values.reg
2015-09-09 15:37 - 2015-09-09 15:56 - 00000000 ____D C:\ProgramData\SecTaskMan
2015-09-09 15:32 - 2015-09-09 15:32 - 02811944 _____ C:\Users\Sally\Desktop\SecurityTaskManager_Setup.exe
2015-09-09 14:31 - 2015-09-09 14:31 - 00022519 _____ C:\Users\Sally\Desktop\rules.txt
2015-09-09 13:45 - 2015-09-09 12:08 - 01779224 _____ ( ) C:\Users\Sally\Desktop\AVG_Remover.exe
2015-09-09 13:28 - 2015-09-09 13:46 - 00000198 _____ C:\cleanup.bat
2015-09-09 13:25 - 2015-09-09 13:25 - 00278144 _____ C:\Windows\Minidump\090915-27331-01.dmp
2015-09-09 01:06 - 2015-09-10 17:58 - 00000000 ____D C:\Users\Sally\AppData\Roaming\tor
2015-09-08 21:07 - 2015-07-29 05:39 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-09-08 21:07 - 2015-07-29 05:35 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-09-08 21:07 - 2015-07-29 05:35 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-09-08 21:07 - 2015-07-29 05:35 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-09-08 21:07 - 2015-07-29 05:35 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-09-08 21:07 - 2015-07-29 05:35 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-09-08 21:07 - 2015-07-29 05:35 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-09-08 21:07 - 2015-07-29 05:25 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-09-08 21:07 - 2015-07-21 10:09 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-08 21:07 - 2015-07-21 09:42 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-08 21:07 - 2015-07-17 06:44 - 25192448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-08 21:07 - 2015-07-17 06:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-08 21:07 - 2015-07-17 06:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-08 21:07 - 2015-07-17 06:07 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-08 21:07 - 2015-07-17 06:06 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-08 21:07 - 2015-07-17 06:06 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-08 21:07 - 2015-07-17 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-08 21:07 - 2015-07-17 06:05 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-08 21:07 - 2015-07-17 06:05 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-08 21:07 - 2015-07-17 05:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-08 21:07 - 2015-07-17 05:56 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-08 21:07 - 2015-07-17 05:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-08 21:07 - 2015-07-17 05:53 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-08 21:07 - 2015-07-17 05:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-08 21:07 - 2015-07-17 05:51 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-08 21:07 - 2015-07-17 05:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-08 21:07 - 2015-07-17 05:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-08 21:07 - 2015-07-17 05:50 - 19870208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-08 21:07 - 2015-07-17 05:42 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-08 21:07 - 2015-07-17 05:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-08 21:07 - 2015-07-17 05:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-08 21:07 - 2015-07-17 05:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-08 21:07 - 2015-07-17 05:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-08 21:07 - 2015-07-17 05:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-08 21:07 - 2015-07-17 05:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-08 21:07 - 2015-07-17 05:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-08 21:07 - 2015-07-17 05:21 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-09-08 21:07 - 2015-07-17 05:20 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-08 21:07 - 2015-07-17 05:20 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-09-08 21:07 - 2015-07-17 05:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-09-08 21:07 - 2015-07-17 05:15 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-08 21:07 - 2015-07-17 05:13 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-08 21:07 - 2015-07-17 05:13 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-09-08 21:07 - 2015-07-17 05:11 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-08 21:07 - 2015-07-17 05:09 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-08 21:07 - 2015-07-17 05:09 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-08 21:07 - 2015-07-17 05:08 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-09-08 21:07 - 2015-07-17 05:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-08 21:07 - 2015-07-17 05:05 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-08 21:07 - 2015-07-17 05:04 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-08 21:07 - 2015-07-17 05:03 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-08 21:07 - 2015-07-17 05:02 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-08 21:07 - 2015-07-17 04:59 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-08 21:07 - 2015-07-17 04:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-08 21:07 - 2015-07-17 04:50 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-09-08 21:07 - 2015-07-17 04:49 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-08 21:07 - 2015-07-17 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-08 21:07 - 2015-07-17 04:42 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-08 21:07 - 2015-07-17 04:42 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-08 21:07 - 2015-07-17 04:40 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-08 21:07 - 2015-07-17 04:36 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-08 21:07 - 2015-07-17 04:36 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-08 21:07 - 2015-07-17 04:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-09-08 21:07 - 2015-07-17 04:31 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-08 21:07 - 2015-07-17 04:19 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-08 21:07 - 2015-07-17 04:12 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-08 21:07 - 2015-07-17 04:08 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-08 21:07 - 2015-07-17 04:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-08 21:07 - 2015-07-16 03:45 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-08 21:07 - 2015-07-16 03:45 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-08 21:07 - 2015-07-16 03:45 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-08 21:07 - 2015-07-16 03:45 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-09-08 21:07 - 2015-07-16 03:42 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-08 21:07 - 2015-07-16 03:41 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-09-08 21:07 - 2015-07-16 03:41 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-09-08 21:07 - 2015-07-16 03:41 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-09-08 21:07 - 2015-07-16 03:41 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-08 21:07 - 2015-07-16 03:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-09-08 21:07 - 2015-07-16 03:40 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-09-08 21:07 - 2015-07-16 03:40 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-08 21:07 - 2015-07-16 03:40 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-08 21:07 - 2015-07-16 03:40 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-08 21:07 - 2015-07-16 03:40 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-08 21:07 - 2015-07-16 03:40 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-08 21:07 - 2015-07-16 03:40 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-08 21:07 - 2015-07-16 03:40 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-08 21:07 - 2015-07-16 03:40 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-08 21:07 - 2015-07-16 03:40 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-08 21:07 - 2015-07-16 03:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-08 21:07 - 2015-07-16 03:40 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-08 21:07 - 2015-07-16 03:40 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-08 21:07 - 2015-07-16 03:40 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-08 21:07 - 2015-07-16 03:40 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-08 21:07 - 2015-07-16 03:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-08 21:07 - 2015-07-16 03:40 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-08 21:07 - 2015-07-16 03:40 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-08 21:07 - 2015-07-16 03:40 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-08 21:07 - 2015-07-16 03:40 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-08 21:07 - 2015-07-16 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-08 21:07 - 2015-07-16 03:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-09-08 21:07 - 2015-07-16 03:40 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-09-08 21:07 - 2015-07-16 03:39 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-09-08 21:07 - 2015-07-16 03:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-08 21:07 - 2015-07-16 03:35 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-08 21:07 - 2015-07-16 03:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:29 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-09-08 21:07 - 2015-07-16 03:29 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-09-08 21:07 - 2015-07-16 03:26 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-08 21:07 - 2015-07-16 03:25 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-08 21:07 - 2015-07-16 03:25 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-09-08 21:07 - 2015-07-16 03:25 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-09-08 21:07 - 2015-07-16 03:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-09-08 21:07 - 2015-07-16 03:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-09-08 21:07 - 2015-07-16 03:24 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-08 21:07 - 2015-07-16 03:24 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-08 21:07 - 2015-07-16 03:24 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-09-08 21:07 - 2015-07-16 03:24 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-09-08 21:07 - 2015-07-16 03:24 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-09-08 21:07 - 2015-07-16 03:24 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-09-08 21:07 - 2015-07-16 03:24 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-09-08 21:07 - 2015-07-16 03:23 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-09-08 21:07 - 2015-07-16 03:23 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-09-08 21:07 - 2015-07-16 03:23 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-08 21:07 - 2015-07-16 03:23 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-09-08 21:07 - 2015-07-16 03:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-09-08 21:07 - 2015-07-16 03:23 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-09-08 21:07 - 2015-07-16 03:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-09-08 21:07 - 2015-07-16 03:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-09-08 21:07 - 2015-07-16 03:14 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-09-08 21:07 - 2015-07-16 03:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-09-08 21:07 - 2015-07-16 03:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 03:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 02:16 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-08 21:07 - 2015-07-16 02:16 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-08 21:07 - 2015-07-16 02:16 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-08 21:07 - 2015-07-16 02:07 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-09-08 21:07 - 2015-07-16 02:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-09-08 21:07 - 2015-07-16 02:04 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 02:04 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 02:04 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-08 21:07 - 2015-07-16 02:04 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-08 21:07 - 2015-07-15 12:49 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-08 21:07 - 2015-07-15 12:49 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-08 21:07 - 2015-07-15 12:49 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-09-08 21:07 - 2015-07-15 12:44 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-08 21:07 - 2015-07-15 12:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-08 21:07 - 2015-07-15 12:25 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-08 21:07 - 2015-07-15 12:25 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-08 21:07 - 2015-07-15 12:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-08 21:07 - 2015-07-15 12:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-08 21:07 - 2015-07-11 03:21 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-09-08 21:07 - 2015-07-02 06:19 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-09-08 21:07 - 2015-07-02 06:18 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-09-08 21:07 - 2015-07-02 06:00 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-09-08 21:07 - 2015-07-02 06:00 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-09-08 21:06 - 2015-07-31 03:36 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-09-08 21:06 - 2015-07-31 03:36 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-09-08 21:06 - 2015-07-31 03:36 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-09-08 21:06 - 2015-07-31 03:36 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-08 21:06 - 2015-07-31 03:36 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-08 21:06 - 2015-07-31 03:36 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-08 21:06 - 2015-07-31 03:36 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-08 21:06 - 2015-07-31 03:27 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-09-08 21:06 - 2015-07-31 03:27 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-09-08 21:06 - 2015-07-31 03:27 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-08 21:06 - 2015-07-31 03:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-08 21:06 - 2015-07-31 03:27 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-08 21:06 - 2015-07-31 03:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-08 21:06 - 2015-07-31 02:26 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-08 21:06 - 2015-07-31 02:22 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-08 21:06 - 2015-07-31 02:19 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-08 21:06 - 2015-07-17 04:42 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-09-08 21:06 - 2015-07-17 04:42 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-09-08 21:06 - 2015-07-17 04:42 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-09-08 21:06 - 2015-07-17 04:41 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-09-08 21:06 - 2015-07-17 04:41 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-09-08 21:06 - 2015-07-17 04:41 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-09-08 21:06 - 2015-07-11 22:45 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-09-08 21:06 - 2015-07-11 03:04 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-09-08 21:06 - 2015-07-10 03:27 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-09-08 21:06 - 2015-07-10 03:27 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-09-08 21:06 - 2015-07-10 03:12 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-09-08 21:02 - 2015-07-21 03:42 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-08 21:02 - 2015-07-21 03:42 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-08 21:02 - 2015-07-21 03:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-08 21:02 - 2015-07-21 03:42 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-08 21:02 - 2015-07-21 03:42 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-08 21:02 - 2015-07-21 03:42 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-08 21:02 - 2015-07-21 03:42 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-08 21:02 - 2015-07-21 03:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-08 21:02 - 2015-07-21 03:42 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-08 21:02 - 2015-07-21 03:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-08 21:02 - 2015-07-21 03:42 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-08 21:02 - 2015-07-21 03:26 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-08 21:02 - 2015-07-21 03:26 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-08 21:02 - 2015-07-21 03:26 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-08 21:02 - 2015-07-21 03:26 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-08 21:02 - 2015-07-21 03:26 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-08 20:50 - 2015-09-08 20:50 - 00002970 _____ C:\Windows\System32\Tasks\{2BB1C72F-93F2-44D3-8DE4-9AFCD0FFADF7}
2015-09-08 19:59 - 2015-09-08 20:04 - 04579264 _____ (AVG Technologies) C:\Users\Sally\Downloads\avg_free_stb_all_2015_5315_microsoft.exe
2015-09-08 19:30 - 2015-09-08 17:06 - 05053040 _____ (AVG Technologies) C:\Users\Sally\Desktop\avg_free_stb_all_2015_ltst_621.exe
2015-09-08 19:27 - 2015-09-08 19:27 - 01142604 _____ C:\Windows\system32\CFG984931017
2015-09-08 15:58 - 2015-09-08 15:58 - 00000836 _____ C:\Users\Sally\Desktop\Run.reg
2015-09-08 15:49 - 2015-09-09 13:25 - 00000000 ____D C:\Windows\Minidump
2015-09-08 15:49 - 2015-09-09 13:24 - 500395588 _____ C:\Windows\MEMORY.DMP
2015-09-08 15:49 - 2015-09-08 15:49 - 00278256 _____ C:\Windows\Minidump\090815-29218-01.dmp
2015-08-14 17:56 - 2015-08-14 17:56 - 00001194 _____ C:\Users\Sally\Desktop\Local Downloads.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-10 17:45 - 2013-11-24 08:22 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-10 16:45 - 2013-11-24 08:22 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-10 16:29 - 2012-10-25 10:23 - 02027920 _____ C:\Windows\WindowsUpdate.log
2015-09-10 16:15 - 2009-07-14 14:43 - 00752076 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-10 16:15 - 2009-07-14 14:15 - 00022128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-10 16:15 - 2009-07-14 14:15 - 00022128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-10 16:08 - 2009-07-14 14:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-10 16:07 - 2009-07-14 14:21 - 00036037 _____ C:\Windows\setupact.log
2015-09-10 00:16 - 2013-11-27 18:03 - 00007627 _____ C:\Users\Sally\AppData\Local\Resmon.ResmonCfg
2015-09-09 13:37 - 2009-07-14 12:50 - 00000000 ____D C:\Windows\Registration
2015-09-08 23:41 - 2009-07-14 12:50 - 00000000 ____D C:\Windows\rescache
2015-09-08 23:04 - 2009-07-14 14:15 - 00267672 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-08 23:02 - 2015-04-28 19:37 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-09-08 23:02 - 2015-04-28 19:37 - 00000000 ____D C:\Windows\system32\appraiser
2015-09-08 21:13 - 2015-03-28 18:21 - 00000000 ____D C:\Windows\system32\MRT
2015-09-08 21:10 - 2015-03-28 18:20 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-09-08 20:24 - 2012-10-25 14:20 - 00000000 ____D C:\Users\Sally\AppData\Roaming\Azureus
2015-09-08 20:02 - 2009-07-14 14:38 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-08 19:52 - 2012-10-25 16:48 - 00000000 ____D C:\Program Files\PeerBlock
2015-09-08 19:51 - 2009-07-14 12:50 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-08 19:51 - 2009-07-14 12:50 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-08 09:28 - 2012-10-25 14:32 - 00000000 ____D C:\ProgramData\MFAData
2015-09-07 20:17 - 2012-10-25 13:43 - 00204126 _____ C:\Windows\PFRO.log
2015-08-29 16:40 - 2013-11-24 08:22 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-29 16:40 - 2013-11-24 08:22 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2009-07-14 08:49 - 2009-07-14 10:44 - 0516096 _____ (Adobe Systems Incorporated) C:\Users\Sally\AppData\Roaming\BackUp984931017-exe.suspicious
2013-12-02 09:26 - 2013-12-02 09:26 - 0069499 _____ () C:\Users\Sally\AppData\Local\ars.cache
2013-12-02 09:26 - 2013-12-02 09:26 - 0107253 _____ () C:\Users\Sally\AppData\Local\census.cache
2013-04-20 18:44 - 2013-04-20 18:44 - 0003584 _____ () C:\Users\Sally\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-02 09:07 - 2013-12-02 09:07 - 0000036 _____ () C:\Users\Sally\AppData\Local\housecall.guid.cache
2013-11-27 18:03 - 2015-09-10 00:16 - 0007627 _____ () C:\Users\Sally\AppData\Local\Resmon.ResmonCfg
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\Sally\AppData\Local\setup.txt

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-01 00:35

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:48 AM

Posted 10 September 2015 - 11:25 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

drweb1.PNGScan with Dr.Web CureIt!®
Download

Save it to the Desktop (If this is not possible, this program is portable, and runs right from the location it is downloaded to, like a USB drive or SD card.)

Double-click the drweb-cureit.exe or the random named file (i.e. 5mkuvc4z.exe) to run the program.

When first launched, Dr.Web CureIt loads in Enhanced Protection Mode (EPM).
For this mode, at the warning: To continue working in the EPM...(recommended), press: OK

  • EPM allows the program to operate even if malicious programs block access to Windows.
  • All four corners of the Desktop show: Dr.Web CureIt - Enhanced Protection Mode.
  • Functions of the Operating System are not accessible until the scan completes.

At the License and Updates window, check the box to Agree.

  • Only when an update is needed, the License and Updates window displays a notification.
  • To update Dr.Web CureIt!!, click: Update the program
  • At he Dr.Web CureIt! official website you can download the latest virus definitions and/or version of the program.
  • If needed, click: Select objects for scanning. Here you can specify which drives or files and directories to scan.

Next, click: Continue

At the Scan Mode window, press: Start Scanning

An Express Scan window appears where Dr.Web CureIt! displays general information on its progress and lists detected threats.
This scan may take a while depending on the number of drives or directories, so please be patient.

When the scan is done, a Scanning Completed window appears.
If viruses or other threats are identified, press: Neutralize
(Note: If you need to apply a different action to a threat, click the Action for it, and select whether to Cure, Move or Delete.)
When Neutralize is selected, a window appears with the neutralizing progress.

A Curing Completed window shows when the threats are neutralized successfully.
Close the window to return to the Desktop.
Also, restart the computer so files in use can be moved or deleted.
When back in Windows, search for the CureIt log:

  • Press Start, and in the Search programs and files area, type in (or copy/paste) the following: %USERPROFILE%\Doctor Web
  • When the Doctor Web folder appears in the search area, open the folder, and then open the CureIt log.

>> Please post the CureIt.log in your reply.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Primo2

Primo2
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 10 September 2015 - 05:57 PM

Thankyou for responding so quickly Jürgen.

Indeed I had noted the FAQ that said to expect a 5 day wait, and am travelling at the moment!

Please forgive me, but it will be 5 days before I can run this next scan and post the results.  :-(

In the meantime, the PC is turned off so doing no harm.



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:48 AM

Posted 11 September 2015 - 03:21 AM

Ok...:)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Primo2

Primo2
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 15 September 2015 - 11:12 PM

Log too big to paste, so have attached.

 

CureIt reports an infection of Trojan.Mayachok.5

Searching the web, there are old descriptions about Mayachok variants, but minimal information about variant .5

What does exist is very scant, and does not appear to match what I'm seeing on my PC.

Can you point me at more information about this variant, so that I can get a feel for what damage it may have done (or is yet to do)?

 

Presumably some further checking/cleanup is still required, so please advise of next steps, and thank you very much!

Attached Files



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:48 AM

Posted 16 September 2015 - 04:23 AM

Hi,
please do the following now:

Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

tdss.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Primo2

Primo2
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 16 September 2015 - 04:34 AM

18:58:20.0054 0x0dd4  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
18:58:29.0757 0x0dd4  ============================================================
18:58:29.0757 0x0dd4  Current date / time: 2015/09/16 18:58:29.0757
18:58:29.0757 0x0dd4  SystemInfo:
18:58:29.0757 0x0dd4 
18:58:29.0757 0x0dd4  OS Version: 6.1.7601 ServicePack: 1.0
18:58:29.0757 0x0dd4  Product type: Workstation
18:58:29.0757 0x0dd4  ComputerName: TV2
18:58:29.0757 0x0dd4  UserName: Sally
18:58:29.0757 0x0dd4  Windows directory: C:\Windows
18:58:29.0757 0x0dd4  System windows directory: C:\Windows
18:58:29.0757 0x0dd4  Running under WOW64
18:58:29.0757 0x0dd4  Processor architecture: Intel x64
18:58:29.0757 0x0dd4  Number of processors: 2
18:58:29.0757 0x0dd4  Page size: 0x1000
18:58:29.0757 0x0dd4  Boot type: Normal boot
18:58:29.0757 0x0dd4  ============================================================
18:58:31.0224 0x0dd4  KLMD registered as C:\Windows\system32\drivers\32513379.sys
18:58:31.0364 0x0dd4  System UUID: {C09BF686-DAF9-EB2D-CA3B-C7D471E35555}
18:58:31.0660 0x0dd4  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:58:31.0676 0x0dd4  Drive \Device\Harddisk1\DR2 - Size: 0x3DE00000 ( 0.97 Gb ), SectorSize: 0x200, Cylinders: 0x7E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:58:31.0676 0x0dd4  ============================================================
18:58:31.0676 0x0dd4  \Device\Harddisk0\DR0:
18:58:31.0676 0x0dd4  MBR partitions:
18:58:31.0676 0x0dd4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
18:58:31.0676 0x0dd4  \Device\Harddisk1\DR2:
18:58:31.0676 0x0dd4  MBR partitions:
18:58:31.0676 0x0dd4  \Device\Harddisk1\DR2\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1EEFE0
18:58:31.0676 0x0dd4  ============================================================
18:58:31.0692 0x0dd4  C: <-> \Device\Harddisk0\DR0\Partition1
18:58:31.0692 0x0dd4  ============================================================
18:58:31.0692 0x0dd4  Initialize success
18:58:31.0692 0x0dd4  ============================================================
18:58:59.0054 0x0b80  ============================================================
18:58:59.0054 0x0b80  Scan started
18:58:59.0054 0x0b80  Mode: Manual; SigCheck; TDLFS;
18:58:59.0054 0x0b80  ============================================================
18:58:59.0054 0x0b80  KSN ping started
18:58:59.0085 0x0b80  KSN ping finished: false
18:58:59.0600 0x0b80  ================ Scan system memory ========================
18:58:59.0600 0x0b80  System memory - ok
18:58:59.0600 0x0b80  ================ Scan services =============================
18:58:59.0709 0x0b80  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:58:59.0756 0x0b80  1394ohci - ok
18:58:59.0803 0x0b80  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:58:59.0819 0x0b80  ACPI - ok
18:58:59.0834 0x0b80  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:58:59.0850 0x0b80  AcpiPmi - ok
18:58:59.0897 0x0b80  [ 560649E6A9C11F6124F97310EF387C45, 6F6E0467BBBBA2D67E050C5730D66032A6265049A1B77C27C470D1F928F16166 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
18:58:59.0928 0x0b80  ADIHdAudAddService - ok
18:58:59.0990 0x0b80  [ B1EA9681502EE57F87DB71D726288A5B, D17BD2CFAE72E92C77D183331D5CBA0FEA893BF54875920870E271940F40A8BB ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:59:00.0006 0x0b80  AdobeARMservice - ok
18:59:00.0053 0x0b80  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
18:59:00.0084 0x0b80  adp94xx - ok
18:59:00.0115 0x0b80  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
18:59:00.0131 0x0b80  adpahci - ok
18:59:00.0162 0x0b80  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
18:59:00.0162 0x0b80  adpu320 - ok
18:59:00.0209 0x0b80  [ 3BDB13C79CC8C06E2F8182595903ED69, 9E00D6649E862DE6812718B091C350E05A2C5C4D28DE8E05E3DD1F789A04EE96 ] AEADIFilters    C:\Windows\system32\AEADISRV.EXE
18:59:00.0224 0x0b80  AEADIFilters - ok
18:59:00.0240 0x0b80  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:59:00.0255 0x0b80  AeLookupSvc - ok
18:59:00.0302 0x0b80  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
18:59:00.0318 0x0b80  AFD - ok
18:59:00.0349 0x0b80  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
18:59:00.0365 0x0b80  agp440 - ok
18:59:00.0396 0x0b80  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
18:59:00.0411 0x0b80  ALG - ok
18:59:00.0443 0x0b80  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:59:00.0458 0x0b80  aliide - ok
18:59:00.0474 0x0b80  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:59:00.0489 0x0b80  amdide - ok
18:59:00.0521 0x0b80  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:59:00.0521 0x0b80  AmdK8 - ok
18:59:00.0536 0x0b80  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:59:00.0536 0x0b80  AmdPPM - ok
18:59:00.0567 0x0b80  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:59:00.0583 0x0b80  amdsata - ok
18:59:00.0614 0x0b80  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:59:00.0614 0x0b80  amdsbs - ok
18:59:00.0645 0x0b80  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:59:00.0645 0x0b80  amdxata - ok
18:59:00.0692 0x0b80  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
18:59:00.0708 0x0b80  AppID - ok
18:59:00.0723 0x0b80  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:59:00.0723 0x0b80  AppIDSvc - ok
18:59:00.0755 0x0b80  [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo         C:\Windows\System32\appinfo.dll
18:59:00.0755 0x0b80  Appinfo - ok
18:59:00.0786 0x0b80  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
18:59:00.0801 0x0b80  AppMgmt - ok
18:59:00.0833 0x0b80  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
18:59:00.0833 0x0b80  arc - ok
18:59:00.0848 0x0b80  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
18:59:00.0864 0x0b80  arcsas - ok
18:59:00.0973 0x0b80  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:59:00.0989 0x0b80  aspnet_state - ok
18:59:01.0004 0x0b80  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:59:01.0035 0x0b80  AsyncMac - ok
18:59:01.0067 0x0b80  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:59:01.0082 0x0b80  atapi - ok
18:59:01.0113 0x0b80  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:59:01.0145 0x0b80  AudioEndpointBuilder - ok
18:59:01.0160 0x0b80  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:59:01.0176 0x0b80  AudioSrv - ok
18:59:01.0223 0x0b80  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:59:01.0238 0x0b80  AxInstSV - ok
18:59:01.0269 0x0b80  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
18:59:01.0285 0x0b80  b06bdrv - ok
18:59:01.0332 0x0b80  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:59:01.0347 0x0b80  b57nd60a - ok
18:59:01.0379 0x0b80  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:59:01.0379 0x0b80  BDESVC - ok
18:59:01.0394 0x0b80  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:59:01.0425 0x0b80  Beep - ok
18:59:01.0472 0x0b80  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
18:59:01.0503 0x0b80  BFE - ok
18:59:01.0550 0x0b80  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
18:59:01.0581 0x0b80  BITS - ok
18:59:01.0613 0x0b80  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:59:01.0613 0x0b80  blbdrive - ok
18:59:01.0644 0x0b80  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:59:01.0644 0x0b80  bowser - ok
18:59:01.0659 0x0b80  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:59:01.0675 0x0b80  BrFiltLo - ok
18:59:01.0675 0x0b80  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:59:01.0691 0x0b80  BrFiltUp - ok
18:59:01.0722 0x0b80  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
18:59:01.0737 0x0b80  Browser - ok
18:59:01.0753 0x0b80  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:59:01.0769 0x0b80  Brserid - ok
18:59:01.0769 0x0b80  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:59:01.0784 0x0b80  BrSerWdm - ok
18:59:01.0784 0x0b80  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:59:01.0800 0x0b80  BrUsbMdm - ok
18:59:01.0800 0x0b80  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:59:01.0815 0x0b80  BrUsbSer - ok
18:59:01.0878 0x0b80  BS984931017 - ok
18:59:01.0909 0x0b80  [ 832B121E4532919CC49F2438F1DCAA21, 70FFDD505A64D3CF03220D6422EDD47CA2E0DF711BBF2ED057F32A688CB2E2E8 ] BthAvrcp        C:\Windows\system32\DRIVERS\BthAvrcp.sys
18:59:01.0925 0x0b80  BthAvrcp - ok
18:59:01.0971 0x0b80  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
18:59:01.0987 0x0b80  BthEnum - ok
18:59:02.0003 0x0b80  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:59:02.0018 0x0b80  BTHMODEM - ok
18:59:02.0049 0x0b80  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
18:59:02.0065 0x0b80  BthPan - ok
18:59:02.0096 0x0b80  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
18:59:02.0112 0x0b80  BTHPORT - ok
18:59:02.0159 0x0b80  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
18:59:02.0190 0x0b80  bthserv - ok
18:59:02.0221 0x0b80  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
18:59:02.0237 0x0b80  BTHUSB - ok
18:59:02.0268 0x0b80  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:59:02.0283 0x0b80  cdfs - ok
18:59:02.0330 0x0b80  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
18:59:02.0346 0x0b80  cdrom - ok
18:59:02.0377 0x0b80  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:59:02.0408 0x0b80  CertPropSvc - ok
18:59:02.0424 0x0b80  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:59:02.0439 0x0b80  circlass - ok
18:59:02.0471 0x0b80  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
18:59:02.0486 0x0b80  CLFS - ok
18:59:02.0533 0x0b80  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:59:02.0549 0x0b80  clr_optimization_v2.0.50727_32 - ok
18:59:02.0580 0x0b80  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:59:02.0595 0x0b80  clr_optimization_v2.0.50727_64 - ok
18:59:02.0658 0x0b80  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:59:02.0673 0x0b80  clr_optimization_v4.0.30319_32 - ok
18:59:02.0705 0x0b80  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:59:02.0720 0x0b80  clr_optimization_v4.0.30319_64 - ok
18:59:02.0751 0x0b80  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:59:02.0767 0x0b80  CmBatt - ok
18:59:02.0783 0x0b80  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:59:02.0798 0x0b80  cmdide - ok
18:59:02.0845 0x0b80  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
18:59:02.0876 0x0b80  CNG - ok
18:59:02.0892 0x0b80  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:59:02.0907 0x0b80  Compbatt - ok
18:59:02.0939 0x0b80  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:59:02.0970 0x0b80  CompositeBus - ok
18:59:02.0985 0x0b80  COMSysApp - ok
18:59:02.0985 0x0b80  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
18:59:03.0001 0x0b80  crcdisk - ok
18:59:03.0032 0x0b80  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:59:03.0048 0x0b80  CryptSvc - ok
18:59:03.0095 0x0b80  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
18:59:03.0110 0x0b80  CSC - ok
18:59:03.0141 0x0b80  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
18:59:03.0173 0x0b80  CscService - ok
18:59:03.0204 0x0b80  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:59:03.0235 0x0b80  DcomLaunch - ok
18:59:03.0251 0x0b80  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
18:59:03.0282 0x0b80  defragsvc - ok
18:59:03.0329 0x0b80  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:59:03.0360 0x0b80  DfsC - ok
18:59:03.0391 0x0b80  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:59:03.0407 0x0b80  Dhcp - ok
18:59:03.0469 0x0b80  [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack       C:\Windows\system32\diagtrack.dll
18:59:03.0500 0x0b80  DiagTrack - ok
18:59:03.0531 0x0b80  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
18:59:03.0563 0x0b80  discache - ok
18:59:03.0578 0x0b80  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:59:03.0594 0x0b80  Disk - ok
18:59:03.0609 0x0b80  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:59:03.0625 0x0b80  Dnscache - ok
18:59:03.0672 0x0b80  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:59:03.0687 0x0b80  dot3svc - ok
18:59:03.0734 0x0b80  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
18:59:03.0750 0x0b80  DPS - ok
18:59:03.0781 0x0b80  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:59:03.0797 0x0b80  drmkaud - ok
18:59:03.0843 0x0b80  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:59:03.0859 0x0b80  DXGKrnl - ok
18:59:03.0906 0x0b80  [ 477E33019A855D9B8E7B3263CB9A1AE5, F28840936D992C99238AFECBBF03B75047DEDF0EC682C1444036931E4036AFBB ] e1kexpress      C:\Windows\system32\DRIVERS\e1k62x64.sys
18:59:03.0937 0x0b80  e1kexpress - ok
18:59:03.0953 0x0b80  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
18:59:03.0984 0x0b80  EapHost - ok
18:59:04.0093 0x0b80  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
18:59:04.0202 0x0b80  ebdrv - ok
18:59:04.0249 0x0b80  [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] EFS             C:\Windows\System32\lsass.exe
18:59:04.0249 0x0b80  EFS - ok
18:59:04.0327 0x0b80  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:59:04.0358 0x0b80  ehRecvr - ok
18:59:04.0374 0x0b80  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
18:59:04.0389 0x0b80  ehSched - ok
18:59:04.0421 0x0b80  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
18:59:04.0436 0x0b80  elxstor - ok
18:59:04.0452 0x0b80  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:59:04.0467 0x0b80  ErrDev - ok
18:59:04.0514 0x0b80  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
18:59:04.0545 0x0b80  EventSystem - ok
18:59:04.0561 0x0b80  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:59:04.0592 0x0b80  exfat - ok
18:59:04.0608 0x0b80  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:59:04.0639 0x0b80  fastfat - ok
18:59:04.0655 0x0b80  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:59:04.0670 0x0b80  fdc - ok
18:59:04.0670 0x0b80  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
18:59:04.0701 0x0b80  fdPHost - ok
18:59:04.0717 0x0b80  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:59:04.0733 0x0b80  FDResPub - ok
18:59:04.0748 0x0b80  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:59:04.0764 0x0b80  FileInfo - ok
18:59:04.0764 0x0b80  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:59:04.0795 0x0b80  Filetrace - ok
18:59:04.0795 0x0b80  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:59:04.0811 0x0b80  flpydisk - ok
18:59:04.0842 0x0b80  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:59:04.0857 0x0b80  FltMgr - ok
18:59:04.0920 0x0b80  [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache       C:\Windows\system32\FntCache.dll
18:59:04.0951 0x0b80  FontCache - ok
18:59:04.0998 0x0b80  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:59:05.0013 0x0b80  FontCache3.0.0.0 - ok
18:59:05.0013 0x0b80  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:59:05.0029 0x0b80  FsDepends - ok
18:59:05.0060 0x0b80  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:59:05.0060 0x0b80  Fs_Rec - ok
18:59:05.0076 0x0b80  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:59:05.0091 0x0b80  fvevol - ok
18:59:05.0107 0x0b80  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:59:05.0123 0x0b80  gagp30kx - ok
18:59:05.0169 0x0b80  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:59:05.0201 0x0b80  gpsvc - ok
18:59:05.0279 0x0b80  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:59:05.0294 0x0b80  gupdate - ok
18:59:05.0325 0x0b80  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:59:05.0325 0x0b80  gupdatem - ok
18:59:05.0372 0x0b80  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:59:05.0372 0x0b80  gusvc - ok
18:59:05.0403 0x0b80  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:59:05.0419 0x0b80  hcw85cir - ok
18:59:05.0450 0x0b80  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:59:05.0481 0x0b80  HdAudAddService - ok
18:59:05.0497 0x0b80  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
18:59:05.0528 0x0b80  HDAudBus - ok
18:59:05.0544 0x0b80  [ E91AFF2610114CCAEBB90D4D991BB6B2, D266732263AB51BEAB26D34B216E05298E3CE60B0103A9D238F1A7215EDCBC5D ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
18:59:05.0559 0x0b80  HECIx64 - ok
18:59:05.0559 0x0b80  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
18:59:05.0575 0x0b80  HidBatt - ok
18:59:05.0591 0x0b80  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:59:05.0606 0x0b80  HidBth - ok
18:59:05.0622 0x0b80  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
18:59:05.0622 0x0b80  HidIr - ok
18:59:05.0637 0x0b80  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
18:59:05.0669 0x0b80  hidserv - ok
18:59:05.0715 0x0b80  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:59:05.0715 0x0b80  HidUsb - ok
18:59:05.0747 0x0b80  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:59:05.0778 0x0b80  hkmsvc - ok
18:59:05.0809 0x0b80  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:59:05.0809 0x0b80  HomeGroupListener - ok
18:59:05.0856 0x0b80  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:59:05.0856 0x0b80  HomeGroupProvider - ok
18:59:05.0887 0x0b80  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:59:05.0887 0x0b80  HpSAMD - ok
18:59:05.0949 0x0b80  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:59:05.0981 0x0b80  HTTP - ok
18:59:05.0996 0x0b80  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:59:06.0012 0x0b80  hwpolicy - ok
18:59:06.0027 0x0b80  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:59:06.0043 0x0b80  i8042prt - ok
18:59:06.0090 0x0b80  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:59:06.0105 0x0b80  iaStorV - ok
18:59:06.0183 0x0b80  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:59:06.0230 0x0b80  idsvc - ok
18:59:06.0246 0x0b80  IEEtwCollectorService - ok
18:59:06.0542 0x0b80  [ F59AC361DFE9BFD9BE81E20B04EADAA2, 3820AD3443EE0CF904E91E578A5EE3C43276376D9DF4E879702C732DBA427133 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
18:59:06.0885 0x0b80  igfx - ok
18:59:06.0932 0x0b80  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
18:59:06.0932 0x0b80  iirsp - ok
18:59:06.0995 0x0b80  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
18:59:07.0026 0x0b80  IKEEXT - ok
18:59:07.0041 0x0b80  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:59:07.0041 0x0b80  intelide - ok
18:59:07.0073 0x0b80  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:59:07.0073 0x0b80  intelppm - ok
18:59:07.0104 0x0b80  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:59:07.0135 0x0b80  IPBusEnum - ok
18:59:07.0151 0x0b80  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:59:07.0182 0x0b80  IpFilterDriver - ok
18:59:07.0213 0x0b80  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:59:07.0229 0x0b80  iphlpsvc - ok
18:59:07.0260 0x0b80  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:59:07.0260 0x0b80  IPMIDRV - ok
18:59:07.0275 0x0b80  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:59:07.0307 0x0b80  IPNAT - ok
18:59:07.0322 0x0b80  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:59:07.0338 0x0b80  IRENUM - ok
18:59:07.0369 0x0b80  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:59:07.0369 0x0b80  isapnp - ok
18:59:07.0400 0x0b80  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:59:07.0416 0x0b80  iScsiPrt - ok
18:59:07.0431 0x0b80  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:59:07.0447 0x0b80  kbdclass - ok
18:59:07.0478 0x0b80  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:59:07.0478 0x0b80  kbdhid - ok
18:59:07.0494 0x0b80  [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] KeyIso          C:\Windows\system32\lsass.exe
18:59:07.0494 0x0b80  KeyIso - ok
18:59:07.0525 0x0b80  [ 67A1743377EBB5D9A370A8C2086CFDCC, 2F0FD6C1969B1EEEEFFC1A8F972E1E90F1AD9558FF00EC159BC19ED927FD4BF5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:59:07.0525 0x0b80  KSecDD - ok
18:59:07.0541 0x0b80  [ 522A1595D5701800DD41B2D472F5AAED, B62924AE94A5AC454AD6057BC133D717BB1C6445BE36D6BECAB76E1600F60C33 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:59:07.0556 0x0b80  KSecPkg - ok
18:59:07.0587 0x0b80  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:59:07.0603 0x0b80  ksthunk - ok
18:59:07.0634 0x0b80  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:59:07.0681 0x0b80  KtmRm - ok
18:59:07.0712 0x0b80  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:59:07.0743 0x0b80  LanmanServer - ok
18:59:07.0759 0x0b80  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:59:07.0790 0x0b80  LanmanWorkstation - ok
18:59:07.0837 0x0b80  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:59:07.0868 0x0b80  lltdio - ok
18:59:07.0899 0x0b80  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:59:07.0931 0x0b80  lltdsvc - ok
18:59:07.0946 0x0b80  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:59:07.0977 0x0b80  lmhosts - ok
18:59:08.0009 0x0b80  [ 2763A02188FFB04287F5034EC5B6B451, 679C9316FC101A9135D788BC3D910F3EF4146AF56D97143149D1767F581535F7 ] LMS             C:\Program Files (x86)\Intel\AMT\LMS.exe
18:59:08.0009 0x0b80  LMS - ok
18:59:08.0055 0x0b80  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
18:59:08.0055 0x0b80  LSI_FC - ok
18:59:08.0071 0x0b80  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
18:59:08.0087 0x0b80  LSI_SAS - ok
18:59:08.0102 0x0b80  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:59:08.0102 0x0b80  LSI_SAS2 - ok
18:59:08.0133 0x0b80  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:59:08.0133 0x0b80  LSI_SCSI - ok
18:59:08.0165 0x0b80  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
18:59:08.0180 0x0b80  luafv - ok
18:59:08.0211 0x0b80  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:59:08.0227 0x0b80  Mcx2Svc - ok
18:59:08.0243 0x0b80  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
18:59:08.0243 0x0b80  megasas - ok
18:59:08.0274 0x0b80  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
18:59:08.0289 0x0b80  MegaSR - ok
18:59:08.0321 0x0b80  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
18:59:08.0352 0x0b80  MMCSS - ok
18:59:08.0352 0x0b80  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
18:59:08.0383 0x0b80  Modem - ok
18:59:08.0414 0x0b80  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:59:08.0414 0x0b80  monitor - ok
18:59:08.0430 0x0b80  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:59:08.0445 0x0b80  mouclass - ok
18:59:08.0461 0x0b80  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:59:08.0477 0x0b80  mouhid - ok
18:59:08.0508 0x0b80  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:59:08.0523 0x0b80  mountmgr - ok
18:59:08.0539 0x0b80  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:59:08.0555 0x0b80  mpio - ok
18:59:08.0586 0x0b80  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:59:08.0601 0x0b80  mpsdrv - ok
18:59:08.0664 0x0b80  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:59:08.0695 0x0b80  MpsSvc - ok
18:59:08.0726 0x0b80  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:59:08.0726 0x0b80  MRxDAV - ok
18:59:08.0757 0x0b80  [ B2081803D510DCE174992BA880EDCA70, 37DB53C9756EC03EB7165DEB58251615D70B7C86DF32A54DE25ADAF30A04D792 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:59:08.0757 0x0b80  mrxsmb - ok
18:59:08.0789 0x0b80  [ 552FA62B0EFECD22D8D52499324BCA4F, C3A02C9C30C36928AC7B1025496544967187A05BEF5D100B54F2C0155E47145C ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:59:08.0804 0x0b80  mrxsmb10 - ok
18:59:08.0835 0x0b80  [ 97687971F9CB30E2633DE0F1296B9F61, 865DA87523E4C32D65D55D5475A5CDDFA10699780DA500E6D606384FB3BEB1BE ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:59:08.0851 0x0b80  mrxsmb20 - ok
18:59:08.0867 0x0b80  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:59:08.0867 0x0b80  msahci - ok
18:59:08.0882 0x0b80  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:59:08.0898 0x0b80  msdsm - ok
18:59:08.0913 0x0b80  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
18:59:08.0913 0x0b80  MSDTC - ok
18:59:08.0945 0x0b80  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:59:08.0991 0x0b80  Msfs - ok
18:59:09.0007 0x0b80  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:59:09.0023 0x0b80  mshidkmdf - ok
18:59:09.0054 0x0b80  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:59:09.0054 0x0b80  msisadrv - ok
18:59:09.0085 0x0b80  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:59:09.0116 0x0b80  MSiSCSI - ok
18:59:09.0116 0x0b80  msiserver - ok
18:59:09.0132 0x0b80  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:59:09.0163 0x0b80  MSKSSRV - ok
18:59:09.0179 0x0b80  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:59:09.0210 0x0b80  MSPCLOCK - ok
18:59:09.0210 0x0b80  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:59:09.0241 0x0b80  MSPQM - ok
18:59:09.0272 0x0b80  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:59:09.0303 0x0b80  MsRPC - ok
18:59:09.0303 0x0b80  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
18:59:09.0319 0x0b80  mssmbios - ok
18:59:09.0335 0x0b80  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:59:09.0366 0x0b80  MSTEE - ok
18:59:09.0381 0x0b80  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
18:59:09.0381 0x0b80  MTConfig - ok
18:59:09.0397 0x0b80  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
18:59:09.0397 0x0b80  Mup - ok
18:59:09.0444 0x0b80  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
18:59:09.0475 0x0b80  napagent - ok
18:59:09.0506 0x0b80  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:59:09.0522 0x0b80  NativeWifiP - ok
18:59:09.0600 0x0b80  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:59:09.0631 0x0b80  NDIS - ok
18:59:09.0647 0x0b80  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:59:09.0678 0x0b80  NdisCap - ok
18:59:09.0693 0x0b80  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:59:09.0725 0x0b80  NdisTapi - ok
18:59:09.0756 0x0b80  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:59:09.0771 0x0b80  Ndisuio - ok
18:59:09.0787 0x0b80  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:59:09.0818 0x0b80  NdisWan - ok
18:59:09.0834 0x0b80  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:59:09.0865 0x0b80  NDProxy - ok
18:59:09.0881 0x0b80  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:59:09.0896 0x0b80  NetBIOS - ok
18:59:09.0927 0x0b80  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:59:09.0959 0x0b80  NetBT - ok
18:59:09.0959 0x0b80  [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] Netlogon        C:\Windows\system32\lsass.exe
18:59:09.0974 0x0b80  Netlogon - ok
18:59:10.0005 0x0b80  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
18:59:10.0037 0x0b80  Netman - ok
18:59:10.0068 0x0b80  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:59:10.0083 0x0b80  NetMsmqActivator - ok
18:59:10.0099 0x0b80  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:59:10.0115 0x0b80  NetPipeActivator - ok
18:59:10.0130 0x0b80  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
18:59:10.0161 0x0b80  netprofm - ok
18:59:10.0239 0x0b80  [ 6193669D716B17F35BE1C80C675CAAD8, 4BF096FF7CEA6E36E241407048E75F2399F07BA39E0EF7D2F99AF9A849895728 ] netr28ux        C:\Windows\system32\DRIVERS\netr28ux.sys
18:59:10.0271 0x0b80  netr28ux - ok
18:59:10.0286 0x0b80  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:59:10.0302 0x0b80  NetTcpActivator - ok
18:59:10.0302 0x0b80  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:59:10.0317 0x0b80  NetTcpPortSharing - ok
18:59:10.0333 0x0b80  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
18:59:10.0349 0x0b80  nfrd960 - ok
18:59:10.0380 0x0b80  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:59:10.0395 0x0b80  NlaSvc - ok
18:59:10.0411 0x0b80  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:59:10.0427 0x0b80  Npfs - ok
18:59:10.0458 0x0b80  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
18:59:10.0489 0x0b80  nsi - ok
18:59:10.0489 0x0b80  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:59:10.0520 0x0b80  nsiproxy - ok
18:59:10.0583 0x0b80  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:59:10.0629 0x0b80  Ntfs - ok
18:59:10.0645 0x0b80  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
18:59:10.0676 0x0b80  Null - ok
18:59:10.0707 0x0b80  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:59:10.0707 0x0b80  nvraid - ok
18:59:10.0754 0x0b80  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:59:10.0754 0x0b80  nvstor - ok
18:59:10.0785 0x0b80  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:59:10.0801 0x0b80  nv_agp - ok
18:59:10.0817 0x0b80  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:59:10.0832 0x0b80  ohci1394 - ok
18:59:10.0863 0x0b80  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:59:10.0879 0x0b80  p2pimsvc - ok
18:59:10.0910 0x0b80  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
18:59:10.0926 0x0b80  p2psvc - ok
18:59:10.0941 0x0b80  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:59:10.0957 0x0b80  Parport - ok
18:59:10.0988 0x0b80  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:59:10.0988 0x0b80  partmgr - ok
18:59:11.0019 0x0b80  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:59:11.0035 0x0b80  PcaSvc - ok
18:59:11.0035 0x0b80  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
18:59:11.0051 0x0b80  pci - ok
18:59:11.0066 0x0b80  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
18:59:11.0082 0x0b80  pciide - ok
18:59:11.0097 0x0b80  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:59:11.0113 0x0b80  pcmcia - ok
18:59:11.0129 0x0b80  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:59:11.0129 0x0b80  pcw - ok
18:59:11.0175 0x0b80  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:59:11.0191 0x0b80  PEAUTH - ok
18:59:11.0269 0x0b80  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
18:59:11.0300 0x0b80  PeerDistSvc - ok
18:59:11.0347 0x0b80  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:59:11.0363 0x0b80  PerfHost - ok
18:59:11.0409 0x0b80  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
18:59:11.0472 0x0b80  pla - ok
18:59:11.0503 0x0b80  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:59:11.0519 0x0b80  PlugPlay - ok
18:59:11.0534 0x0b80  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:59:11.0550 0x0b80  PNRPAutoReg - ok
18:59:11.0565 0x0b80  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:59:11.0581 0x0b80  PNRPsvc - ok
18:59:11.0612 0x0b80  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:59:11.0659 0x0b80  PolicyAgent - ok
18:59:11.0690 0x0b80  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
18:59:11.0721 0x0b80  Power - ok
18:59:11.0737 0x0b80  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:59:11.0768 0x0b80  PptpMiniport - ok
18:59:11.0799 0x0b80  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
18:59:11.0799 0x0b80  Processor - ok
18:59:11.0846 0x0b80  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:59:11.0862 0x0b80  ProfSvc - ok
18:59:11.0877 0x0b80  [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:59:11.0877 0x0b80  ProtectedStorage - ok
18:59:11.0924 0x0b80  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:59:11.0940 0x0b80  Psched - ok
18:59:12.0002 0x0b80  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
18:59:12.0065 0x0b80  ql2300 - ok
18:59:12.0080 0x0b80  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
18:59:12.0096 0x0b80  ql40xx - ok
18:59:12.0111 0x0b80  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
18:59:12.0158 0x0b80  QWAVE - ok
18:59:12.0158 0x0b80  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:59:12.0174 0x0b80  QWAVEdrv - ok
18:59:12.0205 0x0b80  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:59:12.0221 0x0b80  RasAcd - ok
18:59:12.0252 0x0b80  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:59:12.0283 0x0b80  RasAgileVpn - ok
18:59:12.0283 0x0b80  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
18:59:12.0314 0x0b80  RasAuto - ok
18:59:12.0330 0x0b80  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:59:12.0361 0x0b80  Rasl2tp - ok
18:59:12.0377 0x0b80  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
18:59:12.0423 0x0b80  RasMan - ok
18:59:12.0439 0x0b80  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:59:12.0470 0x0b80  RasPppoe - ok
18:59:12.0486 0x0b80  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:59:12.0501 0x0b80  RasSstp - ok
18:59:12.0533 0x0b80  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:59:12.0548 0x0b80  rdbss - ok
18:59:12.0564 0x0b80  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:59:12.0579 0x0b80  rdpbus - ok
18:59:12.0579 0x0b80  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:59:12.0611 0x0b80  RDPCDD - ok
18:59:12.0626 0x0b80  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
18:59:12.0642 0x0b80  RDPDR - ok
18:59:12.0657 0x0b80  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:59:12.0689 0x0b80  RDPENCDD - ok
18:59:12.0704 0x0b80  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:59:12.0720 0x0b80  RDPREFMP - ok
18:59:12.0782 0x0b80  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:59:12.0798 0x0b80  RdpVideoMiniport - ok
18:59:12.0829 0x0b80  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:59:12.0845 0x0b80  RDPWD - ok
18:59:12.0891 0x0b80  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:59:12.0923 0x0b80  rdyboost - ok
18:59:12.0938 0x0b80  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:59:12.0969 0x0b80  RemoteAccess - ok
18:59:12.0985 0x0b80  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:59:13.0016 0x0b80  RemoteRegistry - ok
18:59:13.0047 0x0b80  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
18:59:13.0047 0x0b80  RFCOMM - ok
18:59:13.0079 0x0b80  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:59:13.0094 0x0b80  RpcEptMapper - ok
18:59:13.0110 0x0b80  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
18:59:13.0125 0x0b80  RpcLocator - ok
18:59:13.0172 0x0b80  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
18:59:13.0203 0x0b80  RpcSs - ok
18:59:13.0235 0x0b80  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:59:13.0266 0x0b80  rspndr - ok
18:59:13.0281 0x0b80  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
18:59:13.0297 0x0b80  s3cap - ok
18:59:13.0313 0x0b80  [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] SamSs           C:\Windows\system32\lsass.exe
18:59:13.0313 0x0b80  SamSs - ok
18:59:13.0328 0x0b80  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:59:13.0344 0x0b80  sbp2port - ok
18:59:13.0375 0x0b80  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:59:13.0406 0x0b80  SCardSvr - ok
18:59:13.0422 0x0b80  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:59:13.0453 0x0b80  scfilter - ok
18:59:13.0500 0x0b80  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
18:59:13.0547 0x0b80  Schedule - ok
18:59:13.0562 0x0b80  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:59:13.0593 0x0b80  SCPolicySvc - ok
18:59:13.0625 0x0b80  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:59:13.0640 0x0b80  SDRSVC - ok
18:59:13.0656 0x0b80  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:59:13.0687 0x0b80  secdrv - ok
18:59:13.0687 0x0b80  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
18:59:13.0718 0x0b80  seclogon - ok
18:59:13.0734 0x0b80  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
18:59:13.0749 0x0b80  SENS - ok
18:59:13.0765 0x0b80  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:59:13.0781 0x0b80  SensrSvc - ok
18:59:13.0796 0x0b80  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:59:13.0796 0x0b80  Serenum - ok
18:59:13.0812 0x0b80  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:59:13.0827 0x0b80  Serial - ok
18:59:13.0843 0x0b80  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
18:59:13.0859 0x0b80  sermouse - ok
18:59:13.0874 0x0b80  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
18:59:13.0905 0x0b80  SessionEnv - ok
18:59:13.0921 0x0b80  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:59:13.0937 0x0b80  sffdisk - ok
18:59:13.0952 0x0b80  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:59:13.0968 0x0b80  sffp_mmc - ok
18:59:13.0983 0x0b80  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:59:13.0983 0x0b80  sffp_sd - ok
18:59:13.0999 0x0b80  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
18:59:14.0015 0x0b80  sfloppy - ok
18:59:14.0046 0x0b80  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:59:14.0077 0x0b80  SharedAccess - ok
18:59:14.0124 0x0b80  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:59:14.0171 0x0b80  ShellHWDetection - ok
18:59:14.0171 0x0b80  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:59:14.0186 0x0b80  SiSRaid2 - ok
18:59:14.0202 0x0b80  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
18:59:14.0202 0x0b80  SiSRaid4 - ok
18:59:14.0217 0x0b80  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:59:14.0249 0x0b80  Smb - ok
18:59:14.0280 0x0b80  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:59:14.0295 0x0b80  SNMPTRAP - ok
18:59:14.0295 0x0b80  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:59:14.0311 0x0b80  spldr - ok
18:59:14.0342 0x0b80  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
18:59:14.0358 0x0b80  Spooler - ok
18:59:14.0483 0x0b80  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
18:59:14.0561 0x0b80  sppsvc - ok
18:59:14.0592 0x0b80  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:59:14.0607 0x0b80  sppuinotify - ok
18:59:14.0654 0x0b80  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:59:14.0670 0x0b80  srv - ok
18:59:14.0685 0x0b80  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:59:14.0701 0x0b80  srv2 - ok
18:59:14.0717 0x0b80  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:59:14.0732 0x0b80  srvnet - ok
18:59:14.0763 0x0b80  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:59:14.0795 0x0b80  SSDPSRV - ok
18:59:14.0795 0x0b80  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:59:14.0826 0x0b80  SstpSvc - ok
18:59:14.0841 0x0b80  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
18:59:14.0857 0x0b80  stexstor - ok
18:59:14.0904 0x0b80  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
18:59:14.0919 0x0b80  stisvc - ok
18:59:14.0935 0x0b80  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
18:59:14.0951 0x0b80  storflt - ok
18:59:14.0966 0x0b80  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
18:59:14.0982 0x0b80  StorSvc - ok
18:59:14.0997 0x0b80  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
18:59:14.0997 0x0b80  storvsc - ok
18:59:15.0029 0x0b80  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
18:59:15.0029 0x0b80  swenum - ok
18:59:15.0060 0x0b80  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
18:59:15.0091 0x0b80  swprv - ok
18:59:15.0169 0x0b80  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
18:59:15.0216 0x0b80  SysMain - ok
18:59:15.0247 0x0b80  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:59:15.0263 0x0b80  TabletInputService - ok
18:59:15.0294 0x0b80  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:59:15.0341 0x0b80  TapiSrv - ok
18:59:15.0341 0x0b80  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
18:59:15.0372 0x0b80  TBS - ok
18:59:15.0465 0x0b80  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:59:15.0543 0x0b80  Tcpip - ok
18:59:15.0606 0x0b80  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:59:15.0637 0x0b80  TCPIP6 - ok
18:59:15.0668 0x0b80  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:59:15.0668 0x0b80  tcpipreg - ok
18:59:15.0699 0x0b80  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:59:15.0699 0x0b80  TDPIPE - ok
18:59:15.0731 0x0b80  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:59:15.0731 0x0b80  TDTCP - ok
18:59:15.0762 0x0b80  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:59:15.0777 0x0b80  tdx - ok
18:59:15.0777 0x0b80  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
18:59:15.0793 0x0b80  TermDD - ok
18:59:15.0840 0x0b80  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
18:59:15.0855 0x0b80  TermService - ok
18:59:15.0871 0x0b80  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
18:59:15.0887 0x0b80  Themes - ok
18:59:15.0902 0x0b80  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
18:59:15.0933 0x0b80  THREADORDER - ok
18:59:15.0965 0x0b80  [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM             C:\Windows\system32\drivers\tpm.sys
18:59:15.0965 0x0b80  TPM - ok
18:59:15.0980 0x0b80  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
18:59:16.0011 0x0b80  TrkWks - ok
18:59:16.0043 0x0b80  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:59:16.0089 0x0b80  TrustedInstaller - ok
18:59:16.0105 0x0b80  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:59:16.0121 0x0b80  tssecsrv - ok
18:59:16.0152 0x0b80  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:59:16.0152 0x0b80  TsUsbFlt - ok
18:59:16.0199 0x0b80  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:59:16.0230 0x0b80  tunnel - ok
18:59:16.0245 0x0b80  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
18:59:16.0261 0x0b80  uagp35 - ok
18:59:16.0292 0x0b80  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:59:16.0323 0x0b80  udfs - ok
18:59:16.0355 0x0b80  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:59:16.0370 0x0b80  UI0Detect - ok
18:59:16.0386 0x0b80  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:59:16.0401 0x0b80  uliagpkx - ok
18:59:16.0433 0x0b80  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:59:16.0448 0x0b80  umbus - ok
18:59:16.0464 0x0b80  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
18:59:16.0464 0x0b80  UmPass - ok
18:59:16.0511 0x0b80  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
18:59:16.0511 0x0b80  UmRdpService - ok
18:59:16.0651 0x0b80  [ D47E82866A6FF02DAE9CEDF127C4BEE0, 15F2F637470859672FE93EAE03062C966FFE72F38FADB586B9C0DBC0C635A797 ] UNS             C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
18:59:16.0729 0x0b80  UNS - ok
18:59:16.0760 0x0b80  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
18:59:16.0791 0x0b80  upnphost - ok
18:59:16.0807 0x0b80  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
18:59:16.0807 0x0b80  USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
18:59:16.0869 0x0b80  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
18:59:16.0901 0x0b80  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
18:59:16.0916 0x0b80  usbaudio - ok
18:59:16.0932 0x0b80  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:59:16.0947 0x0b80  usbccgp - ok
18:59:16.0979 0x0b80  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:59:16.0979 0x0b80  usbcir - ok
18:59:17.0010 0x0b80  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:59:17.0025 0x0b80  usbehci - ok
18:59:17.0057 0x0b80  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:59:17.0072 0x0b80  usbhub - ok
18:59:17.0103 0x0b80  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
18:59:17.0103 0x0b80  usbohci - ok
18:59:17.0119 0x0b80  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:59:17.0135 0x0b80  usbprint - ok
18:59:17.0150 0x0b80  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
18:59:17.0166 0x0b80  USBSTOR - ok
18:59:17.0181 0x0b80  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
18:59:17.0197 0x0b80  usbuhci - ok
18:59:17.0213 0x0b80  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
18:59:17.0244 0x0b80  UxSms - ok
18:59:17.0244 0x0b80  [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] VaultSvc        C:\Windows\system32\lsass.exe
18:59:17.0259 0x0b80  VaultSvc - ok
18:59:17.0291 0x0b80  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:59:17.0291 0x0b80  vdrvroot - ok
18:59:17.0337 0x0b80  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
18:59:17.0369 0x0b80  vds - ok
18:59:17.0400 0x0b80  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:59:17.0400 0x0b80  vga - ok
18:59:17.0415 0x0b80  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:59:17.0447 0x0b80  VgaSave - ok
18:59:17.0462 0x0b80  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:59:17.0478 0x0b80  vhdmp - ok
18:59:17.0509 0x0b80  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:59:17.0509 0x0b80  viaide - ok
18:59:17.0540 0x0b80  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
18:59:17.0540 0x0b80  vmbus - ok
18:59:17.0556 0x0b80  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
18:59:17.0556 0x0b80  VMBusHID - ok
18:59:17.0587 0x0b80  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:59:17.0587 0x0b80  volmgr - ok
18:59:17.0618 0x0b80  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:59:17.0634 0x0b80  volmgrx - ok
18:59:17.0665 0x0b80  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:59:17.0665 0x0b80  volsnap - ok
18:59:17.0696 0x0b80  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
18:59:17.0712 0x0b80  vsmraid - ok
18:59:17.0774 0x0b80  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
18:59:17.0837 0x0b80  VSS - ok
18:59:17.0837 0x0b80  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:59:17.0852 0x0b80  vwifibus - ok
18:59:17.0868 0x0b80  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:59:17.0883 0x0b80  vwififlt - ok
18:59:17.0899 0x0b80  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
18:59:17.0915 0x0b80  vwifimp - ok
18:59:17.0946 0x0b80  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
18:59:17.0977 0x0b80  W32Time - ok
18:59:17.0993 0x0b80  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
18:59:17.0993 0x0b80  WacomPen - ok
18:59:18.0039 0x0b80  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:59:18.0055 0x0b80  WANARP - ok
18:59:18.0071 0x0b80  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:59:18.0102 0x0b80  Wanarpv6 - ok
18:59:18.0180 0x0b80  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:59:18.0258 0x0b80  WatAdminSvc - ok
18:59:18.0320 0x0b80  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
18:59:18.0398 0x0b80  wbengine - ok
18:59:18.0429 0x0b80  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:59:18.0445 0x0b80  WbioSrvc - ok
18:59:18.0476 0x0b80  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:59:18.0492 0x0b80  wcncsvc - ok
18:59:18.0507 0x0b80  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:59:18.0523 0x0b80  WcsPlugInService - ok
18:59:18.0554 0x0b80  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
18:59:18.0570 0x0b80  Wd - ok
18:59:18.0601 0x0b80  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:59:18.0632 0x0b80  Wdf01000 - ok
18:59:18.0663 0x0b80  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:59:18.0663 0x0b80  WdiServiceHost - ok
18:59:18.0679 0x0b80  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:59:18.0679 0x0b80  WdiSystemHost - ok
18:59:18.0710 0x0b80  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
18:59:18.0726 0x0b80  WebClient - ok
18:59:18.0741 0x0b80  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:59:18.0757 0x0b80  Wecsvc - ok
18:59:18.0773 0x0b80  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:59:18.0804 0x0b80  wercplsupport - ok
18:59:18.0819 0x0b80  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:59:18.0851 0x0b80  WerSvc - ok
18:59:18.0882 0x0b80  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:59:18.0897 0x0b80  WfpLwf - ok
18:59:18.0913 0x0b80  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:59:18.0929 0x0b80  WIMMount - ok
18:59:18.0944 0x0b80  WinDefend - ok
18:59:18.0960 0x0b80  WinHttpAutoProxySvc - ok
18:59:19.0007 0x0b80  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:59:19.0038 0x0b80  Winmgmt - ok
18:59:19.0100 0x0b80  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
18:59:19.0178 0x0b80  WinRM - ok
18:59:19.0225 0x0b80  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
18:59:19.0241 0x0b80  WinUsb - ok
18:59:19.0272 0x0b80  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:59:19.0303 0x0b80  Wlansvc - ok
18:59:19.0319 0x0b80  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:59:19.0334 0x0b80  WmiAcpi - ok
18:59:19.0365 0x0b80  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:59:19.0365 0x0b80  wmiApSrv - ok
18:59:19.0397 0x0b80  WMPNetworkSvc - ok
18:59:19.0412 0x0b80  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:59:19.0428 0x0b80  WPCSvc - ok
18:59:19.0459 0x0b80  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:59:19.0475 0x0b80  WPDBusEnum - ok
18:59:19.0490 0x0b80  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:59:19.0521 0x0b80  ws2ifsl - ok
18:59:19.0537 0x0b80  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
18:59:19.0553 0x0b80  wscsvc - ok
18:59:19.0631 0x0b80  [ 499034D7F1F6AF49F9EE12F8822793CB, 55D591C4861AF66C6B9201BF78808B2ECE7B79D95C6BB07FF0ED87EFE63DD99E ] wuauserv        C:\Windows\system32\wuaueng.dll
18:59:19.0693 0x0b80  wuauserv - ok
18:59:19.0724 0x0b80  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:59:19.0724 0x0b80  WudfPf - ok
18:59:19.0755 0x0b80  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\drivers\WUDFRd.sys
18:59:19.0771 0x0b80  WUDFRd - ok
18:59:19.0787 0x0b80  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:59:19.0802 0x0b80  wudfsvc - ok
18:59:19.0833 0x0b80  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:59:19.0849 0x0b80  WwanSvc - ok
18:59:19.0880 0x0b80  ================ Scan global ===============================
18:59:19.0911 0x0b80  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
18:59:19.0943 0x0b80  [ E80CA72FA43BF258E72C408CEF9839BE, 06482E80F43AD91F4B9E5919A0C50219382213D59EACF9FBAE7AFD7A321F30D2 ] C:\Windows\system32\winsrv.dll
18:59:19.0958 0x0b80  [ E80CA72FA43BF258E72C408CEF9839BE, 06482E80F43AD91F4B9E5919A0C50219382213D59EACF9FBAE7AFD7A321F30D2 ] C:\Windows\system32\winsrv.dll
18:59:19.0974 0x0b80  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
18:59:20.0005 0x0b80  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
18:59:20.0005 0x0b80  [ Global ] - ok
18:59:20.0005 0x0b80  ================ Scan MBR ==================================
18:59:20.0021 0x0b80  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:59:20.0504 0x0b80  \Device\Harddisk0\DR0 - ok
18:59:20.0504 0x0b80  [ 8CB37AFC263A219EBB7586F9C495114E ] \Device\Harddisk1\DR2
18:59:20.0582 0x0b80  \Device\Harddisk1\DR2 - ok
18:59:20.0582 0x0b80  ================ Scan VBR ==================================
18:59:20.0582 0x0b80  [ F921DEE2F7FFB901C0941AAFBACB5EBE ] \Device\Harddisk0\DR0\Partition1
18:59:20.0582 0x0b80  \Device\Harddisk0\DR0\Partition1 - ok
18:59:20.0598 0x0b80  [ 8A008DC2CF13764394B470B622E44272 ] \Device\Harddisk1\DR2\Partition1
18:59:20.0598 0x0b80  \Device\Harddisk1\DR2\Partition1 - ok
18:59:20.0598 0x0b80  ================ Scan generic autorun ======================
18:59:20.0660 0x0b80  [ 1E69319B2F7C46070DC8E6BAF0941FE2, 709FF756E6A09857F1C84F384903C6A64B36D2702F1568E404D97CE2649F6D74 ] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
18:59:20.0691 0x0b80  picon - ok
18:59:20.0723 0x0b80  [ BCD3D63304E96B023DDADE00204F2031, D12144F8DFFB7F88069F3A6A0CA1CDE777BAD05E5FAB48AC182DDA5C6BB8F9A6 ] C:\Windows\system32\igfxtray.exe
18:59:20.0738 0x0b80  IgfxTray - ok
18:59:20.0754 0x0b80  [ DFCA0E9868F98B565CE512D1F74D77D8, 378CB5512D409372ABB9C75A260F9432132FB966C2DE6CCF1C7EC9C50C10CC63 ] C:\Windows\system32\hkcmd.exe
18:59:20.0785 0x0b80  HotKeysCmds - ok
18:59:20.0801 0x0b80  [ 77DE46E7DC1292EF3389691C51F1AD07, 5C793C22AF278E578E01F9F2861B98FBDE69B071908C7F08FE1635C9BC26F6DA ] C:\Windows\system32\igfxpers.exe
18:59:20.0832 0x0b80  Persistence - ok
18:59:20.0879 0x0b80  [ AFD15F701B550037FFDDE6B18171479D, 38C049529611653832944B9A624BA9E336E0AFE668CEDD95BDAF550A9605ADF5 ] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
18:59:20.0925 0x0b80  SoundMAXPnP - ok
18:59:21.0003 0x0b80  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:59:21.0050 0x0b80  Sidebar - ok
18:59:21.0081 0x0b80  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
18:59:21.0081 0x0b80  mctadmin - ok
18:59:21.0128 0x0b80  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:59:21.0159 0x0b80  Sidebar - ok
18:59:21.0159 0x0b80  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
18:59:21.0175 0x0b80  mctadmin - ok
18:59:21.0284 0x0b80  [ FF5A935E668B24DF3CF1E0B245A69970, 55E171FD6A337A986AE30B3FB557EC978822B7A4A913F0B9281672FAF274A39A ] C:\PROGRA~2\INTERN~2\mum.exe
18:59:21.0331 0x0b80  InternodeUsage - detected UnsignedFile.Multi.Generic ( 1 )
18:59:21.0331 0x0b80  InternodeUsage ( UnsignedFile.Multi.Generic ) - warning
18:59:21.0331 0x0b80  Force sending object to P2P due to detect: C:\PROGRA~2\INTERN~2\mum.exe
18:59:21.0331 0x0b80  Object send P2P result: false
18:59:21.0362 0x0b80  Win FW state via NFP2: enabled ( trusted )
18:59:21.0362 0x0b80  ============================================================
18:59:21.0362 0x0b80  Scan finished
18:59:21.0362 0x0b80  ============================================================
18:59:21.0362 0x0e60  Detected object count: 2
18:59:21.0362 0x0e60  Actual detected object count: 2
18:59:50.0924 0x0e60  USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
18:59:50.0924 0x0e60  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:59:50.0924 0x0e60  InternodeUsage ( UnsignedFile.Multi.Generic ) - skipped by user
18:59:50.0924 0x0e60  InternodeUsage ( UnsignedFile.Multi.Generic ) - User select action: Skip
 



#8 Primo2

Primo2
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 16 September 2015 - 04:37 AM

Note that mum.exe is from http://www.internode.on.net/support/tools/usage_meters/



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:48 AM

Posted 16 September 2015 - 04:43 AM

Hi Primo,
 
next step:

Step 1

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 Primo2

Primo2
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 16 September 2015 - 05:00 AM

ComboFix 15-09-07.01 - Sally 16/09/2015  19:19:01.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.3991.2768 [GMT 9.5:30]
Running from: c:\users\Sally\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\Sally\AppData\Roaming\BackUp984931017-exe.suspicious
c:\windows\SysWow64\SET9F2.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2015-08-16 to 2015-09-16  )))))))))))))))))))))))))))))))
.
.
2015-09-16 09:51 . 2015-09-16 09:51 -------- d-----w- c:\users\Sally\AppData\Local\temp
2015-09-16 09:51 . 2015-09-16 09:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-09-16 01:54 . 2015-09-16 01:54 -------- d-----w- c:\users\Sally\Doctor Web
2015-09-10 08:29 . 2015-09-10 08:30 -------- d-----w- C:\FRST
2015-09-09 06:07 . 2015-09-09 06:26 -------- d-----w- c:\programdata\SecTaskMan
2015-09-09 03:58 . 2015-09-09 04:16 198 ----a-w- C:\cleanup.bat
2015-09-08 15:36 . 2015-09-16 01:56 -------- d-----w- c:\users\Sally\AppData\Roaming\tor
2015-09-08 11:32 . 2015-07-20 18:12 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-09-08 11:21 . 2015-09-08 11:21 -------- d-----w- c:\users\Sally\AppData\Local\Diagnostics
2015-09-08 09:55 . 2015-09-08 09:55 -------- d-----w- c:\program files\Common Files\Microsoft
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-08 11:40 . 2015-03-28 08:50 132483416 ----a-w- c:\windows\system32\MRT.exe
2015-07-28 01:32 . 2015-07-28 01:32 312752 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2015-07-28 01:31 . 2015-07-28 01:31 245680 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2015-07-15 17:54 . 2015-09-08 11:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-04 18:07 . 2015-07-15 13:56 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-15 13:56 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InternodeUsage"="c:\progra~2\INTERN~2\mum.exe" [2014-12-06 2242560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TP-LINK Wireless Configuration Utility.lnk - c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe -nogui [2014-8-8 848384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BS984931017;BS984931017;c:\users\Sally\AppData\Local\Temp\NTFS.sys;c:\users\Sally\AppData\Local\Temp\NTFS.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [x]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys;c:\windows\SYSNATIVE\DRIVERS\BthAvrcp.sys [x]
S3 e1kexpress;Intel® Network Connections Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 33787718
*Deregistered* - 33787718
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-02 21:17 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-23 07:09]
.
2015-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-23 07:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-24 796696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-17 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-17 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-17 417560]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-09-16  19:23:00
ComboFix-quarantined-files.txt  2015-09-16 09:53
.
Pre-Run: 118,643,568,640 bytes free
Post-Run: 119,912,902,656 bytes free
.
- - End Of File - - C8C89C8BE8095935974B50E44F748D62
A36C5E4F47E84449FF07ED3517B43A31
 



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:48 AM

Posted 16 September 2015 - 05:05 AM

Please try now to install MBAM:

Step 1

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif


Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 Primo2

Primo2
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 16 September 2015 - 05:07 AM

Note that until last week "c:\users\Sally\AppData\Roaming\BackUp984931017-exe.suspicious" was named "...\BackUp984931017.exe"

I found it in the Startup folder (or Run registry setting) and didn't recognise it, so unreferenced and renamed it.

 

Any idea what this, and SET9F2.exe are?



#13 Primo2

Primo2
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 16 September 2015 - 05:13 AM

In your instructions for running MBAM, you say "open ... and update the database".

As this machine is currently quarantined from the local network and the Internet, it won't be able to download any database updates.

Will this be a problem?

If so, is there another way to update its database? (e.g. by running it on a safe computer first, and copying the database)



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:48 AM

Posted 16 September 2015 - 05:16 AM

You have to connect the pc with the internet for the next steps.

 

 

Any idea what this, and SET9F2.exe are?

 

I will have a look on it later.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 Primo2

Primo2
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 16 September 2015 - 05:58 AM

<?xml version="1.0" encoding="UTF-16" ?>

 

<mbam-log>

 

<header>

 

<date>2015/09/16 19:59:26 +0930</date>

 

<logfile>mbam-log-2015-09-16 (19-59-23).xml</logfile>

 

<isadmin>yes</isadmin>

 

</header>

 

<engine>

 

<version>2.1.8.1057</version>

 

<malware-database>v2015.09.16.02</malware-database>

 

<rootkit-database>v2015.08.16.01</rootkit-database>

 

<license>free</license>

 

<file-protection>disabled</file-protection>

 

<web-protection>disabled</web-protection>

 

<self-protection>disabled</self-protection>

 

</engine>

 

<system>

 

<osversion>Windows 7 Service Pack 1</osversion>

 

<arch>x64</arch>

 

<username>Sally</username>

 

<filesys>NTFS</filesys>

 

</system>

 

<summary>

 

<type>threat</type>

 

<result>completed</result>

 

<objects>350834</objects>

 

<time>596</time>

 

<processes>0</processes>

 

<modules>0</modules>

 

<keys>1</keys>

 

<values>1</values>

 

<datas>0</datas>

 

<folders>0</folders>

 

<files>2</files>

 

<sectors>0</sectors>

 

</summary>

 

<options>

 

<memory>enabled</memory>

 

<startup>enabled</startup>

 

<filesystem>enabled</filesystem>

 

<archives>enabled</archives>

 

<rootkits>enabled</rootkits>

 

<deeprootkit>disabled</deeprootkit>

 

<heuristics>enabled</heuristics>

 

<pup>enabled</pup>

 

<pum>enabled</pum>

 

</options>

 

<items>

 

<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BS984931017</path><vendor>Trojan.Agent.E</vendor><action>success</action><hash>fc968ea23457cc6ab648e4e50400758b</hash></key>

 

<value><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BS984931017</path><valuename>ImagePath</valuename><vendor>Trojan.Agent.E</vendor><action>success</action><valuedata>\??\C:\Users\Sally\AppData\Local\Temp\NTFS.sys</valuedata><hash>fc968ea23457cc6ab648e4e50400758b</hash></value>

 

<file><path>C:\temp\RemoveWAT.exe</path><vendor>HackTool.WpaKill</vendor><action>success</action><hash>f39f9997ddaedc5a068a42727b863dc3</hash></file>

 

<file><path>C:\Users\Sally\Desktop\explorer.exe</path><vendor>RiskWare.HeuristicsReservedWordExploit</vendor><action>success</action><hash>8111d759b3d888ae7786a7c87e87ed13</hash></file>

 

</items>

 

</mbam-log>






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users