Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible DDOS?


  • Please log in to reply
20 replies to this topic

#1 Miss__Brittany

Miss__Brittany

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Montreal
  • Local time:12:05 PM

Posted 14 January 2016 - 04:34 PM

Hi there,
 
Thank you in advance for the help.
 
I've been noticing for weeks that my internet has been cutting out frequently, but only for short periods.  Or sometimes pages pause when loading and then will come up very quickly.  Anyway, the internet hasn't been running smoothly and it's been very noticeable.
 
So now I decided to take a look in my router to see if there is anything suspicious looking.
 
It's showing that every minute there are a few incoming "attacks" of packets that are being blocked, and this goes on for hours and hours - every minute my computer is on.
I'm sure this is what is slowing down my internet.
 
I went online to do a speed test a few times and if I keep refreshing it my speed goes from 30mbps to 20mbps at one point, and then back up to 30mbps.  This seems to be happening in approximately minute intervals, just like the packets are being thrown at me.
 
Here is an example for you:
 
 
Jan 14 16:09:17 Per-source ACK Flood Attack Detect (ip=216.58.219.194) Packet Dropped Jan 14 16:09:17 Whole System ACK Flood Attack from WAN Rule:Default deny Jan 14 16:08:17 Per-source ACK Flood Attack Detect (ip=74.125.29.138) Packet Dropped Jan 14 16:08:17 Whole System ACK Flood Attack from WAN Rule:Default deny Jan 14 16:07:17 Per-source ACK Flood Attack Detect (ip=31.13.80.12) Packet Dropped Jan 14 16:07:17 Whole System ACK Flood Attack from WAN Rule:Default deny Jan 14 16:06:17 Per-source ACK Flood Attack Detect (ip=72.14.249.104) Packet Dropped Jan 14 16:06:17 Whole System ACK Flood Attack from WAN Rule:Default deny Jan 14 16:05:17 Per-source ACK Flood Attack Detect (ip=72.14.249.104) Packet Dropped Jan 14 16:05:17 Whole System ACK Flood Attack from WAN Rule:Default deny
 
Jan 14 14:50:17 Per-source ACK Flood Attack Detect (ip=173.194.204.95) Packet Dropped Jan 14 14:50:17 Whole System ACK Flood Attack from WAN Rule:Default deny Jan 14 14:49:17 Port Scan Attack Detect (ip=96.22.15.17) Packet Dropped Jan 14 14:49:17 Per-source ACK Flood Attack Detect (ip=96.22.15.17) Packet Dropped Jan 14 14:49:17 Whole System ACK Flood Attack from WAN Rule:Default deny Jan 14 14:48:17 Port Scan Attack Detect (ip=96.22.15.17) Packet Dropped Jan 14 14:48:17 Per-source ACK Flood Attack Detect (ip=96.21.0.59) Packet Dropped Jan 14 14:48:17 Whole System ACK Flood Attack from WAN Rule:Default deny Jan 14 14:47:17 Port Scan Attack Detect (ip=96.22.15.16) Packet Dropped Jan 14 14:47:17
Per-source ACK Flood Attack Detect (ip=72.14.249.104) Packet Dropped
 
 
I don't think these are random, because the same IP addresses seem to be showing up from day to day, along with random ones.  Some of the IP addresses are local to me and some of them are from half way around the world.
I've done all kinds of virus scans, MBAM, ccleaner, rootkits, etc. and nothing has shown up.
 
The only time the attack stopped is when I called my ISP and said I wanted my IP address changed; they put me on hold for 15 minutes and suddenly no attacks.  However, they tell me that they were doing nothing and that they absolutely will not change IP addresses and that I have a virus.  10 minutes after the phone call ended the attacks on the router started happening again.
 
So what can I do now?  Is changing my ISP the only solution?  Even if I do that, will it solve the problem?
Or do I have a virus that has not been detected?
 
 
I have a Dlink DIR605L and the only things going through my router are the desktop computer, and our phones are connecting wirelessly - I just setup a Nvidia Shield TV, but have been waiting to fix this problem before using it.  We have a laptop that connects, but it is very rarely that we open it - maybe once every 6 months. 
 
I don't know if this is relevant, but last night when I was looking at the active sessions my TCP sessions were throttling from 60 to up past 100.  I didn't have any programs open, or running in the background, only my internet as I was trying to find solutions to this problem.
 
TCP Session:   8 UDP Session:   2 Total:   10
Mod Edit removed IP `` boopme
 

 
 
Thank you for the help,
 
 
Brittany

Edited by boopme, 19 January 2016 - 10:35 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:05 PM

Posted 15 January 2016 - 01:36 PM

Ok Miss, lets scan it

3Al62Pm.pngMiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
SXvL3ZF.pngTDSSKiller
  • Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
>>>

51a46ae42d560-malwarebytes_anti_malware.Malwarebytes Anti-Malware
  • Download MalwareBytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.
    • If no threats were found, click View detailed log.
      • Click Export and save the log as a .txt file on your Desktop or another location.
    • If the scan detected any threats, click Apply Actions.
      • To complete any actions taken you will be prompted to restart your computer...click on Yes.
      • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
      • Check the box next to Scan Log. Choose the most current scan and click View.
      • Click Export and save the log as a .txt file on your Desktop or another location.
  • Providing the MalwareBytes' Anti-Malware log file
    • Attach the log file you just saved to your next reply for further review.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Miss__Brittany

Miss__Brittany
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Montreal
  • Local time:12:05 PM

Posted 19 January 2016 - 01:06 AM

So Sorry about the delayed response.

 

Here are the results.  A lot of errors... hmmm.

 

MiniToolBox by Farbar  Version: 02-11-2015
Ran by Family (administrator) on 19-01-2016 at 01:00:16
Running from "C:\Users\Family\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Model: SLIC-CPC Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Family-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
   Physical Address. . . . . . . . . : 00-23-54-2E-1D-95
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::ed4f:afec:5592:e580%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.100(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, January 18, 2016 9:56:55 AM
   Lease Expires . . . . . . . . . . : Tuesday, January 19, 2016 9:56:55 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 234890068
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-75-EF-35-00-23-54-2E-1D-95
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{302B1EEB-7E25-45BD-8022-776921061394}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.0.1

Name:    google.com
Addresses:  2607:f8b0:4006:80c::1006
   96.22.15.31
   96.22.15.24
   96.22.15.45
   96.22.15.52
   96.22.15.38
   96.22.15.25
   96.22.15.18
   96.22.15.32
   96.22.15.59
   96.22.15.46
   96.22.15.39
   96.22.15.53

Pinging google.com [96.22.15.45] with 32 bytes of data:
Reply from 96.22.15.45: bytes=32 time=10ms TTL=62
Reply from 96.22.15.45: bytes=32 time=8ms TTL=62

Ping statistics for 96.22.15.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 8ms, Maximum = 10ms, Average = 9ms
Server:  UnKnown
Address:  192.168.0.1

Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
   2001:4998:58:c02::a9
   2001:4998:c:a06::2:4008
   98.138.253.109
   206.190.36.45
   98.139.183.24

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=69ms TTL=54
Reply from 206.190.36.45: bytes=32 time=69ms TTL=54

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 69ms, Maximum = 69ms, Average = 69ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 23 54 2e 1d 95 ......Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.100     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.100    276
    192.168.0.100  255.255.255.255         On-link     192.168.0.100    276
    192.168.0.255  255.255.255.255         On-link     192.168.0.100    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.100    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.100    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    276 fe80::/64                On-link
 11    276 fe80::ed4f:afec:5592:e580/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/18/2016 11:04:55 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (01/18/2016 10:16:19 AM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17609 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b28

Start Time: 01d1520132658b66

Termination Time: 785

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (01/18/2016 09:58:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/18/2016 09:57:47 AM) (Source: Application Error) (User: )
Description: Faulting application name: ProcessHacker.exe, version: 2.36.0.6153, time stamp: 0x55911ddf
Faulting module name: ProcessHacker.exe, version: 2.36.0.6153, time stamp: 0x55911ddf
Exception code: 0xc0000005
Fault offset: 0x00000000000e56c7
Faulting process id: 0xd48
Faulting application start time: 0xProcessHacker.exe0
Faulting application path: ProcessHacker.exe1
Faulting module path: ProcessHacker.exe2
Report Id: ProcessHacker.exe3

Error: (01/18/2016 04:21:58 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073418154

Error: (01/18/2016 02:01:37 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17609, time stamp: 0x5671a062
Faulting module name: MSHTML.dll, version: 10.0.9200.17609, time stamp: 0x5671bf9c
Exception code: 0xc0000005
Fault offset: 0x003d404f
Faulting process id: 0x107c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (01/17/2016 09:58:50 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2016 09:41:12 AM) (Source: Application Error) (User: )
Description: Faulting application name: ProcessHacker.exe, version: 2.36.0.6153, time stamp: 0x55911ddf
Faulting module name: ProcessHacker.exe, version: 2.36.0.6153, time stamp: 0x55911ddf
Exception code: 0xc0000005
Fault offset: 0x00000000000e56c7
Faulting process id: 0xe48
Faulting application start time: 0xProcessHacker.exe0
Faulting application path: ProcessHacker.exe1
Faulting module path: ProcessHacker.exe2
Report Id: ProcessHacker.exe3

Error: (01/17/2016 09:40:57 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2016 08:56:11 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17609, time stamp: 0x5671a062
Faulting module name: Flash32_20_0_0_228.ocx, version: 20.0.0.228, time stamp: 0x565123f2
Exception code: 0xc0000005
Fault offset: 0x006d042a
Faulting process id: 0x1530
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

System errors:
=============
Error: (01/18/2016 09:58:13 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/18/2016 09:58:02 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (01/18/2016 09:56:56 AM) (Source: BugCheck) (User: )
Description: 0x00000116 (0xfffffa8008a844e0, 0xfffff8800fbccb40, 0xffffffffc000000d, 0x0000000000000003)C:\Windows\MEMORY.DMP011816-28423-01

Error: (01/18/2016 09:56:55 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:54:51 AM on ‎1/‎18/‎2016 was unexpected.

Error: (01/17/2016 09:58:44 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (01/17/2016 09:57:35 AM) (Source: BugCheck) (User: )
Description: 0x00000116 (0xfffffa80046e5010, 0xfffff8800fc44b40, 0xffffffffc000000d, 0x0000000000000003)C:\Windows\MEMORY.DMP011716-41012-01

Error: (01/17/2016 09:57:34 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:54:30 AM on ‎1/‎17/‎2016 was unexpected.

Error: (01/17/2016 09:40:54 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/17/2016 09:40:42 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (01/17/2016 09:39:59 AM) (Source: BugCheck) (User: )
Description: 0x00000116 (0xfffffa80058b6010, 0xfffff8800fc31b40, 0xffffffffc000000d, 0x0000000000000003)C:\Windows\MEMORY.DMP011716-40154-01

Microsoft Office Sessions:
=========================
Error: (01/18/2016 11:04:55 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Family\Desktop\esetsmartinstaller_enu.exe

Error: (01/18/2016 10:16:19 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.17609b2801d1520132658b66785C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (01/18/2016 09:58:25 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/18/2016 09:57:47 AM) (Source: Application Error)(User: )
Description: ProcessHacker.exe2.36.0.615355911ddfProcessHacker.exe2.36.0.615355911ddfc000000500000000000e56c7d4801d1520089bed276C:\Program Files\Process Hacker 2\ProcessHacker.exeC:\Program Files\Process Hacker 2\ProcessHacker.exed5dc83bc-bdf3-11e5-b050-0023542e1d95

Error: (01/18/2016 04:21:58 AM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073418154

Error: (01/18/2016 02:01:37 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.176095671a062MSHTML.dll10.0.9200.176095671bf9cc0000005003d404f107c01d151a72ec59516C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\MSHTML.dll509ba06f-bdb1-11e5-8191-0023542e1d95

Error: (01/17/2016 09:58:50 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2016 09:41:12 AM) (Source: Application Error)(User: )
Description: ProcessHacker.exe2.36.0.615355911ddfProcessHacker.exe2.36.0.615355911ddfc000000500000000000e56c7e4801d15134f8c2ff9aC:\Program Files\Process Hacker 2\ProcessHacker.exeC:\Program Files\Process Hacker 2\ProcessHacker.exe5a574591-bd28-11e5-8217-0023542e1d95

Error: (01/17/2016 09:40:57 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2016 08:56:11 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.176095671a062Flash32_20_0_0_228.ocx20.0.0.228565123f2c0000005006d042a153001d15121ba5f8da3C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\Macromed\Flash\Flash32_20_0_0_228.ocx105a81f4-bd22-11e5-a1f3-0023542e1d95

CodeIntegrity Errors:
===================================
  Date: 2014-08-10 01:46:09.910
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Family\Desktop\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-10 01:46:09.863
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Family\Desktop\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-10 01:46:05.856
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Family\Desktop\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-10 01:46:05.809
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Family\Desktop\VCdRom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.196 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG (HKLM\...\{AB11E7BD-211E-4EBD-9EAE-0C11CE7B48AE}) (Version: 16.12.7294 - AVG Technologies) Hidden
AVG 2016 (HKLM\...\{2272D5BF-6158-4042-9E55-5D0E0793D32E}) (Version: 16.0.4489 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.12.7294 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.4.155 - AVG Technologies)
Brother MFL-Pro Suite MFC-J4510DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.2.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DVDFab Virtual Drive (HKLM\...\DVDFab Virtual Drive_is1) (Version: 1.5.1.0 - Fengtao Software Inc.)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
FMW 1 (HKLM\...\{1F610B48-81E7-4A33-AFC9-1D7602C80732}) (Version: 1.52.1 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2618.8 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.1 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 8 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Leapforce Extension Native Host (HKLM-x32\...\{C15F26C8-6656-4A6A-A586-42872E7FFA2D}) (Version: 1.1.6 - Leapforce)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Ελληνικά) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1032) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{0309B99E-C7EA-414C-AC53-A78061277595}) (Version: 8.0.6362.223 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0 (x86 en-US)) (Version: 43.0 - Mozilla)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Process Hacker 2.36 (r6153) (HKLM\...\Process_Hacker2_is1) (Version: 2.36.0.6153 - wj32)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.80.4.50 - Conexant Systems)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TurboTax 2014 (HKLM-x32\...\{0B69B187-4F9F-41C2-B850-735D1A323571}) (Version: 1.00.0000 - Intuit Canada)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version:  - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

========================= Memory info: ===================================

Percentage of memory in use: 61%
Total physical RAM: 4095.23 MB
Available physical RAM: 1591.46 MB
Total Virtual: 8188.66 MB
Available Virtual: 5291.36 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:596.17 GB) (Free:323.01 GB) NTFS

========================= Users: ========================================

User accounts for \\FAMILY-PC

Administrator            Family                   Guest                   

**** End of log ****



#4 Miss__Brittany

Miss__Brittany
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Montreal
  • Local time:12:05 PM

Posted 19 January 2016 - 01:11 AM

TDSSKiller:

 

01:09:23.0855 0x0a2c  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
01:09:28.0075 0x0a2c  ============================================================
01:09:28.0075 0x0a2c  Current date / time: 2016/01/19 01:09:28.0075
01:09:28.0075 0x0a2c  SystemInfo:
01:09:28.0075 0x0a2c 
01:09:28.0075 0x0a2c  OS Version: 6.1.7601 ServicePack: 1.0
01:09:28.0075 0x0a2c  Product type: Workstation
01:09:28.0075 0x0a2c  ComputerName: FAMILY-PC
01:09:28.0075 0x0a2c  UserName: Family
01:09:28.0075 0x0a2c  Windows directory: C:\Windows
01:09:28.0075 0x0a2c  System windows directory: C:\Windows
01:09:28.0075 0x0a2c  Running under WOW64
01:09:28.0075 0x0a2c  Processor architecture: Intel x64
01:09:28.0075 0x0a2c  Number of processors: 4
01:09:28.0075 0x0a2c  Page size: 0x1000
01:09:28.0075 0x0a2c  Boot type: Normal boot
01:09:28.0075 0x0a2c  ============================================================
01:09:29.0610 0x0a2c  KLMD registered as C:\Windows\system32\drivers\56600225.sys
01:09:30.0110 0x0a2c  System UUID: {040C03E2-A01C-987F-4EA4-1246074EDB05}
01:09:30.0583 0x0a2c  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:09:30.0593 0x0a2c  ============================================================
01:09:30.0593 0x0a2c  \Device\Harddisk0\DR0:
01:09:30.0593 0x0a2c  MBR partitions:
01:09:30.0593 0x0a2c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A857800
01:09:30.0593 0x0a2c  ============================================================
01:09:30.0603 0x0a2c  C: <-> \Device\Harddisk0\DR0\Partition1
01:09:30.0603 0x0a2c  ============================================================
01:09:30.0603 0x0a2c  Initialize success
01:09:30.0603 0x0a2c  ============================================================
01:09:47.0820 0x1640  ============================================================
01:09:47.0820 0x1640  Scan started
01:09:47.0820 0x1640  Mode: Manual;
01:09:47.0820 0x1640  ============================================================
01:09:47.0820 0x1640  KSN ping started
01:09:50.0560 0x1640  KSN ping finished: true
01:09:52.0625 0x1640  ================ Scan system memory ========================
01:09:52.0625 0x1640  System memory - ok
01:09:52.0625 0x1640  ================ Scan services =============================
01:09:52.0775 0x1640  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
01:09:52.0795 0x1640  1394ohci - ok
01:09:52.0845 0x1640  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
01:09:52.0865 0x1640  ACPI - ok
01:09:52.0885 0x1640  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
01:09:52.0885 0x1640  AcpiPmi - ok
01:09:52.0985 0x1640  [ F2CEEE9ABBCEF207ACB103215AC28BC2, F8F8B8AF6317926D7AC0CA2CA23628B2C69327A2792D58D3328443C5ED9514E9 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:09:52.0995 0x1640  AdobeARMservice - ok
01:09:53.0015 0x1640  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
01:09:53.0045 0x1640  adp94xx - ok
01:09:53.0065 0x1640  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
01:09:53.0085 0x1640  adpahci - ok
01:09:53.0105 0x1640  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
01:09:53.0105 0x1640  adpu320 - ok
01:09:53.0135 0x1640  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
01:09:53.0145 0x1640  AeLookupSvc - ok
01:09:53.0195 0x1640  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
01:09:53.0225 0x1640  AFD - ok
01:09:53.0235 0x1640  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
01:09:53.0235 0x1640  agp440 - ok
01:09:53.0255 0x1640  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
01:09:53.0255 0x1640  ALG - ok
01:09:53.0275 0x1640  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
01:09:53.0285 0x1640  aliide - ok
01:09:53.0295 0x1640  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
01:09:53.0298 0x1640  amdide - ok
01:09:53.0310 0x1640  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
01:09:53.0310 0x1640  AmdK8 - ok
01:09:53.0310 0x1640  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
01:09:53.0310 0x1640  AmdPPM - ok
01:09:53.0340 0x1640  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
01:09:53.0350 0x1640  amdsata - ok
01:09:53.0370 0x1640  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
01:09:53.0370 0x1640  amdsbs - ok
01:09:53.0400 0x1640  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
01:09:53.0400 0x1640  amdxata - ok
01:09:53.0420 0x1640  [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID           C:\Windows\system32\drivers\appid.sys
01:09:53.0430 0x1640  AppID - ok
01:09:53.0440 0x1640  [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
01:09:53.0440 0x1640  AppIDSvc - ok
01:09:53.0470 0x1640  [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo         C:\Windows\System32\appinfo.dll
01:09:53.0470 0x1640  Appinfo - ok
01:09:53.0500 0x1640  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
01:09:53.0510 0x1640  AppMgmt - ok
01:09:53.0550 0x1640  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
01:09:53.0560 0x1640  arc - ok
01:09:53.0570 0x1640  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
01:09:53.0580 0x1640  arcsas - ok
01:09:53.0660 0x1640  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
01:09:53.0680 0x1640  aspnet_state - ok
01:09:53.0700 0x1640  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
01:09:53.0710 0x1640  AsyncMac - ok
01:09:53.0740 0x1640  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
01:09:53.0750 0x1640  atapi - ok
01:09:53.0800 0x1640  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:09:53.0840 0x1640  AudioEndpointBuilder - ok
01:09:53.0860 0x1640  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
01:09:53.0880 0x1640  AudioSrv - ok
01:09:53.0970 0x1640  [ 381ACF5D04BE19C77EB76FB40BF18401, 618D6C3A0416B0454369F9EA565652EE7EA4F8B26C22A06B737195721BBC1C68 ] AvgAMPS         C:\Program Files (x86)\AVG\Av\avgamps.exe
01:09:54.0000 0x1640  AvgAMPS - ok
01:09:54.0050 0x1640  [ FF641C4AD6F27902A7D3CA57BEAA8E80, D5CC8F8BFAE3FFAF9E6FB8130337BACCCC2DB9AE04C8D01A3B7F9037EE3A0ED2 ] Avgdiska        C:\Windows\system32\DRIVERS\avgdiska.sys
01:09:54.0060 0x1640  Avgdiska - ok
01:09:54.0230 0x1640  [ 5DA084E973407AFC5E74CBC2FEAF81A8, ACA1869A78B5D4FE40D658EDE9F48202FD0E925042D7EEBBC84FEBF12C872214 ] AVGIDSAgent     C:\Program Files (x86)\AVG\Av\avgidsagent.exe
01:09:54.0300 0x1640  AVGIDSAgent - ok
01:09:54.0340 0x1640  [ 39AB843A621CC62355D7C5CE6B376B47, 9ADA58BD8BD176FA799BFE4D04890A68848F6C8CACD92BAF542380629AE0955D ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
01:09:54.0360 0x1640  AVGIDSDriver - ok
01:09:54.0390 0x1640  [ E9796E2C69DC0D3AEE77EC82B80F83F3, E89011A5CC74AE9FDCCD094C50289E7875A014E537A05338EA6B0152B6E992F4 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
01:09:54.0400 0x1640  AVGIDSHA - ok
01:09:54.0430 0x1640  [ D2E83AA008426FC9408272035E50D40B, 6F3B3385C5E1BDBF29343737C5A72A3C8B671016BC805EC51B4C0728807726E3 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
01:09:54.0450 0x1640  Avgldx64 - ok
01:09:54.0490 0x1640  [ 6BB3E78DE490503540DD93B9A733794D, 18832B066A10EF2CF0A02F0B834B91771DD95CC3FAB24CBACB7B60E46D280B25 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
01:09:54.0500 0x1640  Avgloga - ok
01:09:54.0530 0x1640  [ 30F6E5131FE7C385726DE45CDF686002, AF91984816A7647F11B20FA61591D1E463C48B12C92B0132BB961F5E0A61DB5E ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
01:09:54.0550 0x1640  Avgmfx64 - ok
01:09:54.0570 0x1640  [ B4551FA74295B9629B8F63B1D54EF4FB, 3C0C798D98AC8B50098ACE634ED4733A2A245D2C03B8C92397899767C11C24DD ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
01:09:54.0570 0x1640  Avgrkx64 - ok
01:09:54.0670 0x1640  [ 05927BED96CF7E1DA308870C6D5C5792, 489AAADF6BEAAFDEA35F332507B889ED9878D7F7319530222A1629A08B49D1A4 ] avgsvc          C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
01:09:54.0690 0x1640  avgsvc - ok
01:09:54.0740 0x1640  [ 799759F0F6825875A7178C15CD2D7E8D, B40DF8F31281FC6C7212C26BB8C1E76DD92A9B2B92A8C1E55B0AB7A200A5F43A ] avgwd           C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
01:09:54.0750 0x1640  avgwd - ok
01:09:54.0810 0x1640  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
01:09:54.0810 0x1640  AxInstSV - ok
01:09:54.0870 0x1640  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
01:09:54.0900 0x1640  b06bdrv - ok
01:09:54.0930 0x1640  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
01:09:54.0950 0x1640  b57nd60a - ok
01:09:54.0970 0x1640  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
01:09:54.0980 0x1640  BDESVC - ok
01:09:54.0990 0x1640  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
01:09:54.0990 0x1640  Beep - ok
01:09:55.0050 0x1640  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
01:09:55.0080 0x1640  BFE - ok
01:09:55.0130 0x1640  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
01:09:55.0180 0x1640  BITS - ok
01:09:55.0210 0x1640  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
01:09:55.0210 0x1640  blbdrive - ok
01:09:55.0240 0x1640  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
01:09:55.0240 0x1640  bowser - ok
01:09:55.0260 0x1640  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
01:09:55.0260 0x1640  BrFiltLo - ok
01:09:55.0260 0x1640  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
01:09:55.0270 0x1640  BrFiltUp - ok
01:09:55.0280 0x1640  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
01:09:55.0293 0x1640  Browser - ok
01:09:55.0310 0x1640  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
01:09:55.0340 0x1640  Brserid - ok
01:09:55.0350 0x1640  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
01:09:55.0350 0x1640  BrSerWdm - ok
01:09:55.0360 0x1640  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
01:09:55.0360 0x1640  BrUsbMdm - ok
01:09:55.0370 0x1640  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
01:09:55.0370 0x1640  BrUsbSer - ok
01:09:55.0440 0x1640  [ DB109DA005B6FE2A350C5DD7CA768DFD, 241A0BFAEFB1B165C00EE75E8CA382B5935F5DF447DAD5AE9022B2B78317668E ] BrYNSvc         C:\Program Files (x86)\Browny02\BrYNSvc.exe
01:09:55.0460 0x1640  BrYNSvc - ok
01:09:55.0470 0x1640  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
01:09:55.0470 0x1640  BTHMODEM - ok
01:09:55.0510 0x1640  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
01:09:55.0520 0x1640  bthserv - ok
01:09:55.0580 0x1640  [ 46F088D1247E825B313200254EDD9E5B, 085D0FA43BFA2BF88F3949F634A59CC24B0765EAA7EC539FB36C61133A7BB633 ] CAXHWBS2        C:\Windows\system32\DRIVERS\CAXHWBS2.sys
01:09:55.0600 0x1640  CAXHWBS2 - ok
01:09:55.0650 0x1640  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
01:09:55.0660 0x1640  cdfs - ok
01:09:55.0680 0x1640  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
01:09:55.0690 0x1640  cdrom - ok
01:09:55.0710 0x1640  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
01:09:55.0710 0x1640  CertPropSvc - ok
01:09:55.0740 0x1640  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
01:09:55.0740 0x1640  circlass - ok
01:09:55.0780 0x1640  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
01:09:55.0810 0x1640  CLFS - ok
01:09:55.0860 0x1640  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:09:55.0870 0x1640  clr_optimization_v2.0.50727_32 - ok
01:09:55.0900 0x1640  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:09:55.0910 0x1640  clr_optimization_v2.0.50727_64 - ok
01:09:55.0990 0x1640  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:09:56.0020 0x1640  clr_optimization_v4.0.30319_32 - ok
01:09:56.0040 0x1640  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:09:56.0050 0x1640  clr_optimization_v4.0.30319_64 - ok
01:09:56.0080 0x1640  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
01:09:56.0080 0x1640  CmBatt - ok
01:09:56.0100 0x1640  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
01:09:56.0110 0x1640  cmdide - ok
01:09:56.0150 0x1640  [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG             C:\Windows\system32\Drivers\cng.sys
01:09:56.0160 0x1640  CNG - ok
01:09:56.0170 0x1640  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
01:09:56.0170 0x1640  Compbatt - ok
01:09:56.0200 0x1640  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
01:09:56.0200 0x1640  CompositeBus - ok
01:09:56.0210 0x1640  COMSysApp - ok
01:09:56.0230 0x1640  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
01:09:56.0230 0x1640  crcdisk - ok
01:09:56.0280 0x1640  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
01:09:56.0300 0x1640  CryptSvc - ok
01:09:56.0340 0x1640  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
01:09:56.0370 0x1640  CSC - ok
01:09:56.0410 0x1640  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
01:09:56.0430 0x1640  CscService - ok
01:09:56.0470 0x1640  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
01:09:56.0490 0x1640  DcomLaunch - ok
01:09:56.0520 0x1640  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
01:09:56.0540 0x1640  defragsvc - ok
01:09:56.0550 0x1640  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
01:09:56.0560 0x1640  DfsC - ok
01:09:56.0590 0x1640  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
01:09:56.0600 0x1640  Dhcp - ok
01:09:56.0610 0x1640  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
01:09:56.0610 0x1640  discache - ok
01:09:56.0640 0x1640  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
01:09:56.0640 0x1640  Disk - ok
01:09:56.0670 0x1640  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
01:09:56.0670 0x1640  dmvsc - ok
01:09:56.0700 0x1640  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
01:09:56.0720 0x1640  Dnscache - ok
01:09:56.0740 0x1640  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
01:09:56.0760 0x1640  dot3svc - ok
01:09:56.0770 0x1640  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
01:09:56.0780 0x1640  DPS - ok
01:09:56.0820 0x1640  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
01:09:56.0820 0x1640  drmkaud - ok
01:09:56.0860 0x1640  [ 2139AC40D3AE5EE59D829DFB2560A1BE, C3A8549359FF81566F5C58359458E3F019C8DB73EE5BC831680C6EDB3A95F38B ] dvdfabio        C:\Windows\system32\drivers\dvdfabio.sys
01:09:56.0860 0x1640  dvdfabio - ok
01:09:56.0920 0x1640  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
01:09:56.0970 0x1640  DXGKrnl - ok
01:09:56.0980 0x1640  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
01:09:56.0990 0x1640  EapHost - ok
01:09:57.0100 0x1640  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
01:09:57.0210 0x1640  ebdrv - ok
01:09:57.0240 0x1640  [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] EFS             C:\Windows\System32\lsass.exe
01:09:57.0240 0x1640  EFS - ok
01:09:57.0325 0x1640  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
01:09:57.0355 0x1640  ehRecvr - ok
01:09:57.0375 0x1640  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
01:09:57.0385 0x1640  ehSched - ok
01:09:57.0415 0x1640  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
01:09:57.0425 0x1640  elxstor - ok
01:09:57.0435 0x1640  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
01:09:57.0445 0x1640  ErrDev - ok
01:09:57.0485 0x1640  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
01:09:57.0505 0x1640  EventSystem - ok
01:09:57.0535 0x1640  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
01:09:57.0535 0x1640  exfat - ok
01:09:57.0575 0x1640  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
01:09:57.0585 0x1640  fastfat - ok
01:09:57.0625 0x1640  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
01:09:57.0645 0x1640  Fax - ok
01:09:57.0655 0x1640  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
01:09:57.0655 0x1640  fdc - ok
01:09:57.0665 0x1640  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
01:09:57.0665 0x1640  fdPHost - ok
01:09:57.0675 0x1640  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
01:09:57.0675 0x1640  FDResPub - ok
01:09:57.0685 0x1640  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
01:09:57.0685 0x1640  FileInfo - ok
01:09:57.0695 0x1640  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
01:09:57.0705 0x1640  Filetrace - ok
01:09:57.0715 0x1640  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
01:09:57.0715 0x1640  flpydisk - ok
01:09:57.0755 0x1640  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
01:09:57.0775 0x1640  FltMgr - ok
01:09:57.0855 0x1640  [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache       C:\Windows\system32\FntCache.dll
01:09:57.0905 0x1640  FontCache - ok
01:09:57.0955 0x1640  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:09:57.0955 0x1640  FontCache3.0.0.0 - ok
01:09:57.0965 0x1640  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
01:09:57.0975 0x1640  FsDepends - ok
01:09:57.0995 0x1640  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
01:09:57.0995 0x1640  Fs_Rec - ok
01:09:58.0025 0x1640  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
01:09:58.0045 0x1640  fvevol - ok
01:09:58.0055 0x1640  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
01:09:58.0055 0x1640  gagp30kx - ok
01:09:58.0095 0x1640  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
01:09:58.0135 0x1640  gpsvc - ok
01:09:58.0255 0x1640  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:09:58.0255 0x1640  gupdate - ok
01:09:58.0305 0x1640  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:09:58.0305 0x1640  gupdatem - ok
01:09:58.0325 0x1640  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
01:09:58.0325 0x1640  hcw85cir - ok
01:09:58.0375 0x1640  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:09:58.0395 0x1640  HdAudAddService - ok
01:09:58.0415 0x1640  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
01:09:58.0415 0x1640  HDAudBus - ok
01:09:58.0425 0x1640  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
01:09:58.0435 0x1640  HidBatt - ok
01:09:58.0445 0x1640  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
01:09:58.0455 0x1640  HidBth - ok
01:09:58.0465 0x1640  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
01:09:58.0465 0x1640  HidIr - ok
01:09:58.0495 0x1640  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
01:09:58.0495 0x1640  hidserv - ok
01:09:58.0525 0x1640  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
01:09:58.0525 0x1640  HidUsb - ok
01:09:58.0545 0x1640  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
01:09:58.0545 0x1640  hkmsvc - ok
01:09:58.0565 0x1640  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:09:58.0575 0x1640  HomeGroupListener - ok
01:09:58.0605 0x1640  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:09:58.0625 0x1640  HomeGroupProvider - ok
01:09:58.0635 0x1640  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
01:09:58.0645 0x1640  HpSAMD - ok
01:09:58.0745 0x1640  [ 447256D1C026654C5CD3CC17E7B20631, F89589AC17BC50483E6687963370937E6CD19D6030F30D70577A7DA266116919 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
01:09:58.0775 0x1640  HsfXAudioService - ok
01:09:58.0835 0x1640  [ 64667D9808FD09FABEDCCF62E8F52662, 7DFD66065E7FF625FDE0A0665EBD1CECA70DE29C1CDE9D6B6C30677DB2292F1B ] HSF_DP          C:\Windows\system32\DRIVERS\CAX_DP.sys
01:09:58.0885 0x1640  HSF_DP - ok
01:09:58.0985 0x1640  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
01:09:59.0035 0x1640  HTTP - ok
01:09:59.0055 0x1640  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
01:09:59.0055 0x1640  hwpolicy - ok
01:09:59.0085 0x1640  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
01:09:59.0085 0x1640  i8042prt - ok
01:09:59.0125 0x1640  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
01:09:59.0135 0x1640  iaStorV - ok
01:09:59.0195 0x1640  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:09:59.0215 0x1640  idsvc - ok
01:09:59.0235 0x1640  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
01:09:59.0245 0x1640  iirsp - ok
01:09:59.0285 0x1640  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
01:09:59.0320 0x1640  IKEEXT - ok
01:09:59.0400 0x1640  [ BFBABCB231628A4551DBB10D0EA25D62, F5F20E06040CD9527EF02A43E7FB2F2C0FDA1284FB465B7C71B3817D2D450F0A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
01:09:59.0460 0x1640  IntcAzAudAddService - ok
01:09:59.0480 0x1640  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
01:09:59.0480 0x1640  intelide - ok
01:09:59.0500 0x1640  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
01:09:59.0500 0x1640  intelppm - ok
01:09:59.0540 0x1640  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
01:09:59.0550 0x1640  IPBusEnum - ok
01:09:59.0570 0x1640  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:09:59.0570 0x1640  IpFilterDriver - ok
01:09:59.0620 0x1640  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
01:09:59.0670 0x1640  iphlpsvc - ok
01:09:59.0680 0x1640  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
01:09:59.0690 0x1640  IPMIDRV - ok
01:09:59.0700 0x1640  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
01:09:59.0700 0x1640  IPNAT - ok
01:09:59.0710 0x1640  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
01:09:59.0720 0x1640  IRENUM - ok
01:09:59.0730 0x1640  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
01:09:59.0730 0x1640  isapnp - ok
01:09:59.0750 0x1640  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
01:09:59.0770 0x1640  iScsiPrt - ok
01:09:59.0790 0x1640  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
01:09:59.0790 0x1640  kbdclass - ok
01:09:59.0800 0x1640  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
01:09:59.0800 0x1640  kbdhid - ok
01:09:59.0810 0x1640  [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] KeyIso          C:\Windows\system32\lsass.exe
01:09:59.0810 0x1640  KeyIso - ok
01:09:59.0900 0x1640  [ BBBC9A6CC488CFB0F6C6934B193891EB, C725919E6357126D512C638F993CF572112F323DA359645E4088F789EB4C7B8C ] KProcessHacker2 C:\Program Files\Process Hacker 2\kprocesshacker.sys
01:09:59.0900 0x1640  KProcessHacker2 - ok
01:09:59.0930 0x1640  [ 0F776895884B8DC430A307D57FD867BB, F9E8C8A04D757CEAD86938BEEFFAD9750589037E16FB1A2B0A90E4484E1A6B65 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
01:09:59.0940 0x1640  KSecDD - ok
01:09:59.0970 0x1640  [ 28E75F316CCCD79337E4957C53017D4B, 3BABDA50B4CE72F7F9A0FD7A33DDB19463A01F188D46354E0B411FC0389C01BE ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
01:09:59.0980 0x1640  KSecPkg - ok
01:09:59.0980 0x1640  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
01:09:59.0980 0x1640  ksthunk - ok
01:10:00.0020 0x1640  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
01:10:00.0040 0x1640  KtmRm - ok
01:10:00.0070 0x1640  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
01:10:00.0090 0x1640  LanmanServer - ok
01:10:00.0120 0x1640  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:10:00.0120 0x1640  LanmanWorkstation - ok
01:10:00.0150 0x1640  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
01:10:00.0150 0x1640  lltdio - ok
01:10:00.0190 0x1640  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
01:10:00.0210 0x1640  lltdsvc - ok
01:10:00.0220 0x1640  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
01:10:00.0230 0x1640  lmhosts - ok
01:10:00.0250 0x1640  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
01:10:00.0260 0x1640  LSI_FC - ok
01:10:00.0270 0x1640  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
01:10:00.0280 0x1640  LSI_SAS - ok
01:10:00.0290 0x1640  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
01:10:00.0290 0x1640  LSI_SAS2 - ok
01:10:00.0300 0x1640  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
01:10:00.0310 0x1640  LSI_SCSI - ok
01:10:00.0330 0x1640  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
01:10:00.0330 0x1640  luafv - ok
01:10:00.0360 0x1640  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
01:10:00.0360 0x1640  Mcx2Svc - ok
01:10:00.0370 0x1640  [ E4F44EC214B3E381E1FC844A02926666, 6EE8C87EFCEFFBEA08B9B9DA036B37564542EE4D31942115CDBF895295DD5FE2 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
01:10:00.0380 0x1640  mdmxsdk - ok
01:10:00.0390 0x1640  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
01:10:00.0390 0x1640  megasas - ok
01:10:00.0410 0x1640  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
01:10:00.0420 0x1640  MegaSR - ok
01:10:00.0460 0x1640  [ 090EE52AFDFF9932909C480BDDA0C8CE, 91BE40F2B4D9912979611E0545F6A1E9D8AF81AC149A11F46180EF5015E58CDF ] mirrorv3        C:\Windows\system32\DRIVERS\rminiv3.sys
01:10:00.0460 0x1640  mirrorv3 - ok
01:10:00.0490 0x1640  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
01:10:00.0500 0x1640  MMCSS - ok
01:10:00.0520 0x1640  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
01:10:00.0520 0x1640  Modem - ok
01:10:00.0560 0x1640  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
01:10:00.0560 0x1640  monitor - ok
01:10:00.0580 0x1640  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
01:10:00.0580 0x1640  mouclass - ok
01:10:00.0600 0x1640  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
01:10:00.0600 0x1640  mouhid - ok
01:10:00.0630 0x1640  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
01:10:00.0630 0x1640  mountmgr - ok
01:10:00.0660 0x1640  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
01:10:00.0670 0x1640  mpio - ok
01:10:00.0680 0x1640  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
01:10:00.0680 0x1640  mpsdrv - ok
01:10:00.0740 0x1640  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
01:10:00.0780 0x1640  MpsSvc - ok
01:10:00.0810 0x1640  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
01:10:00.0830 0x1640  MRxDAV - ok
01:10:00.0880 0x1640  [ 32B85C4923D895B2FB35821A799BA38D, 7A7E5D08F745DB9B498B4BE946325FF7DAA7FA27589D9423FCA4558D20780026 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
01:10:00.0880 0x1640  mrxsmb - ok
01:10:00.0920 0x1640  [ A572BEF41F3C55D7DAF24D2340C91FEC, 1E51EEFEABCDCB664CD39437C2275B160860FB433EAA8DC905D5BC742FD03529 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:10:00.0930 0x1640  mrxsmb10 - ok
01:10:00.0960 0x1640  [ C49F1C4CA74FC52AFB2E892D8E50EA39, 9E7A2453627A82AFF4CE3F285AFF105C3F92F423C07E5C43E76BEC523841B8F7 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:10:00.0970 0x1640  mrxsmb20 - ok
01:10:00.0990 0x1640  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
01:10:00.0990 0x1640  msahci - ok
01:10:01.0010 0x1640  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
01:10:01.0010 0x1640  msdsm - ok
01:10:01.0030 0x1640  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
01:10:01.0050 0x1640  MSDTC - ok
01:10:01.0070 0x1640  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
01:10:01.0070 0x1640  Msfs - ok
01:10:01.0080 0x1640  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
01:10:01.0080 0x1640  mshidkmdf - ok
01:10:01.0100 0x1640  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
01:10:01.0100 0x1640  msisadrv - ok
01:10:01.0130 0x1640  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
01:10:01.0150 0x1640  MSiSCSI - ok
01:10:01.0150 0x1640  msiserver - ok
01:10:01.0180 0x1640  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
01:10:01.0180 0x1640  MSKSSRV - ok
01:10:01.0190 0x1640  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
01:10:01.0190 0x1640  MSPCLOCK - ok
01:10:01.0200 0x1640  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
01:10:01.0200 0x1640  MSPQM - ok
01:10:01.0220 0x1640  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
01:10:01.0250 0x1640  MsRPC - ok
01:10:01.0260 0x1640  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
01:10:01.0270 0x1640  mssmbios - ok
01:10:01.0275 0x1640  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
01:10:01.0275 0x1640  MSTEE - ok
01:10:01.0280 0x1640  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
01:10:01.0280 0x1640  MTConfig - ok
01:10:01.0290 0x1640  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
01:10:01.0300 0x1640  Mup - ok
01:10:01.0330 0x1640  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
01:10:01.0350 0x1640  napagent - ok
01:10:01.0390 0x1640  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
01:10:01.0400 0x1640  NativeWifiP - ok
01:10:01.0450 0x1640  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
01:10:01.0490 0x1640  NDIS - ok
01:10:01.0510 0x1640  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
01:10:01.0510 0x1640  NdisCap - ok
01:10:01.0530 0x1640  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
01:10:01.0530 0x1640  NdisTapi - ok
01:10:01.0550 0x1640  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
01:10:01.0550 0x1640  Ndisuio - ok
01:10:01.0560 0x1640  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
01:10:01.0560 0x1640  NdisWan - ok
01:10:01.0590 0x1640  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
01:10:01.0590 0x1640  NDProxy - ok
01:10:01.0600 0x1640  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
01:10:01.0610 0x1640  NetBIOS - ok
01:10:01.0620 0x1640  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
01:10:01.0640 0x1640  NetBT - ok
01:10:01.0640 0x1640  [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] Netlogon        C:\Windows\system32\lsass.exe
01:10:01.0640 0x1640  Netlogon - ok
01:10:01.0690 0x1640  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
01:10:01.0710 0x1640  Netman - ok
01:10:01.0770 0x1640  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:10:01.0780 0x1640  NetMsmqActivator - ok
01:10:01.0790 0x1640  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:10:01.0790 0x1640  NetPipeActivator - ok
01:10:01.0830 0x1640  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
01:10:01.0860 0x1640  netprofm - ok
01:10:01.0870 0x1640  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:10:01.0870 0x1640  NetTcpActivator - ok
01:10:01.0880 0x1640  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:10:01.0880 0x1640  NetTcpPortSharing - ok
01:10:01.0900 0x1640  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
01:10:01.0900 0x1640  nfrd960 - ok
01:10:01.0940 0x1640  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
01:10:01.0970 0x1640  NlaSvc - ok
01:10:01.0980 0x1640  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
01:10:01.0980 0x1640  Npfs - ok
01:10:01.0990 0x1640  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
01:10:01.0990 0x1640  nsi - ok
01:10:02.0000 0x1640  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
01:10:02.0000 0x1640  nsiproxy - ok
01:10:02.0090 0x1640  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
01:10:02.0150 0x1640  Ntfs - ok
01:10:02.0160 0x1640  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
01:10:02.0170 0x1640  Null - ok
01:10:02.0200 0x1640  [ E366A5681C50785D4ED04FCFD65C3415, 7FF7B4B8F09E773401AE879897E60BF494B57B9ACEE990204A4C98A3FB183A33 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
01:10:02.0200 0x1640  NVHDA - ok
01:10:02.0620 0x1640  [ 5D89C0070BC2643117CF33D0367AFABA, C245E0C0DB6665B6226B4D188F620272C175F0FEA63617ECA45B4FA86273E20C ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:10:02.0980 0x1640  nvlddmkm - ok
01:10:03.0040 0x1640  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
01:10:03.0040 0x1640  nvraid - ok
01:10:03.0070 0x1640  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
01:10:03.0070 0x1640  nvstor - ok
01:10:03.0130 0x1640  [ C5647FB500C2A1F946B77C953528042D, E0A53D158B2141EBBE6762165154B4DE9524E6BD3AD7247B6D25AC96E0A34AA0 ] nvsvc           C:\Windows\system32\nvvsvc.exe
01:10:03.0140 0x1640  nvsvc - ok
01:10:03.0160 0x1640  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
01:10:03.0170 0x1640  nv_agp - ok
01:10:03.0180 0x1640  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
01:10:03.0180 0x1640  ohci1394 - ok
01:10:03.0230 0x1640  [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:10:03.0230 0x1640  ose64 - ok
01:10:03.0440 0x1640  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:10:03.0590 0x1640  osppsvc - ok
01:10:03.0630 0x1640  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
01:10:03.0650 0x1640  p2pimsvc - ok
01:10:03.0690 0x1640  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
01:10:03.0700 0x1640  p2psvc - ok
01:10:03.0710 0x1640  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
01:10:03.0720 0x1640  Parport - ok
01:10:03.0740 0x1640  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
01:10:03.0740 0x1640  partmgr - ok
01:10:03.0770 0x1640  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
01:10:03.0770 0x1640  PcaSvc - ok
01:10:03.0790 0x1640  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
01:10:03.0790 0x1640  pci - ok
01:10:03.0820 0x1640  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
01:10:03.0820 0x1640  pciide - ok
01:10:03.0840 0x1640  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
01:10:03.0840 0x1640  pcmcia - ok
01:10:03.0850 0x1640  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
01:10:03.0850 0x1640  pcw - ok
01:10:03.0890 0x1640  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
01:10:03.0920 0x1640  PEAUTH - ok
01:10:03.0990 0x1640  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
01:10:04.0040 0x1640  PeerDistSvc - ok
01:10:04.0060 0x1640  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
01:10:04.0070 0x1640  PerfHost - ok
01:10:04.0130 0x1640  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
01:10:04.0180 0x1640  pla - ok
01:10:04.0230 0x1640  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
01:10:04.0250 0x1640  PlugPlay - ok
01:10:04.0270 0x1640  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
01:10:04.0270 0x1640  PNRPAutoReg - ok
01:10:04.0290 0x1640  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
01:10:04.0300 0x1640  PNRPsvc - ok
01:10:04.0330 0x1640  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
01:10:04.0350 0x1640  PolicyAgent - ok
01:10:04.0380 0x1640  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
01:10:04.0390 0x1640  Power - ok
01:10:04.0430 0x1640  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
01:10:04.0440 0x1640  PptpMiniport - ok
01:10:04.0450 0x1640  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
01:10:04.0450 0x1640  Processor - ok
01:10:04.0490 0x1640  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
01:10:04.0510 0x1640  ProfSvc - ok
01:10:04.0520 0x1640  [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] ProtectedStorage C:\Windows\system32\lsass.exe
01:10:04.0530 0x1640  ProtectedStorage - ok
01:10:04.0560 0x1640  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
01:10:04.0560 0x1640  Psched - ok
01:10:04.0630 0x1640  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
01:10:04.0680 0x1640  ql2300 - ok
01:10:04.0700 0x1640  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
01:10:04.0700 0x1640  ql40xx - ok
01:10:04.0750 0x1640  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
01:10:04.0760 0x1640  QWAVE - ok
01:10:04.0770 0x1640  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
01:10:04.0770 0x1640  QWAVEdrv - ok
01:10:04.0790 0x1640  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
01:10:04.0790 0x1640  RasAcd - ok
01:10:04.0820 0x1640  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
01:10:04.0820 0x1640  RasAgileVpn - ok
01:10:04.0830 0x1640  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
01:10:04.0840 0x1640  RasAuto - ok
01:10:04.0860 0x1640  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
01:10:04.0860 0x1640  Rasl2tp - ok
01:10:04.0880 0x1640  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
01:10:04.0910 0x1640  RasMan - ok
01:10:04.0930 0x1640  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
01:10:04.0930 0x1640  RasPppoe - ok
01:10:04.0940 0x1640  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
01:10:04.0950 0x1640  RasSstp - ok
01:10:04.0970 0x1640  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
01:10:04.0980 0x1640  rdbss - ok
01:10:04.0990 0x1640  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
01:10:04.0990 0x1640  rdpbus - ok
01:10:05.0010 0x1640  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
01:10:05.0010 0x1640  RDPCDD - ok
01:10:05.0030 0x1640  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
01:10:05.0040 0x1640  RDPDR - ok
01:10:05.0060 0x1640  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
01:10:05.0060 0x1640  RDPENCDD - ok
01:10:05.0070 0x1640  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
01:10:05.0070 0x1640  RDPREFMP - ok
01:10:05.0120 0x1640  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
01:10:05.0130 0x1640  RdpVideoMiniport - ok
01:10:05.0160 0x1640  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
01:10:05.0180 0x1640  RDPWD - ok
01:10:05.0200 0x1640  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
01:10:05.0220 0x1640  rdyboost - ok
01:10:05.0240 0x1640  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
01:10:05.0250 0x1640  RemoteAccess - ok
01:10:05.0260 0x1640  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
01:10:05.0280 0x1640  RemoteRegistry - ok
01:10:05.0300 0x1640  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
01:10:05.0300 0x1640  RpcEptMapper - ok
01:10:05.0320 0x1640  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
01:10:05.0320 0x1640  RpcLocator - ok
01:10:05.0350 0x1640  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
01:10:05.0360 0x1640  RpcSs - ok
01:10:05.0370 0x1640  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
01:10:05.0370 0x1640  rspndr - ok
01:10:05.0410 0x1640  [ ABCB5A38A0D85BDF69B7877E1AD1EED5, 44DF1A92E8FA53677A04C46088B0AD49F1F6A090820BE550A514C4FBFD91444D ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
01:10:05.0410 0x1640  RTL8167 - ok
01:10:05.0440 0x1640  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
01:10:05.0440 0x1640  s3cap - ok
01:10:05.0450 0x1640  [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] SamSs           C:\Windows\system32\lsass.exe
01:10:05.0450 0x1640  SamSs - ok
01:10:05.0470 0x1640  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
01:10:05.0470 0x1640  sbp2port - ok
01:10:05.0480 0x1640  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
01:10:05.0490 0x1640  SCardSvr - ok
01:10:05.0520 0x1640  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
01:10:05.0520 0x1640  scfilter - ok
01:10:05.0580 0x1640  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
01:10:05.0630 0x1640  Schedule - ok
01:10:05.0660 0x1640  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
01:10:05.0660 0x1640  SCPolicySvc - ok
01:10:05.0680 0x1640  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
01:10:05.0690 0x1640  SDRSVC - ok
01:10:05.0710 0x1640  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
01:10:05.0720 0x1640  secdrv - ok
01:10:05.0730 0x1640  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
01:10:05.0730 0x1640  seclogon - ok
01:10:05.0740 0x1640  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
01:10:05.0740 0x1640  SENS - ok
01:10:05.0750 0x1640  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
01:10:05.0750 0x1640  SensrSvc - ok
01:10:05.0760 0x1640  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
01:10:05.0760 0x1640  Serenum - ok
01:10:05.0780 0x1640  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
01:10:05.0780 0x1640  Serial - ok
01:10:05.0790 0x1640  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
01:10:05.0800 0x1640  sermouse - ok
01:10:05.0810 0x1640  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
01:10:05.0820 0x1640  SessionEnv - ok
01:10:05.0830 0x1640  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
01:10:05.0830 0x1640  sffdisk - ok
01:10:05.0840 0x1640  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
01:10:05.0840 0x1640  sffp_mmc - ok
01:10:05.0840 0x1640  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
01:10:05.0840 0x1640  sffp_sd - ok
01:10:05.0850 0x1640  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
01:10:05.0850 0x1640  sfloppy - ok
01:10:05.0880 0x1640  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
01:10:05.0910 0x1640  SharedAccess - ok
01:10:05.0930 0x1640  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:10:05.0950 0x1640  ShellHWDetection - ok
01:10:05.0970 0x1640  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
01:10:05.0970 0x1640  SiSRaid2 - ok
01:10:05.0980 0x1640  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
01:10:05.0980 0x1640  SiSRaid4 - ok
01:10:06.0010 0x1640  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
01:10:06.0010 0x1640  Smb - ok
01:10:06.0030 0x1640  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
01:10:06.0030 0x1640  SNMPTRAP - ok
01:10:06.0040 0x1640  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
01:10:06.0040 0x1640  spldr - ok
01:10:06.0090 0x1640  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
01:10:06.0120 0x1640  Spooler - ok
01:10:06.0240 0x1640  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
01:10:06.0350 0x1640  sppsvc - ok
01:10:06.0370 0x1640  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
01:10:06.0370 0x1640  sppuinotify - ok
01:10:06.0410 0x1640  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
01:10:06.0430 0x1640  srv - ok
01:10:06.0450 0x1640  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
01:10:06.0470 0x1640  srv2 - ok
01:10:06.0480 0x1640  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
01:10:06.0490 0x1640  srvnet - ok
01:10:06.0520 0x1640  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
01:10:06.0520 0x1640  SSDPSRV - ok
01:10:06.0540 0x1640  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
01:10:06.0540 0x1640  SstpSvc - ok
01:10:06.0650 0x1640  [ 32B37DD6E7D423DF3CF3B196C8005F85, 5989DD72AB03009625D5A49CC05D7955D07E3A933AEB292882F22928C5D60565 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
01:10:06.0660 0x1640  Stereo Service - ok
01:10:06.0680 0x1640  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
01:10:06.0690 0x1640  stexstor - ok
01:10:06.0710 0x1640  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
01:10:06.0720 0x1640  StillCam - ok
01:10:06.0760 0x1640  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
01:10:06.0780 0x1640  stisvc - ok
01:10:06.0810 0x1640  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
01:10:06.0820 0x1640  storflt - ok
01:10:06.0840 0x1640  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
01:10:06.0840 0x1640  storvsc - ok
01:10:06.0850 0x1640  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
01:10:06.0850 0x1640  swenum - ok
01:10:06.0880 0x1640  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
01:10:06.0900 0x1640  swprv - ok
01:10:06.0920 0x1640  [ C3A39C4079305480972D29C44B868C78, 8F1BB75C743256F905EAEDE744B6082C53774C49126875FB4E4FBA30F5478B17 ] Synth3dVsc      C:\Windows\system32\drivers\synth3dvsc.sys
01:10:06.0920 0x1640  Synth3dVsc - ok
01:10:06.0980 0x1640  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
01:10:07.0030 0x1640  SysMain - ok
01:10:07.0060 0x1640  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:10:07.0070 0x1640  TabletInputService - ok
01:10:07.0090 0x1640  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
01:10:07.0100 0x1640  TapiSrv - ok
01:10:07.0110 0x1640  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
01:10:07.0110 0x1640  TBS - ok
01:10:07.0190 0x1640  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
01:10:07.0255 0x1640  Tcpip - ok
01:10:07.0315 0x1640  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
01:10:07.0345 0x1640  TCPIP6 - ok
01:10:07.0375 0x1640  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
01:10:07.0375 0x1640  tcpipreg - ok
01:10:07.0395 0x1640  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
01:10:07.0395 0x1640  TDPIPE - ok
01:10:07.0425 0x1640  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
01:10:07.0425 0x1640  TDTCP - ok
01:10:07.0465 0x1640  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
01:10:07.0465 0x1640  tdx - ok
01:10:07.0485 0x1640  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
01:10:07.0485 0x1640  TermDD - ok
01:10:07.0495 0x1640  [ EF4469AB69EB15E5D3754E6AEAFBCD3D, 3609214C3D5181364B544EBF17E9A109952BE1C4C35BE0A8727BFA8F49ECB130 ] terminpt        C:\Windows\system32\drivers\terminpt.sys
01:10:07.0505 0x1640  terminpt - ok
01:10:07.0545 0x1640  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
01:10:07.0595 0x1640  TermService - ok
01:10:07.0605 0x1640  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
01:10:07.0605 0x1640  Themes - ok
01:10:07.0635 0x1640  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
01:10:07.0635 0x1640  THREADORDER - ok
01:10:07.0655 0x1640  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
01:10:07.0665 0x1640  TrkWks - ok
01:10:07.0715 0x1640  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:10:07.0725 0x1640  TrustedInstaller - ok
01:10:07.0765 0x1640  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
01:10:07.0765 0x1640  tssecsrv - ok
01:10:07.0805 0x1640  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
01:10:07.0805 0x1640  TsUsbFlt - ok
01:10:07.0835 0x1640  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
01:10:07.0835 0x1640  TsUsbGD - ok
01:10:07.0865 0x1640  [ E1748D04AE40118B62BC18AC86032192, A954B141D1B27272C771D14F3B40C7CC1F572DD72559F2C96182EFBE2B095FDE ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
01:10:07.0865 0x1640  tsusbhub - ok
01:10:07.0895 0x1640  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
01:10:07.0905 0x1640  tunnel - ok
01:10:07.0925 0x1640  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
01:10:07.0925 0x1640  uagp35 - ok
01:10:07.0945 0x1640  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
01:10:07.0975 0x1640  udfs - ok
01:10:08.0005 0x1640  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
01:10:08.0005 0x1640  UI0Detect - ok
01:10:08.0025 0x1640  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
01:10:08.0025 0x1640  uliagpkx - ok
01:10:08.0045 0x1640  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
01:10:08.0045 0x1640  umbus - ok
01:10:08.0055 0x1640  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
01:10:08.0075 0x1640  UmPass - ok
01:10:08.0115 0x1640  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
01:10:08.0135 0x1640  UmRdpService - ok
01:10:08.0155 0x1640  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
01:10:08.0175 0x1640  upnphost - ok
01:10:08.0205 0x1640  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
01:10:08.0205 0x1640  usbccgp - ok
01:10:08.0235 0x1640  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
01:10:08.0235 0x1640  usbcir - ok
01:10:08.0255 0x1640  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
01:10:08.0255 0x1640  usbehci - ok
01:10:08.0285 0x1640  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
01:10:08.0305 0x1640  usbhub - ok
01:10:08.0315 0x1640  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
01:10:08.0315 0x1640  usbohci - ok
01:10:08.0335 0x1640  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
01:10:08.0335 0x1640  usbprint - ok
01:10:08.0355 0x1640  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:10:08.0355 0x1640  USBSTOR - ok
01:10:08.0375 0x1640  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
01:10:08.0375 0x1640  usbuhci - ok
01:10:08.0375 0x1640  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
01:10:08.0385 0x1640  UxSms - ok
01:10:08.0385 0x1640  [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] VaultSvc        C:\Windows\system32\lsass.exe
01:10:08.0385 0x1640  VaultSvc - ok
01:10:08.0425 0x1640  [ 78E11021EC2CC834365ECE47839465BA, 0C2EF638D7627DBD9C4898947D0D710920B598CC520041EAABB01117C0FA7E77 ] vdrive          C:\Windows\system32\DRIVERS\vdrive.sys
01:10:08.0425 0x1640  vdrive - ok
01:10:08.0435 0x1640  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
01:10:08.0435 0x1640  vdrvroot - ok
01:10:08.0475 0x1640  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
01:10:08.0505 0x1640  vds - ok
01:10:08.0515 0x1640  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
01:10:08.0515 0x1640  vga - ok
01:10:08.0525 0x1640  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
01:10:08.0525 0x1640  VgaSave - ok
01:10:08.0535 0x1640  VGPU - ok
01:10:08.0545 0x1640  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
01:10:08.0555 0x1640  vhdmp - ok
01:10:08.0585 0x1640  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
01:10:08.0585 0x1640  viaide - ok
01:10:08.0615 0x1640  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
01:10:08.0625 0x1640  vmbus - ok
01:10:08.0635 0x1640  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
01:10:08.0645 0x1640  VMBusHID - ok
01:10:08.0655 0x1640  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
01:10:08.0655 0x1640  volmgr - ok
01:10:08.0685 0x1640  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
01:10:08.0705 0x1640  volmgrx - ok
01:10:08.0725 0x1640  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
01:10:08.0745 0x1640  volsnap - ok
01:10:08.0775 0x1640  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
01:10:08.0785 0x1640  vsmraid - ok
01:10:08.0845 0x1640  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
01:10:08.0905 0x1640  VSS - ok
01:10:08.0955 0x1640  [ 93132C69394A99D992095D8CFE464801, A76C0371E9E18B038B0745C3F38AC4E958D43CB87EAB358EB88F431A33EE1F6E ] VST64HWBS2      C:\Windows\system32\DRIVERS\VSTBS26.SYS
01:10:08.0985 0x1640  VST64HWBS2 - ok
01:10:09.0075 0x1640  [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] VST64_DPV       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
01:10:09.0125 0x1640  VST64_DPV - ok
01:10:09.0135 0x1640  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
01:10:09.0135 0x1640  vwifibus - ok
01:10:09.0155 0x1640  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
01:10:09.0185 0x1640  W32Time - ok
01:10:09.0195 0x1640  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
01:10:09.0205 0x1640  WacomPen - ok
01:10:09.0225 0x1640  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
01:10:09.0225 0x1640  WANARP - ok
01:10:09.0240 0x1640  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
01:10:09.0240 0x1640  Wanarpv6 - ok
01:10:09.0320 0x1640  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
01:10:09.0360 0x1640  WatAdminSvc - ok
01:10:09.0410 0x1640  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
01:10:09.0460 0x1640  wbengine - ok
01:10:09.0480 0x1640  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
01:10:09.0490 0x1640  WbioSrvc - ok
01:10:09.0530 0x1640  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
01:10:09.0550 0x1640  wcncsvc - ok
01:10:09.0560 0x1640  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:10:09.0570 0x1640  WcsPlugInService - ok
01:10:09.0580 0x1640  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
01:10:09.0580 0x1640  Wd - ok
01:10:09.0630 0x1640  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
01:10:09.0680 0x1640  Wdf01000 - ok
01:10:09.0700 0x1640  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
01:10:09.0710 0x1640  WdiServiceHost - ok
01:10:09.0710 0x1640  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
01:10:09.0720 0x1640  WdiSystemHost - ok
01:10:09.0750 0x1640  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
01:10:09.0770 0x1640  WebClient - ok
01:10:09.0780 0x1640  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
01:10:09.0810 0x1640  Wecsvc - ok
01:10:09.0820 0x1640  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
01:10:09.0830 0x1640  wercplsupport - ok
01:10:09.0850 0x1640  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
01:10:09.0860 0x1640  WerSvc - ok
01:10:09.0880 0x1640  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
01:10:09.0880 0x1640  WfpLwf - ok
01:10:09.0900 0x1640  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
01:10:09.0900 0x1640  WIMMount - ok
01:10:09.0950 0x1640  [ A6EA7A3FC4B00F48535B506DB1E86EFD, B2A28C0438BA679D760FB8B68289D625CF6204DFF8000A285B5CA68417314F65 ] winachsf        C:\Windows\system32\DRIVERS\CAX_CNXT.sys
01:10:09.0980 0x1640  winachsf - ok
01:10:10.0000 0x1640  WinDefend - ok
01:10:10.0020 0x1640  WinHttpAutoProxySvc - ok
01:10:10.0080 0x1640  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
01:10:10.0090 0x1640  Winmgmt - ok
01:10:10.0180 0x1640  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
01:10:10.0270 0x1640  WinRM - ok
01:10:10.0320 0x1640  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
01:10:10.0320 0x1640  WinUsb - ok
01:10:10.0360 0x1640  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
01:10:10.0420 0x1640  Wlansvc - ok
01:10:10.0560 0x1640  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:10:10.0600 0x1640  wlidsvc - ok
01:10:10.0630 0x1640  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
01:10:10.0630 0x1640  WmiAcpi - ok
01:10:10.0650 0x1640  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
01:10:10.0650 0x1640  wmiApSrv - ok
01:10:10.0660 0x1640  WMPNetworkSvc - ok
01:10:10.0680 0x1640  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
01:10:10.0680 0x1640  WPCSvc - ok
01:10:10.0690 0x1640  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
01:10:10.0700 0x1640  WPDBusEnum - ok
01:10:10.0720 0x1640  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
01:10:10.0720 0x1640  ws2ifsl - ok
01:10:10.0730 0x1640  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
01:10:10.0740 0x1640  wscsvc - ok
01:10:10.0770 0x1640  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
01:10:10.0770 0x1640  WSDPrintDevice - ok
01:10:10.0790 0x1640  [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
01:10:10.0790 0x1640  WSDScan - ok
01:10:10.0790 0x1640  WSearch - ok
01:10:10.0900 0x1640  [ 3432C83C55A19B713459140BE7BAF0DC, C65531ADD42394A952EB5AE2BC182F00234B5CD10306E7420F1617A8B6792725 ] WtuSystemSupport C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
01:10:10.0920 0x1640  WtuSystemSupport - ok
01:10:11.0020 0x1640  [ 6075791ED85E47A2A2916B1F34582944, 25B5FAD161711875B38BDD014A26FA527C8EE4854D485989D19A72D5EBBA4054 ] wuauserv        C:\Windows\system32\wuaueng.dll
01:10:11.0120 0x1640  wuauserv - ok
01:10:11.0150 0x1640  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
01:10:11.0150 0x1640  WudfPf - ok
01:10:11.0180 0x1640  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
01:10:11.0180 0x1640  WUDFRd - ok
01:10:11.0213 0x1640  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
01:10:11.0215 0x1640  wudfsvc - ok
01:10:11.0245 0x1640  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
01:10:11.0255 0x1640  WwanSvc - ok
01:10:11.0295 0x1640  [ E8F3FA126A06F8E7088F63757112A186, FC742ECA6DD823C5B17A514EC4473F65EE290FA6501370675B3628FD881A1C4B ] XAudio          C:\Windows\system32\DRIVERS\XAudio64.sys
01:10:11.0295 0x1640  XAudio - ok
01:10:11.0315 0x1640  ================ Scan global ===============================
01:10:11.0345 0x1640  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
01:10:11.0375 0x1640  [ CE14A4BBF890A7D4C898CF886D145EC9, AD4BE7CBB0C624EC00E8496AF33AC5AB8C5689C75C66C4C99F2FB7149E912D18 ] C:\Windows\system32\winsrv.dll
01:10:11.0395 0x1640  [ CE14A4BBF890A7D4C898CF886D145EC9, AD4BE7CBB0C624EC00E8496AF33AC5AB8C5689C75C66C4C99F2FB7149E912D18 ] C:\Windows\system32\winsrv.dll
01:10:11.0425 0x1640  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
01:10:11.0465 0x1640  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
01:10:11.0485 0x1640  [ Global ] - ok
01:10:11.0485 0x1640  ================ Scan MBR ==================================
01:10:11.0485 0x1640  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:10:11.0688 0x1640  \Device\Harddisk0\DR0 - ok
01:10:11.0688 0x1640  ================ Scan VBR ==================================
01:10:11.0698 0x1640  [ 93E8A5634EA3F1EC6ED1BF83362CC5DF ] \Device\Harddisk0\DR0\Partition1
01:10:11.0698 0x1640  \Device\Harddisk0\DR0\Partition1 - ok
01:10:11.0698 0x1640  ================ Scan generic autorun ======================
01:10:11.0898 0x1640  [ 87AD93CC767C9C7AB84635DB64564566, 17F4953C8D9125EC61073C20F98780207395AEF6A3BD52D29A9E9450E744B35B ] C:\Program Files (x86)\AVG\Av\avgui.exe
01:10:11.0968 0x1640  AVG_UI - ok
01:10:12.0048 0x1640  [ 4BEE9F6A75933E49BB13834E66C8B36E, 246B1A4CE045A8415C02F6CB7E6181EFE73133217A94C20675AB97FA6B94BA59 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
01:10:12.0098 0x1640  SunJavaUpdateSched - ok
01:10:12.0158 0x1640  [ 222AA1F2FB05FB3F8A46EAFE6EBDD730, BF051C1A6DA92A98946BCB37B7D768E809331D610CF9E7A792FEBB971C4F6BEB ] C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe
01:10:12.0158 0x1640  AvgUi - ok
01:10:12.0228 0x1640  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
01:10:12.0288 0x1640  Sidebar - ok
01:10:12.0318 0x1640  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
01:10:12.0318 0x1640  mctadmin - ok
01:10:12.0348 0x1640  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
01:10:12.0368 0x1640  Sidebar - ok
01:10:12.0378 0x1640  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
01:10:12.0388 0x1640  mctadmin - ok
01:10:12.0448 0x1640  [ B1245A665C841A3E6A6F959A705F2023, DFE01EB9E01AE521E6F6F0E929517D9A8670C16CB17F1E0C86460F2BEA9D4EA8 ] C:\Program Files\Process Hacker 2\ProcessHacker.exe
01:10:12.0498 0x1640  Process Hacker 2 - ok
01:10:12.0498 0x1640  Waiting for KSN requests completion. In queue: 349
01:10:13.0503 0x1640  Waiting for KSN requests completion. In queue: 38
01:10:14.0503 0x1640  Waiting for KSN requests completion. In queue: 38
01:10:15.0550 0x1640  AV detected via SS2: AVG AntiVirus Free Edition, C:\Program Files (x86)\AVG\Av\avgwsc.exe ( 16.12.0.7294 ), 0x41000 ( enabled : updated )
01:10:15.0560 0x1640  Win FW state via NFP2: enabled ( trusted )
01:10:18.0378 0x1640  ============================================================
01:10:18.0378 0x1640  Scan finished
01:10:18.0378 0x1640  ============================================================
01:10:18.0388 0x0e68  Detected object count: 0
01:10:18.0388 0x0e68  Actual detected object count: 0
 



#5 Miss__Brittany

Miss__Brittany
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Montreal
  • Local time:12:05 PM

Posted 19 January 2016 - 01:14 AM

ADWCleaner:

 

# AdwCleaner v5.030 - Logfile created 19/01/2016 at 01:12:41
# Updated 17/01/2016 by Xplode
# Database : 2016-01-17.3 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Family - FAMILY-PC
# Running from : C:\Users\Family\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [581 bytes] ##########



#6 Miss__Brittany

Miss__Brittany
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Montreal
  • Local time:12:05 PM

Posted 19 January 2016 - 01:25 AM

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Ultimate x64
Ran by Family (Administrator) on Tue 01/19/2016 at  1:15:55.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 29

Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1D2QS86H (Folder)
Successfully deleted: C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2818O1LG (Folder)
Successfully deleted: C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2I6UM6VI (Folder)
Successfully deleted: C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\304SYP1R (Folder)
Successfully deleted: C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30YDYVM7 (Folder)
Successfully deleted: C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4NLGGIC6 (Folder)
Successfully deleted: C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8P63TOI3 (Folder)
Successfully deleted: C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B3G648CT (Folder)
Successfully deleted: C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTMNMVIG (Folder)
Successfully deleted: C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMVMIAX8 (Folder)
Successfully deleted: C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZGH5POL (Folder)
Successfully deleted: C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FAX64J1U (Folder)
Successfully deleted: C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FCRLCV20 (Folder)
Successfully deleted: C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GHP6OXT5 (Folder)
Successfully deleted: C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HB9F4807 (Folder)
Successfully deleted: C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IU636O7B (Folder)
Successfully deleted: C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0KMC0IZ (Folder)
Successfully deleted: C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LC3ZIZKY (Folder)
Successfully deleted: C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MC3C4FP8 (Folder)
Successfully deleted: C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN7F9NFL (Folder)
Successfully deleted: C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SU2JF88T (Folder)
Successfully deleted: C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVAF6VBE (Folder)
Successfully deleted: C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UN5XH30T (Folder)
Successfully deleted: C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VVIQNE3B (Folder)
Successfully deleted: C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XHLED0P5 (Folder)
Successfully deleted: C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMYYNWG3 (Folder)
Successfully deleted: C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFYI5H47 (Folder)
Successfully deleted: C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZQAHTGN0 (Folder)

Deleted the following from C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\lkkmsdoh.default-1410076098329\prefs.js
user_pref(browser.startup.homepage, hxxps://mysearch.avg.com/?cid={C5CBB2CF-067D-41FE-9B22-74213BE9ABAA}&mid=459d71d510ce47d28541d16a12caf466-ad1491be2ce6c122f6b66faa90e70c

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/19/2016 at  1:19:19.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#7 Miss__Brittany

Miss__Brittany
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Montreal
  • Local time:12:05 PM

Posted 19 January 2016 - 02:58 AM

Eset didn't give me a log, but didn't find anything either.



#8 Miss__Brittany

Miss__Brittany
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Montreal
  • Local time:12:05 PM

Posted 19 January 2016 - 03:28 AM

MBAM:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/19/2016
Scan Time: 2:59 AM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.19.02
Rootkit Database: v2016.01.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Family

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 384290
Time Elapsed: 27 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#9 Miss__Brittany

Miss__Brittany
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Montreal
  • Local time:12:05 PM

Posted 19 January 2016 - 03:30 AM

Sooooooooo what's next?  :)



#10 technonymous

technonymous

  • Members
  • 2,520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 AM

Posted 19 January 2016 - 03:31 AM

That is not a true actual DDOS attack. A full on attack you would see 100's even 1000's from the same source. This is just your everyday typical internet traffic. Yes, some are scans from hackers and some are not. Some are servers ran by government, ISP, other. They want to know what services you are hosting if any.



#11 Miss__Brittany

Miss__Brittany
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Montreal
  • Local time:12:05 PM

Posted 19 January 2016 - 03:53 AM

Maybe it's not?
I was looking up the symptoms from my computer, and this was the best guess that I could come up with.

 

It doesn't seem normal.  The IP addresses are quite frequently the same from minute to minute and day to day.  The "attacks" come 4 or 5 at once, and in exactly one minute intervals.  My internet is acting up and I got a message saying I was about to go over my 150gb this month.  It was a bit surprising considering I haven't been doing anything really differently lately.

 

If you go into your router you have the same frequency of attacks?



#12 technonymous

technonymous

  • Members
  • 2,520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 AM

Posted 19 January 2016 - 04:04 AM

Yes, I have them too. Everybody does. Your router doesn't respond and they move along. Some are repeats.



#13 Miss__Brittany

Miss__Brittany
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Montreal
  • Local time:12:05 PM

Posted 19 January 2016 - 04:21 AM

Oh yeah? I feel dumb lol
I didn't realize it's a regular occurrence.

#14 technonymous

technonymous

  • Members
  • 2,520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 AM

Posted 19 January 2016 - 04:25 AM

This is my log from my home network for yesterday. Just because it says attack or DDOS attack that really technically is not a true DDOS attack flood. Look at the ports some high some low, some directed to service ports. These aren't really directing towards my IP only. They could be scanning entire blocks of IP's. Another thing to take into consideration.... Your public IP lease may have expired from your ISP and you got new WAN ip and the one you got was used in hosting websites, other internet services like FTP, VPN, Hosting game servers, used in illegal p2p activity etc.

 

 

[DoS Attack: SYN/ACK Scan] from source: 113.107.239.160, port 8444, Monday, January 18, 2016 23:52:29
[DoS Attack: SYN/ACK Scan] from source: 58.59.8.153, port 80, Monday, January 18, 2016 23:31:07
[DoS Attack: SYN/ACK Scan] from source: 184.50.87.187, port 80, Monday, January 18, 2016 23:29:58
[DoS Attack: SYN/ACK Scan] from source: 92.123.140.80, port 80, Monday, January 18, 2016 22:05:46
[DoS Attack: SYN/ACK Scan] from source: 158.69.192.215, port 9766, Monday, January 18, 2016 22:00:51
[DoS Attack: ACK Scan] from source: 195.43.64.65, port 443, Monday, January 18, 2016 19:56:25
[DoS Attack: TCP/UDP Chargen] from source: 185.35.62.84, port 60111, Monday, January 18, 2016 19:23:21
[DoS Attack: SYN/ACK Scan] from source: 73.132.190.98, port 443, Monday, January 18, 2016 18:40:53
[Time synchronized with NTP server] Monday, January 18, 2016 18:34:26
[DoS Attack: SYN/ACK Scan] from source: 66.212.225.37, port 80, Monday, January 18, 2016 15:53:59
[DoS Attack: SYN/ACK Scan] from source: 142.179.120.137, port 3306, Monday, January 18, 2016 15:13:56
[DoS Attack: SYN/ACK Scan] from source: 192.99.46.48, port 80, Monday, January 18, 2016 15:10:27
[DoS Attack: SYN/ACK Scan] from source: 109.236.90.169, port 1935, Monday, January 18, 2016 15:00:32
[DoS Attack: SYN/ACK Scan] from source: 205.147.88.56, port 443, Monday, January 18, 2016 13:46:47
[DoS Attack: SYN/ACK Scan] from source: 188.165.146.46, port 9987, Monday, January 18, 2016 13:42:10
[DoS Attack: SYN/ACK Scan] from source: 205.147.88.56, port 443, Monday, January 18, 2016 13:13:42
[DoS Attack: TCP/UDP Echo] from source: 188.138.1.119, port 27221, Monday, January 18, 2016 13:10:20
[DoS Attack: SYN/ACK Scan] from source: 158.69.38.109, port 56900, Monday, January 18, 2016 12:54:59
[DoS Attack: SYN/ACK Scan] from source: 158.69.228.16, port 8000, Monday, January 18, 2016 12:15:24
[DoS Attack: ACK Scan] from source: 31.13.76.107, port 443, Monday, January 18, 2016 10:40:16
[DoS Attack: ACK Scan] from source: 198.38.113.159, port 443, Monday, January 18, 2016 09:57:17
[DoS Attack: TCP/UDP Chargen] from source: 179.43.144.21, port 36228, Monday, January 18, 2016 09:50:02
[DoS Attack: RST Scan] from source: 24.105.29.23, port 80, Monday, January 18, 2016 09:32:13
[DoS Attack: SYN/ACK Scan] from source: 5.255.82.104, port 80, Monday, January 18, 2016 09:27:51
[DoS Attack: SYN/ACK Scan] from source: 43.231.9.7, port 80, Monday, January 18, 2016 08:57:18
[DoS Attack: SYN/ACK Scan] from source: 5.255.82.104, port 80, Monday, January 18, 2016 08:54:20
[DoS Attack: TCP/UDP Chargen] from source: 185.94.111.1, port 54986, Monday, January 18, 2016 08:23:49
[DoS Attack: ACK Scan] from source: 31.13.76.68, port 443, Monday, January 18, 2016 08:13:54
[DoS Attack: TCP/UDP Chargen] from source: 23.95.102.95, port 53540, Monday, January 18, 2016 08:12:59
[DoS Attack: SYN/ACK Scan] from source: 5.255.82.104, port 80, Monday, January 18, 2016 08:10:38
[DoS Attack: SYN/ACK Scan] from source: 141.92.130.226, port 80, Monday, January 18, 2016 08:06:43
[DoS Attack: RST Scan] from source: 185.114.156.205, port 25620, Monday, January 18, 2016 07:47:39
[DoS Attack: RST Scan] from source: 24.105.29.23, port 80, Monday, January 18, 2016 07:17:10
[DoS Attack: SYN/ACK Scan] from source: 209.222.11.175, port 80, Monday, January 18, 2016 06:25:15
[DoS Attack: SYN/ACK Scan] from source: 222.73.144.169, port 8080, Monday, January 18, 2016 05:10:52
[DoS Attack: RST Scan] from source: 24.105.29.23, port 80, Monday, January 18, 2016 05:02:00
[DoS Attack: RST Scan] from source: 104.20.6.80, port 80, Monday, January 18, 2016 03:40:18
[DoS Attack: SYN/ACK Scan] from source: 222.186.49.35, port 8453, Monday, January 18, 2016 03:27:14
[DoS Attack: SYN/ACK Scan] from source: 158.69.38.109, port 56900, Monday, January 18, 2016 03:18:02
[DoS Attack: RST Scan] from source: 24.105.29.23, port 80, Monday, January 18, 2016 02:46:27
[DoS Attack: TCP/UDP Chargen] from source: 74.82.47.21, port 49827, Monday, January 18, 2016 00:33:18
[DoS Attack: RST Scan] from source: 24.105.29.23, port 80, Monday, January 18, 2016 00:31:18



#15 Miss__Brittany

Miss__Brittany
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Montreal
  • Local time:12:05 PM

Posted 19 January 2016 - 08:03 AM

I really appreciate the comparison. My router either doesn't show the port or the attacks are not specified at only one - if that's possible?

I have to say though... Your log doesn't look like mine.

Your logs come from many different IP addresses and are much further in between.
Sometimes you have 2 minutes, 10 minutes, 30 minutes, hours etc. where there is nothing reported.
There is no consistency.

Mine are literally every single minute, in 60 second intervals, and usually more than one at once.
In a timeframe of 5 hours I might get one 5 minute break in between and that's probably from my computer restarting or Internet dropping completely. That's what is the biggest red flag to me. It's not that there is so much traffic, it's the consistency and frequency of it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users