Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBR rootkit - Persistent browser pop ups & redirects


  • This topic is locked This topic is locked
23 replies to this topic

#1 Jmanm

Jmanm

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 26 October 2015 - 03:26 AM

Hello... My problem is when browsing in chrome sometimes a pop up appears & the tab can't be closed, process has to be killed in task man. Other times clicking on various parts of the webpage causes tabs to open to other sites. ATM chrome is the only browser I have.

I regularly run ccleaner, malawarebytes, spybot s&d but cleaning what ever they find doesn't fix this issue. I scanned using roguekiller and it shows MBR sinowal rootkit plus other suspicious looking services. I did try to remove the rootkit but roguekiller stops at 70%. And when trying in safe mode it doesn't remove it either, after the restart for the effect to take place,nothing happens, just the os boots up and the rootkit is still there. I would like to know what I need to do to get rid of this browser issue & what to do about this rootkit roguekiller has detected.

 

I have attached both FRST.txt & addition.txt, as pasting the FRST text into a thread wont let me post the thread.

 

thanks

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:50 PM

Posted 26 October 2015 - 01:57 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

tdss.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Jmanm

Jmanm
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 26 October 2015 - 06:10 PM

Hello,

 

09:59:14.0493 0x0adc  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
09:59:31.0085 0x0adc  ============================================================
09:59:31.0085 0x0adc  Current date / time: 2015/10/27 09:59:31.0085
09:59:31.0085 0x0adc  SystemInfo:
09:59:31.0085 0x0adc  
09:59:31.0085 0x0adc  OS Version: 6.0.6002 ServicePack: 2.0
09:59:31.0085 0x0adc  Product type: Workstation
09:59:31.0085 0x0adc  ComputerName: ADMIN-PC
09:59:31.0110 0x0adc  UserName: ADMIN
09:59:31.0110 0x0adc  Windows directory: C:\Windows
09:59:31.0110 0x0adc  System windows directory: C:\Windows
09:59:31.0110 0x0adc  Processor architecture: Intel x86
09:59:31.0110 0x0adc  Number of processors: 8
09:59:31.0110 0x0adc  Page size: 0x1000
09:59:31.0110 0x0adc  Boot type: Normal boot
09:59:31.0110 0x0adc  ============================================================
09:59:33.0026 0x0adc  KLMD registered as C:\Windows\system32\drivers\03991063.sys
09:59:33.0219 0x0adc  System UUID: {7EFD64B0-1346-096F-8BB9-6443231CF21D}
09:59:33.0885 0x0adc  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:59:33.0887 0x0adc  ============================================================
09:59:33.0887 0x0adc  \Device\Harddisk0\DR0:
09:59:33.0887 0x0adc  MBR partitions:
09:59:33.0887 0x0adc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
09:59:33.0887 0x0adc  ============================================================
09:59:33.0923 0x0adc  C: <-> \Device\Harddisk0\DR0\Partition1
09:59:33.0923 0x0adc  ============================================================
09:59:33.0923 0x0adc  Initialize success
09:59:33.0923 0x0adc  ============================================================
10:01:23.0589 0x1554  ============================================================
10:01:23.0590 0x1554  Scan started
10:01:23.0590 0x1554  Mode: Manual; SigCheck; TDLFS; 
10:01:23.0590 0x1554  ============================================================
10:01:23.0590 0x1554  KSN ping started
10:01:23.0669 0x1554  KSN ping finished: false
10:01:24.0629 0x1554  ================ Scan system memory ========================
10:01:24.0629 0x1554  System memory - ok
10:01:24.0630 0x1554  ================ Scan services =============================
10:01:24.0797 0x1554  [ FF4A3A13C882D103BFD9E0565F66AC12, 262AC5C8D5F427947544EC35A47FCBD57CB30DE9D11C4E7FD98E4819EF7206A9 ] 360SelfProtection C:\Windows\system32\drivers\360SelfProtection.sys
10:01:24.0988 0x1554  360SelfProtection - ok
10:01:25.0015 0x1554  6077757b - ok
10:01:25.0047 0x1554  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
10:01:25.0063 0x1554  ACPI - ok
10:01:25.0112 0x1554  [ 6D7F09CD92A9FEF3A8EFCE66231FDD79, FBEE01F2FFDB6854F682B4BE91673462A146927DD333D3C4DE66E6B86D9ED8DB ] adfs            C:\Windows\system32\drivers\adfs.sys
10:01:25.0119 0x1554  adfs - ok
10:01:25.0201 0x1554  [ 4BC381316F422F3A5D5A957D3AA2224E, FFE1D5C9A1A79D9D2A337BC5D3FD718039D9E0ED163A62975C34F8532872937C ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
10:01:25.0242 0x1554  Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
10:01:25.0357 0x1554  Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
10:01:25.0426 0x1554  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB, 0342700760874683A6DF4F149DACACEF0569D40C45FC5958C67100B3C5D9BBBC ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
10:01:25.0452 0x1554  adp94xx - ok
10:01:25.0489 0x1554  [ B84088CA3CDCA97DA44A984C6CE1CCAD, 87009809FB101BF51483FA32318CBCD209386582880C82417BE4FFAD1B04C8C1 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
10:01:25.0513 0x1554  adpahci - ok
10:01:25.0561 0x1554  [ 7880C67BCCC27C86FD05AA2AFB5EA469, C8B06E203EEA6EAD19651F212432005ABADFF21E2AA5699E34040527394F2677 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
10:01:25.0569 0x1554  adpu160m - ok
10:01:25.0592 0x1554  [ 9AE713F8E30EFC2ABCCD84904333DF4D, B0C7801AC6E0811C38F0474703F34283914C8873D851F59EE232834F7C0D8087 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
10:01:25.0602 0x1554  adpu320 - ok
10:01:25.0642 0x1554  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:01:25.0713 0x1554  AeLookupSvc - ok
10:01:25.0765 0x1554  [ A201207363AA900ABF1A388468688570, C772D8546BBA93553AFCD553B7CF50C252B1F8B45A4A415014B48308F1D7ECD6 ] AFD             C:\Windows\system32\drivers\afd.sys
10:01:25.0801 0x1554  AFD - ok
10:01:25.0848 0x1554  [ EF23439CDD587F64C2C1B8825CEAD7D8, 762665CFC202B3E16CA2338887896FDF996331A363DC709F1EC088BF927133A3 ] agp440          C:\Windows\system32\drivers\agp440.sys
10:01:25.0855 0x1554  agp440 - ok
10:01:25.0891 0x1554  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
10:01:25.0899 0x1554  aic78xx - ok
10:01:25.0936 0x1554  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
10:01:26.0025 0x1554  ALG - ok
10:01:26.0049 0x1554  [ 90395B64600EBB4552E26E178C94B2E4, 73095893964DC7915983B58A567184FC51949C99341E7E0D04D70CC4C4F95E37 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:01:26.0055 0x1554  aliide - ok
10:01:26.0064 0x1554  [ 2B13E304C9DFDFA5EB582F6A149FA2C7, 196CCE13E0376526B79D9C43D4071990576C4DD210A48E9E922B438AA11C95E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
10:01:26.0071 0x1554  amdagp - ok
10:01:26.0088 0x1554  [ 0577DF1D323FE75A739C787893D300EA, 079EF3CA18FB847DB7E62929071BFF007FAF390E1DBF4C59F28DAAC6B9C2DE51 ] amdide          C:\Windows\system32\drivers\amdide.sys
10:01:26.0093 0x1554  amdide - ok
10:01:26.0122 0x1554  [ DC487885BCEF9F28EECE6FAC0E5DDFC5, 24A62F6E628AD46273BC226F7BC3453A9C7B76F81ABB9FB801EBEFADB2AB7C9B ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
10:01:26.0254 0x1554  AmdK7 - ok
10:01:26.0269 0x1554  [ 0CA0071DA4315B00FC1328CA86B425DA, 4F816FA2197166A83A266084F9D5ED68876D0521D378F90F1314DD53C6FB8814 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
10:01:26.0310 0x1554  AmdK8 - ok
10:01:26.0388 0x1554  [ 40DC9657AA9A31C76AF36CA66BF18C8F, 7D9C19D4920A8A9B2527FA50A8EE951A1087DF30325D49B849DFC68AA8E50DB8 ] AnyDVD          C:\Windows\system32\Drivers\AnyDVD.sys
10:01:26.0478 0x1554  AnyDVD - ok
10:01:26.0523 0x1554  [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
10:01:26.0551 0x1554  Appinfo - ok
10:01:26.0641 0x1554  [ A5299D04ED225D64CF07A568A3E1BF8C, 6F7E73893127BADC8C9815E9BCC0EB5F6584E254D0D09A0B6A680704C71E0A90 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:01:26.0660 0x1554  Apple Mobile Device - ok
10:01:26.0708 0x1554  [ 75A8B998EB259DD512F01EA25BEC7F3B, 306AA2860A8677062A1DE503081FAC4FA764669115629D64236923FACC0C8EEE ] AppleCharger    C:\Windows\system32\DRIVERS\AppleCharger.sys
10:01:26.0714 0x1554  AppleCharger - ok
10:01:26.0751 0x1554  [ 95EF7247C50C7241FDAE39A9B3AFF4AE, 6E08FB095C04B2E217B139D6431336C0F24C128A2A83082A3085DC8C44AA247D ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
10:01:26.0756 0x1554  AppleChargerSrv - ok
10:01:26.0801 0x1554  [ 0FE769CAE5855B53C90E23F85E7E89FF, 7163E364D33EDABCFC1E1B586D28FA906F34A764BF4B3031DF020043EAE0D3BF ] AppMgmt         C:\Windows\System32\appmgmts.dll
10:01:26.0856 0x1554  AppMgmt - ok
10:01:26.0882 0x1554  [ 5F673180268BB1FDB69C99B6619FE379, C4307A861163F96648109046A6C7D53AB1C9B10D0B841DD1A7D147D22F462649 ] arc             C:\Windows\system32\drivers\arc.sys
10:01:26.0889 0x1554  arc - ok
10:01:26.0967 0x1554  [ D781CB30626FF2F391BC9EC6E20801B9, C6776C31DC27D810EE731C0D6BF2956DBF183FB0CFB3B37388D381B6CFC97B1F ] archlp          C:\Windows\system32\drivers\archlp.sys
10:01:26.0975 0x1554  archlp - ok
10:01:27.0010 0x1554  [ 957F7540B5E7F602E44648C7DE5A1C05, F03C7708A6C9D2579ECE5A7413AFA068E1067D7191EC653A78BA4FEDE76CFBD8 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
10:01:27.0017 0x1554  arcsas - ok
10:01:27.0057 0x1554  [ DB3490F2F275361357A143879A2EEB9D, 9B41E820C0479E9FAD54832315992991C51520C2F99FF3131775E7E21BF34EF0 ] asahci32        C:\Windows\system32\DRIVERS\asahci32.sys
10:01:27.0100 0x1554  asahci32 - ok
10:01:27.0124 0x1554  [ 98D744784A5BB46C73187A890F415E1E, BC51C12D046EA62A32325A79AF2814EFC36D1D641E75F98F5CE1CB1E1868E808 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
10:01:27.0132 0x1554  asmthub3 - ok
10:01:27.0162 0x1554  [ 1B8BE9A2ED0F64F7DDA7DA7B3C84BF84, 62C758741AE9CF856FDB13F93A5499EDE514F646A9B52F4120FE517700D8F577 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
10:01:27.0186 0x1554  asmtxhci - ok
10:01:27.0305 0x1554  [ A986FCFDAC587E68478DB51547B90800, 17FF020ED0998F507EAED09DF7C35329EEA1D7DA9FA3C1F4EA4823D5C1FCE661 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
10:01:27.0318 0x1554  aspnet_state - detected UnsignedFile.Multi.Generic ( 1 )
10:01:27.0318 0x1554  aspnet_state ( UnsignedFile.Multi.Generic ) - warning
10:01:27.0350 0x1554  [ A0D86B8AC93EF95620420C7A24AC5344, 1A6C0F8ED14753DF84C494BD7118A22B6F653D625D641F90FEE36FDBBB8ECBD0 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
10:01:27.0355 0x1554  aswFsBlk - ok
10:01:27.0391 0x1554  [ BD9119468C32B7ECD1E0544D3F286A73, 666C6C62914380A8D577AA0897238A2AABA59159F38A23EDE557D7E79F1A848E ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
10:01:27.0396 0x1554  aswMonFlt - ok
10:01:27.0436 0x1554  [ 69823954BBD461A73D69774928C9737E, DB551087477C0B79906C573AB9A6DC62EE8FCC9A1E4BCB2D4D6ACB42BDDC4BC3 ] aswRdr          C:\Windows\system32\drivers\aswRdr.sys
10:01:27.0441 0x1554  aswRdr - ok
10:01:27.0479 0x1554  [ 7ECC2776638B04553F9A85BD684C3ABF, F2757EA50AFEE8208452E384766A1916422B3B9D89C781EFD370AC81D138B3D8 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
10:01:27.0487 0x1554  aswSP - ok
10:01:27.0513 0x1554  [ 095ED820A926AA8189180B305E1BCFC9, F449848AC543303B13EED71FDE79B0F01C081FF8D79D2CDE191C5156DAFCF4DC ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
10:01:27.0518 0x1554  aswTdi - ok
10:01:27.0562 0x1554  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:01:27.0593 0x1554  AsyncMac - ok
10:01:27.0608 0x1554  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
10:01:27.0614 0x1554  atapi - ok
10:01:27.0632 0x1554  AtiHdmiService - ok
10:01:27.0690 0x1554  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:01:27.0741 0x1554  AudioEndpointBuilder - ok
10:01:27.0749 0x1554  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
10:01:27.0769 0x1554  Audiosrv - ok
10:01:27.0854 0x1554  [ 17681266E789BA928CBED70DD58EE4B1, 82FDDC3854562A4918C9C77AD5904097961EB0AB16A59A6206C1319B24F397CA ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
10:01:27.0873 0x1554  Autodesk Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
10:01:27.0873 0x1554  Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - warning
10:01:27.0930 0x1554  [ ACB544D7254F366DFB48F380BC36CD25, 0F699DE9428B14D82783E8593B4E6CA22FAB67933FFB5F40AA27DAEAA10445D3 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
10:01:27.0935 0x1554  avast! Antivirus - ok
10:01:27.0938 0x1554  [ ACB544D7254F366DFB48F380BC36CD25, 0F699DE9428B14D82783E8593B4E6CA22FAB67933FFB5F40AA27DAEAA10445D3 ] avast! Mail Scanner C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
10:01:27.0942 0x1554  avast! Mail Scanner - ok
10:01:27.0945 0x1554  [ ACB544D7254F366DFB48F380BC36CD25, 0F699DE9428B14D82783E8593B4E6CA22FAB67933FFB5F40AA27DAEAA10445D3 ] avast! Web Scanner C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
10:01:27.0949 0x1554  avast! Web Scanner - ok
10:01:28.0012 0x1554  [ 40A19901EF39CB6C7DC37402FFDC987C, C188B5A942C9D2A4CD000B4FA88165CBB553A34C2C14FCD4472A0C965DE13750 ] AVerBDA6x       C:\Windows\system32\DRIVERS\AVerBDA716x.sys
10:01:28.0133 0x1554  AVerBDA6x - ok
10:01:28.0217 0x1554  [ 6A3BA0E71B07B9BA1DB49E5A8F3022BE, 01D06AD60ADC0F87C8BF66BF97EEE8170215596978FA988685B5139B75202B69 ] AVerRemote      C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
10:01:28.0243 0x1554  AVerRemote - detected UnsignedFile.Multi.Generic ( 1 )
10:01:28.0243 0x1554  AVerRemote ( UnsignedFile.Multi.Generic ) - warning
10:01:28.0316 0x1554  [ 95DC9658275F8CD1831296C29D7C5441, EF96C9CD8471DF8CD6DC14E051EA0B501FF2AF83F64D4B42EEA784CA47032585 ] AVerScheduleService C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
10:01:28.0381 0x1554  AVerScheduleService - detected UnsignedFile.Multi.Generic ( 1 )
10:01:28.0381 0x1554  AVerScheduleService ( UnsignedFile.Multi.Generic ) - warning
10:01:28.0422 0x1554  [ EE6A8BFEB66A9437073AEFE68B48E01C, 759D86CABBD3430B9EF3A1985A7452AE054907CB324E0E6F7C847EA7DC4D0857 ] BAPIDRV         C:\Windows\system32\drivers\BAPIDRV.SYS
10:01:28.0428 0x1554  BAPIDRV - ok
10:01:28.0507 0x1554  [ A2ECECE11639FEA1CCB66D853451F7E2, 1DEE5A7C710FEDB725610D17B71AA9D6FAD8039DE4EE1165854399A5D8193AD7 ] BazisVirtualCDBus C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys
10:01:28.0515 0x1554  BazisVirtualCDBus - ok
10:01:28.0547 0x1554  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:01:28.0573 0x1554  Beep - ok
10:01:28.0636 0x1554  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
10:01:28.0711 0x1554  BFE - ok
10:01:28.0778 0x1554  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
10:01:28.0855 0x1554  BITS - ok
10:01:28.0861 0x1554  blbdrive - ok
10:01:28.0940 0x1554  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:01:28.0988 0x1554  Bonjour Service - ok
10:01:29.0015 0x1554  [ 74B442B2BE1260B7588C136177CEAC66, CB489B0BDA6833297707499B3B3A166D1CF4CF4C1D734F0222D696B06C680E87 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:01:29.0034 0x1554  bowser - ok
10:01:29.0104 0x1554  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
10:01:29.0119 0x1554  BrFiltLo - ok
10:01:29.0138 0x1554  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
10:01:29.0152 0x1554  BrFiltUp - ok
10:01:29.0177 0x1554  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
10:01:29.0196 0x1554  Browser - ok
10:01:29.0224 0x1554  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
10:01:29.0264 0x1554  Brserid - ok
10:01:29.0283 0x1554  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
10:01:29.0327 0x1554  BrSerWdm - ok
10:01:29.0335 0x1554  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
10:01:29.0373 0x1554  BrUsbMdm - ok
10:01:29.0395 0x1554  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
10:01:29.0435 0x1554  BrUsbSer - ok
10:01:29.0468 0x1554  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
10:01:29.0519 0x1554  BTHMODEM - ok
10:01:29.0540 0x1554  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:01:29.0566 0x1554  cdfs - ok
10:01:29.0602 0x1554  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:01:29.0629 0x1554  cdrom - ok
10:01:29.0672 0x1554  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
10:01:29.0687 0x1554  CertPropSvc - ok
10:01:29.0716 0x1554  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
10:01:29.0735 0x1554  circlass - ok
10:01:29.0746 0x1554  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
10:01:29.0770 0x1554  CLFS - ok
10:01:29.0820 0x1554  [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:01:29.0827 0x1554  clr_optimization_v2.0.50727_32 - ok
10:01:29.0934 0x1554  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:01:29.0943 0x1554  clr_optimization_v4.0.30319_32 - ok
10:01:29.0960 0x1554  [ 45201046C776FFDAF3FC8A0029C581C8, 68A68CF2B76598BC8610EB5B2D3FD5BDC9D51CFC6F51FB7A0B0C92A2BE910FC6 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:01:29.0966 0x1554  cmdide - ok
10:01:30.0021 0x1554  [ B0FAED1298FCAE4E24CB506FE3C9598B, A4CFCBCA08A11B52762EAA12151574801AC90B5A0EC40D5589682BA2745F235A ] COMMONFX.DLL    C:\Windows\system32\COMMONFX.DLL
10:01:30.0059 0x1554  COMMONFX.DLL - ok
10:01:30.0074 0x1554  [ 82B8C91D327CFECF76CB58716F7D4997, 6F06A4BC44B170BB28BF464E9BB5216D39D11CB8D442570B575A741B032EAEE6 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
10:01:30.0100 0x1554  Compbatt - ok
10:01:30.0102 0x1554  COMSysApp - ok
10:01:30.0159 0x1554  [ 3B45DC77B3B627984CF4A75BA68E6720, D0D4510A8F232D59CF13E08A957B75D483877357CCDADA4875615F8B24361235 ] CorsairVBusDriver C:\Windows\system32\DRIVERS\CorsairVBusDriver.sys
10:01:30.0213 0x1554  CorsairVBusDriver - ok
10:01:30.0259 0x1554  [ E63EEFB35B2E45B924229D3E41C061C9, FC62734B3EDF5FA112877D7DC16DD07C6129CBB2D67772B35A8C2FA1B4FC3C5D ] CorsairVHidDriver C:\Windows\system32\DRIVERS\CorsairVHidDriver.sys
10:01:30.0264 0x1554  CorsairVHidDriver - ok
10:01:30.0275 0x1554  [ 2A213AE086BBEC5E937553C7D9A2B22C, 1F91ACC0426E0ED1717555B282F65629EF15021375B24A63C29C89ADE916EE2A ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
10:01:30.0282 0x1554  crcdisk - ok
10:01:30.0297 0x1554  [ 22A7F883508176489F559EE745B5BF5D, D6341E3FBC8A46D2D1F0477FA60EC4828B585D35B14609CD02868FD04ECD14DB ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
10:01:30.0326 0x1554  Crusoe - ok
10:01:30.0340 0x1554  [ FB27772BEAF8E1D28CCD825C09DA939B, D074A314FB3E6B2248F2DB0A734B98A110F618804449E055B4178BF414826982 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:01:30.0371 0x1554  CryptSvc - ok
10:01:30.0392 0x1554  [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C, 95E3AA76DAF3F9EDE1AAE9B85C779F2716097266F492E0A8D361C6ED9A9AC8CC ] CSC             C:\Windows\system32\drivers\csc.sys
10:01:30.0482 0x1554  CSC - ok
10:01:30.0532 0x1554  [ 0A2095F92F6AE4FE6484D911B0C21E95, 52E2E08107FEBD6B46E1C71B39ECA8AB1A0ECF18CA248D9172F831B6FAB99139 ] CscService      C:\Windows\System32\cscsvc.dll
10:01:30.0606 0x1554  CscService - ok
10:01:30.0627 0x1554  [ 22A7F883508176489F559EE745B5BF5D, D6341E3FBC8A46D2D1F0477FA60EC4828B585D35B14609CD02868FD04ECD14DB ] Cspqta0wetec    C:\Windows\system32\drivers\crusoe.sys
10:01:30.0656 0x1554  Cspqta0wetec - ok
10:01:30.0693 0x1554  [ FF365AE97908B3316C997B8BC1233DFB, 494EA0C021FE3C8E21C6CDB68FB7981257962C0D04760944CF3774AC446D9D71 ] CT20XUT.DLL     C:\Windows\system32\CT20XUT.DLL
10:01:30.0702 0x1554  CT20XUT.DLL - ok
10:01:30.0734 0x1554  [ C254B2D8758D7C9CF6B3B52C23F1310E, 6E21D80642ABAC4D5C52D6E2C9FD94212D8C3042D035819077044CAFABB05D64 ] ctac32k         C:\Windows\system32\drivers\ctac32k.sys
10:01:30.0759 0x1554  ctac32k - ok
10:01:30.0803 0x1554  [ E53EE577E8FA4ED2486FD128FD2C77F4, 333B8B9A7A7FEB883F3B9B658A54265B59C4BF2BAC70978BF77CACA5CE62A757 ] ctaud2k         C:\Windows\system32\drivers\ctaud2k.sys
10:01:30.0827 0x1554  ctaud2k - ok
10:01:30.0870 0x1554  [ CCE3AD4242BA06B638AC33B37F0675FA, 0A4002828505C155E2B14098C38C9B40658A1E76747EA735811ACF1F964D9FC3 ] CTAUDFX.DLL     C:\Windows\system32\CTAUDFX.DLL
10:01:30.0923 0x1554  CTAUDFX.DLL - ok
10:01:30.0966 0x1554  [ C299360A4852A560F20B14212929A9E0, DD0298E01D6E2B54FDF903ACC14C887E6749DB27F1ACBDFB6A70D136A9BFAB05 ] ctdvda2k        C:\Windows\system32\drivers\ctdvda2k.sys
10:01:30.0990 0x1554  ctdvda2k - ok
10:01:31.0038 0x1554  [ 9AD4E0DA757A1A1B905812D38E99B4DC, D848552493447EC8C883387ED94EFB6D9A3AF1F6B72EB60E8355B500DA5DC8B1 ] CTEAPSFX.DLL    C:\Windows\system32\CTEAPSFX.DLL
10:01:31.0048 0x1554  CTEAPSFX.DLL - ok
10:01:31.0115 0x1554  [ 1000E95CCB12346187B1934578B49479, 05871171727CC1A4FE2492588252BB7F5254DF4D7CD3030E67376D0447ACCC58 ] CTEDSPFX.DLL    C:\Windows\system32\CTEDSPFX.DLL
10:01:31.0136 0x1554  CTEDSPFX.DLL - ok
10:01:31.0145 0x1554  [ 932B09554B5FF64CADD5C34C8101F1CD, A760254AFF24CEA095334F54B60248EBD1D5453861D9ED28B212AFE3713BBDF6 ] CTEDSPIO.DLL    C:\Windows\system32\CTEDSPIO.DLL
10:01:31.0153 0x1554  CTEDSPIO.DLL - ok
10:01:31.0177 0x1554  [ E1EBC03E44D97FA3C268E6AF398BED50, A2B51F54EB0217A062B2237E54553B35654EFDE7F24C43C5B89ED67FC7A7C89A ] CTEDSPSY.DLL    C:\Windows\system32\CTEDSPSY.DLL
10:01:31.0222 0x1554  CTEDSPSY.DLL - ok
10:01:31.0241 0x1554  [ 7B8EB1FB8A8D75AE89A238ED2562D940, 489396D3671DA5FC2A95407B77CFCF04AEC158D6D819E7C33C8943626E5F56B3 ] CTERFXFX.DLL    C:\Windows\system32\CTERFXFX.DLL
10:01:31.0249 0x1554  CTERFXFX.DLL - ok
10:01:31.0314 0x1554  [ C6A640A37DB64B0665CB47A5B3DCBC4E, 43736BE3DBC12EE6127A3AD935D39708623C3D73F70CC08EB7C568614EE63307 ] CTEXFIFX.DLL    C:\Windows\system32\CTEXFIFX.DLL
10:01:31.0388 0x1554  CTEXFIFX.DLL - ok
10:01:31.0444 0x1554  [ 6807430428B76762039B8214044B6971, 669DF8D94DABE82092318970412E5ECE7B345A4449FBB0A622E33BC3624BC7D1 ] CTHWIUT.DLL     C:\Windows\system32\CTHWIUT.DLL
10:01:31.0451 0x1554  CTHWIUT.DLL - ok
10:01:31.0479 0x1554  [ E2833BB0EB46E7885DD012CBF92073C9, F6DFD82C5E1523DD8772E06041C40A6DE6E1DB3FE988DF98298F26CFB431116A ] ctprxy2k        C:\Windows\system32\drivers\ctprxy2k.sys
10:01:31.0483 0x1554  ctprxy2k - ok
10:01:31.0498 0x1554  [ 8F2BEA5BBDA7F087AE72CC76AE1B1C4D, 23D221EC80E459ACAE2A7588201656E16B2DA160BAFEA6D76DAD4FCED8583647 ] CTSBLFX.DLL     C:\Windows\system32\CTSBLFX.DLL
10:01:31.0537 0x1554  CTSBLFX.DLL - ok
10:01:31.0588 0x1554  [ BFF22435DEB9EA576D5C7C12944B70D1, 3887B962B27BA45627C7FF0019A02C8224EE3B405147BF9EDE22BF87AD46726D ] ctsfm2k         C:\Windows\system32\drivers\ctsfm2k.sys
10:01:31.0596 0x1554  ctsfm2k - ok
10:01:31.0612 0x1554  CX23880 - ok
10:01:31.0619 0x1554  CXAVXBAR - ok
10:01:31.0621 0x1554  CXTUNE - ok
10:01:31.0769 0x1554  [ DC338F7096BA9A77CC997534B25C8D2E, B3729CD378730AE6EB29AB8FA78EBCD61A37AF8D937A168E52BB9F9A374B714D ] CyberLink PowerDVD 14 Media Server Monitor Service C:\Program Files\CyberLink\PowerDVD14\Kernel\DMS\CLMSMonitorServicePDVD14.exe
10:01:31.0772 0x1554  Suspicious file ( NoAccess ): C:\Program Files\CyberLink\PowerDVD14\Kernel\DMS\CLMSMonitorServicePDVD14.exe. md5: DC338F7096BA9A77CC997534B25C8D2E, sha256: B3729CD378730AE6EB29AB8FA78EBCD61A37AF8D937A168E52BB9F9A374B714D
10:01:31.0772 0x1554  CyberLink PowerDVD 14 Media Server Monitor Service - detected LockedFile.Multi.Generic ( 1 )
10:01:31.0773 0x1554  CyberLink PowerDVD 14 Media Server Monitor Service ( LockedFile.Multi.Generic ) - warning
10:01:31.0773 0x1554  Force sending object to P2P due to detect: CyberLink PowerDVD 14 Media Server Monitor Service
10:01:31.0774 0x1554  Object send P2P result: false
10:01:31.0824 0x1554  [ 1103A2A0ECB0CC2BFB0619B3AB7EFB79, 1A438D6C49A680335378BCCDE9C878CF0854A584A452831EA0BEBE5C67F59EC4 ] CyberLink PowerDVD 14 Media Server Service C:\Program Files\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
10:01:31.0824 0x1554  Suspicious file ( NoAccess ): C:\Program Files\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe. md5: 1103A2A0ECB0CC2BFB0619B3AB7EFB79, sha256: 1A438D6C49A680335378BCCDE9C878CF0854A584A452831EA0BEBE5C67F59EC4
10:01:31.0825 0x1554  CyberLink PowerDVD 14 Media Server Service - detected LockedFile.Multi.Generic ( 1 )
10:01:31.0825 0x1554  CyberLink PowerDVD 14 Media Server Service ( LockedFile.Multi.Generic ) - warning
10:01:31.0825 0x1554  Force sending object to P2P due to detect: CyberLink PowerDVD 14 Media Server Service
10:01:31.0826 0x1554  Object send P2P result: false
10:01:31.0860 0x1554  [ C512B618D0E19339572AD125E26B9CB5, 6BBEFD340C7FBD9910D42C60C3BEFD7FBA2430FC2FC0DF2319C69C04E8C65E2D ] danewFltr       C:\Windows\system32\drivers\danew.sys
10:01:31.0896 0x1554  danewFltr - ok
10:01:31.0947 0x1554  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:01:32.0005 0x1554  DcomLaunch - ok
10:01:32.0049 0x1554  [ 218D8AE46C88E82014F5D73D0236D9B2, D404EE45EFC2557182DDD9C1B7244C10FC5AD3080A57CDFBF2C9D3B890F78852 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:01:32.0078 0x1554  DfsC - ok
10:01:32.0167 0x1554  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
10:01:32.0309 0x1554  DFSR - ok
10:01:32.0371 0x1554  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
10:01:32.0447 0x1554  Dhcp - ok
10:01:32.0474 0x1554  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
10:01:32.0482 0x1554  disk - ok
10:01:32.0524 0x1554  [ 30A08728740E71947AE1E073B5CE69B4, 6F313F09E17885A84F546E11215B4B451AAA0FFDF2E7A13211F862FAD18F5C8E ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:01:32.0563 0x1554  Dnscache - ok
10:01:32.0583 0x1554  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
10:01:32.0619 0x1554  dot3svc - ok
10:01:32.0665 0x1554  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
10:01:32.0725 0x1554  DPS - ok
10:01:32.0740 0x1554  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:01:32.0764 0x1554  drmkaud - ok
10:01:32.0792 0x1554  [ 1FC1EED3EA0C3A0ECF8A95B97E1B4831, 162CA60AFEEB45C45BA986D21660F23CF2432645993D4FAB8C8AE27CE40DA9AF ] dvd43llh        C:\Windows\system32\DRIVERS\dvd43llh.sys
10:01:32.0813 0x1554  dvd43llh - detected UnsignedFile.Multi.Generic ( 1 )
10:01:32.0813 0x1554  dvd43llh ( UnsignedFile.Multi.Generic ) - warning
10:01:32.0850 0x1554  [ 5C7E2097B91D689DED7A6FF90F0F3A25, D2F60DC99F292AAD54FB6F15B70BAC1F16030214260D25DA8C50B4E8DBD3DBAC ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:01:32.0995 0x1554  DXGKrnl - ok
10:01:33.0024 0x1554  [ F88FB26547FD2CE6D0A5AF2985892C48, F02E06E16830F5D3FAF61991F5A91E54BB3461F58AFE3BFB7A9066CD302B879F ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
10:01:33.0077 0x1554  E1G60 - ok
10:01:33.0107 0x1554  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
10:01:33.0122 0x1554  EapHost - ok
10:01:33.0163 0x1554  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
10:01:33.0172 0x1554  Ecache - ok
10:01:33.0197 0x1554  [ CC7BDDC55E72A9920FDD2B212A88C837, 181C886B1120E88D21DA30570293E2FBDFCEC65F7563EC27CE1929FF49DC41B4 ] EfiMon          C:\Windows\system32\Drivers\Efimon.sys
10:01:33.0203 0x1554  EfiMon - ok
10:01:33.0252 0x1554  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:01:33.0346 0x1554  ehRecvr - ok
10:01:33.0365 0x1554  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
10:01:33.0388 0x1554  ehSched - ok
10:01:33.0421 0x1554  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
10:01:33.0441 0x1554  ehstart - ok
10:01:33.0483 0x1554  [ E6739AAE91491D1114B5B66276A7C6E6, 08B418BA75E17E758C087FF607276FE42748A3AD04F2493A4F364BC923CDC035 ] ElbyCDFL        C:\Windows\system32\Drivers\ElbyCDFL.sys
10:01:33.0488 0x1554  ElbyCDFL - detected UnsignedFile.Multi.Generic ( 1 )
10:01:33.0489 0x1554  ElbyCDFL ( UnsignedFile.Multi.Generic ) - warning
10:01:33.0501 0x1554  [ 72753D5CC94A90F5CFC6C00ECC47163F, 824EEDCB94334912D8C44BC9626723F142DA95E9494C4B7D2F6EC7899CFF1DD2 ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
10:01:33.0507 0x1554  ElbyCDIO - ok
10:01:33.0545 0x1554  [ E8F3F21A71720C84BCF423B80028359F, 63114E6120F634224A0E83A5047B37C7D6F26CF99FE3C01CFC0AB8B1763BB084 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
10:01:33.0568 0x1554  elxstor - ok
10:01:33.0612 0x1554  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
10:01:33.0718 0x1554  EMDMgmt - ok
10:01:33.0735 0x1554  [ 7CC5C406A9A27676387130C3EECF552C, 160B2E7150204F3D420B9829E1E21A62C16F05ED99D8FD2D04CC5FE3EF97067D ] emupia          C:\Windows\system32\drivers\emupia2k.sys
10:01:33.0742 0x1554  emupia - ok
10:01:33.0782 0x1554  [ 3AF0AE042AFE486B22644CD3FBEBF2E2, 755A18C1507D0C3F3BF1B0CFAB96BB7D1C3D9D6F862F94B3069D00FC6B92A8AA ] etdrv           C:\Windows\etdrv.sys
10:01:33.0787 0x1554  etdrv - ok
10:01:33.0845 0x1554  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
10:01:33.0901 0x1554  EventSystem - ok
10:01:33.0972 0x1554  [ 606CCB34B6155596C57454C180CF55DE, D9D97FC984A40A062D1BF7A2C29C062588D335891615179FC77F33CAC29CD2AC ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
10:01:34.0018 0x1554  ewusbnet - ok
10:01:34.0045 0x1554  [ A744D66BCD4CABDD4B111D9E220B4D57, 284A2B254A882AF25A4AF1AB1621D75BCDE387FF2D3DDC7D8DCE2E6028AF4F45 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
10:01:34.0108 0x1554  ew_hwusbdev - ok
10:01:34.0154 0x1554  [ 6B4AC26C62F55AF324E3809EE2AD9F0C, F3C1C8D9D3903F968FE67B563D48FC10D2855B4F9FDDC6DA1A4B835CCC44476C ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
10:01:34.0191 0x1554  ew_usbenumfilter - ok
10:01:34.0231 0x1554  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
10:01:34.0281 0x1554  exfat - ok
10:01:34.0308 0x1554  [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:01:34.0349 0x1554  fastfat - ok
10:01:34.0387 0x1554  [ DFBA0F60FA301E5B1BFB1403A93EE23E, 727A01AA77BFD6B6FEB394A4C4CCBDB785987A1904F8EED3739A5F6D03C15965 ] Fax             C:\Windows\system32\fxssvc.exe
10:01:34.0505 0x1554  Fax - ok
10:01:34.0563 0x1554  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:01:34.0605 0x1554  fdc - ok
10:01:34.0630 0x1554  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
10:01:34.0693 0x1554  fdPHost - ok
10:01:34.0719 0x1554  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:01:34.0767 0x1554  FDResPub - ok
10:01:34.0805 0x1554  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:01:34.0813 0x1554  FileInfo - ok
10:01:34.0830 0x1554  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:01:34.0867 0x1554  Filetrace - ok
10:01:34.0933 0x1554  [ 1F63900E2EB00101B9ACA2B7A870704E, 5AFE1FC852937FECE6B33147BD0110436FE97F33BFDA3F69B1F5EDAD6FFC09C6 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:01:34.0988 0x1554  FLEXnet Licensing Service - ok
10:01:35.0031 0x1554  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:01:35.0048 0x1554  flpydisk - ok
10:01:35.0071 0x1554  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:01:35.0082 0x1554  FltMgr - ok
10:01:35.0142 0x1554  [ D49705F25390265CAD9B620F55EA968C, 91E1E943C115E9EDAB4AA4123997EA9E8116CB08F883B589595CB64267A2C786 ] FontCache       C:\Windows\system32\FntCache.dll
10:01:35.0226 0x1554  FontCache - ok
10:01:35.0286 0x1554  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:01:35.0322 0x1554  FontCache3.0.0.0 - ok
10:01:35.0344 0x1554  [ 65EA8B77B5851854F0C55C43FA51A198, 150BE6C195094DBEAC4FD73CC1C31FF59B77A73944574E244D280EE2DE69DC2F ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:01:35.0358 0x1554  Fs_Rec - ok
10:01:35.0388 0x1554  [ FECF4C2E42440A8D132BF94EEE3C3FC9, 38CA8707AABB4513FF3E4FD4FFA7D1117D3FE2224897ACC65DD55B207498B7C6 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:01:35.0398 0x1554  fvevol - ok
10:01:35.0432 0x1554  [ 4E1CD0A45C50A8882616CAE5BF82F3C5, 1B909AF150F7119A5685999451A85012F4A92F15F38390A281EA507E2D247BAE ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
10:01:35.0439 0x1554  gagp30kx - ok
10:01:35.0470 0x1554  [ D556CB79967E92B5CC69686D16C1D846, F4FF679066269392F6B7C3BA6257FC60DD609E4F9C491B00E1A16E4C405B0B9B ] gdrv            C:\Windows\gdrv.sys
10:01:35.0475 0x1554  gdrv - ok
10:01:35.0491 0x1554  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:01:35.0495 0x1554  GEARAspiWDM - ok
10:01:35.0555 0x1554  [ 483924F92E55A5F9423201EC635E2CED, FEDAC3616709F081A0FA48E2BF521CBCC35E11E523EBADDEACA7308AD14338B3 ] gfibto          C:\Windows\system32\drivers\gfibto.sys
10:01:35.0560 0x1554  gfibto - ok
10:01:35.0599 0x1554  [ 77EBF3E9386DAA51551AF429052D88D0, 94C3294BB9E14B07448734AE65B37801D3FF15BEC987D182A929A017FEF7B276 ] giveio          C:\Windows\system32\giveio.sys
10:01:35.0604 0x1554  giveio - detected UnsignedFile.Multi.Generic ( 1 )
10:01:35.0604 0x1554  giveio ( UnsignedFile.Multi.Generic ) - warning
10:01:35.0643 0x1554  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
10:01:35.0730 0x1554  gpsvc - ok
10:01:35.0817 0x1554  [ 751C1D2CA2ABF4A9F5A6B8D7D45B907C, 8F62DF65DB30770448E297D000B570683DEA454A5D84B5BCB1478D91030212DB ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:01:35.0829 0x1554  gusvc - ok
10:01:35.0930 0x1554  [ 54A8528D376EEF4646E80774EC43CED3, E687AEB07D9A415DE60E47957F51A1EF6ABCE998237EA8019B6DDFBA123F7776 ] ha10kx2k        C:\Windows\system32\drivers\ha10kx2k.sys
10:01:35.0993 0x1554  ha10kx2k - ok
10:01:36.0051 0x1554  [ 833051C6C6C42117191935F734CFBD97, 5EB5672ABC7994A4AFF855A572158B8BE4FC6E541CFD4B9BE4FF2739A9A6AFB8 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
10:01:36.0058 0x1554  hamachi - ok
10:01:36.0104 0x1554  [ 53B3D8B2F6828BB4E2311D13791462D8, 5CFDF407B6B3877E30EA0114D248A18BF1B93D2B1583004362B46430A16A6694 ] hap16v2k        C:\Windows\system32\drivers\hap16v2k.sys
10:01:36.0116 0x1554  hap16v2k - ok
10:01:36.0148 0x1554  [ CE4521ECB4AC6804C82541A485D0139C, 2AE0E9D3A78A58017204A66DF18A0E07DDB33EEC50849B7E84C650744823C7D2 ] hap17v2k        C:\Windows\system32\drivers\hap17v2k.sys
10:01:36.0161 0x1554  hap17v2k - ok
10:01:36.0221 0x1554  [ ED32D389F8B0E74E400932E020BCFBDF, 5F8F5F79FFD25C8717A501A34ED77833F67E48C08F1B641D9C9E56DFF1FE8E34 ] hardlock        C:\Windows\system32\drivers\hardlock.sys
10:01:36.0335 0x1554  hardlock - ok
10:01:36.0377 0x1554  [ 2DD25F060DC9F79B5CDF33D90ED93669, 1095E091B1F42E04B054478E029D166990A375D27E9B9D0D1170F35536462C8E ] Haspnt          C:\Windows\system32\drivers\Haspnt.sys
10:01:36.0390 0x1554  Haspnt - detected UnsignedFile.Multi.Generic ( 1 )
10:01:36.0390 0x1554  Haspnt ( UnsignedFile.Multi.Generic ) - warning
10:01:36.0444 0x1554  [ 3F90E001369A07243763BD5A523D8722, 25907F85787D879E75C3FE74C93567382AFB2D528BEEC61D71E3A6BE2D71DFBE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:01:36.0523 0x1554  HdAudAddService - ok
10:01:36.0563 0x1554  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
10:01:36.0634 0x1554  HDAudBus - ok
10:01:36.0673 0x1554  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
10:01:36.0719 0x1554  HidBth - ok
10:01:36.0730 0x1554  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
10:01:36.0777 0x1554  HidIr - ok
10:01:36.0798 0x1554  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\System32\hidserv.dll
10:01:36.0809 0x1554  hidserv - ok
10:01:36.0817 0x1554  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:01:36.0845 0x1554  HidUsb - ok
10:01:36.0867 0x1554  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:01:36.0895 0x1554  hkmsvc - ok
10:01:36.0923 0x1554  [ 765E536807E0E04D5DF4490A2890047A, B72002038C9ADD4F6170548CA9E1D7A75EF32D8C2F90AE019516AF084776AE2B ] HookPort        C:\Windows\system32\Drivers\Hookport.sys
10:01:36.0929 0x1554  HookPort - ok
10:01:36.0944 0x1554  [ DF353B401001246853763C4B7AAA6F50, 05C043493BDD99DEFBB0F5C3D8C475B06C2BF5629565ACF6F3B754002519B836 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
10:01:36.0951 0x1554  HpCISSs - ok
10:01:36.0976 0x1554  [ ABBC72793F1C588B1A7DB0CAC69A4FE8, 14943818C4426D5708FAE85181DB4B4D4C8CB235E52F9BEF9AB5E7D38AADB944 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:01:37.0027 0x1554  HTTP - ok
10:01:37.0105 0x1554  [ 49396C2E5E22CB347FDD202191C8DDD7, 809EF77410E7A9564C90DC07604A9CDA71E57BF19870114F83722C9F5373F604 ] huawei_cdcacm   C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
10:01:37.0146 0x1554  huawei_cdcacm - ok
10:01:37.0183 0x1554  [ F48097E69EA6821D58FE96FA31B5A70E, F259453648D6C750363DB368390F02116C78BD06E8041E00A91A561ACF980E59 ] huawei_cdcecm   C:\Windows\system32\DRIVERS\ew_jucdcecm.sys
10:01:37.0220 0x1554  huawei_cdcecm - ok
10:01:37.0263 0x1554  [ 099E9B1BC056508F80A815610677EF69, 155F04597E3AD13367C9B412F02F5EE1C1355839D11DF19F2C27CDB842D3CB02 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
10:01:37.0303 0x1554  huawei_enumerator - ok
10:01:37.0315 0x1554  [ F7FB501C2B3E34A2AA42493C100438F5, D5647C78A32B581E0C981D994FF28E816EDA9B556D02C55C2C4C8F65E57D5AEC ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
10:01:37.0352 0x1554  huawei_ext_ctrl - ok
10:01:37.0416 0x1554  [ B01019AF2FE1E2239F66462982E52FDF, FDD0FA778700F4AE0C9BC958566729D908F5AB0A50B3D2E78CE0308FF0315626 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
10:01:37.0457 0x1554  hwdatacard - ok
10:01:37.0500 0x1554  HWDeviceService.exe - ok
10:01:37.0531 0x1554  [ 324C2152FF2C61ABAE92D09F3CCA4D63, 2D09964C8003277F7DB1FFAA0DAEF15B205F3C4100FF601950BC9E544DC0B91F ] i2omp           C:\Windows\system32\drivers\i2omp.sys
10:01:37.0539 0x1554  i2omp - ok
10:01:37.0580 0x1554  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
10:01:37.0619 0x1554  i8042prt - ok
10:01:37.0637 0x1554  [ C957BF4B5D80B46C5017BF0101E6C906, 6B9186335E50E7E0DBAF574A224E524EC526B57AA02F509E4A8D0F905C9CE880 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
10:01:37.0652 0x1554  iaStorV - ok
10:01:37.0731 0x1554  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
10:01:37.0762 0x1554  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
10:01:37.0762 0x1554  IDriverT ( UnsignedFile.Multi.Generic ) - warning
10:01:37.0826 0x1554  [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:01:37.0891 0x1554  idsvc - ok
10:01:37.0932 0x1554  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
10:01:37.0938 0x1554  iirsp - ok
10:01:37.0989 0x1554  [ 9908D8A397B76CD8D31D0D383C5773C9, FFA6996BE9F11A81CB63C849C2400EB44A07706D1EEB7A3502D4110DAC3684A2 ] IKEEXT          C:\Windows\System32\ikeext.dll
10:01:38.0060 0x1554  IKEEXT - ok
10:01:38.0112 0x1554  [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\drivers\intelide.sys
10:01:38.0119 0x1554  intelide - ok
10:01:38.0148 0x1554  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:01:38.0178 0x1554  intelppm - ok
10:01:38.0207 0x1554  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:01:38.0239 0x1554  IPBusEnum - ok
10:01:38.0257 0x1554  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:01:38.0293 0x1554  IpFilterDriver - ok
10:01:38.0310 0x1554  [ 7F83B06A929A981BC001B2EA304D2036, 9446637FA31EDAF472B8EBEEA3678D434FFF49D94C4F7EADB1840CC073A61872 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:01:38.0361 0x1554  iphlpsvc - ok
10:01:38.0364 0x1554  IpInIp - ok
10:01:38.0380 0x1554  [ 40F34F8ABA2A015D780E4B09138B6C17, 22F86888C6B4F76836E863A90730D8F0DBD518305D87A399A159387E79E9D2F7 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
10:01:38.0411 0x1554  IPMIDRV - ok
10:01:38.0427 0x1554  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
10:01:38.0459 0x1554  IPNAT - ok
10:01:38.0535 0x1554  [ BC0EA61246F8D940FBC5F652D337D6BD, BF018317631937EED13136608831F526BE34AF7E59FEF4863E3EDD205C02E1A7 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
10:01:38.0571 0x1554  iPod Service - ok
10:01:38.0630 0x1554  [ E50A95179211B12946F7E035D60AF560, 69765E2548BA708FF35545EC944DBA1940AD4065AF90E53B97A7792AC231DCF7 ] irda            C:\Windows\system32\DRIVERS\irda.sys
10:01:38.0661 0x1554  irda - ok
10:01:38.0707 0x1554  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:01:38.0726 0x1554  IRENUM - ok
10:01:38.0753 0x1554  [ CBB0D940221A281BCFEAEA695BD1CDA5, D05D192019524A02FE3FAE6827B98A942FA1AD651BF7AA53530A8A6F4ADFB7EB ] Irmon           C:\Windows\System32\irmon.dll
10:01:38.0780 0x1554  Irmon - ok
10:01:38.0804 0x1554  [ 5896B5FF6332AB2BE1582523E9656A67, EA61CF0B108DDA2D32A2A9B28B2AD296E6941839114C99384D343B883ECAB7F8 ] irsir           C:\Windows\system32\DRIVERS\irsir.sys
10:01:38.0834 0x1554  irsir - ok
10:01:38.0846 0x1554  [ 350FCA7E73CF65BCEF43FAE1E4E91293, 68403FE3F4DC40919CD26A2CC42BE4386AE6874F47DD382348FFD79080721A13 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:01:38.0855 0x1554  isapnp - ok
10:01:38.0880 0x1554  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
10:01:38.0922 0x1554  iScsiPrt - ok
10:01:38.0932 0x1554  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
10:01:38.0939 0x1554  iteatapi - ok
10:01:38.0973 0x1554  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
10:01:38.0982 0x1554  iteraid - ok
10:01:38.0997 0x1554  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:01:39.0005 0x1554  kbdclass - ok
10:01:39.0030 0x1554  [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:01:39.0043 0x1554  kbdhid - ok
10:01:39.0046 0x1554  [ DCF733788C7D088D814E5F80EB4B3E0F, 48DFE6C7A8119E5232B6F8BE63F2D6B24C01FDC88CE0AE0817127C7F8C0B72AC ] KeyIso          C:\Windows\system32\lsass.exe
10:01:39.0063 0x1554  KeyIso - ok
10:01:39.0095 0x1554  [ EA7F1D605518486269F45BD80FA00907, BF5DB329CE017EA867C6E6ED00ECD5B7C75E185FC5BF82F15CDD5356487E7C81 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:01:39.0147 0x1554  KSecDD - ok
10:01:39.0218 0x1554  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:01:39.0260 0x1554  KtmRm - ok
10:01:39.0298 0x1554  [ 43446F197C74EF2030F84B3A4F39D570, 94915BEA9CF2E047AFF058DCE9819836A9BBC07122D2DCC5BD9269F9FA7D7FA8 ] LanmanServer    C:\Windows\System32\srvsvc.dll
10:01:39.0333 0x1554  LanmanServer - ok
10:01:39.0357 0x1554  [ DEC1A338B86C5D582C25C40836DD76C3, 39911FE42E3936D403EC3839D38C6F415E237201AAFB5B726EE2496EC58F0540 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:01:39.0413 0x1554  LanmanWorkstation - ok
10:01:39.0425 0x1554  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:01:39.0459 0x1554  lltdio - ok
10:01:39.0475 0x1554  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:01:39.0497 0x1554  lltdsvc - ok
10:01:39.0521 0x1554  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:01:39.0563 0x1554  lmhosts - ok
10:01:39.0579 0x1554  [ A2262FB9F28935E862B4DB46438C80D2, 792684A68726BC007ACABB584682FDF4F059AE60888FB5B47ED68A97EA0BB5E6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
10:01:39.0586 0x1554  LSI_FC - ok
10:01:39.0599 0x1554  [ 30D73327D390F72A62F32C103DAF1D6D, 7BB5BFB0DCF33AF9907539B52DF7BA1943C1E75A17715B58DBC702ACA6D406EA ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
10:01:39.0606 0x1554  LSI_SAS - ok
10:01:39.0621 0x1554  [ E1E36FEFD45849A95F1AB81DE0159FE3, DA02B23A881D156A02D3874B41E6D042F84AD558B434280A6A6AC6B619668647 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
10:01:39.0629 0x1554  LSI_SCSI - ok
10:01:39.0642 0x1554  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
10:01:39.0661 0x1554  luafv - ok
10:01:39.0683 0x1554  Maplom - ok
10:01:39.0685 0x1554  MaplomL - ok
10:01:39.0743 0x1554  [ B4CD87E78A01562E3DA67FE1C2779204, 536AC01C53A18E7B43F02F345FC3088C189A2D01F5E060714C0534FE7ECA2356 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
10:01:39.0750 0x1554  MBAMProtector - ok
10:01:39.0835 0x1554  [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService     C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
10:01:39.0913 0x1554  MBAMService - ok
10:01:39.0967 0x1554  [ EAFEB8DF3B5B2AD7848B4C367FDD6E05, 7444D9DB01D28100831CDE3208829784225A92C4CDF9ED594EA3DD8F5FEAEA98 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
10:01:39.0973 0x1554  MBAMWebAccessControl - ok
10:01:39.0986 0x1554  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:01:39.0996 0x1554  Mcx2Svc - ok
10:01:40.0053 0x1554  [ 33D79175E58812F5D4F8122544452EBD, 1E555D96C04679C318EA2F7F6AA48AC29D11D806D6F4D8095D6AF916FF00A306 ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
10:01:40.0074 0x1554  MDM - detected UnsignedFile.Multi.Generic ( 1 )
10:01:40.0074 0x1554  MDM ( UnsignedFile.Multi.Generic ) - warning
10:01:40.0107 0x1554  [ D153B14FC6598EAE8422A2037553ADCE, D5408B07B6EBA0146A605F11106497DC3DF8EC72E0DCC44BE1366A2A58ABE478 ] megasas         C:\Windows\system32\drivers\megasas.sys
10:01:40.0115 0x1554  megasas - ok
10:01:40.0235 0x1554  [ AA0C4A2C33CE075DF2C272D678734991, 9C0273AF3821737DC3CC4CA308FFCC93CCE514F85A3DA1BAF82F40F179FD08FD ] mi-raysat_3dsmax9_32 C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
10:01:40.0248 0x1554  mi-raysat_3dsmax9_32 - detected UnsignedFile.Multi.Generic ( 1 )
10:01:40.0248 0x1554  mi-raysat_3dsmax9_32 ( UnsignedFile.Multi.Generic ) - warning
10:01:40.0273 0x1554  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
10:01:40.0292 0x1554  MMCSS - ok
10:01:40.0304 0x1554  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
10:01:40.0331 0x1554  Modem - ok
10:01:40.0377 0x1554  [ CBB59C41F19EFEA1A000793E08070A62, 4C3C01210DF9D00C05FA14FF5CEFB60C444CAEBFF3F49409EDE434D63F19B9F2 ] MODEMCSA        C:\Windows\system32\drivers\MODEMCSA.sys
10:01:40.0437 0x1554  MODEMCSA - ok
10:01:40.0499 0x1554  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:01:40.0567 0x1554  monitor - ok
10:01:40.0595 0x1554  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:01:40.0605 0x1554  mouclass - ok
10:01:40.0629 0x1554  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:01:40.0650 0x1554  mouhid - ok
10:01:40.0659 0x1554  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
10:01:40.0668 0x1554  MountMgr - ok
10:01:40.0718 0x1554  [ 583A41F26278D9E0EA548163D6139397, 1F09D2FEEE1A8D4F1D9E53596158154099FD436A408F7E72E40F50778A3838A1 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:01:40.0727 0x1554  mpio - ok
10:01:40.0740 0x1554  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:01:40.0773 0x1554  mpsdrv - ok
10:01:40.0814 0x1554  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:01:40.0850 0x1554  MpsSvc - ok
10:01:40.0867 0x1554  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
10:01:40.0875 0x1554  Mraid35x - ok
10:01:40.0900 0x1554  [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:01:40.0917 0x1554  MRxDAV - ok
10:01:40.0932 0x1554  [ 317EB668973951BAD512EE8BEBF9ED25, 69A3BA1737724BF76EEF5A6BE17AAA6FA249599F8E2ADCA13599E74884B619A8 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:01:40.0959 0x1554  mrxsmb - ok
10:01:40.0972 0x1554  [ 05716F0203B5C774A87384A1FF7B968F, 7BD42CA965FC3D35D36F8E239DA399AD13AF40D745E8738BBB6C3A94FB663DCB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:01:41.0003 0x1554  mrxsmb10 - ok
10:01:41.0008 0x1554  [ C70C50D101B92B45C42BA11EA9FE6CD1, D0EFCB665532FED28A4560AEB2D598DED3574C9822A79E4AD71D35525A00CC0D ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:01:41.0032 0x1554  mrxsmb20 - ok
10:01:41.0055 0x1554  [ 5457DCFA7C0DA43522F4D9D4049C1472, C8B0FD8F96E4FC5CB4B74D5968E808F44B4371F0A797B1D368E6A6080CB862FD ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
10:01:41.0062 0x1554  msahci - ok
10:01:41.0087 0x1554  [ 3FC82A2AE4CC149165A94699183D3028, 8575BE62A209672A5D8C68D75BBBB4FF06220CA73A939B0793442DAD2272598C ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:01:41.0096 0x1554  msdsm - ok
10:01:41.0128 0x1554  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
10:01:41.0148 0x1554  MSDTC - ok
10:01:41.0163 0x1554  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:01:41.0181 0x1554  Msfs - ok
10:01:41.0207 0x1554  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:01:41.0213 0x1554  msisadrv - ok
10:01:41.0233 0x1554  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:01:41.0270 0x1554  MSiSCSI - ok
10:01:41.0273 0x1554  msiserver - ok
10:01:41.0325 0x1554  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:01:41.0359 0x1554  MSKSSRV - ok
10:01:41.0378 0x1554  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:01:41.0403 0x1554  MSPCLOCK - ok
10:01:41.0417 0x1554  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:01:41.0434 0x1554  MSPQM - ok
10:01:41.0458 0x1554  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:01:41.0469 0x1554  MsRPC - ok
10:01:41.0482 0x1554  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
10:01:41.0489 0x1554  mssmbios - ok
10:01:41.0498 0x1554  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:01:41.0517 0x1554  MSTEE - ok
10:01:41.0561 0x1554  [ 7AA0EAB19AA1F759BE58473A3C53F5BC, 83FF1519833F9DDE24CE1CF8D98FB36A1096D9121DD13F0FC0C2515A7AF2911C ] Mtlmnt5         C:\Windows\system32\DRIVERS\SLDRV\Mtlmnt5.sys
10:01:41.0594 0x1554  Mtlmnt5 - ok
10:01:41.0657 0x1554  [ FA0FDAEC73715F34623B5E00012D21B6, 037B535B67856640C35CBCF8D915CDE1A525B814C2C9589E860B75BF9575A041 ] Mtlstrm         C:\Windows\system32\DRIVERS\SLDRV\Mtlstrm.sys
10:01:41.0797 0x1554  Mtlstrm - ok
10:01:41.0802 0x1554  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:01:41.0829 0x1554  Mup - ok
10:01:41.0864 0x1554  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
10:01:41.0895 0x1554  napagent - ok
10:01:41.0937 0x1554  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:01:41.0963 0x1554  NativeWifiP - ok
10:01:42.0010 0x1554  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:01:42.0034 0x1554  NDIS - ok
10:01:42.0067 0x1554  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:01:42.0080 0x1554  NdisTapi - ok
10:01:42.0097 0x1554  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:01:42.0132 0x1554  Ndisuio - ok
10:01:42.0142 0x1554  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:01:42.0159 0x1554  NdisWan - ok
10:01:42.0169 0x1554  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:01:42.0183 0x1554  NDProxy - ok
10:01:42.0272 0x1554  [ C5052FB77AA42ED440F9F6B4E37145A9, 0A2F5F50104353BB665E3197D9ED044690C9C08F16140C8117A2FC46A25E0C04 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
10:01:42.0308 0x1554  Nero BackItUp Scheduler 3 - ok
10:01:42.0373 0x1554  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:01:42.0390 0x1554  NetBIOS - ok
10:01:42.0419 0x1554  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
10:01:42.0439 0x1554  netbt - ok
10:01:42.0442 0x1554  [ DCF733788C7D088D814E5F80EB4B3E0F, 48DFE6C7A8119E5232B6F8BE63F2D6B24C01FDC88CE0AE0817127C7F8C0B72AC ] Netlogon        C:\Windows\system32\lsass.exe
10:01:42.0455 0x1554  Netlogon - ok
10:01:42.0490 0x1554  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
10:01:42.0518 0x1554  Netman - ok
10:01:42.0546 0x1554  [ D6C4E4A39A36029AC0813D476FBD0248, A0907D98580D1CD3007365CBBB53E84BEF39001E05912776F68EB0564B54B6EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:01:42.0555 0x1554  NetMsmqActivator - ok
10:01:42.0560 0x1554  [ D6C4E4A39A36029AC0813D476FBD0248, A0907D98580D1CD3007365CBBB53E84BEF39001E05912776F68EB0564B54B6EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:01:42.0567 0x1554  NetPipeActivator - ok
10:01:42.0584 0x1554  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
10:01:42.0609 0x1554  netprofm - ok
10:01:42.0613 0x1554  [ D6C4E4A39A36029AC0813D476FBD0248, A0907D98580D1CD3007365CBBB53E84BEF39001E05912776F68EB0564B54B6EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:01:42.0620 0x1554  NetTcpActivator - ok
10:01:42.0624 0x1554  [ D6C4E4A39A36029AC0813D476FBD0248, A0907D98580D1CD3007365CBBB53E84BEF39001E05912776F68EB0564B54B6EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:01:42.0632 0x1554  NetTcpPortSharing - ok
10:01:42.0655 0x1554  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
10:01:42.0662 0x1554  nfrd960 - ok
10:01:42.0676 0x1554  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:01:42.0697 0x1554  NlaSvc - ok
10:01:42.0741 0x1554  [ 74149BCF0307BB76D68C0F8912DF731C, 36FB518726E05F46C6CE379991D66A4C3227B1D70A3D90D6F84DCFD793953B1B ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
10:01:42.0802 0x1554  NMIndexingService - ok
10:01:42.0827 0x1554  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:01:42.0842 0x1554  Npfs - ok
10:01:42.0869 0x1554  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
10:01:42.0899 0x1554  nsi - ok
10:01:42.0903 0x1554  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:01:42.0923 0x1554  nsiproxy - ok
10:01:42.0970 0x1554  [ 6A4A98CEE84CF9E99564510DDA4BAA47, 18C3D8C0F12761D3B7FC43D9413CF4C4CEBF8CA9BEC521381F40D241B35EA779 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:01:43.0018 0x1554  Ntfs - ok
10:01:43.0058 0x1554  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
10:01:43.0107 0x1554  ntrigdigi - ok
10:01:43.0120 0x1554  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
10:01:43.0148 0x1554  Null - ok
10:01:43.0216 0x1554  [ 156BD6CF8A9EC8292C84E04D09BF0472, DF400262252F47FFE5DD97590AA3F56D0CE8869BBA2FA3760BC6F6247C066332 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
10:01:43.0238 0x1554  nusb3hub - ok
10:01:43.0301 0x1554  [ 3B8166BB6D665E9242F05EB2BF68527A, 6493BF09B266879604BEEB83B1FE0729628E7240BF4B0F17D23B19A9BF391801 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:01:43.0318 0x1554  nusb3xhc - ok
10:01:43.0367 0x1554  [ 79E97CDAE5449A59A4798FC5B006C58F, 332274595439CFCD497CACEF38FDEA57C27FE44E48D768B17FE940AF511141F2 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
10:01:43.0374 0x1554  NVHDA - ok
10:01:43.0723 0x1554  [ C8CB6135884CBC2A10225C4C3CEF0F95, A2FEE33912CDDFE82192C51E11065FDC758243A3A88B54C42744522A7ADB79D2 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:01:44.0202 0x1554  nvlddmkm - ok
10:01:44.0241 0x1554  [ E69E946F80C1C31C53003BFBF50CBB7C, A0A4BC57822B2CBC75602A969E28DCEDE04B41CC084E1EF1532B1BCDAEAA43BB ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:01:44.0250 0x1554  nvraid - ok
10:01:44.0269 0x1554  [ 9E0BA19A28C498A6D323D065DB76DFFC, EA9E33ED2820ED39932FAE114A9CF1D87780ED6605D0260A6F22F920B48F34E9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:01:44.0275 0x1554  nvstor - ok
10:01:44.0320 0x1554  [ C1303870D5F9EAD4BEB68559AAB7A87B, D103169D369710A697156693F7AB65523DEF8B051A31B39624C5801FF969691E ] nvsvc           C:\Windows\system32\nvvsvc.exe
10:01:44.0330 0x1554  nvsvc - ok
10:01:44.0350 0x1554  [ 07C186427EB8FCC3D8D7927187F260F7, 9AFDE1CB7B7232BD019804BFC691580B9CC2E51A5BC0E5584B23907D532600D8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:01:44.0358 0x1554  nv_agp - ok
10:01:44.0361 0x1554  NwlnkFlt - ok
10:01:44.0363 0x1554  NwlnkFwd - ok
10:01:44.0400 0x1554  [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
10:01:44.0416 0x1554  ohci1394 - ok
10:01:44.0528 0x1554  [ 53B8D9B905223CBB6317B0FFF61D155A, 3C3516CBFE08EB057EDFFF8D37A1691CF40252D0CBE5CAF01A7AA23C43CDE361 ] Optus Mobile Broadband. RunOuc C:\Program Files\Optus Mobile Broadband\UpdateDog\ouc.exe
10:01:44.0564 0x1554  Optus Mobile Broadband. RunOuc - ok
10:01:44.0606 0x1554  [ 508E5BEF81BBB944CD0F719D8AA7EF4C, 5F20A678AF180C9DC834B477395C6EBFD96FC4BD343C6EE20D52F929BAAAADE6 ] ossrv           C:\Windows\system32\drivers\ctoss2k.sys
10:01:44.0616 0x1554  ossrv - ok
10:01:44.0659 0x1554  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
10:01:44.0780 0x1554  p2pimsvc - ok
10:01:44.0798 0x1554  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:01:44.0849 0x1554  p2psvc - ok
10:01:44.0887 0x1554  [ 8A79FDF04A73428597E2CAF9D0D67850, DB438FDE5510AB2F350ED1AC4CF0E99D3CC665FE46533A438A8FDA4DAF950F93 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
10:01:44.0914 0x1554  Parport - ok
10:01:44.0932 0x1554  [ 57389FA59A36D96B3EB09D0CB91E9CDC, 05A3E2B155789990517CCFDC57FC3D1E9A596E4F31D86350B8BF0C043DE5EE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:01:44.0940 0x1554  partmgr - ok
10:01:44.0945 0x1554  [ 6C580025C81CAF3AE9E3617C22CAD00E, 64F9061196462085E5DCD3ACB97A0D8FC67CA9A96DDD6E2103AFFF1593AE236A ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
10:01:44.0963 0x1554  Parvdm - ok
10:01:44.0987 0x1554  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:01:45.0030 0x1554  PcaSvc - ok
10:01:45.0063 0x1554  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
10:01:45.0074 0x1554  pci - ok
10:01:45.0082 0x1554  [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
10:01:45.0090 0x1554  pciide - ok
10:01:45.0126 0x1554  [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
10:01:45.0137 0x1554  pcmcia - ok
10:01:45.0186 0x1554  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:01:45.0308 0x1554  PEAUTH - ok
10:01:45.0342 0x1554  [ 444F122E68DB44C0589227781F3C8B3F, 99581AD22CBD3B647E719E250291C315099B62FDF80671225F0C5A05489D0F91 ] pfc             C:\Windows\system32\drivers\pfc.sys
10:01:45.0368 0x1554  pfc - detected UnsignedFile.Multi.Generic ( 1 )
10:01:45.0368 0x1554  pfc ( UnsignedFile.Multi.Generic ) - warning
10:01:45.0451 0x1554  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
10:01:45.0583 0x1554  pla - ok
10:01:45.0609 0x1554  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:01:45.0670 0x1554  PlugPlay - ok
10:01:45.0695 0x1554  [ 831883B107684301F48ACE752C963984, EAF383C4ACC17DBB060BB8398225222175E028E1E332E2CE0548C97DAED3620E ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
10:01:45.0703 0x1554  PnkBstrA - ok
10:01:45.0733 0x1554  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
10:01:45.0760 0x1554  PNRPAutoReg - ok
10:01:45.0791 0x1554  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
10:01:45.0844 0x1554  PNRPsvc - ok
10:01:45.0897 0x1554  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:01:45.0958 0x1554  PolicyAgent - ok
10:01:46.0015 0x1554  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:01:46.0033 0x1554  PptpMiniport - ok
10:01:46.0044 0x1554  [ 0E3CEF5D28B40CF273281D620C50700A, 8ADA99B4563AE2129B95136295EE92A94102B035EBBC83D4C8587ECE8B0DEE60 ] Processor       C:\Windows\system32\drivers\processr.sys
10:01:46.0098 0x1554  Processor - ok
10:01:46.0132 0x1554  [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
10:01:46.0158 0x1554  ProfSvc - ok
10:01:46.0167 0x1554  [ DCF733788C7D088D814E5F80EB4B3E0F, 48DFE6C7A8119E5232B6F8BE63F2D6B24C01FDC88CE0AE0817127C7F8C0B72AC ] ProtectedStorage C:\Windows\system32\lsass.exe
10:01:46.0180 0x1554  ProtectedStorage - ok
10:01:46.0217 0x1554  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
10:01:46.0243 0x1554  PSched - ok
10:01:46.0281 0x1554  [ D970470F8F39470BDAE94D313A1CCDCE, C41B314F3A1CD6A747A4578C2A1F20373884C2AD96880A81255E66BA9D886EB4 ] PxHelp20        C:\Windows\system32\DRIVERS\PxHelp20.sys
10:01:46.0288 0x1554  PxHelp20 - ok
10:01:46.0364 0x1554  [ CCDAC889326317792480C0A67156A1EC, 3D3B561B6D4E12DE442C98993C929765F002AF5CFB5A00EFACE6ABE957F7E8AF ] ql2300          C:\Windows\system32\drivers\ql2300.sys
10:01:46.0402 0x1554  ql2300 - ok
10:01:46.0440 0x1554  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
10:01:46.0448 0x1554  ql40xx - ok
10:01:46.0472 0x1554  [ 96892077784C5F3845794FBB2E312014, F62A77B90D787F2A22F9F568FFD8A4875301E411C9A9D79BD79F39EEA1FCFAB0 ] qutmdserv       C:\Windows\system32\drivers\qutmdrv.sys
10:01:46.0480 0x1554  qutmdserv - ok
10:01:46.0511 0x1554  [ 805DDA0B6032D620897D94F5B7792E70, A90A00CFB970DDF3CB4F3970368BF2A660ABB5B1E944F13A6DC47BB6C97F3DC8 ] qutmipc         C:\Windows\system32\drivers\qutmipc.sys
10:01:46.0517 0x1554  qutmipc - ok
10:01:46.0529 0x1554  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
10:01:46.0563 0x1554  QWAVE - ok
10:01:46.0593 0x1554  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:01:46.0609 0x1554  QWAVEdrv - ok
10:01:46.0612 0x1554  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:01:46.0628 0x1554  RasAcd - ok
10:01:46.0644 0x1554  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
10:01:46.0663 0x1554  RasAuto - ok
10:01:46.0673 0x1554  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:01:46.0692 0x1554  Rasl2tp - ok
10:01:46.0755 0x1554  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
10:01:46.0806 0x1554  RasMan - ok
10:01:46.0823 0x1554  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:01:46.0851 0x1554  RasPppoe - ok
10:01:46.0855 0x1554  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:01:46.0871 0x1554  RasSstp - ok
10:01:46.0912 0x1554  [ 116C340ACF37602D12CAC6DE6B8107CD, 3D77DB108F17C80E75A31D871D738DAD4010088668300CB696A1384635091BEA ] Razerlow        C:\Windows\system32\Drivers\DB3G.sys
10:01:46.0954 0x1554  Razerlow - ok
10:01:46.0967 0x1554  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:01:46.0988 0x1554  rdbss - ok
10:01:46.0997 0x1554  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:01:47.0017 0x1554  RDPCDD - ok
10:01:47.0030 0x1554  [ 943B18305EAE3935598A9B4A3D560B4C, E083FA4B9CA1A24031FF23A54942372D7FB3F02F62EE3580F01BEC3229DB2101 ] rdpdr           C:\Windows\system32\DRIVERS\rdpdr.sys
10:01:47.0059 0x1554  rdpdr - ok
10:01:47.0062 0x1554  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:01:47.0079 0x1554  RDPENCDD - ok
10:01:47.0100 0x1554  [ 30BFBDFB7F95559EDE971F9DDB9A00BA, 1BDD3FD0ABCF5EA2C4D2618E76AC782894E5A7132700BA4C4226E1F9C7CE547B ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:01:47.0118 0x1554  RDPWD - ok
10:01:47.0165 0x1554  [ 92C305DC12E27A9A29BE3DE54CE07A31, 1A213C150B10F83B7D78D28AF21608258FEB5C25500FDB814955F2B1CE2E6041 ] RecAgent        C:\Windows\system32\DRIVERS\SLDRV\RecAgent.sys
10:01:47.0172 0x1554  RecAgent - ok
10:01:47.0227 0x1554  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:01:47.0246 0x1554  RemoteAccess - ok
10:01:47.0258 0x1554  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:01:47.0275 0x1554  RemoteRegistry - ok
10:01:47.0376 0x1554  [ 8CFCA7E2FD4B57C2BEF929C1C1A4C56E, B56D18C70658AE2842AD684FB378CC7805612050A4ED222103F54A38FB22BBA6 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
10:01:47.0397 0x1554  RichVideo - ok
10:01:47.0442 0x1554  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
10:01:47.0478 0x1554  RpcLocator - ok
10:01:47.0523 0x1554  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
10:01:47.0550 0x1554  RpcSs - ok
10:01:47.0591 0x1554  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:01:47.0609 0x1554  rspndr - ok
10:01:47.0644 0x1554  [ 17B1D7CE7AF11FB24DB1DEF9621C033B, FD32D58363B877FA145A4A68410CDA23A47B9C34823A30650BCFFB4C07F85303 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
10:01:47.0665 0x1554  RTL8169 - ok
10:01:47.0683 0x1554  [ DCF733788C7D088D814E5F80EB4B3E0F, 48DFE6C7A8119E5232B6F8BE63F2D6B24C01FDC88CE0AE0817127C7F8C0B72AC ] SamSs           C:\Windows\system32\lsass.exe
10:01:47.0697 0x1554  SamSs - ok
10:01:47.0732 0x1554  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:01:47.0740 0x1554  sbp2port - ok
10:01:47.0759 0x1554  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:01:47.0795 0x1554  SCardSvr - ok
10:01:47.0825 0x1554  [ 323AE0BDFD2EB15B668DDA50CC597329, 43AF5B26713D317DB4A5C82A27074B2E2A75A22B4CF9DA597ED93130B951133C ] Schedule        C:\Windows\system32\schedsvc.dll
10:01:47.0858 0x1554  Schedule - ok
10:01:47.0922 0x1554  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:01:47.0937 0x1554  SCPolicySvc - ok
10:01:47.0966 0x1554  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:01:48.0022 0x1554  SDRSVC - ok
10:01:48.0085 0x1554  [ D358E077A0A05D9B12DA22D137EE8464, 7B6493B199DEF411596B1A6F479F57838202B102C3324333B620E212E0AE9053 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
10:01:48.0098 0x1554  SeaPort - ok
10:01:48.0112 0x1554  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:01:48.0143 0x1554  secdrv - ok
10:01:48.0150 0x1554  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
10:01:48.0174 0x1554  seclogon - ok
10:01:48.0199 0x1554  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
10:01:48.0227 0x1554  SENS - ok
10:01:48.0252 0x1554  [ CE9EC966638EF0B10B864DDEDF62A099, 2DEC5A8C947D87C12B342F15B8A552A0D49B979A2AC32D2C97FC7A3A76C34524 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:01:48.0280 0x1554  Serenum - ok
10:01:48.0309 0x1554  [ 6D663022DB3E7058907784AE14B69898, 54263888C64A7F010D3B5E399369B0F3FF3AF0A0DE8ADB502B98277533E4D45F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:01:48.0338 0x1554  Serial - ok
10:01:48.0360 0x1554  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
10:01:48.0377 0x1554  sermouse - ok
10:01:48.0406 0x1554  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:01:48.0430 0x1554  SessionEnv - ok
10:01:48.0447 0x1554  [ 103B79418DA647736EE95645F305F68A, E4D356FD8C62B616D3584FE84905995A1CEE452288E3A456CC358FF41FEAB1B7 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:01:48.0495 0x1554  sffdisk - ok
10:01:48.0510 0x1554  [ 8FD08A310645FE872EEEC6E08C6BF3EE, 702A148C9DE172E7B5E331F057487255E0729FD42F949BB0FF2D5A01775933CF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:01:48.0538 0x1554  sffp_mmc - ok
10:01:48.0549 0x1554  [ 9CFA05FCFCB7124E69CFC812B72F9614, E9CFCE695E4D1AF146781CFAA295878536E573F06AEA65438878DE29EC9959AD ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:01:48.0576 0x1554  sffp_sd - ok
10:01:48.0590 0x1554  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
10:01:48.0618 0x1554  sfloppy - ok
10:01:48.0634 0x1554  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:01:48.0695 0x1554  SharedAccess - ok
10:01:48.0731 0x1554  [ C818C44C201898399BF999BB6B35D4E3, 8887EDF7F9D16F5D055AA4EE3BE22AD238AF15034671F09124921B66B7890915 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:01:48.0772 0x1554  ShellHWDetection - ok
10:01:48.0824 0x1554  [ D2A595D6EEBEEAF4334F8E50EFBC9931, 851B8205C657BF806C4D815DC75356E99B4246016B6E1C1F51BAF8AD1E6D5299 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
10:01:48.0857 0x1554  sisagp - ok
10:01:48.0876 0x1554  [ CEDD6F4E7D84E9F98B34B3FE988373AA, E102977E6FAC30B5ABEEC0B412A9F2A10C5C42F4D9C3AD69296BF9E1E88B6141 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
10:01:48.0882 0x1554  SiSRaid2 - ok
10:01:48.0893 0x1554  [ DF843C528C4F69D12CE41CE462E973A7, A2BEC74FCB8D8B6B9D8DD4746C013DFDF1DD662AEFE9B88CA495E5B83B4A76F9 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
10:01:48.0904 0x1554  SiSRaid4 - ok
10:01:48.0935 0x1554  [ 52AAB557BF7D877B69F4102D7A347BD2, 8D71785016217E5A54103961C7B4A3B005163EF0D56737B36E6ED20D35FBB7F3 ] Slnt7554        C:\Windows\system32\DRIVERS\SLDRV\slnt7554.sys
10:01:48.0949 0x1554  Slnt7554 - ok
10:01:48.0979 0x1554  [ B924FB89D3C8CD69B060DB07ECB2AFF2, 329FD0D6B7116612B8EFA3F76B80E2A86FB44F110ACF88BE7FAD57D0FC34B408 ] SlNtHal         C:\Windows\system32\DRIVERS\SLDRV\Slnthal.sys
10:01:48.0988 0x1554  SlNtHal - ok
10:01:49.0174 0x1554  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
10:01:49.0393 0x1554  slsvc - ok
10:01:49.0414 0x1554  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
10:01:49.0431 0x1554  SLUINotify - ok
10:01:49.0467 0x1554  [ 52A04AADB58B3C4D7B30EE77F32C0A24, 265E913109291A6E692759026A2F80686BE741AE52B3835F3EC7D2BEB967D636 ] SlWdmSup        C:\Windows\system32\DRIVERS\SLDRV\SlWdmSup.sys
10:01:49.0475 0x1554  SlWdmSup - ok
10:01:49.0491 0x1554  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:01:49.0520 0x1554  Smb - ok
10:01:49.0539 0x1554  smserial - ok
10:01:49.0566 0x1554  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:01:49.0584 0x1554  SNMPTRAP - ok
10:01:49.0636 0x1554  [ DC8D2952FB6FFBAEC67BD1B93A34DF11, 0BD1523A68900B80ED1BCCB967643525CCA55D4FF4622D0128913690E6BB619E ] speedfan        C:\Windows\system32\speedfan.sys
10:01:49.0644 0x1554  speedfan - ok
10:01:49.0672 0x1554  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:01:49.0678 0x1554  spldr - ok
10:01:49.0702 0x1554  [ 524BFBEA40E6E404737CCBC754647A2E, 0F4F06DEFCA6886D4D3BDA5F6FDA467C8F966E511FA757A83BFC5B33D8D33EAA ] Spooler         C:\Windows\System32\spoolsv.exe
10:01:49.0719 0x1554  Spooler - ok
10:01:49.0791 0x1554  [ CDDDEC541BC3C96F91ECB48759673505, B030FFA02832317AC5626BF1BF8A4A95A5992C9A6E81BC1C002D5F4D667C27FB ] sptd            C:\Windows\System32\Drivers\sptd.sys
10:01:49.0791 0x1554  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505, sha256: B030FFA02832317AC5626BF1BF8A4A95A5992C9A6E81BC1C002D5F4D667C27FB
10:01:49.0792 0x1554  sptd - detected LockedFile.Multi.Generic ( 1 )
10:01:49.0793 0x1554  sptd ( LockedFile.Multi.Generic ) - warning
10:01:49.0814 0x1554  [ BAA6018A27857B5FF0C03CE756B4A7A2, 672D2C425FE049E5EE0F633C1B2672DC892E884EF32C50968B49971A6E9CCF62 ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:01:49.0847 0x1554  srv - ok
10:01:49.0864 0x1554  [ D69B44E3B000C2FF583F10C65489B4FB, 091A31D89A2158228004F1B4AEB21B6A77656DEBFCBDFA562928556D9FFCAECD ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:01:49.0880 0x1554  srv2 - ok
10:01:49.0896 0x1554  [ 2D10DE9022822772ADAA120B15A9BD03, C5EEB8DBB7969766002FA7230BE3FD5D6364CD64269B21507F0B74EB263C0A98 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:01:49.0915 0x1554  srvnet - ok
10:01:49.0928 0x1554  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:01:49.0994 0x1554  SSDPSRV - ok
10:01:50.0031 0x1554  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:01:50.0044 0x1554  SstpSvc - ok
10:01:50.0081 0x1554  Steam Client Service - ok
10:01:50.0137 0x1554  [ B126A9953508B9F52B289E45591615C8, 13F9020F9153904C947007F08458732D458E1A1EBBECFFB99E98F970D2090DBC ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:01:50.0148 0x1554  Stereo Service - ok
10:01:50.0184 0x1554  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
10:01:50.0232 0x1554  stisvc - ok
10:01:50.0269 0x1554  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
10:01:50.0276 0x1554  swenum - ok
10:01:50.0296 0x1554  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
10:01:50.0329 0x1554  swprv - ok
10:01:50.0356 0x1554  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
10:01:50.0363 0x1554  Symc8xx - ok
10:01:50.0413 0x1554  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
10:01:50.0420 0x1554  Sym_hi - ok
10:01:50.0444 0x1554  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
10:01:50.0453 0x1554  Sym_u3 - ok
10:01:50.0484 0x1554  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
10:01:50.0529 0x1554  SysMain - ok
10:01:50.0555 0x1554  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:01:50.0575 0x1554  TabletInputService - ok
10:01:50.0613 0x1554  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:01:50.0759 0x1554  TapiSrv - ok
10:01:50.0800 0x1554  [ 27A2C318CD28CFB3EB2200FD96AF1E58, E0D841B4D3A042367A60E32F18F497F642BE69253E0539395066D82F809D16BE ] tapvpn          C:\Windows\system32\DRIVERS\tapvpn.sys
10:01:50.0805 0x1554  tapvpn - detected UnsignedFile.Multi.Generic ( 1 )
10:01:50.0805 0x1554  tapvpn ( UnsignedFile.Multi.Generic ) - warning
10:01:50.0805 0x1554  Force sending object to P2P due to detect: tapvpn
10:01:50.0806 0x1554  Object send P2P result: false
10:01:50.0828 0x1554  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
10:01:50.0859 0x1554  TBS - ok
10:01:50.0915 0x1554  [ CC9993701AC57F995554C696DDA49C12, A4166A9D93037F136C90BBFB3909D728DCFB54D9F9F27854279039B83580B013 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:01:51.0022 0x1554  Tcpip - ok
10:01:51.0115 0x1554  [ CC9993701AC57F995554C696DDA49C12, A4166A9D93037F136C90BBFB3909D728DCFB54D9F9F27854279039B83580B013 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
10:01:51.0145 0x1554  Tcpip6 - ok
10:01:51.0217 0x1554  [ D554DD10F655C9246B2D52F8AEBE29B1, D8F248395E10A57F4BFB34408775E79E2FCE862C3F662CC2CE3CF18995004175 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:01:51.0235 0x1554  tcpipreg - ok
10:01:51.0266 0x1554  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:01:51.0333 0x1554  TDPIPE - ok
10:01:51.0345 0x1554  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:01:51.0388 0x1554  TDTCP - ok
10:01:51.0393 0x1554  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:01:51.0415 0x1554  tdx - ok
10:01:51.0439 0x1554  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
10:01:51.0449 0x1554  TermDD - ok
10:01:51.0468 0x1554  [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService     C:\Windows\System32\termsrv.dll
10:01:51.0529 0x1554  TermService - ok
10:01:51.0564 0x1554  [ C818C44C201898399BF999BB6B35D4E3, 8887EDF7F9D16F5D055AA4EE3BE22AD238AF15034671F09124921B66B7890915 ] Themes          C:\Windows\system32\shsvcs.dll
10:01:51.0583 0x1554  Themes - ok
10:01:51.0614 0x1554  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
10:01:51.0631 0x1554  THREADORDER - ok
10:01:51.0669 0x1554  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
10:01:51.0718 0x1554  TrkWks - ok
10:01:51.0806 0x1554  [ ACEB4F4F83B895E15C8C1A2F55009783, DA0D8BEDC699B1DE83969372A47F62C3930AE38AC6308FDFD74027F0C838FE5F ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
10:01:51.0817 0x1554  truecrypt - ok
10:01:51.0879 0x1554  [ FD44FA80DA03EA144153A76DEBBB61B4, 0C46717F489A415A583470DAE8CF58E47BC307B9CB0F9DB6C4EDF33B7525475C ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
10:01:51.0887 0x1554  TrueSight - ok
10:01:51.0925 0x1554  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:01:51.0939 0x1554  TrustedInstaller - ok
10:01:51.0956 0x1554  [ DCF0F056A2E4F52287264F5AB29CF206, D9F770BD65AE4320A8C130DEA1D093AA4E37FCA573BBE6A59D6D045452EA711D ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:01:51.0973 0x1554  tssecsrv - ok
10:01:52.0000 0x1554  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
10:01:52.0013 0x1554  tunmp - ok
10:01:52.0073 0x1554  [ 119B8184E106BAEDC83FCE5DDF3950DA, 0EA54732B8C04B1F2DEE6EA34751285855C3CDF37373E4557CDEB1B6111B2559 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:01:52.0095 0x1554  tunnel - ok
10:01:52.0119 0x1554  [ C3ADE15414120033A36C0F293D4A4121, 74A002C4B5EBD94E33EDEACB6639AF44ED72A8DDE3083C6DE71C1EE937EF1A9C ] uagp35          C:\Windows\system32\drivers\uagp35.sys
10:01:52.0126 0x1554  uagp35 - ok
10:01:52.0151 0x1554  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:01:52.0170 0x1554  udfs - ok
10:01:52.0201 0x1554  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:01:52.0219 0x1554  UI0Detect - ok
10:01:52.0309 0x1554  [ A4E07DA3AE2078BD96E84D4BAA07B71D, A5FABED4ED768F9AE6C8AE6C497B1C54C89FD88F081F24CDA138791A89ADDF90 ] ULCDRHlp        C:\Windows\system32\Drivers\ULCDRHlp.sys
10:01:52.0338 0x1554  ULCDRHlp - detected UnsignedFile.Multi.Generic ( 1 )
10:01:52.0338 0x1554  ULCDRHlp ( UnsignedFile.Multi.Generic ) - warning
10:01:52.0362 0x1554  [ 75E6890EBFCE0841D3291B02E7A8BDB0, FDF9CDCCCCC0AA2A52623C5A67AC5F5224557EE4C8F6487CB13CAEB012575E2A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:01:52.0369 0x1554  uliagpkx - ok
10:01:52.0411 0x1554  [ 3CD4EA35A6221B85DCC25DAA46313F8D, 100A7E12B8EA395F70A00874328E87B930CE88FF442F3576FE88B105A22E04C5 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
10:01:52.0422 0x1554  uliahci - ok
10:01:52.0444 0x1554  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
10:01:52.0452 0x1554  UlSata - ok
10:01:52.0467 0x1554  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
10:01:52.0475 0x1554  ulsata2 - ok
10:01:52.0499 0x1554  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:01:52.0516 0x1554  umbus - ok
10:01:52.0550 0x1554  [ 8A66360F38F81E960E2367B428CBD5D9, 349A39BD63E1FF3C3D0249A3BE834D62F3EFC5EA4416269421AF03F10356D3E5 ] UmRdpService    C:\Windows\System32\umrdp.dll
10:01:52.0641 0x1554  UmRdpService - ok
10:01:52.0680 0x1554  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
10:01:52.0748 0x1554  upnphost - ok
10:01:52.0862 0x1554  [ 73B41F4EAD65F355962168D766AF0F2E, AA33CAE55D4766C9F1E9F1B50EEAE1CA4BE968380C89892A46D2D25EAEEDC64D ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
10:01:52.0938 0x1554  USBAAPL - ok
10:01:52.0970 0x1554  [ 32DB9517628FF0D070682AAB61E688F0, F9EF8D0D55DABF00E79B0EFE689C6662430B59093A6C7EACB2069DC70B1FDCC5 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
10:01:53.0003 0x1554  usbaudio - ok
10:01:53.0064 0x1554  [ FEC474C0C9CA42D4100218989CE5F516, EB59AA2103660C92B1B0FBE5A0C77E2301B8F246415DF9E03C47E558E6EFE60F ] UsbAudio10      C:\Windows\system32\drivers\ViaUsbAudio.sys
10:01:53.0115 0x1554  UsbAudio10 - ok
10:01:53.0143 0x1554  [ CAF811AE4C147FFCD5B51750C7F09142, BD670CF88D8F932AD1C6BA91FB68A7204BC473657C6A057C92AFB84D164D393C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:01:53.0174 0x1554  usbccgp - ok
10:01:53.0191 0x1554  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:01:53.0220 0x1554  usbcir - ok
10:01:53.0257 0x1554  [ 79E96C23A97CE7B8F14D310DA2DB0C9B, EB441D3B93965CD927E0C181031AD1082F59F9885BF35CABFDCA08C6C76B0DAF ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
10:01:53.0273 0x1554  usbehci - ok
10:01:53.0305 0x1554  [ 4673BBCB006AF60E7ABDDBE7A130BA42, 0B7DED0D887A3530AA5497FDBCB69389486FB9E2B6FAE3163E33713256D575BA ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:01:53.0324 0x1554  usbhub - ok
10:01:53.0335 0x1554  [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:01:53.0362 0x1554  usbohci - ok
10:01:53.0380 0x1554  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:01:53.0398 0x1554  usbprint - ok
10:01:53.0426 0x1554  [ A508C9BD8724980512136B039BBA65E9, B39B72471C468AC997AEC528599EDC98A031F5A7EB91C4F9471402D48D2D4E3E ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
10:01:53.0460 0x1554  usbscan - ok
10:01:53.0472 0x1554  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:01:53.0488 0x1554  USBSTOR - ok
10:01:53.0506 0x1554  [ 814D653EFC4D48BE3B04A307ECEFF56F, D73D62F51AEFE2F8F2B938B20107C246F2AC2F62ED49112DBD092A5D2E4024B3 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
10:01:53.0520 0x1554  usbuhci - ok
10:01:53.0572 0x1554  [ E67998E8F14CB0627A769F6530BCB352, 60982F168E9BF13954328C728F55F4D3ADDC572CACB65289B0E895A63DAA08C1 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
10:01:53.0608 0x1554  usbvideo - ok
10:01:53.0645 0x1554  [ 35C9095FA7076466AFBFC5B9EC4B779E, 6E4F8241020DC3353A802849AB7930C8E4271BD19CFA66EDF2F60038CC53D836 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
10:01:53.0660 0x1554  usb_rndisx - ok
10:01:53.0692 0x1554  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
10:01:53.0722 0x1554  UxSms - ok
10:01:53.0777 0x1554  [ FCE98C43B5C5DB8E0DA8EA0E2B45E044, 0F6F3FF106015580009776A1F91FD10371BAF229A2A773436A5783F142CC1A0C ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
10:01:53.0807 0x1554  VClone - ok
10:01:53.0827 0x1554  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
10:01:53.0900 0x1554  vds - ok
10:01:53.0944 0x1554  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:01:53.0977 0x1554  vga - ok
10:01:54.0015 0x1554  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:01:54.0041 0x1554  VgaSave - ok
10:01:54.0088 0x1554  [ 949AA00A83B0C4D7A3010035D8AF93D9, D48D08A9A05A2509A851DEC71157A789D54820D0308F3C4C0E818D082540B8CD ] vHidDev         C:\Windows\system32\DRIVERS\vHidDev.sys
10:01:54.0125 0x1554  vHidDev - ok
10:01:54.0145 0x1554  [ 045D9961E591CF0674A920B6BA3BA5CB, EBF498A0424CEA0F7ECBAAE144A8669CE6B5DD67115DE22CEC5A46AED26CD90B ] viaagp          C:\Windows\system32\drivers\viaagp.sys
10:01:54.0151 0x1554  viaagp - ok
10:01:54.0168 0x1554  [ 56A4DE5F02F2E88182B0981119B4DD98, 36FC94BCFD41907838DBCB02E6EA24065FDED4224239CD19E90D14433BE9108B ] ViaC7           C:\Windows\system32\drivers\viac7.sys
10:01:54.0222 0x1554  ViaC7 - ok
10:01:54.0237 0x1554  [ FD2E3175FCADA350C7AB4521DCA187EC, 1C914B184478611A27E0141F90EBC34FC63DFB2A83441DD36DFA43D945FB1C52 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:01:54.0243 0x1554  viaide - ok
10:01:54.0274 0x1554  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:01:54.0280 0x1554  volmgr - ok
10:01:54.0299 0x1554  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:01:54.0321 0x1554  volmgrx - ok
10:01:54.0328 0x1554  [ 147281C01FCB1DF9252DE2A10D5E7093, DF5DCF6FD472F21863DC10B62F7647420B9686607857D08286B618D585E50219 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:01:54.0340 0x1554  volsnap - ok
10:01:54.0360 0x1554  [ D984439746D42B30FC65A4C3546C6829, B134A9890638C2B4964A9C30812A2828A3E0CC641690CBF22D9FCE65EE3C2385 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
10:01:54.0368 0x1554  vsmraid - ok
10:01:54.0407 0x1554  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
10:01:54.0506 0x1554  VSS - ok
10:01:54.0525 0x1554  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
10:01:54.0555 0x1554  W32Time - ok
10:01:54.0571 0x1554  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
10:01:54.0602 0x1554  WacomPen - ok
10:01:54.0628 0x1554  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
10:01:54.0642 0x1554  Wanarp - ok
10:01:54.0645 0x1554  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:01:54.0658 0x1554  Wanarpv6 - ok
10:01:54.0696 0x1554  [ 20B23332885DFB93FE0185362EE811E9, 67B8026E8285FEB6E3939DEEE4E0F2FD0FA0917E0ED0F1FAE56B7841AF74C8F8 ] wbengine        C:\Windows\system32\wbengine.exe
10:01:54.0819 0x1554  wbengine - ok
10:01:54.0838 0x1554  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:01:54.0904 0x1554  wcncsvc - ok
10:01:54.0923 0x1554  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:01:54.0967 0x1554  WcsPlugInService - ok
10:01:54.0980 0x1554  [ AFC5AD65B991C1E205CF25CFDBF7A6F4, 544173AE85A11B99B9221DB30B6803DAEB3EB7FCA57FE62F0D13EF70B9C69A89 ] Wd              C:\Windows\system32\drivers\wd.sys
10:01:54.0986 0x1554  Wd - ok
10:01:55.0039 0x1554  [ D6EFAF429FD30C5DF613D220E344CCE7, 807D4563E8AD4073688691078EB13AF240E14BA5E0C8506A48B3060A20B90082 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam.sys
10:01:55.0095 0x1554  WDC_SAM - ok
10:01:55.0227 0x1554  [ DBBAB783009FBDF69B222641BB7831AE, 44521F9419567EA254E4A3530AF5FF0C2872B4BE9C527ABE39805E179CDE8FF4 ] WDDMService     C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
10:01:55.0276 0x1554  WDDMService - detected UnsignedFile.Multi.Generic ( 1 )
10:01:55.0276 0x1554  WDDMService ( UnsignedFile.Multi.Generic ) - warning
10:01:55.0305 0x1554  [ 9950E3D0F08141C7E89E64456AE7DC73, DE4B96812B305A63F5874BBF2DC40354FB45B3D96C1D33436E677099760BA448 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:01:55.0330 0x1554  Wdf01000 - ok
10:01:55.0369 0x1554  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:01:55.0395 0x1554  WdiServiceHost - ok
10:01:55.0398 0x1554  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:01:55.0418 0x1554  WdiSystemHost - ok
10:01:55.0440 0x1554  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
10:01:55.0465 0x1554  WebClient - ok
10:01:55.0478 0x1554  [ 905214925A88311FCE52F66153DE7610, 5D18C6E835A2EA4108C93D9E6AA976142119860C8FC8ECB2DFA961A241B6E61C ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:01:55.0500 0x1554  Wecsvc - ok
10:01:55.0508 0x1554  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:01:55.0524 0x1554  wercplsupport - ok
10:01:55.0537 0x1554  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:01:55.0560 0x1554  WerSvc - ok
10:01:55.0649 0x1554  [ 319828CB5E92CD4A134340871B71BC15, FB50E9CAC70774F0DA09C6445D8AC7E7AE084E46508FEEC893748CC28248BC87 ] WFLR6654        C:\Windows\system32\drivers\wfeaglxt.sys
10:01:55.0730 0x1554  WFLR6654 - ok
10:01:55.0821 0x1554  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
10:01:55.0833 0x1554  WinDefend - ok
10:01:55.0836 0x1554  WinHttpAutoProxySvc - ok
10:01:55.0890 0x1554  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:01:55.0934 0x1554  Winmgmt - ok
10:01:55.0973 0x1554  [ 01874D4689C212460FBABF0ECD7CB7F7, 8FC46BAD704A1E057DC4A8DC7374AAB93A96CC4A46E06FF9C2E06A6D62820469 ] WinRM           C:\Windows\system32\WsmSvc.dll
10:01:56.0018 0x1554  WinRM - ok
10:01:56.0089 0x1554  [ 766FDCF7E9AED0D0BEF8A36C27D0EF91, 5ADA64CC4A1A42E930C53B52263D200EE421A9F2C785D8D4B2F47E8061E3BEF3 ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:01:56.0182 0x1554  Wlansvc - ok
10:01:56.0226 0x1554  [ 5D410936831F7FB58EFF941EAC3F6D3D, 5A1E769F75562802CC0EAA44215501925EA4C260AD7A975CEE4AB8DCA2BB82C9 ] WmBEnum         C:\Windows\system32\drivers\WmBEnum.sys
10:01:56.0230 0x1554  WmBEnum - ok
10:01:56.0291 0x1554  [ 7A13CFDE92956CA61A0927D766C5AD4F, 96B337903B7E59A7D60FE4A27064A993EF244D3D736016FFC13465C8F44068F8 ] WmFilter        C:\Windows\system32\drivers\WmFilter.sys
10:01:56.0296 0x1554  WmFilter - ok
10:01:56.0352 0x1554  [ 1F596392149CAC51F7C095AF7D533934, 7D8649D951E7719DE49B5E7BA4296A0736753A73FE30A45F96F370ADD81E6B2B ] WmHidLo         C:\Windows\system32\drivers\WmHidLo.sys
10:01:56.0357 0x1554  WmHidLo - ok
10:01:56.0377 0x1554  [ 701A9F884A294327E9141D73746EE279, C8A46B8C32F9EAC7848D385473F6B5C4B6DA719A941A75AD5F081757FC07A09D ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:01:56.0405 0x1554  WmiAcpi - ok
10:01:56.0448 0x1554  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:01:56.0467 0x1554  wmiApSrv - ok
10:01:56.0524 0x1554  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
10:01:56.0613 0x1554  WMPNetworkSvc - ok
10:01:56.0620 0x1554  [ 6F04646BC690F8BBFC344BE32A60796D, DE2B4BE88CE38D6297F58BE2C643A3838C0470E2E3AB6289755E39B5E59061D7 ] WmVirHid        C:\Windows\system32\drivers\WmVirHid.sys
10:01:56.0625 0x1554  WmVirHid - ok
10:01:56.0659 0x1554  [ 1D6CA43D562333F4DFB40BCEF2453F3A, BEEC5587ACE8ABF1DB0B9B68E43B29082AA2F4A6415CEC8536086944D506A704 ] WmXlCore        C:\Windows\system32\drivers\WmXlCore.sys
10:01:56.0665 0x1554  WmXlCore - ok
10:01:56.0670 0x1554  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:01:56.0684 0x1554  WPCSvc - ok
10:01:56.0712 0x1554  [ 396D406292B0CD26E3504FFE82784702, 5F9015BB515AC13D4DFE8F4B532352CF2C5B61DEFD3D0D61BCD82C781D36E7AF ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:01:56.0734 0x1554  WPDBusEnum - ok
10:01:56.0793 0x1554  [ 0CEC23084B51B8288099EB710224E955, E1AAB1E08E1745313D0A149A645AA878148D2DBE5CCC23C4ECCFC5003945C22B ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
10:01:56.0808 0x1554  WpdUsb - ok
10:01:56.0988 0x1554  [ DCF3E3EDF5109EE8BC02FE6E1F045795, 4B8E14B1CFB095982D34DAEC336114F5039D7793080FB787DC95A63B6B945DD0 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:01:57.0024 0x1554  WPFFontCache_v0400 - ok
10:01:57.0062 0x1554  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:01:57.0079 0x1554  ws2ifsl - ok
10:01:57.0090 0x1554  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\system32\wscsvc.dll
10:01:57.0115 0x1554  wscsvc - ok
10:01:57.0117 0x1554  WSearch - ok
10:01:57.0172 0x1554  [ 01E1499A7A4FCA7CDE102B60976544C1, E0DFC8F229A3B9235658DC47237715E41FC71DC6F7C0EBB4FF0C632FCA89FB91 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:01:57.0250 0x1554  wuauserv - ok
10:01:57.0319 0x1554  [ AC13CB789D93412106B0FB6C7EB2BCB6, 8F5B0BD0CBBAB182A400F8994D4727BC0C978D749B6429A2D41B412AE97428B6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:01:57.0383 0x1554  WUDFRd - ok
10:01:57.0444 0x1554  [ 575A4190D989F64732119E4114045A4F, 373C344B106AFDB1E6125A21DFE28CA6CFC77FA87FE904656A4F209DB2ED69C7 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:01:57.0464 0x1554  wudfsvc - ok
10:01:57.0510 0x1554  [ 09E5340BD9B2CB730BF4DC6BE7721291, 785DEFAE550CAB5BDFA15CF195A1DEF5AD188EFEAD2D8B1508972CF892BB75A9 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
10:01:57.0517 0x1554  xusb21 - ok
10:01:57.0575 0x1554  [ 7D1F3B131D503EF43EE594B5A2B9B427, 307DEC572FBC171D68ED098D73CB6F06754F26E51F8F7DB48035A8CF97AB37D0 ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
10:01:57.0622 0x1554  yukonwlh - ok
10:01:57.0711 0x1554  [ 74EC37B9EAF9FCA015B933A526825C7A, E75D73422B4383210F912B424377D5F2DBBF0E9418A2F450636B689572B1B9F6 ] {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
10:01:57.0719 0x1554  {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} - ok
10:01:57.0890 0x1554  [ 965599A634CAC6169A92D98B2305A9BA, 0668073EA7283922F48A24FA6FD34ABE7F451B77F6B749E8DAD30ACB33C358CF ] {C5F942FD-1110-4664-86CE-0C6BDA305235} C:\Program Files\CyberLink\PowerDVD14\Common\NavFilter\000.fcl
10:01:57.0896 0x1554  {C5F942FD-1110-4664-86CE-0C6BDA305235} - ok
10:01:57.0927 0x1554  ================ Scan global ===============================
10:01:57.0960 0x1554  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
10:01:58.0006 0x1554  [ 40864DA48A14EBC68A0D6BFD08BA21EB, EF311D4A937ADE53216949CB2E690582883C30B70BFCB89F82433CA2FBF1E24E ] C:\Windows\system32\winsrv.dll
10:01:58.0025 0x1554  [ 40864DA48A14EBC68A0D6BFD08BA21EB, EF311D4A937ADE53216949CB2E690582883C30B70BFCB89F82433CA2FBF1E24E ] C:\Windows\system32\winsrv.dll
10:01:58.0062 0x1554  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
10:01:58.0079 0x1554  [ Global ] - ok
10:01:58.0079 0x1554  ================ Scan MBR ==================================
10:01:58.0087 0x1554  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
10:01:58.0545 0x1554  \Device\Harddisk0\DR0 - ok
10:01:58.0546 0x1554  ================ Scan VBR ==================================
10:01:58.0547 0x1554  [ DA925D059199B23A8E9631A798ED64B2 ] \Device\Harddisk0\DR0\Partition1
10:01:58.0594 0x1554  \Device\Harddisk0\DR0\Partition1 - ok
10:01:58.0594 0x1554  ================ Scan generic autorun ======================
10:01:58.0726 0x1554  [ 6C1B31F5C16E03153F0037AC6C451FFD, D222F301319C4C809EF66D78F944B0DA279DE5440BFCCF4B2CA95379A585B369 ] C:\Program Files\Alwil Software\Avast5\avastUI.exe
10:01:58.0877 0x1554  avast5 - ok
10:01:58.0937 0x1554  [ 4C66A2BBDB1AF2F28DA74B99531FBCC0, D2D9532B341556EA9251BB245C185EE4728A2A8D5F63C650511C843EF6EBE3C1 ] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
10:01:58.0975 0x1554  Taskbar Shuffle - detected UnsignedFile.Multi.Generic ( 1 )
10:01:58.0975 0x1554  Taskbar Shuffle ( UnsignedFile.Multi.Generic ) - warning
10:01:59.0042 0x1554  [ AFED679D048A7ACC0D6DC63F9DCF1C98, B7880288BD7BA164E2187827FD7018AC67B5474575511C78D2905C111E9E11FC ] C:\Program Files\Griffin Technology\PowerMate\PowerMate.exe
10:01:59.0067 0x1554  PowerMate - detected UnsignedFile.Multi.Generic ( 1 )
10:01:59.0067 0x1554  PowerMate ( UnsignedFile.Multi.Generic ) - warning
10:02:00.0097 0x1554  [ 6A7F0556E9114843EC8BE95A1FA12665, 42D07B2E43EFD378ED56B2989C1BAF3D4115C78C56E58C2EAB9FC14BBCF13730 ] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
10:02:01.0095 0x1554  AnyDVD - ok
10:02:01.0282 0x1554  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\sidebar.exe
10:02:01.0354 0x1554  Sidebar - ok
10:02:01.0358 0x1554  WindowsWelcomeCenter - ok
10:02:01.0426 0x1554  [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
10:02:01.0450 0x1554  ehTray.exe - ok
10:02:01.0505 0x1554  [ 1257DD444BFA310B2C28345640F9D37A, 53B386D9AA87054F0FAEF8A001EA172E07E51909172BBA3B8B65B23C4C64079A ] C:\Program Files\DisplayFusion\DisplayFusion.exe
10:02:01.0530 0x1554  DisplayFusion - ok
10:02:01.0630 0x1554  [ A379B75A6FFE4DFD3184F35F0141CE91, C777B01B4361456D4D829E96723C85CCDC2E3647C4CF25894AC83100552E36AB ] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe
10:02:01.0652 0x1554  ISUSPM Startup - detected UnsignedFile.Multi.Generic ( 1 )
10:02:01.0652 0x1554  ISUSPM Startup ( UnsignedFile.Multi.Generic ) - warning
10:02:01.0662 0x1554  DAEMON Tools Lite - ok
10:02:01.0727 0x1554  Google Update - ok
10:02:01.0773 0x1554  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\sidebar.exe
10:02:01.0835 0x1554  Sidebar - ok
10:02:01.0843 0x1554  [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
10:02:01.0855 0x1554  ehTray.exe - ok
10:02:01.0869 0x1554  [ 1257DD444BFA310B2C28345640F9D37A, 53B386D9AA87054F0FAEF8A001EA172E07E51909172BBA3B8B65B23C4C64079A ] C:\Program Files\DisplayFusion\DisplayFusion.exe
10:02:01.0885 0x1554  DisplayFusion - ok
10:02:01.0891 0x1554  [ A379B75A6FFE4DFD3184F35F0141CE91, C777B01B4361456D4D829E96723C85CCDC2E3647C4CF25894AC83100552E36AB ] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe
10:02:01.0900 0x1554  ISUSPM Startup - detected UnsignedFile.Multi.Generic ( 1 )
10:02:01.0900 0x1554  ISUSPM Startup ( UnsignedFile.Multi.Generic ) - warning
10:02:01.0900 0x1554  Force sending object to P2P due to detect: c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe
10:02:01.0901 0x1554  Object send P2P result: false
10:02:01.0902 0x1554  DAEMON Tools Lite - ok
10:02:01.0903 0x1554  Google Update - ok
10:02:02.0036 0x1554  AV detected via SS2: , C:\Program Files\Alwil Software\Avast5\VisthAux.exe ( 5.0.121.0 ), 0x41010 ( enabled : outofdate )
10:02:02.0065 0x1554  Win FW state via NFP2: disabled ( not trusted )
10:02:02.0065 0x1554  ============================================================
10:02:02.0065 0x1554  Scan finished
10:02:02.0065 0x1554  ============================================================
10:02:02.0072 0x08f0  Detected object count: 23
10:02:02.0073 0x08f0  Actual detected object count: 23
10:03:32.0101 0x08f0  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:03:32.0101 0x08f0  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:03:32.0101 0x08f0  aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
10:03:32.0101 0x08f0  aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:03:32.0102 0x08f0  Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:03:32.0102 0x08f0  Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:03:32.0103 0x08f0  AVerRemote ( UnsignedFile.Multi.Generic ) - skipped by user
10:03:32.0103 0x08f0  AVerRemote ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:03:32.0104 0x08f0  AVerScheduleService ( UnsignedFile.Multi.Generic ) - skipped by user
10:03:32.0104 0x08f0  AVerScheduleService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:03:32.0104 0x08f0  CyberLink PowerDVD 14 Media Server Monitor Service ( LockedFile.Multi.Generic ) - skipped by user
10:03:32.0104 0x08f0  CyberLink PowerDVD 14 Media Server Monitor Service ( LockedFile.Multi.Generic ) - User select action: Skip 
10:03:32.0105 0x08f0  CyberLink PowerDVD 14 Media Server Service ( LockedFile.Multi.Generic ) - skipped by user
10:03:32.0105 0x08f0  CyberLink PowerDVD 14 Media Server Service ( LockedFile.Multi.Generic ) - User select action: Skip 
10:03:32.0106 0x08f0  dvd43llh ( UnsignedFile.Multi.Generic ) - skipped by user
10:03:32.0106 0x08f0  dvd43llh ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:03:32.0106 0x08f0  ElbyCDFL ( UnsignedFile.Multi.Generic ) - skipped by user
10:03:32.0106 0x08f0  ElbyCDFL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:03:32.0107 0x08f0  giveio ( UnsignedFile.Multi.Generic ) - skipped by user
10:03:32.0107 0x08f0  giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:03:32.0107 0x08f0  Haspnt ( UnsignedFile.Multi.Generic ) - skipped by user
10:03:32.0107 0x08f0  Haspnt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:03:32.0108 0x08f0  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
10:03:32.0108 0x08f0  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:03:32.0108 0x08f0  MDM ( UnsignedFile.Multi.Generic ) - skipped by user
10:03:32.0108 0x08f0  MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:03:32.0109 0x08f0  mi-raysat_3dsmax9_32 ( UnsignedFile.Multi.Generic ) - skipped by user
10:03:32.0109 0x08f0  mi-raysat_3dsmax9_32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:03:32.0110 0x08f0  pfc ( UnsignedFile.Multi.Generic ) - skipped by user
10:03:32.0110 0x08f0  pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:03:32.0110 0x08f0  sptd ( LockedFile.Multi.Generic ) - skipped by user
10:03:32.0110 0x08f0  sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
10:03:32.0111 0x08f0  tapvpn ( UnsignedFile.Multi.Generic ) - skipped by user
10:03:32.0111 0x08f0  tapvpn ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:03:32.0111 0x08f0  ULCDRHlp ( UnsignedFile.Multi.Generic ) - skipped by user
10:03:32.0111 0x08f0  ULCDRHlp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:03:32.0112 0x08f0  WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
10:03:32.0112 0x08f0  WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:03:32.0112 0x08f0  Taskbar Shuffle ( UnsignedFile.Multi.Generic ) - skipped by user
10:03:32.0112 0x08f0  Taskbar Shuffle ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:03:32.0113 0x08f0  PowerMate ( UnsignedFile.Multi.Generic ) - skipped by user
10:03:32.0113 0x08f0  PowerMate ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:03:32.0124 0x08f0  ISUSPM Startup ( UnsignedFile.Multi.Generic ) - skipped by user
10:03:32.0124 0x08f0  ISUSPM Startup ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:03:32.0125 0x08f0  ISUSPM Startup ( UnsignedFile.Multi.Generic ) - skipped by user
10:03:32.0125 0x08f0  ISUSPM Startup ( UnsignedFile.Multi.Generic ) - User select action: Skip 
 


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:50 PM

Posted 26 October 2015 - 06:13 PM

Please post the roguekiller log as well. :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Jmanm

Jmanm
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 26 October 2015 - 07:02 PM

RogueKiller V10.11.3.0 [Oct 26 2015] (Free) by Adlice Software
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : ADMIN [Administrator]
Started from : C:\Users\ADMIN\Desktop\RogueKiller.exe
Mode : Scan -- Date : 10/27/2015 10:59:27
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 28 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {21FA44EF-376D-4D53-9B0F-8A89D3229068} :   -> Found
[PUP] HKEY_USERS\S-1-5-21-2606750954-2960185786-120283809-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {21FA44EF-376D-4D53-9B0F-8A89D3229068} :   -> Found
[Suspicious.Path|Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswMBR (\??\C:\Users\ADMIN\AppData\Local\Temp\aswMBR.sys) -> Found
[Suspicious.Path|Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswVmm (\??\C:\Users\ADMIN\AppData\Local\Temp\aswVmm.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswMBR (\??\C:\Users\ADMIN\AppData\Local\Temp\aswMBR.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswVmm (\??\C:\Users\ADMIN\AppData\Local\Temp\aswVmm.sys) -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 198.142.0.51 211.29.132.12 ([X][X])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 198.142.0.51 211.29.132.12 ([X][X])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 198.142.0.51 211.29.132.12 ([X][X])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{902F749D-5756-4663-96A3-2040302111EC} | DhcpNameServer : 198.142.0.51 211.29.132.12 ([X][X])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A63BE1F3-9095-4AB5-B762-F6D212DFA0B8} | DhcpNameServer : 198.142.0.51 211.29.132.12 ([X][X])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A9C79985-E763-42E7-80D2-66A79EAE6DB6} | DhcpNameServer : 198.142.0.51 211.29.132.12 ([X][X])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FD8BD12A-F606-41D4-A02E-C43B2DB485BE} | DhcpNameServer : 61.9.133.193 61.9.134.49 ([X][-])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{902F749D-5756-4663-96A3-2040302111EC} | DhcpNameServer : 198.142.0.51 211.29.132.12 ([X][X])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A63BE1F3-9095-4AB5-B762-F6D212DFA0B8} | DhcpNameServer : 198.142.0.51 211.29.132.12 ([X][X])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A9C79985-E763-42E7-80D2-66A79EAE6DB6} | DhcpNameServer : 198.142.0.51 211.29.132.12 ([X][X])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FD8BD12A-F606-41D4-A02E-C43B2DB485BE} | DhcpNameServer : 61.9.133.193 61.9.134.49 ([X][-])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{902F749D-5756-4663-96A3-2040302111EC} | DhcpNameServer : 198.142.0.51 211.29.132.12 ([X][X])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{A63BE1F3-9095-4AB5-B762-F6D212DFA0B8} | DhcpNameServer : 198.142.0.51 211.29.132.12 ([X][X])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{A9C79985-E763-42E7-80D2-66A79EAE6DB6} | DhcpNameServer : 198.142.0.51 211.29.132.12 ([X][X])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{FD8BD12A-F606-41D4-A02E-C43B2DB485BE} | DhcpNameServer : 61.9.133.193 61.9.134.49 ([X][-])  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2606750954-2960185786-120283809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2606750954-2960185786-120283809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2606750954-2960185786-120283809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2606750954-2960185786-120283809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2606750954-2960185786-120283809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2606750954-2960185786-120283809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2606750954-2960185786-120283809-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 3 ¤¤¤
[PUP][Folder] C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> Found
[PUP][Folder] C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> Found
[PUP][Folder] C:\Program Files\FreeRIP -> Found
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
 
¤¤¤ Antirootkit : 8 (Driver: Loaded) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x41e0f2923f000000
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x41e0f2923f000000
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x41e0f2923f000000
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x41e0f2923f000000
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x41e0f2923f000000
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x41e0f2923f000000
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x41e0f2923f000000
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\System32\Drivers\AnyDVD.sys)
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 5bc3cf817cc7226525e81e605c87ac84
[BSP] cec0b08ad95fed517837a6d2bc99a7c7 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 305243 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:50 PM

Posted 27 October 2015 - 03:54 AM

Hi,

I want to see the rougekiller-log with the sinowall detection please.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Jmanm

Jmanm
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 28 October 2015 - 08:16 AM

Hi,

I want to see the rougekiller-log with the sinowall detection please.

Hi,

I'm note sure why but with every scan it does not show it any more, I'm not sure what to do? Sorry.



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:50 PM

Posted 28 October 2015 - 03:44 PM

Please search here for the log with the detection:

 

C:\ProgramData\RogueKiller\Logs


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 Jmanm

Jmanm
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 28 October 2015 - 05:08 PM

Here is what the 1st log looks like:

 

{
    "header": {
        "program": {
            "project": "RogueKiller",
            "version": "10.11.2.0",
            "x64": false,
            "date": "Oct 20 2015",
            "contact": "http://www.adlice.com/contact/",
            "feedback": "http://forum.adlice.com",
            "website": "http://www.adlice.com/software/roguekiller/",
            "blog": "http://www.adlice.com"
        },
        "environment": {
            "operating_system": "Windows Vista (6.0.6002 Service Pack 2) 32 bits version",
            "boot": 1,
            "winpe": false,
            "user": "ADMIN",
            "user_admin": true,
            "program_location": "C:\\Users\\ADMIN\\Desktop\\RogueKiller.exe",
            "x64": false
        },
        "report": {
            "type": 2,
            "aborted": false,
            "date": "10/25/2015 12:15:57",
            "switches": 0,
            "debug": false
        }
    },
    "information": {
        "processes": [
            {
                "name": "[System Process]",
                "name_parent": "",
                "pid": 0,
                "path": "",
                "command_line": "",
                "pid_parent": 0,
                "path_parent": ""
            },
            {
                "name": "System",
                "name_parent": "",
                "pid": 4,
                "path": "",
                "command_line": "",
                "pid_parent": 0,
                "path_parent": ""
            },
            {
                "name": "smss.exe",
                "name_parent": "",
                "pid": 404,
                "path": "C:\\Windows\\System32\\smss.exe",
                "command_line": "",
                "pid_parent": 4,
                "path_parent": ""
            },
            {
                "name": "csrss.exe",
                "name_parent": "",
                "pid": 464,
                "path": "C:\\Windows\\System32\\csrss.exe",
                "command_line": "",
                "pid_parent": 452,
                "path_parent": ""
            },
            {
                "name": "csrss.exe",
                "name_parent": "",
                "pid": 500,
                "path": "C:\\Windows\\System32\\csrss.exe",
                "command_line": "",
                "pid_parent": 492,
                "path_parent": ""
            },
            {
                "name": "wininit.exe",
                "name_parent": "",
                "pid": 508,
                "path": "C:\\Windows\\System32\\wininit.exe",
                "command_line": "",
                "pid_parent": 452,
                "path_parent": ""
            },
            {
                "name": "winlogon.exe",
                "name_parent": "",
                "pid": 552,
                "path": "C:\\Windows\\System32\\winlogon.exe",
                "command_line": "",
                "pid_parent": 492,
                "path_parent": ""
            },
            {
                "name": "services.exe",
                "name_parent": "wininit.exe",
                "pid": 580,
                "path": "C:\\Windows\\System32\\services.exe",
                "command_line": "",
                "pid_parent": 508,
                "path_parent": "C:\\Windows\\System32\\wininit.exe"
            },
            {
                "name": "lsass.exe",
                "name_parent": "wininit.exe",
                "pid": 608,
                "path": "C:\\Windows\\System32\\lsass.exe",
                "command_line": "",
                "pid_parent": 508,
                "path_parent": "C:\\Windows\\System32\\wininit.exe"
            },
            {
                "name": "lsm.exe",
                "name_parent": "wininit.exe",
                "pid": 616,
                "path": "C:\\Windows\\System32\\lsm.exe",
                "command_line": "",
                "pid_parent": 508,
                "path_parent": "C:\\Windows\\System32\\wininit.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 636,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "",
                "pid_parent": 580,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 644,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "",
                "pid_parent": 580,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 812,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "",
                "pid_parent": 580,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 868,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "",
                "pid_parent": 580,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 904,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "",
                "pid_parent": 580,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 956,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "",
                "pid_parent": 580,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "explorer.exe",
                "name_parent": "",
                "pid": 1152,
                "path": "C:\\Windows\\explorer.exe",
                "command_line": "",
                "pid_parent": 1144,
                "path_parent": ""
            },
            {
                "name": "RogueKiller.exe",
                "name_parent": "Explorer.EXE",
                "pid": 1984,
                "path": "C:\\Users\\ADMIN\\Desktop\\RogueKiller.exe",
                "command_line": "",
                "pid_parent": 1152,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "WMIADAP.exe",
                "name_parent": "svchost.exe",
                "pid": 2036,
                "path": "\\\\?\\C:\\Windows\\System32\\wbem\\WMIADAP.exe",
                "command_line": "",
                "pid_parent": 956,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "WmiPrvSE.exe",
                "name_parent": "svchost.exe",
                "pid": 436,
                "path": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",
                "command_line": "",
                "pid_parent": 812,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            }
        ]
    },
    "results": {
        "processes": [],
        "modules": [],
        "services": [],
        "registry": [
            {
                "scan_what": 1,
                "scan_how": [
                    10
                ],
                "scan_how_trigger": 10,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "198.142.0.51 211.29.132.12",
                "path": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{902F749D-5756-4663-96A3-2040302111EC}",
                "extra": "[X][X]",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Not selected",
                "status_choice": 1,
                "status_removed": 0
            },
            {
                "scan_what": 1,
                "scan_how": [
                    10
                ],
                "scan_how_trigger": 10,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "198.142.0.51 211.29.132.12",
                "path": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{A63BE1F3-9095-4AB5-B762-F6D212DFA0B8}",
                "extra": "[X][X]",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Not selected",
                "status_choice": 1,
                "status_removed": 0
            },
            {
                "scan_what": 1,
                "scan_how": [
                    10
                ],
                "scan_how_trigger": 10,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "198.142.0.51 211.29.132.12",
                "path": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{A9C79985-E763-42E7-80D2-66A79EAE6DB6}",
                "extra": "[X][X]",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Not selected",
                "status_choice": 1,
                "status_removed": 0
            },
            {
                "scan_what": 1,
                "scan_how": [
                    10
                ],
                "scan_how_trigger": 10,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "61.9.133.193 61.9.134.49",
                "path": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{FD8BD12A-F606-41D4-A02E-C43B2DB485BE}",
                "extra": "[X][-]",
                "files_status": "",
                "vtscore": 0,
                "files": [],
                "status_str": "Not selected",
                "status_choice": 1,
                "status_removed": 0
            },
            {
                "scan_what": 1,
                "scan_how": [
                    10
                ],
                "scan_how_trigger": 10,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "198.142.0.51 211.29.132.12",
                "path": "HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services\\Tcpip\\Parameters\\Interfaces\\{902F749D-5756-4663-96A3-2040302111EC}",
                "extra": "[X][X]",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Not selected",
                "status_choice": 1,
                "status_removed": 0
            },
            {
                "scan_what": 1,
                "scan_how": [
                    10
                ],
                "scan_how_trigger": 10,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "198.142.0.51 211.29.132.12",
                "path": "HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services\\Tcpip\\Parameters\\Interfaces\\{A63BE1F3-9095-4AB5-B762-F6D212DFA0B8}",
                "extra": "[X][X]",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Not selected",
                "status_choice": 1,
                "status_removed": 0
            },
            {
                "scan_what": 1,
                "scan_how": [
                    10
                ],
                "scan_how_trigger": 10,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "198.142.0.51 211.29.132.12",
                "path": "HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services\\Tcpip\\Parameters\\Interfaces\\{A9C79985-E763-42E7-80D2-66A79EAE6DB6}",
                "extra": "[X][X]",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Not selected",
                "status_choice": 1,
                "status_removed": 0
            },
            {
                "scan_what": 1,
                "scan_how": [
                    10
                ],
                "scan_how_trigger": 10,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "61.9.133.193 61.9.134.49",
                "path": "HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services\\Tcpip\\Parameters\\Interfaces\\{FD8BD12A-F606-41D4-A02E-C43B2DB485BE}",
                "extra": "[X][-]",
                "files_status": "",
                "vtscore": 0,
                "files": [],
                "status_str": "Not selected",
                "status_choice": 1,
                "status_removed": 0
            },
            {
                "scan_what": 1,
                "scan_how": [
                    10
                ],
                "scan_how_trigger": 10,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "198.142.0.51 211.29.132.12",
                "path": "HKEY_LOCAL_MACHINE\\System\\ControlSet003\\Services\\Tcpip\\Parameters\\Interfaces\\{902F749D-5756-4663-96A3-2040302111EC}",
                "extra": "[X][X]",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Not selected",
                "status_choice": 1,
                "status_removed": 0
            },
            {
                "scan_what": 1,
                "scan_how": [
                    10
                ],
                "scan_how_trigger": 10,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "198.142.0.51 211.29.132.12",
                "path": "HKEY_LOCAL_MACHINE\\System\\ControlSet003\\Services\\Tcpip\\Parameters\\Interfaces\\{A63BE1F3-9095-4AB5-B762-F6D212DFA0B8}",
                "extra": "[X][X]",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Not selected",
                "status_choice": 1,
                "status_removed": 0
            },
            {
                "scan_what": 1,
                "scan_how": [
                    10
                ],
                "scan_how_trigger": 10,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "198.142.0.51 211.29.132.12",
                "path": "HKEY_LOCAL_MACHINE\\System\\ControlSet003\\Services\\Tcpip\\Parameters\\Interfaces\\{A9C79985-E763-42E7-80D2-66A79EAE6DB6}",
                "extra": "[X][X]",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Not selected",
                "status_choice": 1,
                "status_removed": 0
            },
            {
                "scan_what": 1,
                "scan_how": [
                    10
                ],
                "scan_how_trigger": 10,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "61.9.133.193 61.9.134.49",
                "path": "HKEY_LOCAL_MACHINE\\System\\ControlSet003\\Services\\Tcpip\\Parameters\\Interfaces\\{FD8BD12A-F606-41D4-A02E-C43B2DB485BE}",
                "extra": "[X][-]",
                "files_status": "",
                "vtscore": 0,
                "files": [],
                "status_str": "Not selected",
                "status_choice": 1,
                "status_removed": 0
            }
        ],
        "tasks": [
            {
                "scan_what": 0,
                "scan_how": [
                    1
                ],
                "vendors": [
                    "Suspicious.Path"
                ],
                "parent_folder": "",
                "name": "GoogleUpdateTaskUserS-1-5-21-2606750954-2960185786-120283809-1000Core1ceac925c26a410.job",
                "path": "%WINDIR%\\Tasks\\GoogleUpdateTaskUserS-1-5-21-2606750954-2960185786-120283809-1000Core1ceac925c26a410.job",
                "application_path": "C:\\Users\\ADMIN\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe",
                "application_args": "/c",
                "vtscore": -2,
                "status_str": "Not selected",
                "status_choice": 1,
                "status_removed": 0
            },
            {
                "scan_what": 0,
                "scan_how": [
                    1
                ],
                "vendors": [
                    "Suspicious.Path"
                ],
                "parent_folder": "",
                "name": "GoogleUpdateTaskUserS-1-5-21-2606750954-2960185786-120283809-1000Core1d063d0eb5c89d9.job",
                "path": "%WINDIR%\\Tasks\\GoogleUpdateTaskUserS-1-5-21-2606750954-2960185786-120283809-1000Core1d063d0eb5c89d9.job",
                "application_path": "C:\\Users\\ADMIN\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe",
                "application_args": "/c",
                "vtscore": -2,
                "status_str": "Not selected",
                "status_choice": 1,
                "status_removed": 0
            },
            {
                "scan_what": 0,
                "scan_how": [
                    1
                ],
                "vendors": [
                    "Suspicious.Path"
                ],
                "parent_folder": "",
                "name": "GoogleUpdateTaskUserS-1-5-21-2606750954-2960185786-120283809-1000Core1d0cacf5d37c750.job",
                "path": "%WINDIR%\\Tasks\\GoogleUpdateTaskUserS-1-5-21-2606750954-2960185786-120283809-1000Core1d0cacf5d37c750.job",
                "application_path": "C:\\Users\\ADMIN\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe",
                "application_args": "/c",
                "vtscore": -2,
                "status_str": "Not selected",
                "status_choice": 1,
                "status_removed": 0
            },
            {
                "scan_what": 0,
                "scan_how": [
                    1
                ],
                "vendors": [
                    "Suspicious.Path"
                ],
                "parent_folder": "",
                "name": "GoogleUpdateTaskUserS-1-5-21-2606750954-2960185786-120283809-1000Core1d10bf05f291700.job",
                "path": "%WINDIR%\\Tasks\\GoogleUpdateTaskUserS-1-5-21-2606750954-2960185786-120283809-1000Core1d10bf05f291700.job",
                "application_path": "C:\\Users\\ADMIN\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe",
                "application_args": "/c",
                "vtscore": -2,
                "status_str": "Not selected",
                "status_choice": 1,
                "status_removed": 0
            },
            {
                "scan_what": 0,
                "scan_how": [
                    1
                ],
                "vendors": [
                    "Suspicious.Path"
                ],
                "parent_folder": "",
                "name": "GoogleUpdateTaskUserS-1-5-21-2606750954-2960185786-120283809-1000UA.job",
                "path": "%WINDIR%\\Tasks\\GoogleUpdateTaskUserS-1-5-21-2606750954-2960185786-120283809-1000UA.job",
                "application_path": "C:\\Users\\ADMIN\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe",
                "application_args": "/ua /installsource scheduler",
                "vtscore": -2,
                "status_str": "Not selected",
                "status_choice": 1,
                "status_removed": 0
            }
        ],
        "filesystem": [],
        "hosts": {
            "is_too_big": false,
            "lines": [
                {
                    "scan_what": 0,
                    "scan_how": [],
                    "vendors": [],
                    "line": "127.0.0.1 \tlocalhost",
                    "path": "C:\\Windows\\System32\\drivers\\etc\\hosts",
                    "status_str": "",
                    "status_malicious": false,
                    "status_choice": 1,
                    "status_removed": 0
                }
            ]
        },
        "antirootkit": {
            "is_driver_loaded": false,
            "driver_error": 3221226335,
            "results": []
        },
        "web_browsers": [],
        "disk": {
            "results": [
                {
                    "scan_what": 1,
                    "scan_how": [],
                    "vendors": [
                        "Root.Sinowal"
                    ],
                    "physical_drive": 0,
                    "physical_drive_str": "",
                    "physical_drive_serial": "     WD-WMAT10709242",
                    "physical_drive_manufacturer": "",
                    "status_str": "Deleted",
                    "status_malicious": true,
                    "status_choice": 2,
                    "status_removed": 1
                }
            ],
            "mbr": "+++++ PhysicalDrive0:  +++++\n--- User ---\n[MBR] 5bc3cf817cc7226525e81e605c87ac84\n[BSP] cec0b08ad95fed517837a6d2bc99a7c7 : HP MBR Code\nPartition table:\n0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 305243 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\nUser != LL1 ... KO!\n--- LL1 ---\n[MBR] 3d6df1d499aa483a9c4d92dc195663c9\n[BSP] edc45346e619eb709fc27566b48b0650 : Root.Sinowal MBR Code [Malware!]\nPartition table:\n0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 305243 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\nUser != LL2 ... KO!\n--- LL2 ---\n[MBR] 3d6df1d499aa483a9c4d92dc195663c9\n[BSP] edc45346e619eb709fc27566b48b0650 : Root.Sinowal MBR Code [Malware!]\nPartition table:\n0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 305243 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n\n"
        }
    }
}


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:50 PM

Posted 28 October 2015 - 05:28 PM

Step 1

Download mbar.PNGMalwarebytes Anti-Rootkit to your Desktop.

  • Double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"

mbar.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 Jmanm

Jmanm
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 28 October 2015 - 06:47 PM

Hi,

No malware was detected.



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:50 PM

Posted 28 October 2015 - 06:49 PM

Please post the log as instructed.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 Jmanm

Jmanm
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 28 October 2015 - 06:53 PM

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2015.10.28.06
  rootkit: v2015.10.28.01
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.17184
ADMIN :: ADMIN-PC [administrator]
 
29/10/2015 10:28:10 AM
mbar-log-2015-10-29 (10-28-10).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 436594
Time elapsed: 16 minute(s), 34 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:50 PM

Posted 28 October 2015 - 06:55 PM

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
    Copy and paste the contents of that logfile in your next reply.

Step 2

emsisoft_emergency_kit.pnglogo.png

  • Download EEK and extract the contents to C:\
  • Double-click the desktop-shortcut to start the tool.
  • Click in the following update-screen "Yes" to obtain the latest malware definitions.
  • Once the update is complete click "Scan".
  • Enable "PUPs" detection (1) and click on "Malware Scan" (2).
  • If adware/malware was detected, make sure to check all the items and click "Quarantine selected" (1) and afterwards "view report" (2).
  • Please paste the content of the report in your next reply.

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

Edited by deeprybka, 28 October 2015 - 06:55 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 Jmanm

Jmanm
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 28 October 2015 - 07:42 PM

When trying to extract EKK, it says: Some installation files are corrupt. Please download a fresh copy and retry the installation.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users