Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GMER Identified Possible Rootkit


  • This topic is locked This topic is locked
16 replies to this topic

#1 WJL2112

WJL2112

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 03 February 2016 - 01:20 PM

Greetings!

 

Last night during a routine scan with GMER, in the first minute when GMER initializes, the very first line state possible rootkit.

 

Note that Roguekiller x64 has been flagging a few files/registry entries as orange in the past week or so too.  some disappeared during the last Roguekiller version update, so apparantly were false positives that have been white listed.

 

I have Avast Free installed, Malwarbytes full installed, use various others to keep system clean.

 

Seeking assistance to run other software to identify and fix problem, or feelassured that it is nothing.

 

Thank you,

 

Bill

 

 



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:18 AM

Posted 03 February 2016 - 01:31 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 WJL2112

WJL2112
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 03 February 2016 - 04:35 PM

Jürgen,

 

Thank you for your assistance.

 

I have run the FRST x64 and uploaded the two files.

 

Thanks,

 

BillAttached File  Addition.txt   54.54KB   6 downloadsAttached File  FRST.txt   67.54KB   7 downloads



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:18 AM

Posted 04 February 2016 - 02:13 PM

Hi Bill,

please download and rerun the following tools as instructed:

 

Step 1

cT9dbF4.png GMER

  • Please download GMER and save the file to your Desktop.
  • Right-Click the randomly named GMER file and select AVOiBNU.jpg Run as administrator to run the programme.
  • Note: If asked to allow gmer.sys driver to load, please consent.
  • Important: If you receive a warning regarding Rootkit Activity, click NO.
  • You will see the following window (click the image to enlarge):

    GMER_thumb.jpg
  • Referring to the image above, please ensure the following boxes are unchecked.
    • IAT/EAT
    • Drives/Partitions other than Systemdrive (typically C:\)
    • Show All (Important!)
  • Click Scan.
  • Upon completion, click [Save ...], and name the file, Gmer.txt.
  • Save the file (GMER.txt) to a convenient location (eg. Desktop). Copy the contents of the log and paste in your next reply.

Important Note: Rootkit scans often produce false-positives. Do NOT take any action on, "<--- ROOTKIT" entries.
 
 
Step 2

Please download TDSStdsskiller.pngiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

tdss.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 WJL2112

WJL2112
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 04 February 2016 - 07:48 PM

Jürgen,

 

Please see GMER report attached.  Cannot post text since I get an error the post is too long.

 

 

 


Jürgen,

 

Please see TDSSKiller report attached.  Cannot post text since I get an error the post is too long.

 

18:23:06.0157 0x0a5c  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
18:23:09.0495 0x0a5c  ============================================================
18:23:09.0495 0x0a5c  Current date / time: 2016/02/04 18:23:09.0495
18:23:09.0495 0x0a5c  SystemInfo:
18:23:09.0495 0x0a5c  
18:23:09.0495 0x0a5c  OS Version: 6.1.7601 ServicePack: 1.0
18:23:09.0495 0x0a5c  Product type: Workstation
18:23:09.0495 0x0a5c  ComputerName: BILL-COREI7-PC
18:23:09.0495 0x0a5c  UserName: Bill
18:23:09.0495 0x0a5c  Windows directory: C:\windows
18:23:09.0495 0x0a5c  System windows directory: C:\windows
18:23:09.0495 0x0a5c  Running under WOW64
18:23:09.0495 0x0a5c  Processor architecture: Intel x64
18:23:09.0495 0x0a5c  Number of processors: 8
18:23:09.0495 0x0a5c  Page size: 0x1000
18:23:09.0495 0x0a5c  Boot type: Normal boot
18:23:09.0495 0x0a5c  ============================================================
18:23:10.0946 0x0a5c  KLMD registered as C:\windows\system32\drivers\60379831.sys
18:23:11.0351 0x0a5c  System UUID: {E876A053-AD32-CEC1-F716-54C3F9C49652}
18:23:11.0913 0x0a5c  Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:23:11.0929 0x0a5c  ============================================================
18:23:11.0929 0x0a5c  \Device\Harddisk0\DR0:
18:23:11.0929 0x0a5c  MBR partitions:
18:23:11.0929 0x0a5c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:23:11.0929 0x0a5c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DD58B0
18:23:11.0929 0x0a5c  ============================================================
18:23:11.0960 0x0a5c  C: <-> \Device\Harddisk0\DR0\Partition2
18:23:11.0960 0x0a5c  ============================================================
18:23:11.0960 0x0a5c  Initialize success
18:23:11.0960 0x0a5c  ============================================================
18:23:42.0380 0x1440  ============================================================
18:23:42.0380 0x1440  Scan started
18:23:42.0380 0x1440  Mode: Manual; SigCheck; TDLFS;
18:23:42.0380 0x1440  ============================================================
18:23:42.0380 0x1440  KSN ping started
18:23:42.0411 0x1440  KSN ping finished: false
18:23:43.0987 0x1440  ================ Scan system memory ========================
18:23:43.0987 0x1440  System memory - ok
18:23:43.0987 0x1440  ================ Scan services =============================
18:23:44.0065 0x1440  [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:23:44.0127 0x1440  !SASCORE - ok
18:23:44.0205 0x1440  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
18:23:44.0236 0x1440  1394ohci - ok
18:23:44.0267 0x1440  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
18:23:44.0283 0x1440  ACPI - ok
18:23:44.0299 0x1440  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
18:23:44.0345 0x1440  AcpiPmi - ok
18:23:44.0408 0x1440  [ 6D182C31ACF16213407F2768F1107FE3, 92B602152AB9F93A7AC510A01AEF714ED8EE30C9306E3D44BECEE10EC3464184 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
18:23:44.0439 0x1440  Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
18:23:44.0533 0x1440  Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
18:23:44.0579 0x1440  [ B1EA9681502EE57F87DB71D726288A5B, D17BD2CFAE72E92C77D183331D5CBA0FEA893BF54875920870E271940F40A8BB ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:23:44.0595 0x1440  AdobeARMservice - ok
18:23:44.0611 0x1440  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
18:23:44.0642 0x1440  adp94xx - ok
18:23:44.0657 0x1440  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\drivers\adpahci.sys
18:23:44.0689 0x1440  adpahci - ok
18:23:44.0689 0x1440  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\drivers\adpu320.sys
18:23:44.0704 0x1440  adpu320 - ok
18:23:44.0751 0x1440  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
18:23:44.0767 0x1440  AeLookupSvc - ok
18:23:44.0845 0x1440  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\windows\system32\drivers\afd.sys
18:23:44.0860 0x1440  AFD - ok
18:23:44.0891 0x1440  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
18:23:44.0891 0x1440  agp440 - ok
18:23:44.0923 0x1440  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
18:23:44.0938 0x1440  ALG - ok
18:23:44.0969 0x1440  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
18:23:44.0985 0x1440  aliide - ok
18:23:44.0985 0x1440  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
18:23:45.0001 0x1440  amdide - ok
18:23:45.0016 0x1440  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
18:23:45.0063 0x1440  AmdK8 - ok
18:23:45.0110 0x1440  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
18:23:45.0141 0x1440  AmdPPM - ok
18:23:45.0172 0x1440  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\windows\system32\drivers\amdsata.sys
18:23:45.0188 0x1440  amdsata - ok
18:23:45.0203 0x1440  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
18:23:45.0219 0x1440  amdsbs - ok
18:23:45.0235 0x1440  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\windows\system32\drivers\amdxata.sys
18:23:45.0250 0x1440  amdxata - ok
18:23:45.0281 0x1440  [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID           C:\windows\system32\drivers\appid.sys
18:23:45.0313 0x1440  AppID - ok
18:23:45.0328 0x1440  [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc        C:\windows\System32\appidsvc.dll
18:23:45.0359 0x1440  AppIDSvc - ok
18:23:45.0391 0x1440  [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo         C:\windows\System32\appinfo.dll
18:23:45.0406 0x1440  Appinfo - ok
18:23:45.0515 0x1440  [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:23:45.0531 0x1440  Apple Mobile Device Service - ok
18:23:45.0547 0x1440  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\drivers\arc.sys
18:23:45.0562 0x1440  arc - ok
18:23:45.0578 0x1440  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\drivers\arcsas.sys
18:23:45.0593 0x1440  arcsas - ok
18:23:45.0671 0x1440  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:23:45.0671 0x1440  aspnet_state - ok
18:23:45.0718 0x1440  [ 7BC1F2FC2A9D79E1EBBBF6D69AC3BA1F, 236265BE3F1B2130025A3A10152893BD0D18AD8965732361058B775F010539A2 ] aswHwid         C:\windows\system32\drivers\aswHwid.sys
18:23:45.0749 0x1440  aswHwid - ok
18:23:45.0796 0x1440  [ 68E76C1675AC171A84F5B7230652E19D, A707A4E51110B15FF7D73C95D4D9C1E457FC9D93E1479BDB67EBDDDD6AC28D8E ] aswMonFlt       C:\windows\system32\drivers\aswMonFlt.sys
18:23:45.0812 0x1440  aswMonFlt - ok
18:23:45.0843 0x1440  [ 2D6B49A071216796106E7804AB2BA7DC, 6A58A3B36EA05A24333482F87CFD315F73E56A64E46493E82E0FE9115E284168 ] aswRdr          C:\windows\system32\drivers\aswRdr2.sys
18:23:45.0859 0x1440  aswRdr - ok
18:23:45.0874 0x1440  [ E46B51C99BB750A81AC6A68362475A5C, 2A61C09902B39696D151B9D5E6A60FFC3CF3EA02613EC64BBAB4DEE3C78838E2 ] aswRvrt         C:\windows\system32\drivers\aswRvrt.sys
18:23:45.0890 0x1440  aswRvrt - ok
18:23:45.0952 0x1440  [ 0BCDF7DF06B4407A7EB0443AADB3DD27, 3D33FFBECFE4766FE66B1269B7B218D03D7ED9E58A9C27E8D8B84474F30DBB19 ] aswSnx          C:\windows\system32\drivers\aswSnx.sys
18:23:45.0983 0x1440  aswSnx - ok
18:23:46.0015 0x1440  [ 619CA9F210F0F36F8162E5B7BFDDA5CD, D0D87549BD32F575E518B510085F86D434C3B948733391A6F7959918D761F29B ] aswSP           C:\windows\system32\drivers\aswSP.sys
18:23:46.0030 0x1440  aswSP - ok
18:23:46.0046 0x1440  [ D9079E1A1C2A1F8ED5F37AF8E6CD3161, 629E3A642C5E3BEA65CDD2E08CAD69F9649A98BDA906678B51D3D2C9DB5BB253 ] aswStm          C:\windows\system32\drivers\aswStm.sys
18:23:46.0046 0x1440  aswStm - ok
18:23:46.0061 0x1440  [ 3BEC32A0B646D914921FD56AA39998C1, 8DB7CBF3DEF8EAE1D7D28C38B3A0FCD5C2A04D772078B907F35C66451355A04A ] aswVmm          C:\windows\system32\drivers\aswVmm.sys
18:23:46.0077 0x1440  aswVmm - ok
18:23:46.0124 0x1440  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
18:23:46.0171 0x1440  AsyncMac - ok
18:23:46.0186 0x1440  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
18:23:46.0202 0x1440  atapi - ok
18:23:46.0295 0x1440  [ 3EFD964D52221360AF0673CD61C2F4F5, 76D636CAF2E4FEDAAC6B0D958865A901340CF836EE4FCE59F1D5291E3BEC9F1E ] atikmdag        C:\windows\system32\DRIVERS\atikmdag.sys
18:23:46.0405 0x1440  atikmdag - ok
18:23:46.0483 0x1440  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
18:23:46.0529 0x1440  AudioEndpointBuilder - ok
18:23:46.0545 0x1440  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\windows\System32\Audiosrv.dll
18:23:46.0561 0x1440  AudioSrv - ok
18:23:46.0623 0x1440  [ F5CB8703A4F51EE30E5C090C78073AA4, 90683F39E9AA315FFB66A9F014AD1BEBF19EA62908247C133455815F6632E578 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:23:46.0623 0x1440  avast! Antivirus - ok
18:23:46.0654 0x1440  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
18:23:46.0670 0x1440  AxInstSV - ok
18:23:46.0732 0x1440  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
18:23:46.0763 0x1440  b06bdrv - ok
18:23:46.0779 0x1440  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
18:23:46.0826 0x1440  b57nd60a - ok
18:23:46.0841 0x1440  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
18:23:46.0857 0x1440  BDESVC - ok
18:23:46.0888 0x1440  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
18:23:46.0935 0x1440  Beep - ok
18:23:46.0982 0x1440  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
18:23:47.0013 0x1440  BFE - ok
18:23:47.0060 0x1440  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\System32\qmgr.dll
18:23:47.0107 0x1440  BITS - ok
18:23:47.0138 0x1440  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\drivers\blbdrive.sys
18:23:47.0169 0x1440  blbdrive - ok
18:23:47.0216 0x1440  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:23:47.0216 0x1440  Bonjour Service - ok
18:23:47.0247 0x1440  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
18:23:47.0263 0x1440  bowser - ok
18:23:47.0309 0x1440  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
18:23:47.0341 0x1440  BrFiltLo - ok
18:23:47.0356 0x1440  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
18:23:47.0372 0x1440  BrFiltUp - ok
18:23:47.0403 0x1440  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
18:23:47.0434 0x1440  BridgeMP - ok
18:23:47.0481 0x1440  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\windows\System32\browser.dll
18:23:47.0497 0x1440  Browser - ok
18:23:47.0512 0x1440  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
18:23:47.0559 0x1440  Brserid - ok
18:23:47.0575 0x1440  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
18:23:47.0590 0x1440  BrSerWdm - ok
18:23:47.0606 0x1440  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
18:23:47.0637 0x1440  BrUsbMdm - ok
18:23:47.0637 0x1440  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
18:23:47.0653 0x1440  BrUsbSer - ok
18:23:47.0684 0x1440  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
18:23:47.0715 0x1440  BTHMODEM - ok
18:23:47.0731 0x1440  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
18:23:47.0762 0x1440  bthserv - ok
18:23:47.0762 0x1440  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
18:23:47.0809 0x1440  cdfs - ok
18:23:47.0824 0x1440  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
18:23:47.0855 0x1440  cdrom - ok
18:23:47.0887 0x1440  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
18:23:47.0902 0x1440  CertPropSvc - ok
18:23:47.0933 0x1440  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\drivers\circlass.sys
18:23:47.0949 0x1440  circlass - ok
18:23:48.0011 0x1440  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\windows\system32\CLFS.sys
18:23:48.0027 0x1440  CLFS - ok
18:23:48.0199 0x1440  [ 39A1A170E8491EDC0F904FCAEB1AF4E9, 46D695A45500678D3D9B91BA73EE072DAAE517A2DF62051D17A30EFAABF529CF ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
18:23:48.0245 0x1440  ClickToRunSvc - ok
18:23:48.0292 0x1440  [ 524DC3807CB1746225F9D26ADD19C319, DC23392E8C542B02860BA1F57F03AD08A58B256D155CC6B81A48691A79D3A3F6 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
18:23:48.0308 0x1440  CLKMSVC10_38F51D56 - ok
18:23:48.0495 0x1440  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:23:48.0511 0x1440  clr_optimization_v2.0.50727_32 - ok
18:23:48.0526 0x1440  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:23:48.0526 0x1440  clr_optimization_v2.0.50727_64 - ok
18:23:48.0589 0x1440  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:23:48.0604 0x1440  clr_optimization_v4.0.30319_32 - ok
18:23:48.0604 0x1440  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:23:48.0620 0x1440  clr_optimization_v4.0.30319_64 - ok
18:23:48.0667 0x1440  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\drivers\CmBatt.sys
18:23:48.0698 0x1440  CmBatt - ok
18:23:48.0713 0x1440  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
18:23:48.0729 0x1440  cmdide - ok
18:23:48.0807 0x1440  [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG             C:\windows\system32\Drivers\cng.sys
18:23:48.0838 0x1440  CNG - ok
18:23:48.0854 0x1440  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
18:23:48.0869 0x1440  Compbatt - ok
18:23:48.0885 0x1440  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
18:23:48.0901 0x1440  CompositeBus - ok
18:23:48.0932 0x1440  COMSysApp - ok
18:23:48.0979 0x1440  [ 78AF1C499BF02F9814DF959A04A4F9C9, 9D569A57551C7ACE032C3ECC7BEB8C7606D6BAF58AC1660B4E9FBE907F47E274 ] cphs            C:\windows\SysWow64\IntelCpHeciSvc.exe
18:23:48.0979 0x1440  cphs - ok
18:23:49.0088 0x1440  cpuz130 - ok
18:23:49.0103 0x1440  cpuz134 - ok
18:23:49.0135 0x1440  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
18:23:49.0150 0x1440  crcdisk - ok
18:23:49.0181 0x1440  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\windows\system32\cryptsvc.dll
18:23:49.0213 0x1440  CryptSvc - ok
18:23:49.0291 0x1440  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
18:23:49.0337 0x1440  DcomLaunch - ok
18:23:49.0369 0x1440  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
18:23:49.0415 0x1440  defragsvc - ok
18:23:49.0478 0x1440  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
18:23:49.0493 0x1440  DfsC - ok
18:23:49.0525 0x1440  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
18:23:49.0540 0x1440  Dhcp - ok
18:23:49.0603 0x1440  [ 79B9D7643C9E3AD10B89DF8EF0A9D2FE, 204104896F26591B5BCAD017F66D266C1AC337FB76E70ACF5470B61B2BB7C92D ] DigiartyVirtualCDBus C:\windows\system32\drivers\DigiartyVirtualCDBus.sys
18:23:49.0634 0x1440  DigiartyVirtualCDBus - ok
18:23:49.0649 0x1440  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
18:23:49.0681 0x1440  discache - ok
18:23:49.0696 0x1440  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\drivers\disk.sys
18:23:49.0712 0x1440  Disk - ok
18:23:49.0727 0x1440  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
18:23:49.0759 0x1440  Dnscache - ok
18:23:49.0774 0x1440  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll
18:23:49.0805 0x1440  dot3svc - ok
18:23:49.0837 0x1440  [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4            C:\windows\system32\DRIVERS\Dot4.sys
18:23:49.0868 0x1440  Dot4 - ok
18:23:49.0883 0x1440  [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print       C:\windows\system32\DRIVERS\Dot4Prt.sys
18:23:49.0915 0x1440  Dot4Print - ok
18:23:49.0930 0x1440  [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb         C:\windows\system32\DRIVERS\dot4usb.sys
18:23:49.0946 0x1440  dot4usb - ok
18:23:49.0961 0x1440  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll
18:23:49.0993 0x1440  DPS - ok
18:23:50.0008 0x1440  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
18:23:50.0024 0x1440  drmkaud - ok
18:23:50.0055 0x1440  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
18:23:50.0102 0x1440  DXGKrnl - ok
18:23:50.0117 0x1440  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
18:23:50.0133 0x1440  EapHost - ok
18:23:50.0211 0x1440  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\drivers\evbda.sys
18:23:50.0258 0x1440  ebdrv - ok
18:23:50.0305 0x1440  [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] EFS             C:\windows\System32\lsass.exe
18:23:50.0336 0x1440  EFS - ok
18:23:50.0383 0x1440  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
18:23:50.0414 0x1440  ehRecvr - ok
18:23:50.0429 0x1440  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
18:23:50.0445 0x1440  ehSched - ok
18:23:50.0476 0x1440  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\drivers\elxstor.sys
18:23:50.0492 0x1440  elxstor - ok
18:23:50.0507 0x1440  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
18:23:50.0539 0x1440  ErrDev - ok
18:23:50.0601 0x1440  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
18:23:50.0648 0x1440  EventSystem - ok
18:23:50.0663 0x1440  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
18:23:50.0695 0x1440  exfat - ok
18:23:50.0710 0x1440  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
18:23:50.0741 0x1440  fastfat - ok
18:23:50.0788 0x1440  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe
18:23:50.0804 0x1440  Fax - ok
18:23:50.0819 0x1440  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\drivers\fdc.sys
18:23:50.0835 0x1440  fdc - ok
18:23:50.0851 0x1440  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
18:23:50.0866 0x1440  fdPHost - ok
18:23:50.0882 0x1440  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
18:23:50.0897 0x1440  FDResPub - ok
18:23:50.0929 0x1440  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
18:23:50.0944 0x1440  FileInfo - ok
18:23:50.0960 0x1440  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
18:23:50.0991 0x1440  Filetrace - ok
18:23:50.0991 0x1440  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
18:23:51.0007 0x1440  flpydisk - ok
18:23:51.0022 0x1440  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
18:23:51.0038 0x1440  FltMgr - ok
18:23:51.0100 0x1440  [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache       C:\windows\system32\FntCache.dll
18:23:51.0131 0x1440  FontCache - ok
18:23:51.0178 0x1440  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:23:51.0194 0x1440  FontCache3.0.0.0 - ok
18:23:51.0194 0x1440  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
18:23:51.0209 0x1440  FsDepends - ok
18:23:51.0225 0x1440  [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC, 7022722FA38E81F6F4D0EF9F0FBEDD27C09A238B5246A3C36AEAAC11FF76FE07 ] fssfltr         C:\windows\system32\DRIVERS\fssfltr.sys
18:23:51.0241 0x1440  fssfltr - ok
18:23:51.0334 0x1440  [ 40CDFAD174B3D5E80F95DDA003C0B97F, 2DA149CE42B87681ECDCC8905D0957443F430A9C7002FF78F22A95F9112A7C4C ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:23:51.0365 0x1440  fsssvc - ok
18:23:51.0397 0x1440  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
18:23:51.0412 0x1440  Fs_Rec - ok
18:23:51.0428 0x1440  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
18:23:51.0443 0x1440  fvevol - ok
18:23:51.0459 0x1440  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
18:23:51.0475 0x1440  gagp30kx - ok
18:23:51.0537 0x1440  [ F5FEA0CD5BFB434276036C97EA3A848E, 39A005E7B88F3AB542871AB61D75924D69A660B5C18DEAC33227420E3B288731 ] Garmin Device Interaction Service C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
18:23:51.0553 0x1440  Garmin Device Interaction Service - ok
18:23:51.0599 0x1440  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
18:23:51.0615 0x1440  GEARAspiWDM - ok
18:23:51.0646 0x1440  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll
18:23:51.0693 0x1440  gpsvc - ok
18:23:51.0771 0x1440  [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:23:51.0771 0x1440  gupdate - ok
18:23:51.0787 0x1440  [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:23:51.0787 0x1440  gupdatem - ok
18:23:51.0833 0x1440  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:23:51.0849 0x1440  gusvc - ok
18:23:51.0865 0x1440  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
18:23:51.0880 0x1440  hcw85cir - ok
18:23:51.0896 0x1440  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
18:23:51.0927 0x1440  HdAudAddService - ok
18:23:51.0943 0x1440  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
18:23:51.0974 0x1440  HDAudBus - ok
18:23:51.0974 0x1440  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
18:23:52.0005 0x1440  HidBatt - ok
18:23:52.0052 0x1440  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\drivers\hidbth.sys
18:23:52.0083 0x1440  HidBth - ok
18:23:52.0114 0x1440  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\drivers\hidir.sys
18:23:52.0130 0x1440  HidIr - ok
18:23:52.0145 0x1440  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\system32\hidserv.dll
18:23:52.0161 0x1440  hidserv - ok
18:23:52.0177 0x1440  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
18:23:52.0192 0x1440  HidUsb - ok
18:23:52.0223 0x1440  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
18:23:52.0255 0x1440  hkmsvc - ok
18:23:52.0286 0x1440  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
18:23:52.0301 0x1440  HomeGroupListener - ok
18:23:52.0348 0x1440  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
18:23:52.0364 0x1440  HomeGroupProvider - ok
18:23:52.0426 0x1440  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05, 7B3F117C1D606DDA7623BEC0BFBC362C33A12213E899F049AC56A55826984134 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
18:23:52.0426 0x1440  hpqcxs08 - detected UnsignedFile.Multi.Generic ( 1 )
18:23:52.0426 0x1440  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
18:23:52.0426 0x1440  Force sending object to P2P due to detect: hpqcxs08
18:23:52.0426 0x1440  Object send P2P result: false
18:23:52.0457 0x1440  [ F3F72A2A86C22610BCA5439FA789DD52, DA5A8F09DCC512AA1558863AD4FAC12F72DD83CA8FB4D8D9831E4AFBB6B3C616 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
18:23:52.0473 0x1440  hpqddsvc - detected UnsignedFile.Multi.Generic ( 1 )
18:23:52.0473 0x1440  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
18:23:52.0473 0x1440  Force sending object to P2P due to detect: hpqddsvc
18:23:52.0473 0x1440  Object send P2P result: false
18:23:52.0504 0x1440  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
18:23:52.0520 0x1440  HpSAMD - ok
18:23:52.0551 0x1440  [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
18:23:52.0567 0x1440  HPSLPSVC - detected UnsignedFile.Multi.Generic ( 1 )
18:23:52.0567 0x1440  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
18:23:52.0598 0x1440  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\windows\system32\drivers\HTTP.sys
18:23:52.0645 0x1440  HTTP - ok
18:23:52.0676 0x1440  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
18:23:52.0691 0x1440  hwpolicy - ok
18:23:52.0723 0x1440  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
18:23:52.0738 0x1440  i8042prt - ok
18:23:52.0769 0x1440  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
18:23:52.0785 0x1440  iaStorV - ok
18:23:52.0847 0x1440  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:23:52.0863 0x1440  idsvc - ok
18:23:52.0879 0x1440  IEEtwCollectorService - ok
18:23:53.0019 0x1440  [ A1CF07D24EDCDC6870535471654D957C, FA0CD2ABA2C15E9FC4A1DEE58F365EC10D9597D521556DC2648B50CE0537926D ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
18:23:53.0128 0x1440  igfx - ok
18:23:53.0159 0x1440  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\drivers\iirsp.sys
18:23:53.0175 0x1440  iirsp - ok
18:23:53.0206 0x1440  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\windows\System32\ikeext.dll
18:23:53.0222 0x1440  IKEEXT - ok
18:23:53.0253 0x1440  [ 6C9FFFECA9FED31347D211C5D1FFBD2D, 36CF8B847FAED0D978B3169ED550CC958025902CAC1D7D304E2684B2483E72B8 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
18:23:53.0269 0x1440  IntcDAud - ok
18:23:53.0331 0x1440  [ 832CE330DD987227B7DEA8C03F22AEFA, 3DE64D9519D9D865D4C1AA7483D846F0154392B6685BDC451DEC7DA5EA0E2B2E ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
18:23:53.0347 0x1440  Intel® Capability Licensing Service Interface - ok
18:23:53.0362 0x1440  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
18:23:53.0378 0x1440  intelide - ok
18:23:53.0409 0x1440  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\drivers\intelppm.sys
18:23:53.0440 0x1440  intelppm - ok
18:23:53.0503 0x1440  [ D46E04D83A3E174A98DC90FE23AB08DE, 0285B4A311645D292A26B276511877B46A42526BDBFBC12E3BD876A74F074720 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
18:23:53.0503 0x1440  IntuitUpdateServiceV4 - ok
18:23:53.0518 0x1440  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
18:23:53.0549 0x1440  IPBusEnum - ok
18:23:53.0581 0x1440  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
18:23:53.0612 0x1440  IpFilterDriver - ok
18:23:53.0643 0x1440  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
18:23:53.0674 0x1440  iphlpsvc - ok
18:23:53.0690 0x1440  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
18:23:53.0721 0x1440  IPMIDRV - ok
18:23:53.0752 0x1440  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
18:23:53.0799 0x1440  IPNAT - ok
18:23:53.0846 0x1440  [ E61BB95A7CB49696D25A0C4EBD108156, 65D95A0DBC408AD18D5E344A5E875551E6CC044038DE438E4EA1102A234FC529 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:23:53.0861 0x1440  iPod Service - ok
18:23:53.0877 0x1440  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
18:23:53.0893 0x1440  IRENUM - ok
18:23:53.0908 0x1440  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
18:23:53.0924 0x1440  isapnp - ok
18:23:53.0955 0x1440  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
18:23:53.0971 0x1440  iScsiPrt - ok
18:23:53.0986 0x1440  [ 8E4577C6E0D3114170509159DE658907, 2FC7F96766537716503AB1BAD7EBDB2F16F3CE1584AF4261D57C6A4E00E1A417 ] iusb3hcs        C:\windows\system32\drivers\iusb3hcs.sys
18:23:54.0002 0x1440  iusb3hcs - ok
18:23:54.0033 0x1440  [ FE76346E9B57DA575BD1B3BD0CCAD7FF, 8961A08326F66E9FDF63912797C605FEEC23F9B0453D132AB6897DA98BC9AEAB ] iusb3hub        C:\windows\system32\DRIVERS\iusb3hub.sys
18:23:54.0064 0x1440  iusb3hub - ok
18:23:54.0080 0x1440  [ 1008CD90DA2198FFD250298DEB9DF160, 2CBA5FF2369861E8F8A55799AFFFC8E5B331A8BD17B559641E87A4C6C0D70206 ] iusb3xhc        C:\windows\system32\drivers\iusb3xhc.sys
18:23:54.0111 0x1440  iusb3xhc - ok
18:23:54.0158 0x1440  [ 468F7516B4030603BA9D1427CCEACDF9, 939A0DF80F5E1B63A5B4703971F22E6FC079CC2135BA229DB88CB0425A2903BB ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
18:23:54.0173 0x1440  jhi_service - ok
18:23:54.0173 0x1440  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
18:23:54.0189 0x1440  kbdclass - ok
18:23:54.0189 0x1440  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
18:23:54.0220 0x1440  kbdhid - ok
18:23:54.0236 0x1440  [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] KeyIso          C:\windows\system32\lsass.exe
18:23:54.0251 0x1440  KeyIso - ok
18:23:54.0283 0x1440  [ 0F776895884B8DC430A307D57FD867BB, F9E8C8A04D757CEAD86938BEEFFAD9750589037E16FB1A2B0A90E4484E1A6B65 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
18:23:54.0298 0x1440  KSecDD - ok
18:23:54.0314 0x1440  [ 28E75F316CCCD79337E4957C53017D4B, 3BABDA50B4CE72F7F9A0FD7A33DDB19463A01F188D46354E0B411FC0389C01BE ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
18:23:54.0329 0x1440  KSecPkg - ok
18:23:54.0329 0x1440  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
18:23:54.0361 0x1440  ksthunk - ok
18:23:54.0423 0x1440  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
18:23:54.0454 0x1440  KtmRm - ok
18:23:54.0501 0x1440  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\System32\srvsvc.dll
18:23:54.0517 0x1440  LanmanServer - ok
18:23:54.0548 0x1440  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
18:23:54.0579 0x1440  LanmanWorkstation - ok
18:23:54.0641 0x1440  [ 584528BF596A54B2BF6BE5067ADDA44A, 2A4694C988DCE0C094BFA6C91C50FDD98E52FD46BE156523FC243DE1FC566103 ] Linksys_adapter_H C:\windows\system32\DRIVERS\AE1200w764.sys
18:23:54.0673 0x1440  Linksys_adapter_H - ok
18:23:54.0688 0x1440  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
18:23:54.0719 0x1440  lltdio - ok
18:23:54.0735 0x1440  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
18:23:54.0766 0x1440  lltdsvc - ok
18:23:54.0766 0x1440  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
18:23:54.0813 0x1440  lmhosts - ok
18:23:54.0860 0x1440  [ B114B200CCDEBC7EBD8EF5D783819386, BB717C97EB058D01F34A08AE64265FBF13580404184624EA2249ACBCFC163F76 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
18:23:54.0860 0x1440  LMS - ok
18:23:54.0891 0x1440  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
18:23:54.0907 0x1440  LSI_FC - ok
18:23:54.0922 0x1440  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
18:23:54.0938 0x1440  LSI_SAS - ok
18:23:54.0969 0x1440  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
18:23:54.0985 0x1440  LSI_SAS2 - ok
18:23:54.0985 0x1440  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
18:23:55.0000 0x1440  LSI_SCSI - ok
18:23:55.0031 0x1440  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
18:23:55.0063 0x1440  luafv - ok
18:23:55.0078 0x1440  [ DED333DBDBBCC3555A6E6244522E2F1A, 6909875090A9013685BA16EAAC666C173F138F0AF7172A40E746E6EFDE02D133 ] LVPr2M64        C:\windows\system32\DRIVERS\LVPr2M64.sys
18:23:55.0094 0x1440  LVPr2M64 - ok
18:23:55.0094 0x1440  [ DED333DBDBBCC3555A6E6244522E2F1A, 6909875090A9013685BA16EAAC666C173F138F0AF7172A40E746E6EFDE02D133 ] LVPr2Mon        C:\windows\system32\DRIVERS\LVPr2M64.sys
18:23:55.0109 0x1440  LVPr2Mon - ok
18:23:55.0141 0x1440  [ A35679E56E78091E1042A2D7ADBF2958, F2282B697DCDD5767F65D99FEA374D3757C6133D42BD5A9C582C217619213290 ] LVPrcS64        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
18:23:55.0141 0x1440  LVPrcS64 - ok
18:23:55.0156 0x1440  [ 986C1CB787A007BAA5F74E7D316D7246, 8846D5FF09A669816F57C98507FBCBE60F770B22BC784269765E46B36EE38D9D ] LVRS64          C:\windows\system32\DRIVERS\lvrs64.sys
18:23:55.0172 0x1440  LVRS64 - ok
18:23:55.0281 0x1440  [ 5747BC465ABEA2858C5D037252AED84E, 1D62E05ED1D3265FEFDD02C8653B2901B05994091F1D417632E2FBF053C5D451 ] LVUVC64         C:\windows\system32\DRIVERS\lvuvc64.sys
18:23:55.0375 0x1440  LVUVC64 - ok
18:23:55.0421 0x1440  maagqb - ok
18:23:55.0468 0x1440  [ 42B3F5C9FBC9B3F0E0BA6B5D7FC8E849, 80E571FEE4373E4AF487176C9265FB89912739E961C47880A60115BD50638AEA ] mbamchameleon   C:\windows\system32\drivers\mbamchameleon.sys
18:23:55.0484 0x1440  mbamchameleon - ok
18:23:55.0531 0x1440  [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
18:23:55.0546 0x1440  MBAMProtector - ok
18:23:55.0640 0x1440  [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
18:23:55.0655 0x1440  MBAMScheduler - ok
18:23:55.0765 0x1440  [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
18:23:55.0796 0x1440  MBAMService - ok
18:23:55.0843 0x1440  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\windows\system32\drivers\MBAMSwissArmy.sys
18:23:55.0858 0x1440  MBAMSwissArmy - ok
18:23:55.0889 0x1440  [ D61070CFAD43038DC56AEAD9BFE9CE2A, BD77AEF60E7FD2015CB14A464799304359547146C14A47F8D25274ACFA2E42D5 ] MBAMWebAccessControl C:\windows\system32\drivers\mwac.sys
18:23:55.0905 0x1440  MBAMWebAccessControl - ok
18:23:55.0921 0x1440  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
18:23:55.0936 0x1440  Mcx2Svc - ok
18:23:55.0983 0x1440  [ CF17A39BA7D1D1E386FD0C1303642B91, 8C7F6530F30C56241D54FC0799347E586332C1299DE1222AC9C08AD523E9CD96 ] MDA_NTDRV       C:\windows\system32\MDA_NTDRV.sys
18:23:55.0999 0x1440  MDA_NTDRV - ok
18:23:56.0030 0x1440  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\drivers\megasas.sys
18:23:56.0045 0x1440  megasas - ok
18:23:56.0061 0x1440  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
18:23:56.0092 0x1440  MegaSR - ok
18:23:56.0108 0x1440  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
18:23:56.0123 0x1440  MEIx64 - ok
18:23:56.0123 0x1440  MFE_RR - ok
18:23:56.0201 0x1440  Microsoft SharePoint Workspace Audit Service - ok
18:23:56.0233 0x1440  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
18:23:56.0264 0x1440  MMCSS - ok
18:23:56.0279 0x1440  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
18:23:56.0326 0x1440  Modem - ok
18:23:56.0342 0x1440  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
18:23:56.0373 0x1440  monitor - ok
18:23:56.0435 0x1440  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
18:23:56.0451 0x1440  mouclass - ok
18:23:56.0467 0x1440  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
18:23:56.0498 0x1440  mouhid - ok
18:23:56.0529 0x1440  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
18:23:56.0545 0x1440  mountmgr - ok
18:23:56.0576 0x1440  [ 33CF4041B134F37961241EEEF89217A6, 76857173FBD3E301CFD550868BDF8BC241EF8874C6F113A53945CC2A32561CE0 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:23:56.0591 0x1440  MozillaMaintenance - ok
18:23:56.0607 0x1440  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
18:23:56.0623 0x1440  mpio - ok
18:23:56.0669 0x1440  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
18:23:56.0716 0x1440  mpsdrv - ok
18:23:56.0763 0x1440  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
18:23:56.0810 0x1440  MpsSvc - ok
18:23:56.0841 0x1440  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
18:23:56.0872 0x1440  MRxDAV - ok
18:23:56.0919 0x1440  [ 32B85C4923D895B2FB35821A799BA38D, 7A7E5D08F745DB9B498B4BE946325FF7DAA7FA27589D9423FCA4558D20780026 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
18:23:56.0950 0x1440  mrxsmb - ok
18:23:56.0981 0x1440  [ A572BEF41F3C55D7DAF24D2340C91FEC, 1E51EEFEABCDCB664CD39437C2275B160860FB433EAA8DC905D5BC742FD03529 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
18:23:56.0997 0x1440  mrxsmb10 - ok
18:23:57.0013 0x1440  [ C49F1C4CA74FC52AFB2E892D8E50EA39, 9E7A2453627A82AFF4CE3F285AFF105C3F92F423C07E5C43E76BEC523841B8F7 ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
18:23:57.0044 0x1440  mrxsmb20 - ok
18:23:57.0059 0x1440  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
18:23:57.0075 0x1440  msahci - ok
18:23:57.0122 0x1440  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys
18:23:57.0137 0x1440  msdsm - ok
18:23:57.0184 0x1440  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
18:23:57.0215 0x1440  MSDTC - ok
18:23:57.0278 0x1440  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
18:23:57.0309 0x1440  Msfs - ok
18:23:57.0340 0x1440  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
18:23:57.0371 0x1440  mshidkmdf - ok
18:23:57.0387 0x1440  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
18:23:57.0403 0x1440  msisadrv - ok
18:23:57.0418 0x1440  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
18:23:57.0465 0x1440  MSiSCSI - ok
18:23:57.0465 0x1440  msiserver - ok
18:23:57.0496 0x1440  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
18:23:57.0527 0x1440  MSKSSRV - ok
18:23:57.0543 0x1440  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
18:23:57.0559 0x1440  MSPCLOCK - ok
18:23:57.0574 0x1440  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
18:23:57.0590 0x1440  MSPQM - ok
18:23:57.0621 0x1440  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
18:23:57.0637 0x1440  MsRPC - ok
18:23:57.0652 0x1440  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
18:23:57.0668 0x1440  mssmbios - ok
18:23:57.0683 0x1440  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
18:23:57.0715 0x1440  MSTEE - ok
18:23:57.0746 0x1440  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
18:23:57.0761 0x1440  MTConfig - ok
18:23:57.0793 0x1440  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
18:23:57.0808 0x1440  Mup - ok
18:23:57.0839 0x1440  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
18:23:57.0886 0x1440  napagent - ok
18:23:57.0902 0x1440  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
18:23:57.0917 0x1440  NativeWifiP - ok
18:23:57.0995 0x1440  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\windows\system32\drivers\ndis.sys
18:23:58.0027 0x1440  NDIS - ok
18:23:58.0042 0x1440  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
18:23:58.0073 0x1440  NdisCap - ok
18:23:58.0105 0x1440  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
18:23:58.0151 0x1440  NdisTapi - ok
18:23:58.0167 0x1440  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
18:23:58.0198 0x1440  Ndisuio - ok
18:23:58.0214 0x1440  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
18:23:58.0245 0x1440  NdisWan - ok
18:23:58.0276 0x1440  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
18:23:58.0292 0x1440  NDProxy - ok
18:23:58.0323 0x1440  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:23:58.0323 0x1440  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
18:23:58.0323 0x1440  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:23:58.0385 0x1440  [ EE00C544C025958AF50C7B199F3C8595, D774DB020D9C46D1AA0B2DB9FA2C36C4A9C38D904CC6929695321D32ACA0D4D1 ] Netaapl         C:\windows\system32\DRIVERS\netaapl64.sys
18:23:58.0401 0x1440  Netaapl - ok
18:23:58.0432 0x1440  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
18:23:58.0463 0x1440  NetBIOS - ok
18:23:58.0479 0x1440  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
18:23:58.0510 0x1440  NetBT - ok
18:23:58.0541 0x1440  [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] Netlogon        C:\windows\system32\lsass.exe
18:23:58.0557 0x1440  Netlogon - ok
18:23:58.0588 0x1440  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
18:23:58.0604 0x1440  Netman - ok
18:23:58.0666 0x1440  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:23:58.0682 0x1440  NetMsmqActivator - ok
18:23:58.0682 0x1440  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:23:58.0697 0x1440  NetPipeActivator - ok
18:23:58.0713 0x1440  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
18:23:58.0744 0x1440  netprofm - ok
18:23:58.0744 0x1440  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:23:58.0760 0x1440  NetTcpActivator - ok
18:23:58.0775 0x1440  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:23:58.0791 0x1440  NetTcpPortSharing - ok
18:23:58.0807 0x1440  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
18:23:58.0822 0x1440  nfrd960 - ok
18:23:58.0853 0x1440  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\windows\System32\nlasvc.dll
18:23:58.0869 0x1440  NlaSvc - ok
18:23:58.0885 0x1440  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
18:23:58.0931 0x1440  Npfs - ok
18:23:58.0947 0x1440  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
18:23:58.0978 0x1440  nsi - ok
18:23:58.0994 0x1440  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
18:23:59.0025 0x1440  nsiproxy - ok
18:23:59.0056 0x1440  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
18:23:59.0103 0x1440  Ntfs - ok
18:23:59.0150 0x1440  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
18:23:59.0181 0x1440  Null - ok
18:23:59.0197 0x1440  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
18:23:59.0212 0x1440  nvraid - ok
18:23:59.0212 0x1440  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
18:23:59.0228 0x1440  nvstor - ok
18:23:59.0243 0x1440  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
18:23:59.0259 0x1440  nv_agp - ok
18:23:59.0275 0x1440  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
18:23:59.0290 0x1440  ohci1394 - ok
18:23:59.0368 0x1440  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:23:59.0384 0x1440  ose - ok
18:23:59.0571 0x1440  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:23:59.0649 0x1440  osppsvc - ok
18:23:59.0665 0x1440  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
18:23:59.0680 0x1440  p2pimsvc - ok
18:23:59.0711 0x1440  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
18:23:59.0743 0x1440  p2psvc - ok
18:23:59.0758 0x1440  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\drivers\parport.sys
18:23:59.0774 0x1440  Parport - ok
18:23:59.0821 0x1440  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\windows\system32\drivers\partmgr.sys
18:23:59.0836 0x1440  partmgr - ok
18:23:59.0883 0x1440  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\windows\System32\pcasvc.dll
18:23:59.0914 0x1440  PcaSvc - ok
18:23:59.0961 0x1440  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\windows\system32\drivers\pci.sys
18:23:59.0977 0x1440  pci - ok
18:23:59.0992 0x1440  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys
18:24:00.0008 0x1440  pciide - ok
18:24:00.0039 0x1440  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
18:24:00.0055 0x1440  pcmcia - ok
18:24:00.0086 0x1440  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
18:24:00.0101 0x1440  pcw - ok
18:24:00.0117 0x1440  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
18:24:00.0133 0x1440  PEAUTH - ok
18:24:00.0226 0x1440  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
18:24:00.0226 0x1440  PerfHost - ok
18:24:00.0273 0x1440  [ B8C3C66D19104E23D6D05A391747F23F, 2CB879FE65989608706306D8E7224F7C0F668E30886BDBC8B5CFB452807222D6 ] PFNet           C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe
18:24:00.0289 0x1440  PFNet - ok
18:24:00.0335 0x1440  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\windows\system32\pla.dll
18:24:00.0367 0x1440  pla - ok
18:24:00.0398 0x1440  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
18:24:00.0413 0x1440  PlugPlay - ok
18:24:00.0429 0x1440  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:24:00.0445 0x1440  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
18:24:00.0445 0x1440  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:24:00.0476 0x1440  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
18:24:00.0491 0x1440  PNRPAutoReg - ok
18:24:00.0523 0x1440  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
18:24:00.0538 0x1440  PNRPsvc - ok
18:24:00.0569 0x1440  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
18:24:00.0616 0x1440  PolicyAgent - ok
18:24:00.0647 0x1440  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
18:24:00.0679 0x1440  Power - ok
18:24:00.0725 0x1440  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
18:24:00.0757 0x1440  PptpMiniport - ok
18:24:00.0803 0x1440  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\drivers\processr.sys
18:24:00.0819 0x1440  Processor - ok
18:24:00.0850 0x1440  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\windows\system32\profsvc.dll
18:24:00.0866 0x1440  ProfSvc - ok
18:24:00.0881 0x1440  [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] ProtectedStorage C:\windows\system32\lsass.exe
18:24:00.0897 0x1440  ProtectedStorage - ok
18:24:00.0913 0x1440  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
18:24:00.0959 0x1440  Psched - ok
18:24:00.0991 0x1440  [ 733FFBF20DA95915B07BE66C62AB17D1, C22A3F2DD0A06AB1AD10DCB1C4C3A492143FCA12BCDAB401808BCE39D87E0D3C ] pwipf6          C:\windows\system32\DRIVERS\pwipf6.sys
18:24:01.0006 0x1440  pwipf6 - ok
18:24:01.0053 0x1440  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\drivers\ql2300.sys
18:24:01.0100 0x1440  ql2300 - ok
18:24:01.0100 0x1440  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
18:24:01.0115 0x1440  ql40xx - ok
18:24:01.0115 0x1440  qozysh - ok
18:24:01.0147 0x1440  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
18:24:01.0162 0x1440  QWAVE - ok
18:24:01.0178 0x1440  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
18:24:01.0193 0x1440  QWAVEdrv - ok
18:24:01.0193 0x1440  raeehd - ok
18:24:01.0209 0x1440  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
18:24:01.0225 0x1440  RasAcd - ok
18:24:01.0271 0x1440  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
18:24:01.0318 0x1440  RasAgileVpn - ok
18:24:01.0334 0x1440  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
18:24:01.0365 0x1440  RasAuto - ok
18:24:01.0381 0x1440  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
18:24:01.0412 0x1440  Rasl2tp - ok
18:24:01.0427 0x1440  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
18:24:01.0443 0x1440  RasMan - ok
18:24:01.0459 0x1440  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
18:24:01.0490 0x1440  RasPppoe - ok
18:24:01.0490 0x1440  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
18:24:01.0521 0x1440  RasSstp - ok
18:24:01.0537 0x1440  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
18:24:01.0583 0x1440  rdbss - ok
18:24:01.0615 0x1440  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
18:24:01.0630 0x1440  rdpbus - ok
18:24:01.0630 0x1440  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
18:24:01.0646 0x1440  RDPCDD - ok
18:24:01.0661 0x1440  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
18:24:01.0693 0x1440  RDPENCDD - ok
18:24:01.0693 0x1440  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
18:24:01.0724 0x1440  RDPREFMP - ok
18:24:01.0786 0x1440  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
18:24:01.0802 0x1440  RdpVideoMiniport - ok
18:24:01.0849 0x1440  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
18:24:01.0895 0x1440  RDPWD - ok
18:24:01.0911 0x1440  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
18:24:01.0927 0x1440  rdyboost - ok
18:24:01.0958 0x1440  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
18:24:01.0989 0x1440  RemoteAccess - ok
18:24:02.0005 0x1440  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
18:24:02.0036 0x1440  RemoteRegistry - ok
18:24:02.0051 0x1440  [ 5790BCA445CC40DF8B38C2C48608AAC2, E8CC273ECF44B6638FEC7AF443745C04E03580B5C6ECFE45648F18BA2B9B89E7 ] RimUsb          C:\windows\system32\Drivers\RimUsb_AMD64.sys
18:24:02.0067 0x1440  RimUsb - ok
18:24:02.0083 0x1440  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
18:24:02.0098 0x1440  RpcEptMapper - ok
18:24:02.0114 0x1440  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
18:24:02.0145 0x1440  RpcLocator - ok
18:24:02.0192 0x1440  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\windows\system32\rpcss.dll
18:24:02.0223 0x1440  RpcSs - ok
18:24:02.0270 0x1440  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
18:24:02.0301 0x1440  rspndr - ok
18:24:02.0332 0x1440  [ 6CF9DB101A75360E98659F823852E540, A7D48DF41A831EEF9978B51786EF80DB9CC40602BE66D46CA11BE1548BC2D10C ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
18:24:02.0363 0x1440  RTL8167 - ok
18:24:02.0379 0x1440  [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] SamSs           C:\windows\system32\lsass.exe
18:24:02.0395 0x1440  SamSs - ok
18:24:02.0426 0x1440  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:24:02.0426 0x1440  SASDIFSV - ok
18:24:02.0441 0x1440  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:24:02.0457 0x1440  SASKUTIL - ok
18:24:02.0504 0x1440  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
18:24:02.0519 0x1440  sbp2port - ok
18:24:02.0519 0x1440  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
18:24:02.0566 0x1440  SCardSvr - ok
18:24:02.0582 0x1440  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
18:24:02.0613 0x1440  scfilter - ok
18:24:02.0675 0x1440  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\windows\system32\schedsvc.dll
18:24:02.0707 0x1440  Schedule - ok
18:24:02.0738 0x1440  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\windows\System32\certprop.dll
18:24:02.0753 0x1440  SCPolicySvc - ok
18:24:02.0753 0x1440  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
18:24:02.0785 0x1440  SDRSVC - ok
18:24:02.0816 0x1440  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
18:24:02.0831 0x1440  secdrv - ok
18:24:02.0847 0x1440  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
18:24:02.0878 0x1440  seclogon - ok
18:24:02.0894 0x1440  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\System32\sens.dll
18:24:02.0925 0x1440  SENS - ok
18:24:02.0925 0x1440  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
18:24:02.0941 0x1440  SensrSvc - ok
18:24:02.0956 0x1440  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\drivers\serenum.sys
18:24:02.0972 0x1440  Serenum - ok
18:24:03.0003 0x1440  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\drivers\serial.sys
18:24:03.0034 0x1440  Serial - ok
18:24:03.0065 0x1440  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\drivers\sermouse.sys
18:24:03.0097 0x1440  sermouse - ok
18:24:03.0112 0x1440  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
18:24:03.0143 0x1440  SessionEnv - ok
18:24:03.0175 0x1440  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
18:24:03.0206 0x1440  sffdisk - ok
18:24:03.0237 0x1440  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
18:24:03.0253 0x1440  sffp_mmc - ok
18:24:03.0253 0x1440  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
18:24:03.0284 0x1440  sffp_sd - ok
18:24:03.0299 0x1440  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
18:24:03.0315 0x1440  sfloppy - ok
18:24:03.0362 0x1440  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
18:24:03.0393 0x1440  SharedAccess - ok
18:24:03.0440 0x1440  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
18:24:03.0471 0x1440  ShellHWDetection - ok
18:24:03.0487 0x1440  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
18:24:03.0502 0x1440  SiSRaid2 - ok
18:24:03.0518 0x1440  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
18:24:03.0533 0x1440  SiSRaid4 - ok
18:24:03.0565 0x1440  sjzgxw - ok
18:24:03.0627 0x1440  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
18:24:03.0643 0x1440  SkypeUpdate - ok
18:24:03.0721 0x1440  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
18:24:03.0752 0x1440  Smb - ok
18:24:03.0767 0x1440  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
18:24:03.0814 0x1440  SNMPTRAP - ok
18:24:03.0861 0x1440  [ 0FFE35F0B0CD5A324BBE22F02569AE3B, F4EE803EEFDB4EAEEDB3024C3516F1F9A202C77F4870D6B74356BBDE32B3B560 ] speedfan        C:\windows\syswow64\speedfan.sys
18:24:03.0877 0x1440  speedfan - ok
18:24:03.0923 0x1440  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
18:24:03.0923 0x1440  spldr - ok
18:24:03.0955 0x1440  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\windows\System32\spoolsv.exe
18:24:03.0970 0x1440  Spooler - ok
18:24:04.0064 0x1440  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
18:24:04.0126 0x1440  sppsvc - ok
18:24:04.0173 0x1440  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
18:24:04.0189 0x1440  sppuinotify - ok
18:24:04.0220 0x1440  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\windows\system32\DRIVERS\srv.sys
18:24:04.0267 0x1440  srv - ok
18:24:04.0298 0x1440  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
18:24:04.0313 0x1440  srv2 - ok
18:24:04.0329 0x1440  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
18:24:04.0360 0x1440  srvnet - ok
18:24:04.0360 0x1440  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
18:24:04.0407 0x1440  SSDPSRV - ok
18:24:04.0423 0x1440  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
18:24:04.0454 0x1440  SstpSvc - ok
18:24:04.0469 0x1440  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\drivers\stexstor.sys
18:24:04.0485 0x1440  stexstor - ok
18:24:04.0501 0x1440  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
18:24:04.0516 0x1440  stisvc - ok
18:24:04.0532 0x1440  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\drivers\swenum.sys
18:24:04.0547 0x1440  swenum - ok
18:24:04.0563 0x1440  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
18:24:04.0594 0x1440  swprv - ok
18:24:04.0657 0x1440  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\windows\system32\sysmain.dll
18:24:04.0719 0x1440  SysMain - ok
18:24:04.0735 0x1440  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
18:24:04.0750 0x1440  TabletInputService - ok
18:24:04.0797 0x1440  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\windows\System32\tapisrv.dll
18:24:04.0828 0x1440  TapiSrv - ok
18:24:04.0844 0x1440  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
18:24:04.0875 0x1440  TBS - ok
18:24:04.0937 0x1440  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
18:24:04.0984 0x1440  Tcpip - ok
18:24:05.0047 0x1440  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
18:24:05.0109 0x1440  TCPIP6 - ok
18:24:05.0125 0x1440  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
18:24:05.0156 0x1440  tcpipreg - ok
18:24:05.0203 0x1440  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
18:24:05.0218 0x1440  TDPIPE - ok
18:24:05.0234 0x1440  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
18:24:05.0249 0x1440  TDTCP - ok
18:24:05.0296 0x1440  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
18:24:05.0312 0x1440  tdx - ok
18:24:05.0343 0x1440  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\drivers\termdd.sys
18:24:05.0359 0x1440  TermDD - ok
18:24:05.0405 0x1440  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\windows\System32\termsrv.dll
18:24:05.0452 0x1440  TermService - ok
18:24:05.0468 0x1440  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
18:24:05.0499 0x1440  Themes - ok
18:24:05.0515 0x1440  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
18:24:05.0546 0x1440  THREADORDER - ok
18:24:05.0561 0x1440  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
18:24:05.0593 0x1440  TrkWks - ok
18:24:05.0639 0x1440  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
18:24:05.0686 0x1440  TrustedInstaller - ok
18:24:05.0717 0x1440  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
18:24:05.0733 0x1440  tssecsrv - ok
18:24:05.0764 0x1440  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
18:24:05.0780 0x1440  TsUsbFlt - ok
18:24:05.0795 0x1440  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
18:24:05.0811 0x1440  TsUsbGD - ok
18:24:05.0827 0x1440  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
18:24:05.0873 0x1440  tunnel - ok
18:24:05.0905 0x1440  [ 42350E49DA754D2D77362FDAE3491651, F29E8BA444ECB0484066B02C0A3DCE09B8417159EE37D7A2E05D4C06A98449C4 ] TurboB          C:\windows\system32\DRIVERS\TurboB.sys
18:24:05.0920 0x1440  TurboB - ok
18:24:05.0951 0x1440  [ 4F4B0AB2FB69C414CCBCEF7CF2E1C8D8, E1F197554369C97DBF61389346B4CB0233F40AAA2575F5D2FEC809AC9123FC69 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
18:24:05.0967 0x1440  TurboBoost - ok
18:24:05.0983 0x1440  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\drivers\uagp35.sys
18:24:05.0998 0x1440  uagp35 - ok
18:24:06.0045 0x1440  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
18:24:06.0076 0x1440  udfs - ok
18:24:06.0092 0x1440  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
18:24:06.0123 0x1440  UI0Detect - ok
18:24:06.0154 0x1440  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
18:24:06.0170 0x1440  uliagpkx - ok
18:24:06.0185 0x1440  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\windows\system32\DRIVERS\umbus.sys
18:24:06.0217 0x1440  umbus - ok
18:24:06.0232 0x1440  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\drivers\umpass.sys
18:24:06.0248 0x1440  UmPass - ok
18:24:06.0310 0x1440  [ 6617E7CC9DC6729A11BFF54C47CEA7D0, 637DC1E3F18DF40592ED7E16979097E4A4F3E9F735B9CA3E6DB139DED898BB8B ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
18:24:06.0326 0x1440  UNS - ok
18:24:06.0341 0x1440  uotote - ok
18:24:06.0373 0x1440  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
18:24:06.0404 0x1440  upnphost - ok
18:24:06.0419 0x1440  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys
18:24:06.0451 0x1440  USBAAPL64 - ok
18:24:06.0482 0x1440  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
18:24:06.0497 0x1440  usbaudio - ok
18:24:06.0544 0x1440  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
18:24:06.0575 0x1440  usbccgp - ok
18:24:06.0607 0x1440  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\windows\system32\drivers\usbcir.sys
18:24:06.0622 0x1440  usbcir - ok
18:24:06.0653 0x1440  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\windows\system32\drivers\usbehci.sys
18:24:06.0669 0x1440  usbehci - ok
18:24:06.0700 0x1440  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
18:24:06.0716 0x1440  usbhub - ok
18:24:06.0747 0x1440  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\windows\system32\drivers\usbohci.sys
18:24:06.0747 0x1440  usbohci - ok
18:24:06.0778 0x1440  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
18:24:06.0794 0x1440  usbprint - ok
18:24:06.0825 0x1440  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\windows\system32\drivers\usbscan.sys
18:24:06.0841 0x1440  usbscan - ok
18:24:06.0872 0x1440  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
18:24:06.0887 0x1440  USBSTOR - ok
18:24:06.0903 0x1440  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
18:24:06.0919 0x1440  usbuhci - ok
18:24:06.0934 0x1440  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
18:24:06.0981 0x1440  UxSms - ok
18:24:06.0997 0x1440  [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] VaultSvc        C:\windows\system32\lsass.exe
18:24:06.0997 0x1440  VaultSvc - ok
18:24:07.0012 0x1440  vdbus - ok
18:24:07.0028 0x1440  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
18:24:07.0043 0x1440  vdrvroot - ok
18:24:07.0075 0x1440  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\windows\System32\vds.exe
18:24:07.0106 0x1440  vds - ok
18:24:07.0137 0x1440  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
18:24:07.0153 0x1440  vga - ok
18:24:07.0184 0x1440  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
18:24:07.0215 0x1440  VgaSave - ok
18:24:07.0231 0x1440  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
18:24:07.0246 0x1440  vhdmp - ok
18:24:07.0293 0x1440  [ EECF5B7210D773F3501CEDA848D53D31, C98034418DA5351A82B3FFAFBD277BAE4AE8AF25DD491BF628CEA0C708A5A9B2 ] VIAHdAudAddService C:\windows\system32\drivers\viahduaa.sys
18:24:07.0340 0x1440  VIAHdAudAddService - ok
18:24:07.0371 0x1440  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
18:24:07.0387 0x1440  viaide - ok
18:24:07.0402 0x1440  [ 43412F74D9516EF87988F2397A9B8E78, 82253E49D2762D67D202A8D3A215EF5F937ADFCF711AD238B6FDACAE0CC80A49 ] VIAKaraokeService C:\windows\system32\viakaraokesrv.exe
18:24:07.0418 0x1440  VIAKaraokeService - ok
18:24:07.0433 0x1440  [ 3F63FA4A5D8A7C1B1A87E342569FBA53, E562BAF184E29A67960523843F4C5D351250951542A68891A996C5848649A4DC ] VNUSB           C:\windows\system32\Drivers\VNUSB.sys
18:24:07.0449 0x1440  VNUSB - ok
18:24:07.0480 0x1440  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
18:24:07.0496 0x1440  volmgr - ok
18:24:07.0511 0x1440  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
18:24:07.0527 0x1440  volmgrx - ok
18:24:07.0558 0x1440  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\windows\system32\drivers\volsnap.sys
18:24:07.0574 0x1440  volsnap - ok
18:24:07.0605 0x1440  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
18:24:07.0621 0x1440  vsmraid - ok
18:24:07.0667 0x1440  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\windows\system32\vssvc.exe
18:24:07.0730 0x1440  VSS - ok
18:24:07.0730 0x1440  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
18:24:07.0745 0x1440  vwifibus - ok
18:24:07.0808 0x1440  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] VWiFiFlt        C:\windows\system32\DRIVERS\vwififlt.sys
18:24:07.0823 0x1440  VWiFiFlt - ok
18:24:07.0839 0x1440  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
18:24:07.0855 0x1440  vwifimp - ok
18:24:07.0870 0x1440  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
18:24:07.0917 0x1440  W32Time - ok
18:24:07.0948 0x1440  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\drivers\wacompen.sys
18:24:07.0979 0x1440  WacomPen - ok
18:24:07.0995 0x1440  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
18:24:08.0026 0x1440  WANARP - ok
18:24:08.0042 0x1440  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
18:24:08.0057 0x1440  Wanarpv6 - ok
18:24:08.0104 0x1440  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
18:24:08.0135 0x1440  WatAdminSvc - ok
18:24:08.0167 0x1440  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
18:24:08.0198 0x1440  wbengine - ok
18:24:08.0229 0x1440  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
18:24:08.0260 0x1440  WbioSrvc - ok
18:24:08.0307 0x1440  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\windows\System32\wcncsvc.dll
18:24:08.0338 0x1440  wcncsvc - ok
18:24:08.0354 0x1440  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
18:24:08.0369 0x1440  WcsPlugInService - ok
18:24:08.0401 0x1440  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\drivers\wd.sys
18:24:08.0416 0x1440  Wd - ok
18:24:08.0447 0x1440  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
18:24:08.0479 0x1440  Wdf01000 - ok
18:24:08.0494 0x1440  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\windows\system32\wdi.dll
18:24:08.0510 0x1440  WdiServiceHost - ok
18:24:08.0525 0x1440  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\windows\system32\wdi.dll
18:24:08.0541 0x1440  WdiSystemHost - ok
18:24:08.0588 0x1440  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\windows\System32\webclnt.dll
18:24:08.0603 0x1440  WebClient - ok
18:24:08.0635 0x1440  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
18:24:08.0666 0x1440  Wecsvc - ok
18:24:08.0681 0x1440  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
18:24:08.0713 0x1440  wercplsupport - ok
18:24:08.0728 0x1440  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
18:24:08.0775 0x1440  WerSvc - ok
18:24:08.0791 0x1440  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
18:24:08.0822 0x1440  WfpLwf - ok
18:24:08.0869 0x1440  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
18:24:08.0884 0x1440  WIMMount - ok
18:24:08.0900 0x1440  WinDefend - ok
18:24:08.0915 0x1440  WinHttpAutoProxySvc - ok
18:24:08.0931 0x1440  [ BC67C1E4B36063968E54C3B2E4DB8978, FF4725171C6D4BDE6B258FD19949C7D624F1F8693A26AB1E2E04103FC46484CB ] WinisoCDBus     C:\windows\system32\drivers\WinisoCDBus.sys
18:24:08.0962 0x1440  WinisoCDBus - ok
18:24:08.0993 0x1440  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
18:24:09.0040 0x1440  Winmgmt - ok
18:24:09.0103 0x1440  WinRing0_1_2_0 - ok
18:24:09.0149 0x1440  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\windows\system32\WsmSvc.dll
18:24:09.0196 0x1440  WinRM - ok
18:24:09.0243 0x1440  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\windows\system32\drivers\WinUsb.sys
18:24:09.0259 0x1440  WinUsb - ok
18:24:09.0305 0x1440  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
18:24:09.0337 0x1440  Wlansvc - ok
18:24:09.0383 0x1440  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:24:09.0399 0x1440  wlcrasvc - ok
18:24:09.0461 0x1440  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:24:09.0508 0x1440  wlidsvc - ok
18:24:09.0524 0x1440  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
18:24:09.0539 0x1440  WmiAcpi - ok
18:24:09.0571 0x1440  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
18:24:09.0586 0x1440  wmiApSrv - ok
18:24:09.0617 0x1440  WMPNetworkSvc - ok
18:24:09.0633 0x1440  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
18:24:09.0664 0x1440  WPCSvc - ok
18:24:09.0680 0x1440  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
18:24:09.0695 0x1440  WPDBusEnum - ok
18:24:09.0727 0x1440  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
18:24:09.0742 0x1440  ws2ifsl - ok
18:24:09.0773 0x1440  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\system32\wscsvc.dll
18:24:09.0789 0x1440  wscsvc - ok
18:24:09.0836 0x1440  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\windows\system32\DRIVERS\WSDPrint.sys
18:24:09.0867 0x1440  WSDPrintDevice - ok
18:24:09.0867 0x1440  WSearch - ok
18:24:09.0945 0x1440  [ 6075791ED85E47A2A2916B1F34582944, 25B5FAD161711875B38BDD014A26FA527C8EE4854D485989D19A72D5EBBA4054 ] wuauserv        C:\windows\system32\wuaueng.dll
18:24:10.0007 0x1440  wuauserv - ok
18:24:10.0039 0x1440  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
18:24:10.0070 0x1440  WudfPf - ok
18:24:10.0132 0x1440  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
18:24:10.0179 0x1440  WUDFRd - ok
18:24:10.0195 0x1440  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
18:24:10.0210 0x1440  wudfsvc - ok
18:24:10.0226 0x1440  [ CA3B16EA714C1AEA267F828849797C41, B52121991D69F053DD25705C8EF62BA66890787582E48FB37B1C1E0AE66F5000 ] WUSB54GSCv2.NTamd64 C:\windows\system32\DRIVERS\WUSB54GSCV2_AMD64.sys
18:24:10.0241 0x1440  WUSB54GSCv2.NTamd64 - ok
18:24:10.0273 0x1440  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\windows\System32\wwansvc.dll
18:24:10.0288 0x1440  WwanSvc - ok
18:24:10.0319 0x1440  ================ Scan global ===============================
18:24:10.0382 0x1440  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\windows\system32\basesrv.dll
18:24:10.0429 0x1440  [ CE14A4BBF890A7D4C898CF886D145EC9, AD4BE7CBB0C624EC00E8496AF33AC5AB8C5689C75C66C4C99F2FB7149E912D18 ] C:\windows\system32\winsrv.dll
18:24:10.0444 0x1440  [ CE14A4BBF890A7D4C898CF886D145EC9, AD4BE7CBB0C624EC00E8496AF33AC5AB8C5689C75C66C4C99F2FB7149E912D18 ] C:\windows\system32\winsrv.dll
18:24:10.0460 0x1440  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
18:24:10.0475 0x1440  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\windows\system32\services.exe
18:24:10.0491 0x1440  [ Global ] - ok
18:24:10.0491 0x1440  ================ Scan MBR ==================================
18:24:10.0491 0x1440  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:24:10.0694 0x1440  \Device\Harddisk0\DR0 - ok
18:24:10.0694 0x1440  ================ Scan VBR ==================================
18:24:10.0694 0x1440  [ 0F968211E44D93B97335F1237E593B3D ] \Device\Harddisk0\DR0\Partition1
18:24:10.0756 0x1440  \Device\Harddisk0\DR0\Partition1 - ok
18:24:10.0756 0x1440  [ 9DD9F01C5CEC073D2C240954B2EA0B29 ] \Device\Harddisk0\DR0\Partition2
18:24:10.0819 0x1440  \Device\Harddisk0\DR0\Partition2 - ok
18:24:10.0819 0x1440  ================ Scan generic autorun ======================
18:24:10.0865 0x1440  [ 899D435E1C190C204E349CE0E483098B, FC6E84D7A382FBCBF3B2DAA4B75BD78F447359F314C1CD4424759E2EC97FD2DE ] C:\windows\system32\igfxpers.exe
18:24:10.0881 0x1440  Persistence - ok
18:24:10.0881 0x1440  IntelTBRunOnce - ok
18:24:10.0881 0x1440  [ BE49AF92F13030E188DBE8E2841D173A, AFC312A888F63D34E4F4E27A3FF50D5569BCAF0DD061671CC661E778FEC02EEB ] C:\windows\system32\igfxtray.exe
18:24:10.0897 0x1440  IgfxTray - ok
18:24:10.0928 0x1440  [ 664FF61BE83FCACBF67A8D307011ADF5, B5270D13A355002336D25C092C042CA8E36795D23EB81134418BB2A8ABFBDF66 ] C:\windows\system32\hkcmd.exe
18:24:10.0928 0x1440  HotKeysCmds - ok
18:24:11.0037 0x1440  [ D547C84BEB1FC5707825243F3219561F, C7C6CBF6C7E8398E70AC6D14A63D0301241CE07BA2EFF3CD003609903D6245AC ] C:\Program Files (x86)\Stardock\Fences\Fences.exe
18:24:11.0099 0x1440  Fences - ok
18:24:11.0146 0x1440  [ 5F8CBEE9B9D9DAB0A401094695431F8D, 7788D6D5A25C2A3B170F1394B7D1831EBC1F9D0E6C3F1AC3F1CCF40BED197B8B ] C:\Program Files\Classic Shell\ClassicStartMenu.exe
18:24:11.0146 0x1440  Classic Start Menu - detected UnsignedFile.Multi.Generic ( 1 )
18:24:11.0146 0x1440  Classic Start Menu ( UnsignedFile.Multi.Generic ) - warning
18:24:11.0146 0x1440  Force sending object to P2P due to detect: C:\Program Files\Classic Shell\ClassicStartMenu.exe
18:24:11.0146 0x1440  Object send P2P result: false
18:24:11.0193 0x1440  [ 076B3EE149E01ADBAC2DC529554A3FD9, 4F65D9D2EE44829AA2264210112851E899165C2346489BEBE679C41420CF7D07 ] C:\Program Files\iTunes\iTunesHelper.exe
18:24:11.0193 0x1440  iTunesHelper - ok
18:24:11.0318 0x1440  [ DF57306E853C0896203D19FCA861F2D9, 13EBF02EAB54A9F0423B1CD269E9A76CACC26BF1D015CC0C99EDE72AEF2A567A ] C:\Program Files\PaintShop Pro X7 (64-bit)\Corel\Corel PaintShop Pro X7 (64-bit)\pua.exe
18:24:11.0349 0x1440  Corel Update Helper - ok
18:24:11.0380 0x1440  [ 6364FA7D825B600251A4D1DE7D6FF695, 1BEDD2E9DCE4C50FE7FE644D5DDD447DF79975D666CE128F945DD776E46AFC60 ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
18:24:11.0396 0x1440  USB3MON - ok
18:24:11.0411 0x1440  [ D9DF49233588871A407700932812E436, 1A0479CD540250559B2CBF1E76DE454B50BD1D8069C9B077BD0A56782BAEAB2E ] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe
18:24:11.0427 0x1440  IMSS - ok
18:24:11.0536 0x1440  [ 3D6737ADDB9B1DF81605C442ED6D2D90, 5B8D68945E1A97FD1AF40333448FE335743F48F46A70E303ADF406CC0CC253FB ] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
18:24:11.0661 0x1440  HDAudDeck - detected UnsignedFile.Multi.Generic ( 1 )
18:24:11.0661 0x1440  HDAudDeck ( UnsignedFile.Multi.Generic ) - warning
18:24:11.0708 0x1440  [ 4275C55AA440DC08EA0267AED31D9654, A5EF4505960D9CECC45376026A8B51FF43282AE811C88617CCD8F7F1E6E56A7B ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
18:24:11.0723 0x1440  APSDaemon - ok
18:24:11.0801 0x1440  [ A6F5810B18C6C141161F79C2C41CE060, 0618DC88D79215B291376AD6E7005F4E7532EB80B481CFCCB11F41CBADE23FA7 ] C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
18:24:11.0848 0x1440  Privatefirewall - ok
18:24:12.0020 0x1440  [ 8A312D5764B4FC4C55CEDDEED4652CF1, C4E726C9C77614CD32D5B76DA2E9A049EC490C2392D9A94B84712BCBF47BA7C6 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
18:24:12.0113 0x1440  AvastUI.exe - ok
18:24:12.0176 0x1440  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
18:24:12.0191 0x1440  Sidebar - ok
18:24:12.0347 0x1440  [ B2BAE2D76FBE9FDC3F6E0D1F886DF367, 964EBF736891BE252C68FCE1F9EAD5E60E6E0C2119D21C6DF49FBD30FBB678EF ] C:\Program Files\CCleaner\CCleaner64.exe
18:24:12.0457 0x1440  CCleaner - ok
18:24:12.0503 0x1440  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 11.1.2245.1540 ), 0x41000 ( enabled : updated )
18:24:12.0503 0x1440  FW detected via SS2: Privatefirewall, C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfgui.exe ( 7.0.30.3 ), 0x50010 ( disabled )
18:24:12.0519 0x1440  Win FW state via NFP2: disabled ( trusted )
18:24:12.0519 0x1440  ============================================================
18:24:12.0519 0x1440  Scan finished
18:24:12.0519 0x1440  ============================================================
18:24:12.0519 0x1298  Detected object count: 8
18:24:12.0519 0x1298  Actual detected object count: 8
18:31:03.0377 0x1298  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:31:03.0377 0x1298  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:31:03.0377 0x1298  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
18:31:03.0377 0x1298  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:31:03.0393 0x1298  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:31:03.0393 0x1298  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:31:03.0393 0x1298  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
18:31:03.0393 0x1298  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:31:03.0393 0x1298  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:31:03.0393 0x1298  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:31:03.0393 0x1298  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:31:03.0393 0x1298  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:31:03.0393 0x1298  Classic Start Menu ( UnsignedFile.Multi.Generic ) - skipped by user
18:31:03.0393 0x1298  Classic Start Menu ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:31:03.0393 0x1298  HDAudDeck ( UnsignedFile.Multi.Generic ) - skipped by user
18:31:03.0393 0x1298  HDAudDeck ( UnsignedFile.Multi.Generic ) - User select action: Skip
 

Attached Files

  • Attached File  gmer.txt   475.11KB   5 downloads


#6 WJL2112

WJL2112
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 04 February 2016 - 07:52 PM

Jürgen,

 

I was able to paste the TDSS text afterall.

 

Note that I have the full version of malwarebytes, and something has been shutting it down this evening.

 

Also, the first time i ran GMER, something shut it down and the system restarted.

 

Thanks,

 

Bill



#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:18 AM

Posted 05 February 2016 - 01:49 PM

Hi Bill,
please do the following:

Step 1

Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.

hitman.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 WJL2112

WJL2112
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 05 February 2016 - 02:05 PM

Jürgen,

I will run Hitman next and attach report. Have you been able to read all of the attachments so far? If a report is too big to paste should I paste it in two different replies or is an attachment okay? Anything else you want me to run after Hitman?

Will post Hitman results soon.

Thanks!

Bill

#9 WJL2112

WJL2112
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 05 February 2016 - 05:09 PM

Jürgen,

 

Please see below the contents of the HitmanPro report.

 

HitmanPro 3.7.12.253
www.hitmanpro.com

   Computer name . . . . : BILL-COREI7-PC
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : Bill-Corei7-PC\Bill
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (Expired)

   Scan date . . . . . . : 2016-02-05 16:58:36
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 7s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 17

   Objects scanned . . . : 2,635,346
   Files scanned . . . . : 69,022
   Remnants scanned  . . : 444,644 files / 2,121,680 keys

Suspicious files ____________________________________________________________

   C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Security\FRST64.exe
      Size . . . . . . . : 2,370,560 bytes
      Age  . . . . . . . : 2.0 days (2016-02-03 16:28:45)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 329DE119D3FD38387AA31C04A3C649587B579C89467D26DA5BA601346994BB87
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\Bill\Downloads\Network Repair\MiniToolBox.exe
      Size . . . . . . . : 401,920 bytes
      Age  . . . . . . . : 384.0 days (2015-01-17 17:05:12)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 520E765E9043243127BE3D7B7210D32E2D1994866DC7A0F57EC05FA480D6D062
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.


Cookies _____________________________________________________________________

   C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\16v7qflf.default\cookies.sqlite:adsrvr.org
   C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\16v7qflf.default\cookies.sqlite:bluekai.com
   C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\16v7qflf.default\cookies.sqlite:crwdcntrl.net
   C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\16v7qflf.default\cookies.sqlite:demdex.net
   C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\16v7qflf.default\cookies.sqlite:imrworldwide.com
   C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\16v7qflf.default\cookies.sqlite:krxd.net
   C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\16v7qflf.default\cookies.sqlite:mathtag.com
   C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\16v7qflf.default\cookies.sqlite:pcl.demdex.net
   C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\16v7qflf.default\cookies.sqlite:pubmatic.com
   C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\16v7qflf.default\cookies.sqlite:rubiconproject.com
   C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\16v7qflf.default\cookies.sqlite:scorecardresearch.com
   C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\16v7qflf.default\cookies.sqlite:skimresources.com
   C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\16v7qflf.default\cookies.sqlite:tap.rubiconproject.com
   C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\16v7qflf.default\cookies.sqlite:turbotax.demdex.net
   C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\16v7qflf.default\cookies.sqlite:turn.com
 

 

Thanks,

 

Bill



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:18 AM

Posted 06 February 2016 - 11:50 AM

Hi Bill,
 

If a report is too big to paste should I paste it in two different replies or is an attachment okay?

 
as you like! :)
 
Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    GroupPolicyScripts-x32: Restriction
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKLM - No Name - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -  No File
    Toolbar: HKU\S-1-5-21-3286439377-479878827-1266509880-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
    S0 maagqb; no ImagePath
    S0 qozysh; no ImagePath
    S0 raeehd; no ImagePath
    S0 sjzgxw; no ImagePath
    S0 uotote; no ImagePath
    U0 iaStor; no ImagePath
    cmd: type "C:\Users\Bill\Desktop\aswMBR.txt"
    Task: {1EB4DF10-32A2-4E5C-A587-5D05F2D30B11} - \RealUpgradeLogonTaskS-1-5-21-3286439377-479878827-1266509880-1000 -> No File
    Task: {8D788959-ECF7-4EFB-ADE0-97A4F5C21318} - \RealUpgradeScheduledTaskS-1-5-21-3286439377-479878827-1266509880-1000 -> No File
    Task: {B162FCCF-6523-4FD5-B720-7A67F79C364E} - \{85E52F5C-2B7F-4478-A488-EE5C64C55FC7} -> No File
    Task: {CDA4F1E1-DEDB-414D-AB6E-5ED3AC626D8E} - \{BD265059-2CCE-43FD-A0E5-1C8EECBA8C98} -> No File
    Task: {D5ADF64E-3899-4A6A-8EE2-291B239B8060} - \SmartDefrag3_Update -> No File
    Task: {E8E36753-DF64-42EA-8540-57140E6685F3} - \CCleanerSkipUAC -> No File
    Task: {F2183B75-46FF-46C2-8858-4EA4571F80A1} - \Clean System Memory -> No File
    EmptyTemp:
    
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 WJL2112

WJL2112
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 06 February 2016 - 01:45 PM

Jürgen,

 

I will run the fixlist next.

 

First, wanted to mention that i figured out what was causing GMER to indicate a rootkit-like behavior.  It was Open Hardware Monitor.  Shutting down Open Hardware Monitor, then rerunning GMER and the rootkit indication goes away.

 

Will run fixlist now.

 

Bill



#12 WJL2112

WJL2112
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 06 February 2016 - 03:20 PM

Jürgen, The fix log from FRST. Thanks! _______________ Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016 Ran by Bill (2016-02-06 15:18:33) Run:1 Running from C:\Users\Bill\Desktop Loaded Profiles: Bill & (Available Profiles: Bill) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: GroupPolicyScripts-x32: Restriction HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKLM - No Name - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - No File Toolbar: HKU\S-1-5-21-3286439377-479878827-1266509880-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File S0 maagqb; no ImagePath S0 qozysh; no ImagePath S0 raeehd; no ImagePath S0 sjzgxw; no ImagePath S0 uotote; no ImagePath U0 iaStor; no ImagePath cmd: type "C:\Users\Bill\Desktop\aswMBR.txt" Task: {1EB4DF10-32A2-4E5C-A587-5D05F2D30B11} - \RealUpgradeLogonTaskS-1-5-21-3286439377-479878827-1266509880-1000 -> No File Task: {8D788959-ECF7-4EFB-ADE0-97A4F5C21318} - \RealUpgradeScheduledTaskS-1-5-21-3286439377-479878827-1266509880-1000 -> No File Task: {B162FCCF-6523-4FD5-B720-7A67F79C364E} - \{85E52F5C-2B7F-4478-A488-EE5C64C55FC7} -> No File Task: {CDA4F1E1-DEDB-414D-AB6E-5ED3AC626D8E} - \{BD265059-2CCE-43FD-A0E5-1C8EECBA8C98} -> No File Task: {D5ADF64E-3899-4A6A-8EE2-291B239B8060} - \SmartDefrag3_Update -> No File Task: {E8E36753-DF64-42EA-8540-57140E6685F3} - \CCleanerSkipUAC -> No File Task: {F2183B75-46FF-46C2-8858-4EA4571F80A1} - \Clean System Memory -> No File EmptyTemp: ***************** Processes closed successfully. C:\windows\SysWOW64\GroupPolicy\Machine => moved successfully C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully "HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => value not found. HKCR\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => key not found. HKU\S-1-5-21-3286439377-479878827-1266509880-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. maagqb => service removed successfully qozysh => service removed successfully raeehd => service removed successfully sjzgxw => service removed successfully uotote => service removed successfully iaStor => service removed successfully ========= type "C:\Users\Bill\Desktop\aswMBR.txt" ========= aswMBR version 1.0.1.2172 Copyright© 2014 AVAST Software Run date: 2016-02-02 18:41:55 ----------------------------- 18:41:55.670 OS Version: Windows x64 6.1.7601 Service Pack 1 18:41:55.670 Number of processors: 8 586 0x3A09 18:41:55.670 ComputerName: BILL-COREI7-PC UserName: Bill 18:41:59.712 Initialize success 18:41:59.722 VM: initialized successfully 18:41:59.723 VM: Intel CPU BiosDisabled 18:41:59.910 supported disk I/O ataport.SYS 18:42:01.980 AVAST engine defs: 16020201 18:42:16.302 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 18:42:16.304 Disk 0 Vendor: Size: 0MB BusType: 0 18:42:16.305 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000097 18:42:16.307 Disk 1 Vendor: Size: 0MB BusType: 0 18:42:16.308 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000098 18:42:16.309 Disk 2 Vendor: Size: 0MB BusType: 0 18:42:16.311 Disk 3 \Device\Harddisk3\DR3 -> \Device\00000099 18:42:16.312 Disk 3 Vendor: Size: 0MB BusType: 0 18:42:16.314 Disk 4 \Device\Harddisk4\DR4 -> \Device\0000009a 18:42:16.316 Disk 4 Vendor: Size: 0MB BusType: 0 18:42:16.572 Disk 0 MBR read successfully I/O 18:42:16.575 Disk 0 MBR scan 18:42:16.577 Disk 0 Windows 7 default MBR code 18:42:16.580 Disk 0 MBR hidden 18:42:16.691 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 18:42:16.710 Disk 0 default boot code 18:42:16.725 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1907627 MB offset 206848 18:42:16.744 Disk 0 scanning C:\windows\system32\drivers 18:42:27.212 Service scanning 18:42:44.511 Modules scanning 18:42:44.516 Disk 0 trace - called modules: 18:42:44.532 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 18:42:44.535 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d816790] 18:42:44.537 3 CLASSPNP.SYS[fffff880018fc43f] -> nt!IofCallDriver -> [0xfffffa800d6ee9b0] 18:42:44.539 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800d7f4060] 18:42:52.021 AVAST engine scan C:\ 22:32:47.499 Disk 0 statistics 37667242/1/0 @ 1.53 MB/s 22:32:47.503 Scan finished successfully 22:48:36.679 Disk 0 MBR has been saved successfully to "C:\Users\Bill\Desktop\MBR.dat" 22:48:36.679 The log file has been saved successfully to "C:\Users\Bill\Desktop\aswMBR.txt" ========= End of CMD: ========= "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1EB4DF10-32A2-4E5C-A587-5D05F2D30B11}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EB4DF10-32A2-4E5C-A587-5D05F2D30B11}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeLogonTaskS-1-5-21-3286439377-479878827-1266509880-1000" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D788959-ECF7-4EFB-ADE0-97A4F5C21318}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D788959-ECF7-4EFB-ADE0-97A4F5C21318}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeScheduledTaskS-1-5-21-3286439377-479878827-1266509880-1000" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B162FCCF-6523-4FD5-B720-7A67F79C364E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B162FCCF-6523-4FD5-B720-7A67F79C364E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{85E52F5C-2B7F-4478-A488-EE5C64C55FC7}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CDA4F1E1-DEDB-414D-AB6E-5ED3AC626D8E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CDA4F1E1-DEDB-414D-AB6E-5ED3AC626D8E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BD265059-2CCE-43FD-A0E5-1C8EECBA8C98}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D5ADF64E-3899-4A6A-8EE2-291B239B8060}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5ADF64E-3899-4A6A-8EE2-291B239B8060}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag3_Update" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8E36753-DF64-42EA-8540-57140E6685F3}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8E36753-DF64-42EA-8540-57140E6685F3}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2183B75-46FF-46C2-8858-4EA4571F80A1} => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Clean System Memory" => key removed successfully EmptyTemp: => 125.9 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 15:18:44 ====

#13 WJL2112

WJL2112
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 06 February 2016 - 04:16 PM

Jürgen,

 

The fix log from FRST.

 

Thanks!

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Bill (2016-02-06 15:18:33) Run:1
Running from C:\Users\Bill\Desktop
Loaded Profiles: Bill &  (Available Profiles: Bill)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
GroupPolicyScripts-x32: Restriction
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -  No File
Toolbar: HKU\S-1-5-21-3286439377-479878827-1266509880-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
S0 maagqb; no ImagePath
S0 qozysh; no ImagePath
S0 raeehd; no ImagePath
S0 sjzgxw; no ImagePath
S0 uotote; no ImagePath
U0 iaStor; no ImagePath
cmd: type "C:\Users\Bill\Desktop\aswMBR.txt"
Task: {1EB4DF10-32A2-4E5C-A587-5D05F2D30B11} - \RealUpgradeLogonTaskS-1-5-21-3286439377-479878827-1266509880-1000 -> No File
Task: {8D788959-ECF7-4EFB-ADE0-97A4F5C21318} - \RealUpgradeScheduledTaskS-1-5-21-3286439377-479878827-1266509880-1000 -> No File
Task: {B162FCCF-6523-4FD5-B720-7A67F79C364E} - \{85E52F5C-2B7F-4478-A488-EE5C64C55FC7} -> No File
Task: {CDA4F1E1-DEDB-414D-AB6E-5ED3AC626D8E} - \{BD265059-2CCE-43FD-A0E5-1C8EECBA8C98} -> No File
Task: {D5ADF64E-3899-4A6A-8EE2-291B239B8060} - \SmartDefrag3_Update -> No File
Task: {E8E36753-DF64-42EA-8540-57140E6685F3} - \CCleanerSkipUAC -> No File
Task: {F2183B75-46FF-46C2-8858-4EA4571F80A1} - \Clean System Memory -> No File
EmptyTemp:
*****************

Processes closed successfully.
C:\windows\SysWOW64\GroupPolicy\Machine => moved successfully
C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => value not found.
HKCR\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => key not found.
HKU\S-1-5-21-3286439377-479878827-1266509880-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
maagqb => service removed successfully
qozysh => service removed successfully
raeehd => service removed successfully
sjzgxw => service removed successfully
uotote => service removed successfully
iaStor => service removed successfully

=========  type "C:\Users\Bill\Desktop\aswMBR.txt" =========

aswMBR version 1.0.1.2172 Copyright© 2014 AVAST Software
Run date: 2016-02-02 18:41:55
-----------------------------
18:41:55.670    OS Version: Windows x64 6.1.7601 Service Pack 1
18:41:55.670    Number of processors: 8 586 0x3A09
18:41:55.670    ComputerName: BILL-COREI7-PC  UserName: Bill
18:41:59.712    Initialize success
18:41:59.722    VM: initialized successfully
18:41:59.723    VM: Intel CPU BiosDisabled
18:41:59.910    supported disk I/O ataport.SYS
18:42:01.980    AVAST engine defs: 16020201
18:42:16.302    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:42:16.304    Disk 0 Vendor:   Size: 0MB BusType: 0
18:42:16.305    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000097
18:42:16.307    Disk 1 Vendor:   Size: 0MB BusType: 0
18:42:16.308    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000098
18:42:16.309    Disk 2 Vendor:   Size: 0MB BusType: 0
18:42:16.311    Disk 3  \Device\Harddisk3\DR3 -> \Device\00000099
18:42:16.312    Disk 3 Vendor:   Size: 0MB BusType: 0
18:42:16.314    Disk 4  \Device\Harddisk4\DR4 -> \Device\0000009a
18:42:16.316    Disk 4 Vendor:   Size: 0MB BusType: 0
18:42:16.572    Disk 0 MBR read successfully I/O
18:42:16.575    Disk 0 MBR scan
18:42:16.577    Disk 0 Windows 7 default MBR code
18:42:16.580    Disk 0 MBR hidden
18:42:16.691    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
18:42:16.710    Disk 0 default boot code
18:42:16.725    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS      1907627 MB offset 206848
18:42:16.744    Disk 0 scanning C:\windows\system32\drivers
18:42:27.212    Service scanning
18:42:44.511    Modules scanning
18:42:44.516    Disk 0 trace - called modules:
18:42:44.532    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:42:44.535    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d816790]
18:42:44.537    3 CLASSPNP.SYS[fffff880018fc43f] -> nt!IofCallDriver -> [0xfffffa800d6ee9b0]
18:42:44.539    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800d7f4060]
18:42:52.021    AVAST engine scan C:\
22:32:47.499    Disk 0 statistics 37667242/1/0 @ 1.53 MB/s
22:32:47.503    Scan finished successfully
22:48:36.679    Disk 0 MBR has been saved successfully to "C:\Users\Bill\Desktop\MBR.dat"
22:48:36.679    The log file has been saved successfully to "C:\Users\Bill\Desktop\aswMBR.txt"



========= End of CMD: =========

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1EB4DF10-32A2-4E5C-A587-5D05F2D30B11}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EB4DF10-32A2-4E5C-A587-5D05F2D30B11}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeLogonTaskS-1-5-21-3286439377-479878827-1266509880-1000" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D788959-ECF7-4EFB-ADE0-97A4F5C21318}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D788959-ECF7-4EFB-ADE0-97A4F5C21318}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeScheduledTaskS-1-5-21-3286439377-479878827-1266509880-1000" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B162FCCF-6523-4FD5-B720-7A67F79C364E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B162FCCF-6523-4FD5-B720-7A67F79C364E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{85E52F5C-2B7F-4478-A488-EE5C64C55FC7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CDA4F1E1-DEDB-414D-AB6E-5ED3AC626D8E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CDA4F1E1-DEDB-414D-AB6E-5ED3AC626D8E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BD265059-2CCE-43FD-A0E5-1C8EECBA8C98}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D5ADF64E-3899-4A6A-8EE2-291B239B8060}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5ADF64E-3899-4A6A-8EE2-291B239B8060}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag3_Update" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8E36753-DF64-42EA-8540-57140E6685F3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8E36753-DF64-42EA-8540-57140E6685F3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2183B75-46FF-46C2-8858-4EA4571F80A1} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Clean System Memory" => key removed successfully
EmptyTemp: => 125.9 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 15:18:44 ====



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:18 AM

Posted 07 February 2016 - 09:34 AM

:thumbup2:

cleandeeprybka.gif


That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody, however...
If I have helped you fix your PC, then please consider donating to continue the fight against malware: btn_donate_SM.gif
Thank you!


 
Help BleepingComputer Defend Freedom of Speech
http://www.bleepingcomputer.com/announcement/frivolous-lawsuits/help-bleepingcomputer-defend-freedom-of-speech/

 

 

Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated:

 

Adobe Flash Player 15 ActiveX
Java 8 Update 40

 

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 WJL2112

WJL2112
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 07 February 2016 - 07:17 PM

Jürgen,

 

Thanks for your time and help!

 

Will read up on the info you suggested.

 

Bill






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users