Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Thousands of Compromised WordPress Sites Redirect to Tech Support Scams

Featured Deal: Get 96% off a Xamarin Cross Platform Development Bundle Deal

Photo

ShwSSDT:Addr (Hook.Shadow) / PUM.Dns. MBR virus/rootkit/bootkit/not sure

Started by Big Ben , Nov 14 2015 02:46 PM

  • This topic is locked This topic is locked
6 replies to this topic

#1 Big Ben

Big Ben

  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:08:16 AM

Posted 14 November 2015 - 02:46 PM

Posted Today, 01:42 PM

I need help to remove whatever is affecting my computer. I suspect it is some sort of MBR virus/rootkit/bootkit. I have Windows Vista home basic service pack 2 installed. My other computer was infected with something which I am quite sure has found its way onto this computer.

 

I had reformatted the other one twice and it kept coming back. Whenever I loaded an internet browser the computer would go white screen, grey screen or sometimes a light blue screen and there would be no mouse cursor and I would have to reboot. I thought I was making progress with scanners I downloaded from this computer and then after one reboot suddenly I could not open the start menu and the icons on the desktop were no longer opening programs and had different pictures. I finally sent that one in to be fixed since I don't know how to remove stuff that is escaping formatting.

 

I've downloaded multiple programs I found on this website to try to fix it myself but it hasn't worked cause well I don't know enough.

 

Using roguekiller I found 6 PUM.Dns entries :

PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 64.59.176.14 64.59.177.228 ([CANADA (CA)][CANADA (CA)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 64.59.176.14 64.59.177.228 ([CANADA (CA)][CANADA (CA)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 64.59.176.14 64.59.177.228 ([CANADA (CA)][CANADA (CA)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DFEC8990-A25D-4F2B-8630-CDE3A1D61407} | DhcpNameServer : 64.59.176.14 64.59.177.228 ([CANADA (CA)][CANADA (CA)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DFEC8990-A25D-4F2B-8630-CDE3A1D61407} | DhcpNameServer : 64.59.176.14 64.59.177.228 ([CANADA (CA)][CANADA (CA)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{DFEC8990-A25D-4F2B-8630-CDE3A1D61407} | DhcpNameServer : 64.59.176.14 64.59.177.228 ([CANADA (CA)][CANADA (CA)])  -> Found

 

and this:

 

¤¤¤ Antirootkit : 2 (Driver: Loaded) ¤¤¤
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[573] : Unknown @ 0x41e4ec10cfc00000
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[576] : Unknown @ 0x41e4ec10d0600000

 

I've tried Avast antirootkit, TDSS rootkit removal, Malwarebytes Antri-Malware removal, Avira Launcher, Panda Free antivirus (had this installed already before hand).

 

TDSS removed something but no longer finds anything, same with Malwarebytes.

 

I've run roguekiller in safemode and have had it come up finding nothing, then when not in safemode it keepds finding the above 6 PUM.Dns findings and the 2 Antirootkit findings. In order to run some of these programs I had to change their name on my desktop. Their icons have that red/green/blue.yellow shield on their shortcut image.

 

I am worried that maybe the router was infected, or even maybe it transferred via a usb when i was trying to make a rescue cd/usb for the original computer.

 

I am just worried that when I get my main computer back this one will just reinfect it somehow or the router will.

Attached Files


Edited by Big Ben, 14 November 2015 - 03:40 PM.

BC AdBot (Login to Remove)

 

#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:05:16 PM

Posted 14 November 2015 - 07:04 PM

Hi Big Ben,

Multiple Anti-virus Programs
You are operating your computer with multiple Anti-virus and Firewall programs installed:
--------
Panda Free Antivirus (Enabled - Up to date) + Panda Firewall (Disabled)
Windows Firewall is enabled.
Avira Antivirus (Enabled - Up to date)
--------
Anti-virus programs and firewalls take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please remove one of them NOW.

====================================================================================

Using the Add/Remove Programs and Features remove these programs in bold

Panda Cloud Cleaner
Kaspersky Lab
Panda Security Toolbar
C:\Program Files\Spybot - Search & Destroy

 

And PC restart.

=====================================================================================

Step 1:

  • Please download rkill (Courtesy of Bleepingcomputer.com).
  • There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
  • Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
  • Note: You only need to get one of the tools to run, not all of them.

1. rkill.exe

2. rkill.com

3. rkill.scr

4. WiNlOgOn.exe

5. uSeRiNiT.exe

 

Step 2:

Run TDSSKiller by Kaspersky

  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply even if no threats are found.

-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".
 

Step 3:

 

RogueKiller by Tigzy

  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 

#3 Big Ben

Big Ben
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:08:16 AM

Posted 15 November 2015 - 04:17 AM

Followed instructions step by step here is the first report:

 

02:58:04.0443 0x166c  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
02:58:14.0953 0x166c  ============================================================
02:58:14.0953 0x166c  Current date / time: 2015/11/15 02:58:14.0953
02:58:14.0953 0x166c  SystemInfo:
02:58:14.0953 0x166c  
02:58:14.0953 0x166c  OS Version: 6.0.6002 ServicePack: 2.0
02:58:14.0953 0x166c  Product type: Workstation
02:58:14.0953 0x166c  ComputerName: KAYLA-PC
02:58:14.0953 0x166c  UserName: Kayla
02:58:14.0953 0x166c  Windows directory: C:\Windows
02:58:14.0953 0x166c  System windows directory: C:\Windows
02:58:14.0953 0x166c  Processor architecture: Intel x86
02:58:14.0953 0x166c  Number of processors: 2
02:58:14.0953 0x166c  Page size: 0x1000
02:58:14.0953 0x166c  Boot type: Normal boot
02:58:14.0953 0x166c  ============================================================
02:58:20.0753 0x166c  KLMD registered as C:\Windows\system32\drivers\37434196.sys
02:58:21.0279 0x166c  System UUID: {7B00E99B-FCEB-C199-D1F9-F4A03A032C30}
02:58:22.0817 0x166c  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:58:22.0847 0x166c  ============================================================
02:58:22.0847 0x166c  \Device\Harddisk0\DR0:
02:58:22.0865 0x166c  MBR partitions:
02:58:22.0865 0x166c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x38C14FF8
02:58:22.0865 0x166c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38C15800, BlocksNum 0x176F800
02:58:22.0865 0x166c  ============================================================
02:58:23.0117 0x166c  C: <-> \Device\Harddisk0\DR0\Partition1
02:58:23.0284 0x166c  K: <-> \Device\Harddisk0\DR0\Partition2
02:58:23.0284 0x166c  ============================================================
02:58:23.0284 0x166c  Initialize success
02:58:23.0284 0x166c  ============================================================
02:59:18.0245 0x15c0  ============================================================
02:59:18.0245 0x15c0  Scan started
02:59:18.0245 0x15c0  Mode: Manual;
02:59:18.0245 0x15c0  ============================================================
02:59:18.0245 0x15c0  KSN ping started
02:59:29.0603 0x15c0  KSN ping finished: true
02:59:33.0600 0x15c0  ================ Scan system memory ========================
02:59:33.0600 0x15c0  System memory - ok
02:59:33.0600 0x15c0  ================ Scan services =============================
02:59:35.0832 0x15c0  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
02:59:35.0837 0x15c0  ACPI - ok
02:59:36.0457 0x15c0  [ 5DB2C6B908C50767E2EDAA294A7566B5, 13AE4879D679BB0C6B2A5A5B13910359815A9D2E569BC1DE740B5A387A78CF33 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
02:59:36.0458 0x15c0  AdobeARMservice - ok
02:59:36.0568 0x15c0  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB, 0342700760874683A6DF4F149DACACEF0569D40C45FC5958C67100B3C5D9BBBC ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
02:59:36.0575 0x15c0  adp94xx - ok
02:59:36.0632 0x15c0  [ B84088CA3CDCA97DA44A984C6CE1CCAD, 87009809FB101BF51483FA32318CBCD209386582880C82417BE4FFAD1B04C8C1 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
02:59:36.0636 0x15c0  adpahci - ok
02:59:36.0709 0x15c0  [ 7880C67BCCC27C86FD05AA2AFB5EA469, C8B06E203EEA6EAD19651F212432005ABADFF21E2AA5699E34040527394F2677 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
02:59:36.0710 0x15c0  adpu160m - ok
02:59:36.0736 0x15c0  [ 9AE713F8E30EFC2ABCCD84904333DF4D, B0C7801AC6E0811C38F0474703F34283914C8873D851F59EE232834F7C0D8087 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
02:59:36.0739 0x15c0  adpu320 - ok
02:59:36.0818 0x15c0  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
02:59:36.0819 0x15c0  AeLookupSvc - ok
02:59:37.0015 0x15c0  [ 4A0978779958D8FE8F5849F452BCC812, C57002A721F3DCAFB00CF4DEC57E9E761393BDB471ACEAFFDBD1ABA9AE308598 ] AFD             C:\Windows\system32\drivers\afd.sys
02:59:37.0020 0x15c0  AFD - ok
02:59:37.0103 0x15c0  [ EF23439CDD587F64C2C1B8825CEAD7D8, 762665CFC202B3E16CA2338887896FDF996331A363DC709F1EC088BF927133A3 ] agp440          C:\Windows\system32\drivers\agp440.sys
02:59:37.0104 0x15c0  agp440 - ok
02:59:37.0230 0x15c0  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
02:59:37.0232 0x15c0  aic78xx - ok
02:59:37.0308 0x15c0  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
02:59:37.0310 0x15c0  ALG - ok
02:59:37.0356 0x15c0  [ 90395B64600EBB4552E26E178C94B2E4, 73095893964DC7915983B58A567184FC51949C99341E7E0D04D70CC4C4F95E37 ] aliide          C:\Windows\system32\drivers\aliide.sys
02:59:37.0356 0x15c0  aliide - ok
02:59:37.0557 0x15c0  [ F9491B157A8CD70557745FA0312C1EEE, CA91E1E136ED6AE3E16883E465D4AEB47260416ABCF14D58ADB395AE2368B418 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
02:59:37.0560 0x15c0  AMD External Events Utility - ok
02:59:37.0629 0x15c0  [ 2B13E304C9DFDFA5EB582F6A149FA2C7, 196CCE13E0376526B79D9C43D4071990576C4DD210A48E9E922B438AA11C95E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
02:59:37.0630 0x15c0  amdagp - ok
02:59:37.0703 0x15c0  [ 0577DF1D323FE75A739C787893D300EA, 079EF3CA18FB847DB7E62929071BFF007FAF390E1DBF4C59F28DAAC6B9C2DE51 ] amdide          C:\Windows\system32\drivers\amdide.sys
02:59:37.0704 0x15c0  amdide - ok
02:59:37.0760 0x15c0  [ DC487885BCEF9F28EECE6FAC0E5DDFC5, 24A62F6E628AD46273BC226F7BC3453A9C7B76F81ABB9FB801EBEFADB2AB7C9B ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
02:59:37.0761 0x15c0  AmdK7 - ok
02:59:37.0819 0x15c0  [ 0CA0071DA4315B00FC1328CA86B425DA, 4F816FA2197166A83A266084F9D5ED68876D0521D378F90F1314DD53C6FB8814 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
02:59:37.0820 0x15c0  AmdK8 - ok
02:59:38.0432 0x15c0  [ F53B89A4B976B534DAA8AEDAFEAF8EA3, 1973FC771B69ADEE17A3405B7961958B8DF135506D60554BD233325EC1C46AA6 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
02:59:38.0592 0x15c0  amdkmdag - ok
02:59:38.0819 0x15c0  [ 3DEA9B1D1B274C739C9367FB1E56185F, ACE1520FE4754DB61F6C1726C2B6859ABA322115DF8FB43660A0D964019039CA ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
02:59:38.0824 0x15c0  amdkmdap - ok
02:59:39.0799 0x15c0  [ 7485BE8D2501F2B188206FD3687C188F, 27C04C89034AD66832749686347D0F9777A829D35473CBFE5B92FB30A8BA1484 ] AntiVirMailService C:\Program Files\Avira\Antivirus\avmailc.exe
02:59:39.0814 0x15c0  AntiVirMailService - ok
02:59:39.0952 0x15c0  [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirSchedulerService C:\Program Files\Avira\Antivirus\sched.exe
02:59:39.0960 0x15c0  AntiVirSchedulerService - ok
02:59:40.0016 0x15c0  [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirService  C:\Program Files\Avira\Antivirus\avguard.exe
02:59:40.0024 0x15c0  AntiVirService - ok
02:59:40.0197 0x15c0  [ 2BDC68714A14FC2C57BFBAF524B13939, A175F97AE231D2C63304BD394139B7F262EBEC8239C4740CFED7365127171800 ] AntiVirWebService C:\Program Files\Avira\Antivirus\AVWEBGRD.EXE
02:59:40.0216 0x15c0  AntiVirWebService - ok
02:59:40.0292 0x15c0  [ 8F7D200717A58E9800D391F4C2101577, F07CF0F5636F46D8F3D5133284943E991E8739E5A644BCA5F18BB896B374620D ] Appinfo         C:\Windows\System32\appinfo.dll
02:59:40.0293 0x15c0  Appinfo - ok
02:59:40.0612 0x15c0  [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:59:40.0614 0x15c0  Apple Mobile Device - ok
02:59:40.0673 0x15c0  [ 5F673180268BB1FDB69C99B6619FE379, C4307A861163F96648109046A6C7D53AB1C9B10D0B841DD1A7D147D22F462649 ] arc             C:\Windows\system32\drivers\arc.sys
02:59:40.0675 0x15c0  arc - ok
02:59:40.0789 0x15c0  [ 957F7540B5E7F602E44648C7DE5A1C05, F03C7708A6C9D2579ECE5A7413AFA068E1067D7191EC653A78BA4FEDE76CFBD8 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
02:59:40.0790 0x15c0  arcsas - ok
02:59:41.0198 0x15c0  [ 537B2948976F5D9B5767B74A63EBB395, 1A14F8B582E74AD15B612EDA5B707AA3CB0B2A107ED14572B4232EAA7383B634 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
02:59:41.0199 0x15c0  aspnet_state - ok
02:59:41.0230 0x15c0  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
02:59:41.0231 0x15c0  AsyncMac - ok
02:59:41.0249 0x15c0  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
02:59:41.0250 0x15c0  atapi - ok
02:59:41.0290 0x15c0  [ 35290682DBDB9CEDE934B73369F3CEDE, 4938D052AA1AC75294C7DDCC42CB580A92A5393FE4ACB8F9F6ABE20F17CA527D ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH3.sys
02:59:41.0292 0x15c0  AtiHDAudioService - ok
02:59:41.0794 0x14e0  Object required for P2P: [ 2BDC68714A14FC2C57BFBAF524B13939 ] AntiVirWebService
02:59:42.0105 0x15c0  [ F53B89A4B976B534DAA8AEDAFEAF8EA3, 1973FC771B69ADEE17A3405B7961958B8DF135506D60554BD233325EC1C46AA6 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
02:59:42.0294 0x15c0  atikmdag - ok
02:59:42.0532 0x14e0  Object send P2P result: true
02:59:42.0534 0x15c0  [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
02:59:42.0540 0x15c0  AudioEndpointBuilder - ok
02:59:42.0566 0x15c0  [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
02:59:42.0571 0x15c0  Audiosrv - ok
02:59:42.0619 0x15c0  [ 98A2E56DC1197D36E81F771DB81ED798, 9AD3089D59DDD15DF74CEE49568C3CFFD97976F93B7CA246F4D51FBA5528C6BA ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
02:59:42.0621 0x15c0  avgntflt - ok
02:59:42.0707 0x15c0  [ B9D3418110A6B4EAADCB2BD1A8CEC617, 2252E518FB0A69699ECF7A940A20E9D77822F7FF7CE14FE5E30E4DDB34546D56 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
02:59:42.0710 0x15c0  avipbb - ok
02:59:42.0873 0x15c0  [ 6C4B9A2FF6924405E9ABFB558049D4DD, 9AB314B9ECF41832589726556A93CEAAE2AE774B1738A46A027E833B73A72118 ] Avira.ServiceHost C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
02:59:42.0877 0x15c0  Avira.ServiceHost - ok
02:59:42.0917 0x15c0  [ F80F5DCA8A5D9D93CC5BE933D20CAF05, 2AFBB2D62127FACBCABBB3E78F3568A6BA016ED4A97A1490BAA29A1EFB7A4408 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
02:59:42.0918 0x15c0  avkmgr - ok
02:59:43.0050 0x15c0  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
02:59:43.0051 0x15c0  Beep - ok
02:59:43.0189 0x15c0  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
02:59:43.0195 0x15c0  BFE - ok
02:59:43.0446 0x15c0  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
02:59:43.0459 0x15c0  BITS - ok
02:59:43.0463 0x15c0  blbdrive - ok
02:59:43.0587 0x15c0  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
02:59:43.0647 0x15c0  Bonjour Service - ok
02:59:43.0681 0x15c0  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
02:59:43.0682 0x15c0  bowser - ok
02:59:43.0734 0x15c0  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
02:59:43.0735 0x15c0  BrFiltLo - ok
02:59:43.0779 0x15c0  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
02:59:43.0779 0x15c0  BrFiltUp - ok
02:59:43.0865 0x15c0  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
02:59:43.0867 0x15c0  Browser - ok
02:59:43.0933 0x15c0  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
02:59:43.0934 0x15c0  Brserid - ok
02:59:43.0980 0x15c0  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
02:59:43.0982 0x15c0  BrSerWdm - ok
02:59:44.0031 0x15c0  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
02:59:44.0031 0x15c0  BrUsbMdm - ok
02:59:44.0083 0x15c0  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
02:59:44.0085 0x15c0  BrUsbSer - ok
02:59:44.0195 0x15c0  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
02:59:44.0196 0x15c0  BTHMODEM - ok
02:59:44.0315 0x15c0  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
02:59:44.0316 0x15c0  cdfs - ok
02:59:44.0373 0x15c0  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
02:59:44.0374 0x15c0  cdrom - ok
02:59:44.0415 0x15c0  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
02:59:44.0416 0x15c0  CertPropSvc - ok
02:59:44.0468 0x15c0  [ DA8E0AFC7BAA226C538EF53AC2F90897, 2BBB9966671A3B8325D215DBC29FBD7D912C13ADC562A0D4521D1FF9A6F445C0 ] circlass        C:\Windows\system32\drivers\circlass.sys
02:59:44.0469 0x15c0  circlass - ok
02:59:44.0581 0x15c0  [ 5D9311526801643000D7032A83B18B12, C5A98868A41446617B3A27C6C4AAFA4E7C093E253E8C1DD5DBFE6FAE21991209 ] CLFS            C:\Windows\system32\CLFS.sys
02:59:44.0616 0x15c0  CLFS - ok
02:59:45.0026 0x15c0  [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:59:45.0027 0x15c0  clr_optimization_v2.0.50727_32 - ok
02:59:45.0265 0x15c0  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:59:45.0267 0x15c0  clr_optimization_v4.0.30319_32 - ok
02:59:45.0314 0x15c0  [ 45201046C776FFDAF3FC8A0029C581C8, 68A68CF2B76598BC8610EB5B2D3FD5BDC9D51CFC6F51FB7A0B0C92A2BE910FC6 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
02:59:45.0315 0x15c0  cmdide - ok
02:59:45.0360 0x15c0  [ 82B8C91D327CFECF76CB58716F7D4997, 6F06A4BC44B170BB28BF464E9BB5216D39D11CB8D442570B575A741B032EAEE6 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
02:59:45.0379 0x15c0  Compbatt - ok
02:59:45.0383 0x15c0  COMSysApp - ok
02:59:45.0411 0x15c0  [ 2A213AE086BBEC5E937553C7D9A2B22C, 1F91ACC0426E0ED1717555B282F65629EF15021375B24A63C29C89ADE916EE2A ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
02:59:45.0412 0x15c0  crcdisk - ok
02:59:45.0448 0x15c0  [ 22A7F883508176489F559EE745B5BF5D, D6341E3FBC8A46D2D1F0477FA60EC4828B585D35B14609CD02868FD04ECD14DB ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
02:59:45.0449 0x15c0  Crusoe - ok
02:59:45.0619 0x15c0  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
02:59:45.0622 0x15c0  CryptSvc - ok
02:59:45.0787 0x15c0  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
02:59:45.0797 0x15c0  DcomLaunch - ok
02:59:45.0883 0x15c0  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
02:59:45.0884 0x15c0  DfsC - ok
02:59:46.0213 0x15c0  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
02:59:46.0247 0x15c0  DFSR - ok
02:59:46.0473 0x15c0  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
02:59:46.0506 0x15c0  Dhcp - ok
02:59:46.0588 0x15c0  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
02:59:46.0589 0x15c0  disk - ok
02:59:46.0680 0x15c0  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
02:59:46.0682 0x15c0  Dnscache - ok
02:59:46.0800 0x15c0  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
02:59:46.0823 0x15c0  dot3svc - ok
02:59:46.0928 0x15c0  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
02:59:46.0931 0x15c0  DPS - ok
02:59:47.0012 0x15c0  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
02:59:47.0012 0x15c0  drmkaud - ok
02:59:47.0095 0x15c0  [ 5C2C209CDEFBC51D83D66E8A53B2BE89, 7AE68672A6BEEF601017BE28AA0BF3673318EFE97AA08E70F58A9391C54DF71F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
02:59:47.0106 0x15c0  DXGKrnl - ok
02:59:47.0188 0x15c0  [ F88FB26547FD2CE6D0A5AF2985892C48, F02E06E16830F5D3FAF61991F5A91E54BB3461F58AFE3BFB7A9066CD302B879F ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
02:59:47.0190 0x15c0  E1G60 - ok
02:59:47.0358 0x15c0  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
02:59:47.0360 0x15c0  EapHost - ok
02:59:47.0471 0x15c0  [ 9BAB89DBB27891DEEF6E1F1B589A6ED4, 61BE4A6394ED5C99CB84B720F6AA6B97C7FE71A7A04D822F6EE99AB084C55606 ] Ecache          C:\Windows\system32\drivers\ecache.sys
02:59:47.0474 0x15c0  Ecache - ok
02:59:47.0655 0x15c0  [ E8F3F21A71720C84BCF423B80028359F, 63114E6120F634224A0E83A5047B37C7D6F26CF99FE3C01CFC0AB8B1763BB084 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
02:59:47.0660 0x15c0  elxstor - ok
02:59:47.0774 0x15c0  [ E798C0BDFA4913CCF8A646D29BB34796, 7CDB2BCCDD8A8A70C6248C327A357EA3488C7ADED32D4F89B933ED72AE12B73B ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
02:59:47.0784 0x15c0  EMDMgmt - ok
02:59:47.0923 0x15c0  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
02:59:47.0928 0x15c0  EventSystem - ok
02:59:47.0987 0x15c0  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
02:59:47.0990 0x15c0  exfat - ok
02:59:48.0073 0x15c0  [ 4E404505B3F62ECFBDBCBBCF0A72DBC5, 9F446ED06A31BFE52C4F1E8ACC400B8E3F47A3CC02FFC950DB861B2B3BA4C5B9 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
02:59:48.0076 0x15c0  fastfat - ok
02:59:48.0169 0x15c0  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
02:59:48.0171 0x15c0  fdc - ok
02:59:48.0215 0x15c0  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
02:59:48.0216 0x15c0  fdPHost - ok
02:59:48.0295 0x15c0  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
02:59:48.0296 0x15c0  FDResPub - ok
02:59:48.0436 0x15c0  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
02:59:48.0437 0x15c0  FileInfo - ok
02:59:48.0482 0x15c0  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
02:59:48.0483 0x15c0  Filetrace - ok
02:59:48.0527 0x15c0  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
02:59:48.0547 0x15c0  flpydisk - ok
02:59:48.0595 0x15c0  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
02:59:48.0598 0x15c0  FltMgr - ok
02:59:48.0874 0x15c0  [ 456E786A157692A7463B3739C9ADBBF5, 9AB00B5A7CF8CCCF4332E1901286D8832508471809D8BCE45FD75CCFF9CEAD8E ] FontCache       C:\Windows\system32\FntCache.dll
02:59:48.0888 0x15c0  FontCache - ok
02:59:49.0035 0x15c0  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
02:59:49.0060 0x15c0  FontCache3.0.0.0 - ok
02:59:49.0108 0x15c0  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
02:59:49.0109 0x15c0  Fs_Rec - ok
02:59:49.0194 0x15c0  [ 4E1CD0A45C50A8882616CAE5BF82F3C5, 1B909AF150F7119A5685999451A85012F4A92F15F38390A281EA507E2D247BAE ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
02:59:49.0196 0x15c0  gagp30kx - ok
02:59:49.0401 0x15c0  [ C6E3105B8C68C35CC1EB26A00FD1A8C6, 8C134F55AE94F44E823ECEFAEE624EB305572A0043BBD891C782BB841A40CE8A ] gdrv            C:\Windows\gdrv.sys
02:59:49.0402 0x15c0  gdrv - ok
02:59:49.0451 0x15c0  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:59:49.0452 0x15c0  GEARAspiWDM - ok
02:59:49.0605 0x15c0  [ 9F8A14BA43086FFD4637FD3F961B6D64, D523F273FF0DA599C20D7A40CFC3EFD6D02EF33A70C94CFF2AA24B0F611F2CB7 ] GEST Service    C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
02:59:49.0606 0x15c0  GEST Service - ok
02:59:49.0776 0x15c0  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
02:59:49.0786 0x15c0  gpsvc - ok
02:59:49.0878 0x15c0  [ 3F90E001369A07243763BD5A523D8722, 25907F85787D879E75C3FE74C93567382AFB2D528BEEC61D71E3A6BE2D71DFBE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
02:59:49.0882 0x15c0  HdAudAddService - ok
02:59:49.0973 0x15c0  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
02:59:49.0982 0x15c0  HDAudBus - ok
02:59:50.0022 0x15c0  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
02:59:50.0023 0x15c0  HidBth - ok
02:59:50.0068 0x15c0  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
02:59:50.0069 0x15c0  HidIr - ok
02:59:50.0127 0x15c0  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\system32\hidserv.dll
02:59:50.0128 0x15c0  hidserv - ok
02:59:50.0155 0x15c0  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
02:59:50.0155 0x15c0  HidUsb - ok
02:59:50.0243 0x15c0  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
02:59:50.0245 0x15c0  hkmsvc - ok
02:59:50.0319 0x15c0  [ DF353B401001246853763C4B7AAA6F50, 05C043493BDD99DEFBB0F5C3D8C475B06C2BF5629565ACF6F3B754002519B836 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
02:59:50.0320 0x15c0  HpCISSs - ok
02:59:50.0465 0x15c0  [ 0EEECA26C8D4BDE2A4664DB058A81937, 6F88567A116B1420BE1C9C8888F34D05F51378092C805EF4E489635CF92D416B ] HTTP            C:\Windows\system32\drivers\HTTP.sys
02:59:50.0472 0x15c0  HTTP - ok
02:59:50.0537 0x15c0  [ 324C2152FF2C61ABAE92D09F3CCA4D63, 2D09964C8003277F7DB1FFAA0DAEF15B205F3C4100FF601950BC9E544DC0B91F ] i2omp           C:\Windows\system32\drivers\i2omp.sys
02:59:50.0538 0x15c0  i2omp - ok
02:59:50.0636 0x15c0  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
02:59:50.0637 0x15c0  i8042prt - ok
02:59:50.0703 0x15c0  [ C957BF4B5D80B46C5017BF0101E6C906, 6B9186335E50E7E0DBAF574A224E524EC526B57AA02F509E4A8D0F905C9CE880 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
02:59:50.0716 0x15c0  iaStorV - ok
02:59:50.0795 0x15c0  [ DD386C45D2B5863740166783448A2E7A, 10B912BA70306644BE73A53AF4DCDFF63880C4C5860FF6DBA92B0914EB566718 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:59:50.0809 0x15c0  idsvc - ok
02:59:50.0872 0x15c0  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
02:59:50.0873 0x15c0  iirsp - ok
02:59:50.0966 0x15c0  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
02:59:50.0974 0x15c0  IKEEXT - ok
02:59:51.0067 0x15c0  IntcAzAudAddService - ok
02:59:51.0109 0x15c0  [ 97469037714070E45194ED318D636401, DDB5AE39BE0BD37ECB44969A5FA740E5B1169342347D0DB3E5DF0353A6708271 ] intelide        C:\Windows\system32\drivers\intelide.sys
02:59:51.0111 0x15c0  intelide - ok
02:59:51.0157 0x15c0  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
02:59:51.0158 0x15c0  intelppm - ok
02:59:51.0260 0x15c0  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
02:59:51.0262 0x15c0  IPBusEnum - ok
02:59:51.0315 0x15c0  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:59:51.0316 0x15c0  IpFilterDriver - ok
02:59:51.0463 0x15c0  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
02:59:51.0467 0x15c0  iphlpsvc - ok
02:59:51.0471 0x15c0  IpInIp - ok
02:59:51.0527 0x15c0  [ 40F34F8ABA2A015D780E4B09138B6C17, 22F86888C6B4F76836E863A90730D8F0DBD518305D87A399A159387E79E9D2F7 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
02:59:51.0528 0x15c0  IPMIDRV - ok
02:59:51.0600 0x15c0  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
02:59:51.0602 0x15c0  IPNAT - ok
02:59:51.0780 0x15c0  [ 4D800977F7EB0C310AF04BF5B517985A, DD4EC347D4759AC401BD08739DE012E5F1903DF2EDEBEA17CCD3C19FF1F6005E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
02:59:51.0789 0x15c0  iPod Service - ok
02:59:51.0827 0x15c0  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
02:59:51.0827 0x15c0  IRENUM - ok
02:59:51.0917 0x15c0  [ 350FCA7E73CF65BCEF43FAE1E4E91293, 68403FE3F4DC40919CD26A2CC42BE4386AE6874F47DD382348FFD79080721A13 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
02:59:51.0918 0x15c0  isapnp - ok
02:59:52.0015 0x15c0  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
02:59:52.0018 0x15c0  iScsiPrt - ok
02:59:52.0058 0x15c0  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
02:59:52.0076 0x15c0  iteatapi - ok
02:59:52.0151 0x15c0  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
02:59:52.0152 0x15c0  iteraid - ok
02:59:52.0237 0x15c0  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
02:59:52.0260 0x15c0  kbdclass - ok
02:59:52.0335 0x15c0  [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
02:59:52.0336 0x15c0  kbdhid - ok
02:59:52.0425 0x15c0  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
02:59:52.0427 0x15c0  KeyIso - ok
02:59:52.0481 0x15c0  [ C89E473697B67F0E3AE9211ADBD43278, DECC1CA1E0FB0CDE384F29F5FC5D234C2C923999EB98FE1F88CDCA37859116A3 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
02:59:52.0488 0x15c0  KSecDD - ok
02:59:52.0622 0x15c0  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
02:59:52.0629 0x15c0  KtmRm - ok
02:59:52.0703 0x15c0  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\system32\srvsvc.dll
02:59:52.0706 0x15c0  LanmanServer - ok
02:59:52.0799 0x15c0  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
02:59:52.0803 0x15c0  LanmanWorkstation - ok
02:59:52.0885 0x15c0  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
02:59:52.0886 0x15c0  lltdio - ok
02:59:52.0992 0x15c0  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
02:59:52.0996 0x15c0  lltdsvc - ok
02:59:53.0091 0x15c0  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
02:59:53.0093 0x15c0  lmhosts - ok
02:59:53.0162 0x15c0  [ A2262FB9F28935E862B4DB46438C80D2, 792684A68726BC007ACABB584682FDF4F059AE60888FB5B47ED68A97EA0BB5E6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
02:59:53.0175 0x15c0  LSI_FC - ok
02:59:53.0195 0x15c0  [ 30D73327D390F72A62F32C103DAF1D6D, 7BB5BFB0DCF33AF9907539B52DF7BA1943C1E75A17715B58DBC702ACA6D406EA ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
02:59:53.0214 0x15c0  LSI_SAS - ok
02:59:53.0311 0x15c0  [ E1E36FEFD45849A95F1AB81DE0159FE3, DA02B23A881D156A02D3874B41E6D042F84AD558B434280A6A6AC6B619668647 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
02:59:53.0312 0x15c0  LSI_SCSI - ok
02:59:53.0409 0x15c0  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
02:59:53.0411 0x15c0  luafv - ok
02:59:53.0565 0x15c0  [ 40C7F4B63337414F967AC53E0520B06B, 1E42F17F17B8BF748EFB15112EDA2DBD76761A011673B654020084AEC02089F1 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
02:59:53.0566 0x15c0  MBAMProtector - ok
02:59:53.0944 0x15c0  [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler   C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
02:59:53.0968 0x15c0  MBAMScheduler - ok
02:59:54.0057 0x15c0  [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService     C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
02:59:54.0076 0x15c0  MBAMService - ok
02:59:54.0186 0x15c0  [ 5023F594D5448E16F920157174C61358, A8A188CA4E9995BBFCD419680A43EE8AD1E0C7EE529BEC8E0922581386982C4F ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
02:59:54.0189 0x15c0  MBAMSwissArmy - ok
02:59:54.0282 0x15c0  [ E45E2CB9A7902B3A94DF049CB3452586, A4D93C3FCD5C24DEE4478C384531350DAE503021D0BF64947BE83AAC041CF199 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
02:59:54.0283 0x15c0  MBAMWebAccessControl - ok
02:59:54.0309 0x15c0  [ D153B14FC6598EAE8422A2037553ADCE, D5408B07B6EBA0146A605F11106497DC3DF8EC72E0DCC44BE1366A2A58ABE478 ] megasas         C:\Windows\system32\drivers\megasas.sys
02:59:54.0310 0x15c0  megasas - ok
02:59:54.0391 0x15c0  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
02:59:54.0393 0x15c0  MMCSS - ok
02:59:54.0445 0x15c0  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
02:59:54.0446 0x15c0  Modem - ok
02:59:54.0566 0x15c0  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
02:59:54.0567 0x15c0  monitor - ok
02:59:54.0615 0x15c0  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
02:59:54.0616 0x15c0  mouclass - ok
02:59:54.0666 0x15c0  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
02:59:54.0701 0x15c0  mouhid - ok
02:59:54.0768 0x15c0  [ 3EAE06B0D9E32A3D45DC3E07F1FBFA97, 0C56D92C5131D60AF2FCCF071976F2932A2C544C5EC4C2A5476E99CDE17FF08C ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
02:59:54.0770 0x15c0  MountMgr - ok
02:59:55.0015 0x15c0  [ 0DE2474F316C515482ABAD3B697F8714, 62862AE7432F5350068E96AD466093359C6CF444EB517AE6D09134FAF78C49F5 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
02:59:55.0017 0x15c0  MozillaMaintenance - ok
02:59:55.0082 0x15c0  [ 583A41F26278D9E0EA548163D6139397, 1F09D2FEEE1A8D4F1D9E53596158154099FD436A408F7E72E40F50778A3838A1 ] mpio            C:\Windows\system32\drivers\mpio.sys
02:59:55.0083 0x15c0  mpio - ok
02:59:55.0126 0x15c0  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
02:59:55.0128 0x15c0  mpsdrv - ok
02:59:55.0210 0x15c0  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
02:59:55.0218 0x15c0  MpsSvc - ok
02:59:55.0261 0x15c0  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
02:59:55.0276 0x15c0  Mraid35x - ok
02:59:55.0347 0x15c0  [ B0584CA7DEF55929FDB5169BD28B2484, AF6A7E404FEB29F7F3428D0AF6682195E5E8ED106996A04E6947DBD575696546 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
02:59:55.0350 0x15c0  MRxDAV - ok
02:59:55.0435 0x15c0  [ 1B864548B2ACEC1C0BB29B615CC42978, E1DA3E6764A2C7072D99F2F093E5F40DB6DC809701B59C155C6B4EE327AB9E41 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
02:59:55.0437 0x15c0  mrxsmb - ok
02:59:55.0574 0x15c0  [ 3F39B02EEDC5B8A0ED896EA1CDF7245F, 41C1DCD82F964A398B7C3D44178DBF7C8AF1C2DBC5F2D944BE6B00E909FE083B ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:59:55.0577 0x15c0  mrxsmb10 - ok
02:59:55.0670 0x15c0  [ D0670EC8E5AD3FA5BE372BF70AC0EABF, BD2D1BA151FD5409EAA41ECCBEB863FE52FF7C2D92349961FEE736D66970748E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:59:55.0671 0x15c0  mrxsmb20 - ok
02:59:55.0721 0x15c0  [ 742AED7939E734C36B7E8D6228CE26B7, 6F727144BBD42C9C5555087CA51DE8D501B5CBEFB9967866CC578733E3C5E681 ] msahci          C:\Windows\system32\drivers\msahci.sys
02:59:55.0722 0x15c0  msahci - ok
02:59:55.0763 0x15c0  [ 3FC82A2AE4CC149165A94699183D3028, 8575BE62A209672A5D8C68D75BBBB4FF06220CA73A939B0793442DAD2272598C ] msdsm           C:\Windows\system32\drivers\msdsm.sys
02:59:55.0765 0x15c0  msdsm - ok
02:59:55.0818 0x15c0  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
02:59:55.0821 0x15c0  MSDTC - ok
02:59:55.0900 0x15c0  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
02:59:55.0901 0x15c0  Msfs - ok
02:59:56.0001 0x15c0  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
02:59:56.0002 0x15c0  msisadrv - ok
02:59:56.0066 0x15c0  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
02:59:56.0069 0x15c0  MSiSCSI - ok
02:59:56.0072 0x15c0  msiserver - ok
02:59:56.0117 0x15c0  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
02:59:56.0118 0x15c0  MSKSSRV - ok
02:59:56.0182 0x15c0  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
02:59:56.0183 0x15c0  MSPCLOCK - ok
02:59:56.0300 0x15c0  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
02:59:56.0301 0x15c0  MSPQM - ok
02:59:56.0443 0x15c0  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
02:59:56.0446 0x15c0  MsRPC - ok
02:59:56.0530 0x15c0  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
02:59:56.0531 0x15c0  mssmbios - ok
02:59:56.0579 0x15c0  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
02:59:56.0580 0x15c0  MSTEE - ok
02:59:56.0661 0x15c0  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
02:59:56.0663 0x15c0  Mup - ok
02:59:56.0773 0x15c0  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
02:59:56.0779 0x15c0  napagent - ok
02:59:56.0882 0x15c0  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
02:59:56.0885 0x15c0  NativeWifiP - ok
02:59:56.0995 0x15c0  [ DEC4B200C459FA929B0A764E79904B79, 40261D7D0BEE45E6E3F4F25D7ACAB00744BAF5D515B6D84B41A25ED22380DC13 ] NDIS            C:\Windows\system32\drivers\ndis.sys
02:59:57.0004 0x15c0  NDIS - ok
02:59:57.0074 0x15c0  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
02:59:57.0075 0x15c0  NdisTapi - ok
02:59:57.0176 0x15c0  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
02:59:57.0178 0x15c0  Ndisuio - ok
02:59:57.0228 0x15c0  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
02:59:57.0231 0x15c0  NdisWan - ok
02:59:57.0307 0x15c0  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
02:59:57.0308 0x15c0  NDProxy - ok
02:59:57.0352 0x15c0  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
02:59:57.0353 0x15c0  NetBIOS - ok
02:59:57.0414 0x15c0  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
02:59:57.0417 0x15c0  netbt - ok
02:59:57.0453 0x15c0  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
02:59:57.0455 0x15c0  Netlogon - ok
02:59:57.0578 0x15c0  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
02:59:57.0584 0x15c0  Netman - ok
02:59:57.0640 0x15c0  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
02:59:57.0643 0x15c0  NetMsmqActivator - ok
02:59:57.0716 0x15c0  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
02:59:57.0718 0x15c0  NetPipeActivator - ok
02:59:57.0772 0x15c0  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
02:59:57.0777 0x15c0  netprofm - ok
02:59:57.0876 0x15c0  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
02:59:57.0879 0x15c0  NetTcpActivator - ok
02:59:57.0891 0x15c0  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
02:59:57.0894 0x15c0  NetTcpPortSharing - ok
02:59:57.0935 0x15c0  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
02:59:57.0936 0x15c0  nfrd960 - ok
02:59:58.0000 0x15c0  [ C96411DD46AABC0D6F3CF06D0E0E7E14, 0D36F322AF1B923D96735BFFCAC3FDB0B282E59220BADAB8B49AC178A6765380 ] NlaSvc          C:\Windows\System32\nlasvc.dll
02:59:58.0004 0x15c0  NlaSvc - ok
02:59:58.0101 0x15c0  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
02:59:58.0103 0x15c0  Npfs - ok
02:59:58.0153 0x15c0  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
02:59:58.0155 0x15c0  nsi - ok
02:59:58.0194 0x15c0  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
02:59:58.0194 0x15c0  nsiproxy - ok
02:59:58.0346 0x15c0  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
02:59:58.0364 0x15c0  Ntfs - ok
02:59:58.0400 0x15c0  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
02:59:58.0401 0x15c0  ntrigdigi - ok
02:59:58.0449 0x15c0  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
02:59:58.0450 0x15c0  Null - ok
02:59:58.0512 0x15c0  [ E69E946F80C1C31C53003BFBF50CBB7C, A0A4BC57822B2CBC75602A969E28DCEDE04B41CC084E1EF1532B1BCDAEAA43BB ] nvraid          C:\Windows\system32\drivers\nvraid.sys
02:59:58.0514 0x15c0  nvraid - ok
02:59:58.0546 0x15c0  [ 9E0BA19A28C498A6D323D065DB76DFFC, EA9E33ED2820ED39932FAE114A9CF1D87780ED6605D0260A6F22F920B48F34E9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
02:59:58.0547 0x15c0  nvstor - ok
02:59:58.0625 0x15c0  [ 07C186427EB8FCC3D8D7927187F260F7, 9AFDE1CB7B7232BD019804BFC691580B9CC2E51A5BC0E5584B23907D532600D8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
02:59:58.0627 0x15c0  nv_agp - ok
02:59:58.0631 0x15c0  NwlnkFlt - ok
02:59:58.0635 0x15c0  NwlnkFwd - ok
02:59:58.0870 0x15c0  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:59:58.0877 0x15c0  odserv - ok
02:59:58.0924 0x15c0  [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
02:59:58.0927 0x15c0  ohci1394 - ok
02:59:59.0196 0x15c0  [ 880CD3C9ACE342F29AB2F90C751B91A4, 7882ED604EE443E182B323D9A38E35B49FD8C28EDC1196B65EDFABB22CBF6161 ] Origin Client Service C:\Program Files\Origin\OriginClientService.exe
02:59:59.0228 0x15c0  Origin Client Service - ok
02:59:59.0348 0x15c0  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:59:59.0350 0x15c0  ose - ok
02:59:59.0422 0x15c0  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
02:59:59.0459 0x15c0  p2pimsvc - ok
02:59:59.0488 0x15c0  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
02:59:59.0499 0x15c0  p2psvc - ok
02:59:59.0585 0x15c0  [ 8A79FDF04A73428597E2CAF9D0D67850, DB438FDE5510AB2F350ED1AC4CF0E99D3CC665FE46533A438A8FDA4DAF950F93 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
02:59:59.0586 0x15c0  Parport - ok
02:59:59.0632 0x15c0  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
02:59:59.0633 0x15c0  partmgr - ok
02:59:59.0758 0x15c0  [ 6C580025C81CAF3AE9E3617C22CAD00E, 64F9061196462085E5DCD3ACB97A0D8FC67CA9A96DDD6E2103AFFF1593AE236A ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
02:59:59.0778 0x15c0  Parvdm - ok
02:59:59.0845 0x15c0  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
02:59:59.0847 0x15c0  PcaSvc - ok
02:59:59.0943 0x15c0  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
02:59:59.0945 0x15c0  pci - ok
03:00:00.0005 0x15c0  [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide          C:\Windows\system32\drivers\pciide.sys
03:00:00.0006 0x15c0  pciide - ok
03:00:00.0084 0x15c0  [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
03:00:00.0087 0x15c0  pcmcia - ok
03:00:00.0262 0x15c0  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
03:00:00.0276 0x15c0  PEAUTH - ok
03:00:00.0471 0x15c0  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
03:00:00.0496 0x15c0  pla - ok
03:00:00.0545 0x15c0  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
03:00:00.0550 0x15c0  PlugPlay - ok
03:00:00.0624 0x15c0  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
03:00:00.0677 0x15c0  PNRPAutoReg - ok
03:00:00.0722 0x15c0  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
03:00:00.0733 0x15c0  PNRPsvc - ok
03:00:00.0814 0x15c0  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
03:00:00.0820 0x15c0  PolicyAgent - ok
03:00:00.0853 0x15c0  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
03:00:00.0854 0x15c0  PptpMiniport - ok
03:00:00.0885 0x15c0  [ 0E3CEF5D28B40CF273281D620C50700A, 8ADA99B4563AE2129B95136295EE92A94102B035EBBC83D4C8587ECE8B0DEE60 ] Processor       C:\Windows\system32\drivers\processr.sys
03:00:00.0886 0x15c0  Processor - ok
03:00:01.0007 0x15c0  [ 0D5DAD610D7EA1627581ED06FB2BAA9A, 6E27CF3A1624AE10EECB8B5F38E03D76A6AABE4E75DD66DEDD67E0773935A396 ] ProfSvc         C:\Windows\system32\profsvc.dll
03:00:01.0011 0x15c0  ProfSvc - ok
03:00:01.0049 0x15c0  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
03:00:01.0072 0x15c0  ProtectedStorage - ok
03:00:01.0109 0x15c0  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
03:00:01.0110 0x15c0  PSched - ok
03:00:01.0243 0x15c0  [ CCDAC889326317792480C0A67156A1EC, 3D3B561B6D4E12DE442C98993C929765F002AF5CFB5A00EFACE6ABE957F7E8AF ] ql2300          C:\Windows\system32\drivers\ql2300.sys
03:00:01.0257 0x15c0  ql2300 - ok
03:00:01.0277 0x15c0  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
03:00:01.0279 0x15c0  ql40xx - ok
03:00:01.0341 0x15c0  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
03:00:01.0364 0x15c0  QWAVE - ok
03:00:01.0398 0x15c0  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
03:00:01.0399 0x15c0  QWAVEdrv - ok
03:00:01.0455 0x15c0  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
03:00:01.0475 0x15c0  RasAcd - ok
03:00:01.0554 0x15c0  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
03:00:01.0557 0x15c0  RasAuto - ok
03:00:01.0665 0x15c0  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
03:00:01.0667 0x15c0  Rasl2tp - ok
03:00:01.0754 0x15c0  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
03:00:01.0760 0x15c0  RasMan - ok
03:00:01.0801 0x15c0  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
03:00:01.0803 0x15c0  RasPppoe - ok
03:00:01.0887 0x15c0  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
03:00:01.0889 0x15c0  RasSstp - ok
03:00:01.0972 0x15c0  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
03:00:01.0977 0x15c0  rdbss - ok
03:00:02.0052 0x15c0  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
03:00:02.0053 0x15c0  RDPCDD - ok
03:00:02.0118 0x15c0  [ E8BD98D46F2ED77132BA927FCCB47D8B, 5187CF8F00AD67EDDF27DF675F3210C0D72E552578A89C58DF6953B1D5BEBCB8 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
03:00:02.0122 0x15c0  rdpdr - ok
03:00:02.0156 0x15c0  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
03:00:02.0179 0x15c0  RDPENCDD - ok
03:00:02.0246 0x15c0  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
03:00:02.0249 0x15c0  RDPWD - ok
03:00:02.0341 0x15c0  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
03:00:02.0343 0x15c0  RemoteAccess - ok
03:00:02.0426 0x15c0  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
03:00:02.0429 0x15c0  RemoteRegistry - ok
03:00:02.0481 0x15c0  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
03:00:02.0482 0x15c0  RpcLocator - ok
03:00:02.0558 0x15c0  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
03:00:02.0568 0x15c0  RpcSs - ok
03:00:02.0610 0x15c0  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
03:00:02.0611 0x15c0  rspndr - ok
03:00:02.0707 0x15c0  RTHDMIAzAudService - ok
03:00:02.0772 0x15c0  [ B7E1C523E2F7787D700766FC78E01F77, 0CF8B04D263DCE231953F192075374C36EE7CEF0DB7018DCFFCAB98D8979DE53 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
03:00:02.0790 0x15c0  RTL8169 - ok
03:00:02.0937 0x15c0  [ 94A9B11D36AD10E1E69F84C7B01F58A5, B9E9919A00BD9530EC942A4ED20FDABA000F984F1674AD0177978466FAF46DBF ] RTL8192cu       C:\Windows\system32\DRIVERS\rtwlanu.sys
03:00:02.0951 0x15c0  RTL8192cu - ok
03:00:03.0085 0x15c0  [ E398364F386C69CB902C2EEC9FD24D68, FA753F8A10A30CC5B13839CDA2907079704E8E79AB791AC0822CF1F9EC4C1D32 ] RtNdPt60        C:\Windows\system32\DRIVERS\RtNdPt60.sys
03:00:03.0087 0x15c0  RtNdPt60 - ok
03:00:03.0350 0x15c0  [ EDC89EFAF11ABC7C45F6BDBD7805058F, 3157CCFCBF9961D1ECCD79A162552F02F2BF6B4459016866C1F8A51AB3ED80C0 ] RTTEAMPT        C:\Windows\system32\DRIVERS\RtTeam60.sys
03:00:03.0351 0x15c0  RTTEAMPT - ok
03:00:03.0402 0x15c0  [ A28F36D01FD2AEEBFDE3932E14F91B68, F03CAF316250D34BEA2D83083E3F747FF2C51F0C46E0B9238A54D96A8C7DF0E5 ] RTVLANPT        C:\Windows\system32\DRIVERS\RtVlan60.sys
03:00:03.0403 0x15c0  RTVLANPT - ok
03:00:03.0438 0x15c0  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
03:00:03.0456 0x15c0  SamSs - ok
03:00:03.0521 0x15c0  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
03:00:03.0522 0x15c0  sbp2port - ok
03:00:03.0613 0x15c0  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
03:00:03.0616 0x15c0  SCardSvr - ok
03:00:03.0769 0x15c0  [ F79CC0F814748E15538BF4D808030739, 396E94A309AFB163791095A25950CB7D85EEC43B416E1E7F056F430E1B719F4D ] Schedule        C:\Windows\system32\schedsvc.dll
03:00:03.0780 0x15c0  Schedule - ok
03:00:03.0810 0x15c0  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
03:00:03.0811 0x15c0  SCPolicySvc - ok
03:00:03.0898 0x15c0  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
03:00:03.0901 0x15c0  SDRSVC - ok
03:00:03.0950 0x15c0  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
03:00:03.0951 0x15c0  secdrv - ok
03:00:04.0039 0x15c0  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
03:00:04.0041 0x15c0  seclogon - ok
03:00:04.0093 0x15c0  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
03:00:04.0095 0x15c0  SENS - ok
03:00:04.0204 0x15c0  [ CE9EC966638EF0B10B864DDEDF62A099, 2DEC5A8C947D87C12B342F15B8A552A0D49B979A2AC32D2C97FC7A3A76C34524 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
03:00:04.0228 0x15c0  Serenum - ok
03:00:04.0298 0x15c0  [ 6D663022DB3E7058907784AE14B69898, 54263888C64A7F010D3B5E399369B0F3FF3AF0A0DE8ADB502B98277533E4D45F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
03:00:04.0299 0x15c0  Serial - ok
03:00:04.0352 0x15c0  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
03:00:04.0353 0x15c0  sermouse - ok
03:00:04.0394 0x15c0  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
03:00:04.0397 0x15c0  SessionEnv - ok
03:00:04.0474 0x15c0  [ 103B79418DA647736EE95645F305F68A, E4D356FD8C62B616D3584FE84905995A1CEE452288E3A456CC358FF41FEAB1B7 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
03:00:04.0499 0x15c0  sffdisk - ok
03:00:04.0558 0x15c0  [ 8FD08A310645FE872EEEC6E08C6BF3EE, 702A148C9DE172E7B5E331F057487255E0729FD42F949BB0FF2D5A01775933CF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
03:00:04.0559 0x15c0  sffp_mmc - ok
03:00:04.0604 0x15c0  [ 9CFA05FCFCB7124E69CFC812B72F9614, E9CFCE695E4D1AF146781CFAA295878536E573F06AEA65438878DE29EC9959AD ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
03:00:04.0605 0x15c0  sffp_sd - ok
03:00:04.0636 0x15c0  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
03:00:04.0637 0x15c0  sfloppy - ok
03:00:04.0711 0x15c0  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
03:00:04.0724 0x15c0  SharedAccess - ok
03:00:04.0768 0x15c0  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
03:00:04.0773 0x15c0  ShellHWDetection - ok
03:00:04.0807 0x15c0  [ D2A595D6EEBEEAF4334F8E50EFBC9931, 851B8205C657BF806C4D815DC75356E99B4246016B6E1C1F51BAF8AD1E6D5299 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
03:00:04.0809 0x15c0  sisagp - ok
03:00:04.0864 0x15c0  [ CEDD6F4E7D84E9F98B34B3FE988373AA, E102977E6FAC30B5ABEEC0B412A9F2A10C5C42F4D9C3AD69296BF9E1E88B6141 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
03:00:04.0895 0x15c0  SiSRaid2 - ok
03:00:04.0916 0x15c0  [ DF843C528C4F69D12CE41CE462E973A7, A2BEC74FCB8D8B6B9D8DD4746C013DFDF1DD662AEFE9B88CA495E5B83B4A76F9 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
03:00:04.0938 0x15c0  SiSRaid4 - ok
03:00:05.0739 0x15c0  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
03:00:05.0798 0x15c0  slsvc - ok
03:00:05.0820 0x15c0  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
03:00:05.0823 0x15c0  SLUINotify - ok
03:00:05.0890 0x15c0  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
03:00:05.0908 0x15c0  Smb - ok
03:00:05.0948 0x15c0  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
03:00:05.0950 0x15c0  SNMPTRAP - ok
03:00:06.0008 0x15c0  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
03:00:06.0009 0x15c0  spldr - ok
03:00:06.0063 0x15c0  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
03:00:06.0067 0x15c0  Spooler - ok
03:00:06.0210 0x15c0  [ DC7E6FCD8C51AEF8FF3F2E23C786014A, 02852FC293359BA89155367FA7D3A69922EC2574E5B85C842517272768BE8808 ] srv             C:\Windows\system32\DRIVERS\srv.sys
03:00:06.0215 0x15c0  srv - ok
03:00:06.0293 0x15c0  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
03:00:06.0296 0x15c0  srv2 - ok
03:00:06.0365 0x15c0  [ 8AE0783E3EDCED90D4B2961887056A2B, D24168259988576B13EB2A4B2C11622A736174DDF11F6718D9A0DC9837F50EA5 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
03:00:06.0367 0x15c0  srvnet - ok
03:00:06.0474 0x15c0  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
03:00:06.0478 0x15c0  SSDPSRV - ok
03:00:06.0534 0x15c0  [ 424566865D82AA4BD8D6546C1F2065FA, 37B4C04C7C0EE0F3347A9E9F35B095478299F7324CA87AAE487BF989B0E6AE03 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
03:00:06.0535 0x15c0  ssmdrv - ok
03:00:06.0586 0x15c0  [ F843301BDADB2728822C83413EF5F132, C36CB4E972671C9C7FABFEEDD20FD1E239AFAF69AD88586A32B9B2C1FA2A2FDF ] ssmirrdr        C:\Windows\system32\DRIVERS\ssmirrdr.sys
03:00:06.0586 0x15c0  ssmirrdr - ok
03:00:06.0673 0x15c0  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
03:00:06.0677 0x15c0  SstpSvc - ok
03:00:06.0809 0x15c0  [ EF70B3D22B4BFFDA6EA851ECB063EFAA, 1666572F8F988805C3A2E949FA6B060B35B72DBB115B86F4CFC710FB6A86C3E3 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
03:00:06.0810 0x15c0  StillCam - ok
03:00:06.0904 0x15c0  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
03:00:06.0939 0x15c0  stisvc - ok
03:00:06.0964 0x15c0  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
03:00:06.0966 0x15c0  swenum - ok
03:00:07.0031 0x15c0  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
03:00:07.0038 0x15c0  swprv - ok
03:00:07.0082 0x15c0  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
03:00:07.0083 0x15c0  Symc8xx - ok
03:00:07.0144 0x15c0  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
03:00:07.0145 0x15c0  Sym_hi - ok
03:00:07.0190 0x15c0  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
03:00:07.0191 0x15c0  Sym_u3 - ok
03:00:07.0325 0x15c0  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
03:00:07.0335 0x15c0  SysMain - ok
03:00:07.0372 0x15c0  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
03:00:07.0374 0x15c0  TabletInputService - ok
03:00:07.0419 0x15c0  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
03:00:07.0424 0x15c0  TapiSrv - ok
03:00:07.0502 0x15c0  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
03:00:07.0505 0x15c0  TBS - ok
03:00:07.0676 0x15c0  [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
03:00:07.0692 0x15c0  Tcpip - ok
03:00:07.0870 0x15c0  [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
03:00:07.0885 0x15c0  Tcpip6 - ok
03:00:07.0928 0x15c0  [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
03:00:07.0930 0x15c0  tcpipreg - ok
03:00:07.0986 0x15c0  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
03:00:07.0987 0x15c0  TDPIPE - ok
03:00:08.0004 0x15c0  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
03:00:08.0005 0x15c0  TDTCP - ok
03:00:08.0089 0x15c0  [ EC565DFA3D9C45D8083B72DEC5B33710, BC4F41795AF98FD87F8CC92F946E6896BAC1925A35C3E5E159E8BF4E6A34A35D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
03:00:08.0090 0x15c0  tdx - ok
03:00:08.0405 0x15c0  [ EDC89EFAF11ABC7C45F6BDBD7805058F, 3157CCFCBF9961D1ECCD79A162552F02F2BF6B4459016866C1F8A51AB3ED80C0 ] TEAM            C:\Windows\system32\DRIVERS\RtTeam60.sys
03:00:08.0431 0x15c0  TEAM - ok
03:00:08.0469 0x15c0  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
03:00:08.0489 0x15c0  TermDD - ok
03:00:08.0563 0x15c0  [ DBD84E59D631569EC3E756EF144E8431, 9E58629EC762584A2D294A619593620626F7CBE467045AD0F920B6CF1D4B4724 ] TermService     C:\Windows\System32\termsrv.dll
03:00:08.0571 0x15c0  TermService - ok
03:00:08.0631 0x15c0  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
03:00:08.0671 0x15c0  Themes - ok
03:00:08.0700 0x15c0  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
03:00:08.0723 0x15c0  THREADORDER - ok
03:00:08.0788 0x15c0  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
03:00:08.0791 0x15c0  TrkWks - ok
03:00:08.0874 0x15c0  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
03:00:08.0875 0x15c0  TrustedInstaller - ok
03:00:08.0961 0x15c0  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
03:00:08.0962 0x15c0  tssecsrv - ok
03:00:09.0014 0x15c0  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
03:00:09.0015 0x15c0  tunmp - ok
03:00:09.0089 0x15c0  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
03:00:09.0090 0x15c0  tunnel - ok
03:00:09.0166 0x15c0  [ C3ADE15414120033A36C0F293D4A4121, 74A002C4B5EBD94E33EDEACB6639AF44ED72A8DDE3083C6DE71C1EE937EF1A9C ] uagp35          C:\Windows\system32\drivers\uagp35.sys
03:00:09.0190 0x15c0  uagp35 - ok
03:00:09.0284 0x15c0  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
03:00:09.0288 0x15c0  udfs - ok
03:00:09.0369 0x15c0  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
03:00:09.0371 0x15c0  UI0Detect - ok
03:00:09.0454 0x15c0  [ 75E6890EBFCE0841D3291B02E7A8BDB0, FDF9CDCCCCC0AA2A52623C5A67AC5F5224557EE4C8F6487CB13CAEB012575E2A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
03:00:09.0476 0x15c0  uliagpkx - ok
03:00:09.0529 0x15c0  [ 3CD4EA35A6221B85DCC25DAA46313F8D, 100A7E12B8EA395F70A00874328E87B930CE88FF442F3576FE88B105A22E04C5 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
03:00:09.0533 0x15c0  uliahci - ok
03:00:09.0558 0x15c0  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
03:00:09.0560 0x15c0  UlSata - ok
03:00:09.0637 0x15c0  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
03:00:09.0639 0x15c0  ulsata2 - ok
03:00:09.0680 0x15c0  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
03:00:09.0681 0x15c0  umbus - ok
03:00:09.0775 0x15c0  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
03:00:09.0781 0x15c0  upnphost - ok
03:00:09.0878 0x15c0  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
03:00:09.0880 0x15c0  usbccgp - ok
03:00:09.0960 0x15c0  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
03:00:09.0961 0x15c0  usbcir - ok
03:00:10.0014 0x15c0  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
03:00:10.0015 0x15c0  usbehci - ok
03:00:10.0082 0x15c0  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
03:00:10.0086 0x15c0  usbhub - ok
03:00:10.0126 0x15c0  [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\drivers\usbohci.sys
03:00:10.0127 0x15c0  usbohci - ok
03:00:10.0190 0x15c0  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
03:00:10.0191 0x15c0  usbprint - ok
03:00:10.0300 0x15c0  [ A508C9BD8724980512136B039BBA65E9, B39B72471C468AC997AEC528599EDC98A031F5A7EB91C4F9471402D48D2D4E3E ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
03:00:10.0301 0x15c0  usbscan - ok
03:00:10.0372 0x15c0  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:00:10.0373 0x15c0  USBSTOR - ok
03:00:10.0456 0x15c0  [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
03:00:10.0457 0x15c0  usbuhci - ok
03:00:10.0534 0x15c0  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
03:00:10.0536 0x15c0  UxSms - ok
03:00:10.0724 0x15c0  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
03:00:10.0731 0x15c0  vds - ok
03:00:10.0810 0x15c0  [ 7D92BE0028ECDEDEC74617009084B5EF, D0749CE6FA3415BA4364299F8D6D53F133E8D2F44C6F1057996243415A540A53 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
03:00:10.0810 0x15c0  vga - ok
03:00:10.0860 0x15c0  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
03:00:10.0861 0x15c0  VgaSave - ok
03:00:10.0982 0x15c0  [ 045D9961E591CF0674A920B6BA3BA5CB, EBF498A0424CEA0F7ECBAAE144A8669CE6B5DD67115DE22CEC5A46AED26CD90B ] viaagp          C:\Windows\system32\drivers\viaagp.sys
03:00:10.0985 0x15c0  viaagp - ok
03:00:11.0061 0x15c0  [ 56A4DE5F02F2E88182B0981119B4DD98, 36FC94BCFD41907838DBCB02E6EA24065FDED4224239CD19E90D14433BE9108B ] ViaC7           C:\Windows\system32\drivers\viac7.sys
03:00:11.0079 0x15c0  ViaC7 - ok
03:00:11.0108 0x15c0  [ FD2E3175FCADA350C7AB4521DCA187EC, 1C914B184478611A27E0141F90EBC34FC63DFB2A83441DD36DFA43D945FB1C52 ] viaide          C:\Windows\system32\drivers\viaide.sys
03:00:11.0109 0x15c0  viaide - ok
03:00:11.0187 0x15c0  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
03:00:11.0188 0x15c0  volmgr - ok
03:00:11.0346 0x15c0  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
03:00:11.0351 0x15c0  volmgrx - ok
03:00:11.0439 0x15c0  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
03:00:11.0443 0x15c0  volsnap - ok
03:00:11.0521 0x15c0  [ D984439746D42B30FC65A4C3546C6829, B134A9890638C2B4964A9C30812A2828A3E0CC641690CBF22D9FCE65EE3C2385 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
03:00:11.0523 0x15c0  vsmraid - ok
03:00:11.0657 0x15c0  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
03:00:11.0676 0x15c0  VSS - ok
03:00:11.0781 0x15c0  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
03:00:11.0787 0x15c0  W32Time - ok
03:00:11.0856 0x15c0  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
03:00:11.0858 0x15c0  WacomPen - ok
03:00:11.0941 0x15c0  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
03:00:11.0942 0x15c0  Wanarp - ok
03:00:11.0958 0x15c0  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
03:00:11.0960 0x15c0  Wanarpv6 - ok
03:00:12.0026 0x15c0  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
03:00:12.0054 0x15c0  wcncsvc - ok
03:00:12.0098 0x15c0  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
03:00:12.0101 0x15c0  WcsPlugInService - ok
03:00:12.0158 0x15c0  [ AFC5AD65B991C1E205CF25CFDBF7A6F4, 544173AE85A11B99B9221DB30B6803DAEB3EB7FCA57FE62F0D13EF70B9C69A89 ] Wd              C:\Windows\system32\drivers\wd.sys
03:00:12.0158 0x15c0  Wd - ok
03:00:12.0395 0x15c0  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
03:00:12.0404 0x15c0  Wdf01000 - ok
03:00:12.0485 0x15c0  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
03:00:12.0488 0x15c0  WdiServiceHost - ok
03:00:12.0505 0x15c0  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
03:00:12.0508 0x15c0  WdiSystemHost - ok
03:00:12.0555 0x15c0  [ BB77BAA3E7FD8F1A5D092A96D37B5A2D, 880C37347091224DFB7C442252FE4A29FD7002DA6A8BA994B8CEAABC5E535593 ] WebClient       C:\Windows\System32\webclnt.dll
03:00:12.0560 0x15c0  WebClient - ok
03:00:12.0609 0x15c0  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
03:00:12.0613 0x15c0  Wecsvc - ok
03:00:12.0652 0x15c0  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
03:00:12.0655 0x15c0  wercplsupport - ok
03:00:12.0706 0x15c0  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
03:00:12.0710 0x15c0  WerSvc - ok
03:00:12.0818 0x1074  Object required for P2P: [ 6C4B9A2FF6924405E9ABFB558049D4DD ] Avira.ServiceHost
03:00:12.0891 0x15c0  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
03:00:12.0896 0x15c0  WinDefend - ok
03:00:12.0928 0x15c0  WinHttpAutoProxySvc - ok
03:00:13.0595 0x1074  Object send P2P result: true
03:00:13.0685 0x15c0  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
03:00:13.0689 0x15c0  Winmgmt - ok
03:00:13.0851 0x15c0  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
03:00:13.0871 0x15c0  WinRM - ok
03:00:14.0022 0x15c0  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
03:00:14.0071 0x15c0  Wlansvc - ok
03:00:14.0412 0x15c0  [ FB01D4AE207B9EFDBABFC55DC95C7E31, E0EFDBBE0BAC275230C8C1A053948C21BCF20B99B92E50939E95FFB9DC87F6BA ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
03:00:14.0738 0x15c0  wlidsvc - ok
03:00:14.0810 0x15c0  [ 701A9F884A294327E9141D73746EE279, C8A46B8C32F9EAC7848D385473F6B5C4B6DA719A941A75AD5F081757FC07A09D ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
03:00:14.0812 0x15c0  WmiAcpi - ok
03:00:14.0897 0x15c0  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
03:00:14.0900 0x15c0  wmiApSrv - ok
03:00:15.0009 0x15c0  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
03:00:15.0024 0x15c0  WMPNetworkSvc - ok
03:00:15.0095 0x15c0  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
03:00:15.0099 0x15c0  WPCSvc - ok
03:00:15.0207 0x15c0  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
03:00:15.0210 0x15c0  WPDBusEnum - ok
03:00:15.0319 0x15c0  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
03:00:15.0320 0x15c0  WpdUsb - ok
03:00:15.0589 0x15c0  [ C108DC20ACE05072350DBB6934E277FB, 548E6ABE4C4ADE48260FFDC7BADFD1697972EA3AE94D6576498C8A183D8CE0C8 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
03:00:15.0703 0x15c0  WPFFontCache_v0400 - ok
03:00:15.0760 0x15c0  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
03:00:15.0761 0x15c0  ws2ifsl - ok
03:00:15.0814 0x15c0  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\System32\wscsvc.dll
03:00:15.0817 0x15c0  wscsvc - ok
03:00:15.0932 0x15c0  [ 4422AC5ED8D4C2F0DB63E71D4C069DD7, B010DCC7B802C26A701A7DE1CA1B21D6B43D99FE88524D015C9228376B0BDA6E ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
03:00:15.0933 0x15c0  WSDPrintDevice - ok
03:00:16.0016 0x15c0  [ 65D1FF8AAFF4A7D8F787A290E5087816, 9681C1B3B683E7F9531CD223C4C09877C829EFF3C707DD826752A815C1CF8982 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
03:00:16.0017 0x15c0  WSDScan - ok
03:00:16.0020 0x15c0  WSearch - ok
03:00:16.0291 0x15c0  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
03:00:16.0322 0x15c0  wuauserv - ok
03:00:16.0365 0x15c0  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
03:00:16.0367 0x15c0  WudfPf - ok
03:00:16.0469 0x15c0  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
03:00:16.0472 0x15c0  WUDFRd - ok
03:00:16.0544 0x15c0  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
03:00:16.0547 0x15c0  wudfsvc - ok
03:00:16.0552 0x15c0  ================ Scan global ===============================
03:00:16.0646 0x15c0  [ 2F2DFC846D75D680B9018823A8B5EF07, DBC823CF0C659B6D7482CB080CD042EC6BBAEDB6297DB712CADA1BCEAA8A95C8 ] C:\Windows\system32\basesrv.dll
03:00:16.0724 0x15c0  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
03:00:16.0759 0x15c0  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
03:00:16.0861 0x15c0  [ 4F0A7910FC7D8A66433FA9961EEF8BB5, 2086EDEE8CF9CC9BDBDC03018F7C28BB56172F941CB4D6F3D857BCF82B32FB6B ] C:\Windows\system32\services.exe
03:00:16.0866 0x15c0  [ Global ] - ok
03:00:16.0867 0x15c0  ================ Scan MBR ==================================
03:00:16.0898 0x15c0  [ 239841E1AE8E4843C0676F3681A7D6BE ] \Device\Harddisk0\DR0
03:00:20.0042 0x15c0  \Device\Harddisk0\DR0 - ok
03:00:20.0042 0x15c0  ================ Scan VBR ==================================
03:00:20.0067 0x15c0  [ B818445E44E56EC61024F7830A0C7E15 ] \Device\Harddisk0\DR0\Partition1
03:00:20.0152 0x15c0  \Device\Harddisk0\DR0\Partition1 - ok
03:00:20.0187 0x15c0  [ 702A9851DE15693D0EF2B4060EA0048B ] \Device\Harddisk0\DR0\Partition2
03:00:20.0255 0x15c0  \Device\Harddisk0\DR0\Partition2 - ok
03:00:20.0255 0x15c0  ================ Scan generic autorun ======================
03:00:20.0435 0x15c0  [ 0D392EDE3B97E0B3131B2F63EF1DB94E, 3EDA280F91097293E00BF984D377E1111CFDE1FC81B30A3FDEB38F321EF82BB6 ] C:\Program Files\Windows Defender\MSASCui.exe
03:00:20.0495 0x15c0  Windows Defender - ok
03:00:20.0611 0x15c0  [ CE5C9977DA751DDC30952AC4DCBCA788, 295172C4681E9AC27121122CDD2BA6F2A62435917A083CC8490D584CA0164BE6 ] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
03:00:20.0635 0x15c0  HP Software Update - ok
03:00:21.0673 0x15c0  [ C1A86A6D6847DEFF009EAE85BA0C1F20, 7DC2A823FA281117B335B74876469C788A5C81534251179BE86F3FB35F1B6D67 ] C:\Program Files\Avira\Antivirus\avgnt.exe
03:00:21.0875 0x15c0  avgnt - ok
03:00:22.0052 0x15c0  [ A8E69DA21AEEB9DAA55D90E87AC1A549, 175AF750A1DF53555D0CB6C61312CEE37E2CB182873041A8AE38C57EA01DC2F5 ] C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe
03:00:22.0082 0x15c0  Avira SystrayStartTrigger - ok
03:00:22.0946 0x15c0  [ AFF32534C8DEBC60607CDBCA3F18619C, 0701F91FFD15458383DD2AC40E538440F470A6BF5A5E53C55282083C8DF99912 ] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
03:00:22.0976 0x15c0  StartCCC - ok
03:00:23.0104 0x15c0  [ 0EF0822810009D58118CCDFD098FA9F4, 9FAA263057898BCDBCB0A064C463F48D149474AA339A3C4C47626CC118750D2D ] C:\Program Files\iTunes\iTunesHelper.exe
03:00:23.0111 0x15c0  iTunesHelper - ok
03:00:23.0423 0x15c0  [ 09E60B4FE341A94A300830C008907099, 5F07868953FAA8FFA9E6477F6BAC52DEEDF3EA4A3F8AF5B4E15878D8240223AB ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
03:00:23.0451 0x15c0  APSDaemon - ok
03:00:23.0710 0x15c0  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
03:00:23.0728 0x15c0  Sidebar - ok
03:00:23.0732 0x15c0  WindowsWelcomeCenter - ok
03:00:23.0881 0x15c0  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
03:00:23.0899 0x15c0  Sidebar - ok
03:00:23.0903 0x15c0  WindowsWelcomeCenter - ok
03:00:23.0904 0x15c0  Waiting for KSN requests completion. In queue: 9
03:00:24.0918 0x15c0  AV detected via SS2: Avira Antivirus, C:\Program Files\Avira\Antivirus\wsctool.exe ( 15.0.13.202 ), 0x41000 ( enabled : updated )
03:00:24.0923 0x15c0  Win FW state via NFP2: enabled ( trusted )
03:00:25.0474 0x15c0  ============================================================
03:00:25.0474 0x15c0  Scan finished
03:00:25.0474 0x15c0  ============================================================
03:00:25.0479 0x12f8  Detected object count: 0
03:00:25.0479 0x12f8  Actual detected object count: 0
03:00:30.0251 0x1298  Deinitialize success
 

And the Roguekiller report:

RogueKiller V10.11.5.0 [Nov  9 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Kayla [Administrator]
Started from : C:\Users\Kayla\Desktop\fire.exe
Mode : Scan -- Date : 11/15/2015 03:12:13

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 64.59.176.14 64.59.177.228 ([CANADA (CA)][CANADA (CA)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 64.59.176.14 64.59.177.228 ([CANADA (CA)][CANADA (CA)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 64.59.176.14 64.59.177.228 ([CANADA (CA)][CANADA (CA)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DFEC8990-A25D-4F2B-8630-CDE3A1D61407} | DhcpNameServer : 64.59.176.14 64.59.177.228 ([CANADA (CA)][CANADA (CA)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DFEC8990-A25D-4F2B-8630-CDE3A1D61407} | DhcpNameServer : 64.59.176.14 64.59.177.228 ([CANADA (CA)][CANADA (CA)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{DFEC8990-A25D-4F2B-8630-CDE3A1D61407} | DhcpNameServer : 64.59.176.14 64.59.177.228 ([CANADA (CA)][CANADA (CA)])  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 2 (Driver: Loaded) ¤¤¤
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[573] : Unknown @ 0x41e4e810e8c00000
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[576] : Unknown @ 0x41e4e810e9600000

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] c84b6b57136ea7458f3a5164c51abeeb
[BSP] 4592a1e4ebe1a390ab4399f5663a3543 : HP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 464937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 952195072 | Size: 11999 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

 

Thank you for your guidance and ongoing support in advance. Edit: just so you know I changed the program names previously to sc2.exe for the TDSS killer program and I changed Roguekiller to fire.exe (was gonna do firefox and changed mind).


Edited by Big Ben, 15 November 2015 - 04:23 AM.

#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:05:16 PM

Posted 15 November 2015 - 12:05 PM

Hi,

 

Please post rkill Log.

---------------------------------------------------

MBAR Scan:

  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.09.1.1004.zip and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please zip and attach the two log files created by the tool within the folder from which it was run.

The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

NEXT

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 

#5 Big Ben

Big Ben
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:08:16 AM

Posted 15 November 2015 - 12:32 PM

Rkill 2.8.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/15/2015 02:57:15 AM in x86 mode.
Windows Version: Windows Vista ™ Home Basic Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 


#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:05:16 PM

Posted 24 November 2015 - 07:45 PM

Are you still with me ? I am weiting the Logs


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 

#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:05:16 PM

Posted 28 November 2015 - 12:31 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 

Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·