Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got a notice of a keylogger from a vendor


  • Please log in to reply
10 replies to this topic

#1 redwhiteblue

redwhiteblue

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 28 March 2016 - 02:42 PM

A vendor I use sent me a notice that they believe I am infected with a keylogger. 
 
Looking at other threads of this type, I have gone ahead and run a few scans from safe mode/with networking, so here are the logs. 
 
Any help would be greatly appreciated...
 
---------------------

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Kirk (administrator) on 28-03-2016 at 13:30:19
Running from "C:\Users\Kirk\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Model: 500-267c Manufacturer: Hewlett-Packard
Boot Mode: Network
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter = Wireless Network Connection (Hardware not present)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Kirk-HPi3
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 0C-54-A5-06-77-48
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::212f:dd66:d077:6153%12(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.219(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, March 28, 2016 1:27:06 PM
   Lease Expires . . . . . . . . . . : Monday, April 04, 2016 1:27:04 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 252466341
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-29-2A-DC-0C-54-A5-06-77-48
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{0A7CE1BB-1060-423D-BF7D-863875190C01}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  router.asus.com
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:4009:80a::200e
 216.58.216.238
 
 
Pinging google.com [216.58.216.238] with 32 bytes of data:
Reply from 216.58.216.238: bytes=32 time=19ms TTL=52
Reply from 216.58.216.238: bytes=32 time=19ms TTL=52
 
Ping statistics for 216.58.216.238:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 19ms, Maximum = 19ms, Average = 19ms
Server:  router.asus.com
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 2001:4998:44:204::a7
 98.138.253.109
 98.139.183.24
 206.190.36.45
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=79ms TTL=45
Reply from 206.190.36.45: bytes=32 time=79ms TTL=45
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 79ms, Maximum = 79ms, Average = 79ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...0c 54 a5 06 77 48 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 11...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.219     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.219    266
    192.168.1.219  255.255.255.255         On-link     192.168.1.219    266
    192.168.1.255  255.255.255.255         On-link     192.168.1.219    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.219    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.219    266
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 12    266 fe80::/64                On-link
 12    266 fe80::212f:dd66:d077:6153/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/28/2016 01:28:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/28/2016 01:22:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/28/2016 12:33:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: FOXITREADER.EXE, version: 7.3.0.118, time stamp: 0x569bdaaa
Faulting module name: FOXITREADER.EXE, version: 7.3.0.118, time stamp: 0x569bdaaa
Exception code: 0xc0000005
Fault offset: 0x001b3c94
Faulting process id: 0x2b68
Faulting application start time: 0xFOXITREADER.EXE0
Faulting application path: FOXITREADER.EXE1
Faulting module path: FOXITREADER.EXE2
Report Id: FOXITREADER.EXE3
 
Error: (03/23/2016 10:30:46 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/22/2016 04:54:23 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/22/2016 04:53:12 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/22/2016 04:52:03 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/22/2016 01:30:05 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/22/2016 01:28:53 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/21/2016 12:08:42 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (03/28/2016 01:29:17 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (03/28/2016 01:29:17 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (03/28/2016 01:29:17 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (03/28/2016 01:27:21 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (03/28/2016 01:27:20 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (03/28/2016 01:27:19 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (03/28/2016 01:27:14 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (03/28/2016 01:27:09 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (03/28/2016 01:27:09 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (03/28/2016 01:27:09 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (03/28/2016 01:28:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/28/2016 01:22:53 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/28/2016 12:33:12 PM) (Source: Application Error)(User: )
Description: FOXITREADER.EXE7.3.0.118569bdaaaFOXITREADER.EXE7.3.0.118569bdaaac0000005001b3c942b6801d1890cfeee3807C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FOXITREADER.EXEC:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FOXITREADER.EXE24fcf2aa-f50b-11e5-9c02-0c54a5067748
 
Error: (03/23/2016 10:30:46 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL
 
Error: (03/22/2016 04:54:23 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL
 
Error: (03/22/2016 04:53:12 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL
 
Error: (03/22/2016 04:52:03 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL
 
Error: (03/22/2016 01:30:05 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL
 
Error: (03/22/2016 01:28:53 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL
 
Error: (03/21/2016 12:08:42 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL
 
 
=========================== Installed Programs ============================
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
AdWords Editor (HKLM-x32\...\{9660BE00-DC13-11E5-8BE6-B8AC6F88925A}) (Version: 11.3.2.0 - Google)
Bing Ads Editor (HKCU\...\{1c8e2994-73aa-451d-b79a-127c3a80b023}) (Version: 10.7.2091.7702 - Microsoft Corporation)
Bing Ads Editor (HKLM-x32\...\{7B559C3E-3008-4210-B651-3BEAA1FAD170}) (Version: 10.7.2091.7702 - Microsoft Corporation) Hidden
Calyx Installer (HKCU\...\70930c74b7b66430) (Version: 1.0.0.372 - Calyx Software)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{6740FE60-43C1-4D15-8C4A-001624134B14}) (Version: 1.0.312 - Citrix)
DishWorld (HKLM-x32\...\{4B261F51-A7E7-471D-A72F-7296777197A4}) (Version: 2.7.162 - Echostar)
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.0.118 - Foxit Software Inc.)
Google Apps Migration For Microsoft Outlook® 4.0.29.9 (HKLM-x32\...\{E8248BD6-6294-4CF6-9CF9-BDAAC0CC8253}) (Version: 4.0.29.9 - Google, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.8.440.1250 (HKLM-x32\...\{091C294E-F243-432C-93E1-DEC4C2B9635B}) (Version: 3.8.440.1250 - Google, Inc.)
Google Chrome (HKLM-x32\...\{A4DE5CD7-96D6-3979-8C39-E864396AFFC0}) (Version: 49.0.2623.87 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.5.0.1165 - Citrix Systems, Inc.)
HP Support Solutions Framework (HKLM-x32\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company)
Inkscape 0.48.5 (HKLM-x32\...\Inkscape) (Version: 0.48.5 - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3368 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
join.me (HKCU\...\JoinMe) (Version: 2.13.0.1917 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{30FF5906-91BB-35BF-9AB8-9EE0B007FD75}) (Version: 4.5.52213 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{6DC0850D-DCCA-4E75-8A4A-E374EB38C2B4}) (Version: 9.5.1.5 - Nitro)
Point 9.1 (HKLM-x32\...\{34BBD1C1-C3BD-4D87-AABE-D41945CEAC59}) (Version: 9.1.1559 - Calyx Software)
Point 9.2 SP9a (HKLM-x32\...\{99F2C17D-F9E6-4BE0-B17B-E4816C8B2479}) (Version: 9.2.1776 - Calyx Software)
Point Old Verison Clean up Tool (HKCU\...\Point Old Verison Clean up Tool) (Version:  - )
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 4.3 - Popcorn Time)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30153 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SlimPDF Reader 1.0 (HKLM-x32\...\{7E1FEE27-F869-4D4B-8AA3-64C7FD99BD7C}_is1) (Version: 1.0 - Investintech.com Inc.)
Sling (HKLM-x32\...\{4510CDA5-C397-4A9E-A838-DE3A00530170}) (Version: 4.8.138 - Echostar)
Sling International (HKLM-x32\...\{758D84F4-C3A1-4561-AB81-5F985524A626}) (Version: 4.8.110 - Echostar)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 18%
Total physical RAM: 8097.41 MB
Available physical RAM: 6559.63 MB
Total Virtual: 16193.01 MB
Available Virtual: 14694.94 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:922.33 GB) (Free:659.71 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:8.95 GB) (Free:1.05 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\KIRK-HPI3
 
Administrator            Guest                    Kirk                     
 
 
**** End of log ****
 
 
-----------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------
 
 
13:32:01.0007 0x0b28  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
13:32:01.0007 0x0b28  UEFI system
13:32:06.0719 0x0b28  ============================================================
13:32:06.0719 0x0b28  Current date / time: 2016/03/28 13:32:06.0719
13:32:06.0719 0x0b28  SystemInfo:
13:32:06.0719 0x0b28  
13:32:06.0719 0x0b28  OS Version: 6.1.7601 ServicePack: 1.0
13:32:06.0719 0x0b28  Product type: Workstation
13:32:06.0719 0x0b28  ComputerName: KIRK-HPI3
13:32:06.0719 0x0b28  UserName: Kirk
13:32:06.0719 0x0b28  Windows directory: C:\Windows
13:32:06.0719 0x0b28  System windows directory: C:\Windows
13:32:06.0719 0x0b28  Running under WOW64
13:32:06.0719 0x0b28  Processor architecture: Intel x64
13:32:06.0719 0x0b28  Number of processors: 4
13:32:06.0719 0x0b28  Page size: 0x1000
13:32:06.0719 0x0b28  Boot type: Safe boot with network
13:32:06.0719 0x0b28  ============================================================
13:32:09.0054 0x0b28  KLMD registered as C:\Windows\system32\drivers\54272175.sys
13:32:09.0211 0x0b28  System UUID: {842A1BA9-0A7E-0FC4-534D-AA62F2E556A8}
13:32:09.0500 0x0b28  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:32:09.0502 0x0b28  ============================================================
13:32:09.0502 0x0b28  \Device\Harddisk0\DR0:
13:32:09.0502 0x0b28  GPT partitions:
13:32:09.0525 0x0b28  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {3EB04335-00EE-463E-9531-0BA2EE9E5D1C}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
13:32:09.0525 0x0b28  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {77BB50FA-FAB0-4F4A-B6AC-DB3FFA713C74}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
13:32:09.0525 0x0b28  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {057EB408-CD30-46FB-802C-C862DD8CB278}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0x734AA800
13:32:09.0525 0x0b28  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {08370B08-EA6C-4922-910F-1E5CB8B3B278}, Name: Basic data partition, StartLBA 0x7351D000, BlocksNum 0x11E7000
13:32:09.0525 0x0b28  MBR partitions:
13:32:09.0525 0x0b28  ============================================================
13:32:09.0552 0x0b28  C: <-> \Device\Harddisk0\DR0\Partition3
13:32:09.0588 0x0b28  D: <-> \Device\Harddisk0\DR0\Partition4
13:32:09.0588 0x0b28  ============================================================
13:32:09.0588 0x0b28  Initialize success
13:32:09.0588 0x0b28  ============================================================
13:32:57.0512 0x0b0c  ============================================================
13:32:57.0512 0x0b0c  Scan started
13:32:57.0512 0x0b0c  Mode: Manual; TDLFS; 
13:32:57.0512 0x0b0c  ============================================================
13:32:57.0512 0x0b0c  KSN ping started
13:32:57.0593 0x0b0c  KSN ping finished: true
13:32:58.0050 0x0b0c  ================ Scan system memory ========================
13:32:58.0050 0x0b0c  System memory - ok
13:32:58.0050 0x0b0c  ================ Scan services =============================
13:32:58.0123 0x0b0c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:32:58.0127 0x0b0c  1394ohci - ok
13:32:58.0153 0x0b0c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:32:58.0158 0x0b0c  ACPI - ok
13:32:58.0161 0x0b0c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:32:58.0161 0x0b0c  AcpiPmi - ok
13:32:58.0181 0x0b0c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:32:58.0188 0x0b0c  adp94xx - ok
13:32:58.0202 0x0b0c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:32:58.0207 0x0b0c  adpahci - ok
13:32:58.0213 0x0b0c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:32:58.0215 0x0b0c  adpu320 - ok
13:32:58.0233 0x0b0c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:32:58.0234 0x0b0c  AeLookupSvc - ok
13:32:58.0278 0x0b0c  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
13:32:58.0285 0x0b0c  AFD - ok
13:32:58.0295 0x0b0c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
13:32:58.0296 0x0b0c  agp440 - ok
13:32:58.0306 0x0b0c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
13:32:58.0308 0x0b0c  ALG - ok
13:32:58.0323 0x0b0c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:32:58.0323 0x0b0c  aliide - ok
13:32:58.0330 0x0b0c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
13:32:58.0331 0x0b0c  amdide - ok
13:32:58.0339 0x0b0c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:32:58.0340 0x0b0c  AmdK8 - ok
13:32:58.0348 0x0b0c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
13:32:58.0349 0x0b0c  AmdPPM - ok
13:32:58.0358 0x0b0c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:32:58.0360 0x0b0c  amdsata - ok
13:32:58.0372 0x0b0c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
13:32:58.0375 0x0b0c  amdsbs - ok
13:32:58.0383 0x0b0c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:32:58.0384 0x0b0c  amdxata - ok
13:32:58.0435 0x0b0c  [ 59D01FA91962C9C1E9B4022B2D3B46DB, 3A111588538B77F010B5C900FB8425DDE55A08DBAC308CA7FB7BD9FCCCDEC69F ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
13:32:58.0437 0x0b0c  AppHostSvc - ok
13:32:58.0445 0x0b0c  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
13:32:58.0446 0x0b0c  AppID - ok
13:32:58.0460 0x0b0c  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:32:58.0461 0x0b0c  AppIDSvc - ok
13:32:58.0478 0x0b0c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
13:32:58.0480 0x0b0c  Appinfo - ok
13:32:58.0490 0x0b0c  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
13:32:58.0494 0x0b0c  AppMgmt - ok
13:32:58.0506 0x0b0c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
13:32:58.0508 0x0b0c  arc - ok
13:32:58.0519 0x0b0c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:32:58.0521 0x0b0c  arcsas - ok
13:32:58.0534 0x0b0c  [ 425A881DFFB426660A6861DC44927DD3, 575878CD7B7E2E6DD9D7051D0637C72D5795F863D32EA47B6A0B8A336D520D47 ] asmthub3        C:\Windows\system32\drivers\asmthub3.sys
13:32:58.0537 0x0b0c  asmthub3 - ok
13:32:58.0559 0x0b0c  [ 0B19AE36FAAE5294B19B0AD4E5F2F37E, 654627BCE074752A06CAE501778AE044589E20E9568367F00A66C45E2A00B143 ] asmtxhci        C:\Windows\system32\drivers\asmtxhci.sys
13:32:58.0565 0x0b0c  asmtxhci - ok
13:32:58.0616 0x0b0c  [ 993881DC27AB956F92F794BC8F60FAF9, 65702AFD9DD14F81F99247239195AF8FBB1156E4C163734A8E61DE4782B5B91F ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:32:58.0632 0x0b0c  aspnet_state - ok
13:32:58.0643 0x0b0c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:32:58.0644 0x0b0c  AsyncMac - ok
13:32:58.0657 0x0b0c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:32:58.0658 0x0b0c  atapi - ok
13:32:58.0717 0x0b0c  [ A6BF71998A97CE2E3ED3E2F2A9F5FB71, C185A3AB9BEC672B3ABF557131080780A8BE0338E9443E4C630D62587F81D90A ] atashost        C:\Windows\SysWOW64\atashost.exe
13:32:58.0720 0x0b0c  atashost - ok
13:32:58.0800 0x0b0c  [ 55A45828A3E81BA82456BAD1A109E3F5, FA8587700287DC7CEFA537BC5928AB306D6D8C1D7D28334577FF38B20464684C ] athr            C:\Windows\system32\DRIVERS\athrx.sys
13:32:58.0869 0x0b0c  athr - ok
13:32:58.0897 0x0b0c  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:32:58.0907 0x0b0c  AudioEndpointBuilder - ok
13:32:58.0918 0x0b0c  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:32:58.0926 0x0b0c  AudioSrv - ok
13:32:58.0939 0x0b0c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:32:58.0941 0x0b0c  AxInstSV - ok
13:32:58.0956 0x0b0c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
13:32:58.0964 0x0b0c  b06bdrv - ok
13:32:58.0997 0x0b0c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:32:59.0001 0x0b0c  b57nd60a - ok
13:32:59.0011 0x0b0c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:32:59.0012 0x0b0c  BDESVC - ok
13:32:59.0024 0x0b0c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:32:59.0025 0x0b0c  Beep - ok
13:32:59.0051 0x0b0c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
13:32:59.0061 0x0b0c  BFE - ok
13:32:59.0092 0x0b0c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
13:32:59.0142 0x0b0c  BITS - ok
13:32:59.0146 0x0b0c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:32:59.0147 0x0b0c  blbdrive - ok
13:32:59.0166 0x0b0c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:32:59.0167 0x0b0c  bowser - ok
13:32:59.0186 0x0b0c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
13:32:59.0187 0x0b0c  BrFiltLo - ok
13:32:59.0197 0x0b0c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
13:32:59.0198 0x0b0c  BrFiltUp - ok
13:32:59.0206 0x0b0c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
13:32:59.0208 0x0b0c  Browser - ok
13:32:59.0226 0x0b0c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:32:59.0230 0x0b0c  Brserid - ok
13:32:59.0241 0x0b0c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:32:59.0242 0x0b0c  BrSerWdm - ok
13:32:59.0249 0x0b0c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:32:59.0250 0x0b0c  BrUsbMdm - ok
13:32:59.0260 0x0b0c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:32:59.0261 0x0b0c  BrUsbSer - ok
13:32:59.0275 0x0b0c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:32:59.0277 0x0b0c  BTHMODEM - ok
13:32:59.0289 0x0b0c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
13:32:59.0291 0x0b0c  bthserv - ok
13:32:59.0304 0x0b0c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:32:59.0306 0x0b0c  cdfs - ok
13:32:59.0327 0x0b0c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:32:59.0329 0x0b0c  cdrom - ok
13:32:59.0341 0x0b0c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:32:59.0343 0x0b0c  CertPropSvc - ok
13:32:59.0354 0x0b0c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
13:32:59.0355 0x0b0c  circlass - ok
13:32:59.0370 0x0b0c  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
13:32:59.0376 0x0b0c  CLFS - ok
13:32:59.0433 0x0b0c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:32:59.0435 0x0b0c  clr_optimization_v2.0.50727_32 - ok
13:32:59.0480 0x0b0c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:32:59.0482 0x0b0c  clr_optimization_v2.0.50727_64 - ok
13:32:59.0513 0x0b0c  [ F3C5A948079B128E70AFB38FFBD20533, 5FDD012AF3F2D59B3BB549062E140FE2AD3D2E4E89B06CDC7FACED339E0D71AA ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:32:59.0533 0x0b0c  clr_optimization_v4.0.30319_32 - ok
13:32:59.0543 0x0b0c  [ E5F135E045A334C389CB1A1EECF1DB31, EAB89323D38B70C479D3AFE202158E8E8219E7CCAEC3A8B6AC2CD739BBD173F6 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:32:59.0556 0x0b0c  clr_optimization_v4.0.30319_64 - ok
13:32:59.0568 0x0b0c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
13:32:59.0568 0x0b0c  CmBatt - ok
13:32:59.0578 0x0b0c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:32:59.0579 0x0b0c  cmdide - ok
13:32:59.0593 0x0b0c  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
13:32:59.0600 0x0b0c  CNG - ok
13:32:59.0637 0x0b0c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
13:32:59.0638 0x0b0c  Compbatt - ok
13:32:59.0663 0x0b0c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
13:32:59.0663 0x0b0c  CompositeBus - ok
13:32:59.0666 0x0b0c  COMSysApp - ok
13:32:59.0699 0x0b0c  [ 79C32FFFAB0DFD468B0C1B761C896496, 70A56D7CE2891F06E4D08F1F763C660B099929BBF5704C175EC007FF3A1646AF ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
13:32:59.0712 0x0b0c  cphs - ok
13:32:59.0719 0x0b0c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:32:59.0720 0x0b0c  crcdisk - ok
13:32:59.0741 0x0b0c  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:32:59.0744 0x0b0c  CryptSvc - ok
13:32:59.0766 0x0b0c  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
13:32:59.0773 0x0b0c  CSC - ok
13:32:59.0794 0x0b0c  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
13:32:59.0804 0x0b0c  CscService - ok
13:32:59.0833 0x0b0c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:32:59.0847 0x0b0c  DcomLaunch - ok
13:32:59.0872 0x0b0c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
13:32:59.0876 0x0b0c  defragsvc - ok
13:32:59.0887 0x0b0c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:32:59.0888 0x0b0c  DfsC - ok
13:32:59.0905 0x0b0c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:32:59.0910 0x0b0c  Dhcp - ok
13:32:59.0915 0x0b0c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
13:32:59.0916 0x0b0c  discache - ok
13:32:59.0929 0x0b0c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
13:32:59.0930 0x0b0c  Disk - ok
13:32:59.0942 0x0b0c  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
13:32:59.0943 0x0b0c  dmvsc - ok
13:32:59.0959 0x0b0c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:32:59.0962 0x0b0c  Dnscache - ok
13:32:59.0975 0x0b0c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:32:59.0979 0x0b0c  dot3svc - ok
13:32:59.0985 0x0b0c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
13:32:59.0988 0x0b0c  DPS - ok
13:32:59.0998 0x0b0c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:32:59.0998 0x0b0c  drmkaud - ok
13:33:00.0047 0x0b0c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:33:00.0073 0x0b0c  DXGKrnl - ok
13:33:00.0078 0x0b0c  [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD, 967829CE37158020F6026C588260FCFC6F9852DDDACD622FAF7AB75121DF5B3D ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
13:33:00.0080 0x0b0c  E1G60 - ok
13:33:00.0097 0x0b0c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
13:33:00.0099 0x0b0c  EapHost - ok
13:33:00.0166 0x0b0c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
13:33:00.0225 0x0b0c  ebdrv - ok
13:33:00.0249 0x0b0c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
13:33:00.0250 0x0b0c  EFS - ok
13:33:00.0287 0x0b0c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:33:00.0297 0x0b0c  ehRecvr - ok
13:33:00.0303 0x0b0c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
13:33:00.0306 0x0b0c  ehSched - ok
13:33:00.0322 0x0b0c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:33:00.0330 0x0b0c  elxstor - ok
13:33:00.0338 0x0b0c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:33:00.0339 0x0b0c  ErrDev - ok
13:33:00.0363 0x0b0c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
13:33:00.0369 0x0b0c  EventSystem - ok
13:33:00.0382 0x0b0c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:33:00.0385 0x0b0c  exfat - ok
13:33:00.0394 0x0b0c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:33:00.0398 0x0b0c  fastfat - ok
13:33:00.0413 0x0b0c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
13:33:00.0423 0x0b0c  Fax - ok
13:33:00.0426 0x0b0c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
13:33:00.0427 0x0b0c  fdc - ok
13:33:00.0437 0x0b0c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
13:33:00.0437 0x0b0c  fdPHost - ok
13:33:00.0444 0x0b0c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:33:00.0445 0x0b0c  FDResPub - ok
13:33:00.0454 0x0b0c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:33:00.0455 0x0b0c  FileInfo - ok
13:33:00.0462 0x0b0c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:33:00.0463 0x0b0c  Filetrace - ok
13:33:00.0466 0x0b0c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
13:33:00.0466 0x0b0c  flpydisk - ok
13:33:00.0475 0x0b0c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:33:00.0480 0x0b0c  FltMgr - ok
13:33:00.0506 0x0b0c  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
13:33:00.0531 0x0b0c  FontCache - ok
13:33:00.0560 0x0b0c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:33:00.0561 0x0b0c  FontCache3.0.0.0 - ok
13:33:00.0575 0x0b0c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:33:00.0576 0x0b0c  FsDepends - ok
13:33:00.0583 0x0b0c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:33:00.0584 0x0b0c  Fs_Rec - ok
13:33:00.0596 0x0b0c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:33:00.0600 0x0b0c  fvevol - ok
13:33:00.0612 0x0b0c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:33:00.0613 0x0b0c  gagp30kx - ok
13:33:00.0701 0x0b0c  [ 962B8162B2F7BF28AC8690921A87F5E3, C8E66726B6703153CC4158CD37ACEEF9E8F25A4E6B53D4C8B42F9A3F9D29BBF1 ] GoToAssist      C:\Program Files (x86)\Citrix\GoToAssist Corporate\1165\G2AC_Service.exe
13:33:00.0706 0x0b0c  GoToAssist - ok
13:33:00.0727 0x0b0c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:33:00.0743 0x0b0c  gpsvc - ok
13:33:00.0792 0x0b0c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:33:00.0794 0x0b0c  gupdate - ok
13:33:00.0798 0x0b0c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:33:00.0799 0x0b0c  gupdatem - ok
13:33:00.0807 0x0b0c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:33:00.0807 0x0b0c  hcw85cir - ok
13:33:00.0820 0x0b0c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:33:00.0825 0x0b0c  HdAudAddService - ok
13:33:00.0847 0x0b0c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:33:00.0849 0x0b0c  HDAudBus - ok
13:33:00.0861 0x0b0c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
13:33:00.0862 0x0b0c  HidBatt - ok
13:33:00.0866 0x0b0c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:33:00.0867 0x0b0c  HidBth - ok
13:33:00.0870 0x0b0c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:33:00.0871 0x0b0c  HidIr - ok
13:33:00.0881 0x0b0c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
13:33:00.0883 0x0b0c  hidserv - ok
13:33:00.0900 0x0b0c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:33:00.0901 0x0b0c  HidUsb - ok
13:33:00.0918 0x0b0c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:33:00.0920 0x0b0c  hkmsvc - ok
13:33:00.0932 0x0b0c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:33:00.0936 0x0b0c  HomeGroupListener - ok
13:33:00.0954 0x0b0c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:33:00.0957 0x0b0c  HomeGroupProvider - ok
13:33:00.0971 0x0b0c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:33:00.0973 0x0b0c  HpSAMD - ok
13:33:01.0018 0x0b0c  [ A3E5E2967011E94A61499DF7A777FAC8, 4632AC66AA9257C1427A52C915B3FBE92336CB53A0231312B6AED9290FE7EE81 ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
13:33:01.0020 0x0b0c  HPSupportSolutionsFrameworkService - ok
13:33:01.0054 0x0b0c  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:33:01.0068 0x0b0c  HTTP - ok
13:33:01.0079 0x0b0c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:33:01.0080 0x0b0c  hwpolicy - ok
13:33:01.0104 0x0b0c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
13:33:01.0106 0x0b0c  i8042prt - ok
13:33:01.0127 0x0b0c  [ CCFA835960E35F30D28A868E0B3B8722, 47D95E75685F9D40229902A92426FBCB358EA929202EAFBBF79C72873B8B9032 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
13:33:01.0135 0x0b0c  iaStor - ok
13:33:01.0186 0x0b0c  [ 71341219FBB4BAB7F2462C4267DAB594, 0C6B684781D27F423D20186A40D7513DD6ABC38AD286D013791B37CBF5477A55 ] iaStorA         C:\Windows\system32\DRIVERS\iaStorA.sys
13:33:01.0194 0x0b0c  iaStorA - ok
13:33:01.0214 0x0b0c  [ B9D5AE799CB622C144AE5399C55EF29B, 5C2858590436EEDDE029C5448AEC3ACBB1C0FCED23F305302BAF831C6EC1654A ] iaStorF         C:\Windows\system32\DRIVERS\iaStorF.sys
13:33:01.0215 0x0b0c  iaStorF - ok
13:33:01.0223 0x0b0c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:33:01.0229 0x0b0c  iaStorV - ok
13:33:01.0271 0x0b0c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:33:01.0288 0x0b0c  idsvc - ok
13:33:01.0290 0x0b0c  IEEtwCollectorService - ok
13:33:01.0385 0x0b0c  [ F618A6E08277A9FB7D206E074FA813EA, BB9EFEA6732D7024D36BFEE284BAE88F3274CFD82422C081EAA126D76A246CEF ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
13:33:01.0461 0x0b0c  igfx - ok
13:33:01.0476 0x0b0c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:33:01.0478 0x0b0c  iirsp - ok
13:33:01.0507 0x0b0c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
13:33:01.0524 0x0b0c  IKEEXT - ok
13:33:01.0586 0x0b0c  [ DDA8E5AD97231AB50B81FED04C28F64C, 5C9E8F7CC45A9AE7FF12A02641562E271D84894DFA7C50218AC2AAA298251B60 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
13:33:01.0601 0x0b0c  Intel® Capability Licensing Service Interface - ok
13:33:01.0634 0x0b0c  [ 86FE509640D77FB0998FC8B1FF5523C6, 13E895DEB9B84379251699D7E52C5E3FD888994425DE01B6C4634F9E959D5584 ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
13:33:01.0649 0x0b0c  Intel® Capability Licensing Service TCP IP Interface - ok
13:33:01.0693 0x0b0c  [ EE65488B7294FBCB113EAC9FD492345C, D1D6B22CD94324387171B188D295AA716900654DA1DC9F3DC18D0CD528F2BBEA ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
13:33:01.0695 0x0b0c  Intel® ME Service - ok
13:33:01.0706 0x0b0c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:33:01.0707 0x0b0c  intelide - ok
13:33:01.0714 0x0b0c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:33:01.0715 0x0b0c  intelppm - ok
13:33:01.0728 0x0b0c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:33:01.0730 0x0b0c  IPBusEnum - ok
13:33:01.0745 0x0b0c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:33:01.0747 0x0b0c  IpFilterDriver - ok
13:33:01.0766 0x0b0c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:33:01.0775 0x0b0c  iphlpsvc - ok
13:33:01.0778 0x0b0c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:33:01.0780 0x0b0c  IPMIDRV - ok
13:33:01.0784 0x0b0c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:33:01.0786 0x0b0c  IPNAT - ok
13:33:01.0795 0x0b0c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:33:01.0795 0x0b0c  IRENUM - ok
13:33:01.0805 0x0b0c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:33:01.0806 0x0b0c  isapnp - ok
13:33:01.0817 0x0b0c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:33:01.0821 0x0b0c  iScsiPrt - ok
13:33:01.0845 0x0b0c  [ 626F5EAE794819A88F3A1437A6C75951, 491E9DFE7C08869585A5E56830110E245255C5DE71430051EC3948A81CF005C3 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
13:33:01.0846 0x0b0c  iusb3hcs - ok
13:33:01.0863 0x0b0c  [ 21A002692B2A07D225E26F70E78D0BFC, 4809D0DD5CA1E0A9C7A0D2BD2E1C7775077CB99F62ED47844EBF3C0B1E91ED45 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
13:33:01.0868 0x0b0c  iusb3hub - ok
13:33:01.0896 0x0b0c  [ FBD43626F80EE4ACA8A6662EA318AFEF, 182DCFDE330399249F038D440FD73806009C809D2B61CE610194AA2131C02733 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
13:33:01.0906 0x0b0c  iusb3xhc - ok
13:33:01.0926 0x0b0c  [ BF5D3A2624177C413680DEF19A465AF8, B9909D3E6CB6F9971293116387865AD15CB9D47513C7FAA9C36BE4D2847A41EB ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
13:33:01.0929 0x0b0c  jhi_service - ok
13:33:01.0939 0x0b0c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:33:01.0940 0x0b0c  kbdclass - ok
13:33:01.0955 0x0b0c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:33:01.0955 0x0b0c  kbdhid - ok
13:33:01.0966 0x0b0c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
13:33:01.0967 0x0b0c  KeyIso - ok
13:33:01.0977 0x0b0c  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:33:01.0978 0x0b0c  KSecDD - ok
13:33:01.0993 0x0b0c  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:33:01.0995 0x0b0c  KSecPkg - ok
13:33:02.0004 0x0b0c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:33:02.0005 0x0b0c  ksthunk - ok
13:33:02.0029 0x0b0c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:33:02.0035 0x0b0c  KtmRm - ok
13:33:02.0048 0x0b0c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:33:02.0052 0x0b0c  LanmanServer - ok
13:33:02.0074 0x0b0c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:33:02.0077 0x0b0c  LanmanWorkstation - ok
13:33:02.0094 0x0b0c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:33:02.0095 0x0b0c  lltdio - ok
13:33:02.0115 0x0b0c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:33:02.0120 0x0b0c  lltdsvc - ok
13:33:02.0123 0x0b0c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:33:02.0124 0x0b0c  lmhosts - ok
13:33:02.0145 0x0b0c  [ 3EA307C51069BC72DD74A4964F2A30A9, EB8F9C936AE43B7E31CB6C46F76FB918509D529E897C0E82B865A2854458996A ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:33:02.0151 0x0b0c  LMS - ok
13:33:02.0166 0x0b0c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:33:02.0168 0x0b0c  LSI_FC - ok
13:33:02.0174 0x0b0c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:33:02.0176 0x0b0c  LSI_SAS - ok
13:33:02.0193 0x0b0c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
13:33:02.0194 0x0b0c  LSI_SAS2 - ok
13:33:02.0207 0x0b0c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:33:02.0209 0x0b0c  LSI_SCSI - ok
13:33:02.0224 0x0b0c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
13:33:02.0226 0x0b0c  luafv - ok
13:33:02.0259 0x0b0c  [ 78BFF5425E044086E74E78650A359FBB, 294738C10F3ED933D4EC40EA0659372FCF19A3C6D45D356917438CA495F2CB45 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
13:33:02.0260 0x0b0c  MBAMProtector - ok
13:33:02.0322 0x0b0c  [ 9611577752E293259C7DCE19E9026362, 8CB5DFD63FA15603BB6FA6B501E09ED7F4DE0E8F68CB28B78CECAC3711BEFD24 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
13:33:02.0365 0x0b0c  MBAMScheduler - ok
13:33:02.0401 0x0b0c  [ F1A89A34388B5626F1548D393B23ECB1, EA00AC76C4C8C9340753B58A3313C9177A9B98F9F1BDE08F184CD0F53D0C186F ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
13:33:02.0425 0x0b0c  MBAMService - ok
13:33:02.0444 0x0b0c  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
13:33:02.0447 0x0b0c  MBAMSwissArmy - ok
13:33:02.0459 0x0b0c  [ 452ACB7A9914398D9E18CCCFFCF92208, 754AF45C19731C356E7E84497B04E0333759AC86DC553BA275EFC09845E43E4D ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
13:33:02.0461 0x0b0c  MBAMWebAccessControl - ok
13:33:02.0475 0x0b0c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:33:02.0477 0x0b0c  Mcx2Svc - ok
13:33:02.0490 0x0b0c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
13:33:02.0491 0x0b0c  megasas - ok
13:33:02.0508 0x0b0c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
13:33:02.0512 0x0b0c  MegaSR - ok
13:33:02.0525 0x0b0c  [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
13:33:02.0525 0x0b0c  MEIx64 - ok
13:33:02.0558 0x0b0c  Microsoft SharePoint Workspace Audit Service - ok
13:33:02.0561 0x0b0c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
13:33:02.0563 0x0b0c  MMCSS - ok
13:33:02.0575 0x0b0c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
13:33:02.0576 0x0b0c  Modem - ok
13:33:02.0588 0x0b0c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:33:02.0589 0x0b0c  monitor - ok
13:33:02.0594 0x0b0c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:33:02.0595 0x0b0c  mouclass - ok
13:33:02.0602 0x0b0c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:33:02.0603 0x0b0c  mouhid - ok
13:33:02.0609 0x0b0c  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:33:02.0610 0x0b0c  mountmgr - ok
13:33:02.0648 0x0b0c  [ B4E9C7383A705628AD491CF0F87D901F, 5C0CD7133D4F5B1E0466CDB2A2210ECA57206A8BC41F37BC6324120AE5501C70 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:33:02.0650 0x0b0c  MozillaMaintenance - ok
13:33:02.0703 0x0b0c  [ 6439D1E559D08BD8A1465A8943357053, 0E300508C22D12FBA3BE566B722F574CBE1B4A1A305356B92B8EA8B86267071B ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
13:33:02.0707 0x0b0c  MpFilter - ok
13:33:02.0724 0x0b0c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:33:02.0727 0x0b0c  mpio - ok
13:33:02.0741 0x0b0c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:33:02.0743 0x0b0c  mpsdrv - ok
13:33:02.0764 0x0b0c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:33:02.0780 0x0b0c  MpsSvc - ok
13:33:02.0809 0x0b0c  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:33:02.0812 0x0b0c  MRxDAV - ok
13:33:02.0824 0x0b0c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:33:02.0827 0x0b0c  mrxsmb - ok
13:33:02.0838 0x0b0c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:33:02.0843 0x0b0c  mrxsmb10 - ok
13:33:02.0855 0x0b0c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:33:02.0857 0x0b0c  mrxsmb20 - ok
13:33:02.0860 0x0b0c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:33:02.0861 0x0b0c  msahci - ok
13:33:02.0872 0x0b0c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:33:02.0875 0x0b0c  msdsm - ok
13:33:02.0889 0x0b0c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
13:33:02.0892 0x0b0c  MSDTC - ok
13:33:02.0909 0x0b0c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:33:02.0910 0x0b0c  Msfs - ok
13:33:02.0921 0x0b0c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:33:02.0921 0x0b0c  mshidkmdf - ok
13:33:02.0933 0x0b0c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:33:02.0934 0x0b0c  msisadrv - ok
13:33:02.0950 0x0b0c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:33:02.0953 0x0b0c  MSiSCSI - ok
13:33:02.0955 0x0b0c  msiserver - ok
13:33:02.0973 0x0b0c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:33:02.0974 0x0b0c  MSKSSRV - ok
13:33:03.0007 0x0b0c  [ F0D5494D8B177C37E16966262F5D0F68, DD63427DFFD9DD2BEC8336F6AD1BEFE347012331631DC5FEC65E83B1EACDBC67 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
13:33:03.0008 0x0b0c  MsMpSvc - ok
13:33:03.0024 0x0b0c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:33:03.0025 0x0b0c  MSPCLOCK - ok
13:33:03.0037 0x0b0c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:33:03.0038 0x0b0c  MSPQM - ok
13:33:03.0056 0x0b0c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:33:03.0062 0x0b0c  MsRPC - ok
13:33:03.0068 0x0b0c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:33:03.0069 0x0b0c  mssmbios - ok
13:33:03.0071 0x0b0c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:33:03.0071 0x0b0c  MSTEE - ok
13:33:03.0086 0x0b0c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
13:33:03.0087 0x0b0c  MTConfig - ok
13:33:03.0098 0x0b0c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
13:33:03.0099 0x0b0c  Mup - ok
13:33:03.0111 0x0b0c  [ B54B122DCEA87B66C6DC4A364FB1453F, 98E9D9CBF6A58DBED833379F5DF76187BBC9BE16D66A84D73A7B5AA767355B04 ] mv91cons        C:\Windows\system32\drivers\mv91cons.sys
13:33:03.0112 0x0b0c  mv91cons - ok
13:33:03.0124 0x0b0c  [ 34D08C9C64F657D194961E96C47E9C69, FB56083CDF23E1601EC7EC5A74ADFFF1BE304BF4F4B485DE2E9609C5C14FACC4 ] mv91xx          C:\Windows\system32\drivers\mv91xx.sys
13:33:03.0128 0x0b0c  mv91xx - ok
13:33:03.0169 0x0b0c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
13:33:03.0176 0x0b0c  napagent - ok
13:33:03.0198 0x0b0c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:33:03.0203 0x0b0c  NativeWifiP - ok
13:33:03.0240 0x0b0c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:33:03.0256 0x0b0c  NDIS - ok
13:33:03.0266 0x0b0c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:33:03.0267 0x0b0c  NdisCap - ok
13:33:03.0292 0x0b0c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:33:03.0292 0x0b0c  NdisTapi - ok
13:33:03.0300 0x0b0c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:33:03.0301 0x0b0c  Ndisuio - ok
13:33:03.0315 0x0b0c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:33:03.0318 0x0b0c  NdisWan - ok
13:33:03.0327 0x0b0c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:33:03.0329 0x0b0c  NDProxy - ok
13:33:03.0341 0x0b0c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:33:03.0342 0x0b0c  NetBIOS - ok
13:33:03.0355 0x0b0c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:33:03.0359 0x0b0c  NetBT - ok
13:33:03.0366 0x0b0c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
13:33:03.0367 0x0b0c  Netlogon - ok
13:33:03.0388 0x0b0c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
13:33:03.0394 0x0b0c  Netman - ok
13:33:03.0427 0x0b0c  [ 6EEEA0E79B5BD1163740B53B96A1F1E4, A1218ED6F92A65F69F4A1E4ED96D61D27DA2992A72F675C51457BE4205D5C0DC ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:33:03.0430 0x0b0c  NetMsmqActivator - ok
13:33:03.0434 0x0b0c  [ 6EEEA0E79B5BD1163740B53B96A1F1E4, A1218ED6F92A65F69F4A1E4ED96D61D27DA2992A72F675C51457BE4205D5C0DC ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:33:03.0436 0x0b0c  NetPipeActivator - ok
13:33:03.0451 0x0b0c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
13:33:03.0458 0x0b0c  netprofm - ok
13:33:03.0477 0x0b0c  [ 6EEEA0E79B5BD1163740B53B96A1F1E4, A1218ED6F92A65F69F4A1E4ED96D61D27DA2992A72F675C51457BE4205D5C0DC ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:33:03.0479 0x0b0c  NetTcpActivator - ok
13:33:03.0483 0x0b0c  [ 6EEEA0E79B5BD1163740B53B96A1F1E4, A1218ED6F92A65F69F4A1E4ED96D61D27DA2992A72F675C51457BE4205D5C0DC ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:33:03.0485 0x0b0c  NetTcpPortSharing - ok
13:33:03.0504 0x0b0c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:33:03.0505 0x0b0c  nfrd960 - ok
13:33:03.0530 0x0b0c  [ F9EEFFC65C68A45001D1349E652B8B6F, E5F223129416083A12A85D48C65B2C8D1BF1124110399938E144308C89F9241D ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:33:03.0532 0x0b0c  NisDrv - ok
13:33:03.0543 0x0b0c  [ 9690F420A99364C1E5C439914B0DE25C, 6C6E0B27C4255001FE5F1EAD911DE1A8BF922C405B0C8031A6BD253CEB1D02A6 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
13:33:03.0548 0x0b0c  NisSrv - ok
13:33:03.0608 0x0b0c  [ 13D12274260BE4988EE751B971A02978, 8A500076026DBD5C90F332F3FD47D55753DEC97AADC322318A7B052B593C5A3E ] NitroDriverReadSpool9 C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
13:33:03.0612 0x0b0c  NitroDriverReadSpool9 - ok
13:33:03.0647 0x0b0c  [ 3FF9516813AA76A5EF1EF81019D865A7, CFAB80DDD170625BE19332C3BA20C241868C4828EFF75DB83279A47465BF8440 ] NitroUpdateService C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
13:33:03.0654 0x0b0c  NitroUpdateService - ok
13:33:03.0665 0x0b0c  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:33:03.0670 0x0b0c  NlaSvc - ok
13:33:03.0696 0x0b0c  [ 941545C15CC8BC5EFCB260DD3D946255, 0E543BDD73BA26A42DC1543C6A19A1F88DADC58318B233FBA534E808BA1DD158 ] nlsX86cc        C:\Windows\SysWOW64\NLSSRV32.EXE
13:33:03.0715 0x0b0c  nlsX86cc - ok
13:33:03.0718 0x0b0c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:33:03.0719 0x0b0c  Npfs - ok
13:33:03.0729 0x0b0c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
13:33:03.0731 0x0b0c  nsi - ok
13:33:03.0736 0x0b0c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:33:03.0736 0x0b0c  nsiproxy - ok
13:33:03.0775 0x0b0c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:33:03.0817 0x0b0c  Ntfs - ok
13:33:03.0828 0x0b0c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
13:33:03.0828 0x0b0c  Null - ok
13:33:03.0848 0x0b0c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:33:03.0851 0x0b0c  nvraid - ok
13:33:03.0860 0x0b0c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:33:03.0863 0x0b0c  nvstor - ok
13:33:03.0877 0x0b0c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:33:03.0879 0x0b0c  nv_agp - ok
13:33:03.0882 0x0b0c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:33:03.0884 0x0b0c  ohci1394 - ok
13:33:03.0933 0x0b0c  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:33:03.0936 0x0b0c  ose - ok
13:33:04.0050 0x0b0c  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:33:04.0135 0x0b0c  osppsvc - ok
13:33:04.0156 0x0b0c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:33:04.0161 0x0b0c  p2pimsvc - ok
13:33:04.0174 0x0b0c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
13:33:04.0182 0x0b0c  p2psvc - ok
13:33:04.0193 0x0b0c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
13:33:04.0194 0x0b0c  Parport - ok
13:33:04.0205 0x0b0c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:33:04.0206 0x0b0c  partmgr - ok
13:33:04.0218 0x0b0c  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:33:04.0222 0x0b0c  PcaSvc - ok
13:33:04.0233 0x0b0c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
13:33:04.0236 0x0b0c  pci - ok
13:33:04.0244 0x0b0c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:33:04.0244 0x0b0c  pciide - ok
13:33:04.0259 0x0b0c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:33:04.0262 0x0b0c  pcmcia - ok
13:33:04.0275 0x0b0c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:33:04.0277 0x0b0c  pcw - ok
13:33:04.0299 0x0b0c  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:33:04.0309 0x0b0c  PEAUTH - ok
13:33:04.0343 0x0b0c  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
13:33:04.0368 0x0b0c  PeerDistSvc - ok
13:33:04.0386 0x0b0c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:33:04.0387 0x0b0c  PerfHost - ok
13:33:04.0423 0x0b0c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
13:33:04.0448 0x0b0c  pla - ok
13:33:04.0475 0x0b0c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:33:04.0481 0x0b0c  PlugPlay - ok
13:33:04.0492 0x0b0c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:33:04.0493 0x0b0c  PNRPAutoReg - ok
13:33:04.0500 0x0b0c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:33:04.0504 0x0b0c  PNRPsvc - ok
13:33:04.0524 0x0b0c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:33:04.0531 0x0b0c  PolicyAgent - ok
13:33:04.0546 0x0b0c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
13:33:04.0549 0x0b0c  Power - ok
13:33:04.0561 0x0b0c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:33:04.0563 0x0b0c  PptpMiniport - ok
13:33:04.0571 0x0b0c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
13:33:04.0572 0x0b0c  Processor - ok
13:33:04.0594 0x0b0c  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:33:04.0597 0x0b0c  ProfSvc - ok
13:33:04.0600 0x0b0c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:33:04.0600 0x0b0c  ProtectedStorage - ok
13:33:04.0612 0x0b0c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:33:04.0615 0x0b0c  Psched - ok
13:33:04.0662 0x0b0c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:33:04.0704 0x0b0c  ql2300 - ok
13:33:04.0718 0x0b0c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:33:04.0720 0x0b0c  ql40xx - ok
13:33:04.0733 0x0b0c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
13:33:04.0737 0x0b0c  QWAVE - ok
13:33:04.0748 0x0b0c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:33:04.0749 0x0b0c  QWAVEdrv - ok
13:33:04.0757 0x0b0c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:33:04.0757 0x0b0c  RasAcd - ok
13:33:04.0776 0x0b0c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:33:04.0777 0x0b0c  RasAgileVpn - ok
13:33:04.0790 0x0b0c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
13:33:04.0792 0x0b0c  RasAuto - ok
13:33:04.0801 0x0b0c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:33:04.0804 0x0b0c  Rasl2tp - ok
13:33:04.0821 0x0b0c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
13:33:04.0827 0x0b0c  RasMan - ok
13:33:04.0836 0x0b0c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:33:04.0838 0x0b0c  RasPppoe - ok
13:33:04.0845 0x0b0c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:33:04.0847 0x0b0c  RasSstp - ok
13:33:04.0860 0x0b0c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:33:04.0865 0x0b0c  rdbss - ok
13:33:04.0871 0x0b0c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:33:04.0872 0x0b0c  rdpbus - ok
13:33:04.0879 0x0b0c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:33:04.0880 0x0b0c  RDPCDD - ok
13:33:04.0889 0x0b0c  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
13:33:04.0892 0x0b0c  RDPDR - ok
13:33:04.0903 0x0b0c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:33:04.0904 0x0b0c  RDPENCDD - ok
13:33:04.0912 0x0b0c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:33:04.0912 0x0b0c  RDPREFMP - ok
13:33:04.0922 0x0b0c  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:33:04.0923 0x0b0c  RdpVideoMiniport - ok
13:33:04.0934 0x0b0c  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:33:04.0937 0x0b0c  RDPWD - ok
13:33:04.0951 0x0b0c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:33:04.0955 0x0b0c  rdyboost - ok
13:33:04.0967 0x0b0c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:33:04.0969 0x0b0c  RemoteAccess - ok
13:33:04.0978 0x0b0c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:33:04.0981 0x0b0c  RemoteRegistry - ok
13:33:05.0004 0x0b0c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:33:05.0006 0x0b0c  RpcEptMapper - ok
13:33:05.0018 0x0b0c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
13:33:05.0019 0x0b0c  RpcLocator - ok
13:33:05.0033 0x0b0c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
13:33:05.0040 0x0b0c  RpcSs - ok
13:33:05.0061 0x0b0c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:33:05.0063 0x0b0c  rspndr - ok
13:33:05.0095 0x0b0c  [ C0D62EC15D093D0D12C47BC451A24047, A31C2EA9E97DA0D0D03992E024DD8B1699D5EA0AE483482EB10740C728778C31 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
13:33:05.0098 0x0b0c  RSUSBSTOR - ok
13:33:05.0167 0x0b0c  [ 61A04C0C084D560BBEF1D09604608262, 27230BDFB479FBD1B18BB4035059A52F8BE74B19190951EAC95D569E284421B3 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
13:33:05.0177 0x0b0c  RTL8167 - ok
13:33:05.0200 0x0b0c  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
13:33:05.0200 0x0b0c  s3cap - ok
13:33:05.0216 0x0b0c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
13:33:05.0217 0x0b0c  SamSs - ok
13:33:05.0226 0x0b0c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:33:05.0228 0x0b0c  sbp2port - ok
13:33:05.0244 0x0b0c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:33:05.0248 0x0b0c  SCardSvr - ok
13:33:05.0253 0x0b0c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:33:05.0254 0x0b0c  scfilter - ok
13:33:05.0282 0x0b0c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
13:33:05.0308 0x0b0c  Schedule - ok
13:33:05.0341 0x0b0c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:33:05.0343 0x0b0c  SCPolicySvc - ok
13:33:05.0351 0x0b0c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:33:05.0355 0x0b0c  SDRSVC - ok
13:33:05.0449 0x0b0c  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
13:33:05.0491 0x0b0c  SDScannerService - ok
13:33:05.0584 0x0b0c  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
13:33:05.0626 0x0b0c  SDUpdateService - ok
13:33:05.0642 0x0b0c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:33:05.0643 0x0b0c  secdrv - ok
13:33:05.0652 0x0b0c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
13:33:05.0653 0x0b0c  seclogon - ok
13:33:05.0663 0x0b0c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
13:33:05.0665 0x0b0c  SENS - ok
13:33:05.0672 0x0b0c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:33:05.0674 0x0b0c  SensrSvc - ok
13:33:05.0696 0x0b0c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
13:33:05.0696 0x0b0c  Serenum - ok
13:33:05.0711 0x0b0c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
13:33:05.0713 0x0b0c  Serial - ok
13:33:05.0721 0x0b0c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:33:05.0722 0x0b0c  sermouse - ok
13:33:05.0728 0x0b0c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
13:33:05.0731 0x0b0c  SessionEnv - ok
13:33:05.0737 0x0b0c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:33:05.0738 0x0b0c  sffdisk - ok
13:33:05.0747 0x0b0c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:33:05.0747 0x0b0c  sffp_mmc - ok
13:33:05.0749 0x0b0c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:33:05.0750 0x0b0c  sffp_sd - ok
13:33:05.0758 0x0b0c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:33:05.0758 0x0b0c  sfloppy - ok
13:33:05.0770 0x0b0c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:33:05.0776 0x0b0c  SharedAccess - ok
13:33:05.0789 0x0b0c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:33:05.0796 0x0b0c  ShellHWDetection - ok
13:33:05.0805 0x0b0c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
13:33:05.0806 0x0b0c  SiSRaid2 - ok
13:33:05.0815 0x0b0c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:33:05.0817 0x0b0c  SiSRaid4 - ok
13:33:05.0839 0x0b0c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:33:05.0841 0x0b0c  Smb - ok
13:33:05.0854 0x0b0c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:33:05.0855 0x0b0c  SNMPTRAP - ok
13:33:05.0867 0x0b0c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:33:05.0867 0x0b0c  spldr - ok
13:33:05.0888 0x0b0c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
13:33:05.0896 0x0b0c  Spooler - ok
13:33:05.0967 0x0b0c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
13:33:06.0035 0x0b0c  sppsvc - ok
13:33:06.0046 0x0b0c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:33:06.0048 0x0b0c  sppuinotify - ok
13:33:06.0090 0x0b0c  [ 055B0DE7BCDB14FB18279F09DCA07954, 94944F996F2F73233A96F8E766606EA5CCC7142EA2AF4BCEFD2603578F2B4A4A ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:33:06.0092 0x0b0c  SQLWriter - ok
13:33:06.0108 0x0b0c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:33:06.0115 0x0b0c  srv - ok
13:33:06.0129 0x0b0c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:33:06.0135 0x0b0c  srv2 - ok
13:33:06.0150 0x0b0c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:33:06.0153 0x0b0c  srvnet - ok
13:33:06.0179 0x0b0c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:33:06.0182 0x0b0c  SSDPSRV - ok
13:33:06.0189 0x0b0c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:33:06.0191 0x0b0c  SstpSvc - ok
13:33:06.0233 0x0b0c  [ D67F951F6BA708812420195B8D0AB8B6, 6583DB22EB8AA5FF0134D2536C9A46BC0D7D8F8B2829D5719DD68968C22F5917 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
13:33:06.0238 0x0b0c  STacSV - ok
13:33:06.0249 0x0b0c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
13:33:06.0250 0x0b0c  stexstor - ok
13:33:06.0271 0x0b0c  [ 71CB3BB20F08BB724769DAAAFD5AB26E, FC4B2BD03037EC07F4443BBE13A28859035F7229CA06D4E42AFB42ABF1A89F09 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
13:33:06.0280 0x0b0c  STHDA - ok
13:33:06.0299 0x0b0c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
13:33:06.0308 0x0b0c  stisvc - ok
13:33:06.0313 0x0b0c  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
13:33:06.0315 0x0b0c  storflt - ok
13:33:06.0322 0x0b0c  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
13:33:06.0323 0x0b0c  storvsc - ok
13:33:06.0341 0x0b0c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:33:06.0341 0x0b0c  swenum - ok
13:33:06.0361 0x0b0c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
13:33:06.0369 0x0b0c  swprv - ok
13:33:06.0382 0x0b0c  [ C3A39C4079305480972D29C44B868C78, 8F1BB75C743256F905EAEDE744B6082C53774C49126875FB4E4FBA30F5478B17 ] Synth3dVsc      C:\Windows\system32\drivers\Synth3dVsc.sys
13:33:06.0384 0x0b0c  Synth3dVsc - ok
13:33:06.0425 0x0b0c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
13:33:06.0465 0x0b0c  SysMain - ok
13:33:06.0474 0x0b0c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:33:06.0476 0x0b0c  TabletInputService - ok
13:33:06.0504 0x0b0c  [ 134B275751051C5D03F9ACCDC4F8CAAB, D50F96485AF6F26EA9A5A3A2ADEACC2DFD3B2ABCDAB88195B75CC72EAC543BE2 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
13:33:06.0505 0x0b0c  tap0901 - ok
13:33:06.0516 0x0b0c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:33:06.0522 0x0b0c  TapiSrv - ok
13:33:06.0527 0x0b0c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
13:33:06.0529 0x0b0c  TBS - ok
13:33:06.0566 0x0b0c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:33:06.0608 0x0b0c  Tcpip - ok
13:33:06.0645 0x0b0c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:33:06.0667 0x0b0c  TCPIP6 - ok
13:33:06.0673 0x0b0c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:33:06.0674 0x0b0c  tcpipreg - ok
13:33:06.0685 0x0b0c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:33:06.0686 0x0b0c  TDPIPE - ok
13:33:06.0694 0x0b0c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:33:06.0695 0x0b0c  TDTCP - ok
13:33:06.0699 0x0b0c  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:33:06.0701 0x0b0c  tdx - ok
13:33:06.0884 0x0b0c  [ E9D702580349582413503A28F8329B32, 405CEA2DB2B9EE9EF87E454375BEA6A3F6FB30B95BBD9F397129C73D4CCCC282 ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
13:33:07.0019 0x0b0c  TeamViewer - ok
13:33:07.0046 0x0b0c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:33:07.0047 0x0b0c  TermDD - ok
13:33:07.0049 0x0b0c  [ EF4469AB69EB15E5D3754E6AEAFBCD3D, 3609214C3D5181364B544EBF17E9A109952BE1C4C35BE0A8727BFA8F49ECB130 ] terminpt        C:\Windows\system32\drivers\terminpt.sys
13:33:07.0050 0x0b0c  terminpt - ok
13:33:07.0073 0x0b0c  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
13:33:07.0088 0x0b0c  TermService - ok
13:33:07.0098 0x0b0c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
13:33:07.0099 0x0b0c  Themes - ok
13:33:07.0111 0x0b0c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
13:33:07.0112 0x0b0c  THREADORDER - ok
13:33:07.0122 0x0b0c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
13:33:07.0125 0x0b0c  TrkWks - ok
13:33:07.0160 0x0b0c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:33:07.0163 0x0b0c  TrustedInstaller - ok
13:33:07.0175 0x0b0c  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:33:07.0176 0x0b0c  tssecsrv - ok
13:33:07.0202 0x0b0c  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:33:07.0204 0x0b0c  TsUsbFlt - ok
13:33:07.0215 0x0b0c  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
13:33:07.0216 0x0b0c  TsUsbGD - ok
13:33:07.0226 0x0b0c  [ E1748D04AE40118B62BC18AC86032192, A954B141D1B27272C771D14F3B40C7CC1F572DD72559F2C96182EFBE2B095FDE ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
13:33:07.0228 0x0b0c  tsusbhub - ok
13:33:07.0238 0x0b0c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:33:07.0240 0x0b0c  tunnel - ok
13:33:07.0250 0x0b0c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:33:07.0251 0x0b0c  uagp35 - ok
13:33:07.0270 0x0b0c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:33:07.0275 0x0b0c  udfs - ok
13:33:07.0327 0x0b0c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:33:07.0329 0x0b0c  UI0Detect - ok
13:33:07.0335 0x0b0c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:33:07.0336 0x0b0c  uliagpkx - ok
13:33:07.0352 0x0b0c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:33:07.0353 0x0b0c  umbus - ok
13:33:07.0361 0x0b0c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
13:33:07.0362 0x0b0c  UmPass - ok
13:33:07.0379 0x0b0c  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
13:33:07.0383 0x0b0c  UmRdpService - ok
13:33:07.0439 0x0b0c  [ 8AB999AF4649459578B46EF8CF054B84, DFA821B4A6E5F9BD5E49B15199F1E61B35F5FDE0454D3DFF2F478F3184D06B2F ] Update service  C:\Program Files (x86)\Popcorn Time\Updater.exe
13:33:07.0442 0x0b0c  Update service - ok
13:33:07.0456 0x0b0c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
13:33:07.0462 0x0b0c  upnphost - ok
13:33:07.0503 0x0b0c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:33:07.0505 0x0b0c  usbccgp - ok
13:33:07.0517 0x0b0c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:33:07.0519 0x0b0c  usbcir - ok
13:33:07.0527 0x0b0c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:33:07.0528 0x0b0c  usbehci - ok
13:33:07.0545 0x0b0c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:33:07.0550 0x0b0c  usbhub - ok
13:33:07.0562 0x0b0c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:33:07.0563 0x0b0c  usbohci - ok
13:33:07.0571 0x0b0c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
13:33:07.0572 0x0b0c  usbprint - ok
13:33:07.0586 0x0b0c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:33:07.0587 0x0b0c  USBSTOR - ok
13:33:07.0598 0x0b0c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:33:07.0599 0x0b0c  usbuhci - ok
13:33:07.0605 0x0b0c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
13:33:07.0607 0x0b0c  UxSms - ok
13:33:07.0615 0x0b0c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
13:33:07.0616 0x0b0c  VaultSvc - ok
13:33:07.0627 0x0b0c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:33:07.0628 0x0b0c  vdrvroot - ok
13:33:07.0645 0x0b0c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
13:33:07.0653 0x0b0c  vds - ok
13:33:07.0656 0x0b0c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:33:07.0657 0x0b0c  vga - ok
13:33:07.0659 0x0b0c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:33:07.0660 0x0b0c  VgaSave - ok
13:33:07.0662 0x0b0c  VGPU - ok
13:33:07.0673 0x0b0c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:33:07.0677 0x0b0c  vhdmp - ok
13:33:07.0696 0x0b0c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:33:07.0697 0x0b0c  viaide - ok
13:33:07.0706 0x0b0c  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
13:33:07.0710 0x0b0c  vmbus - ok
13:33:07.0716 0x0b0c  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
13:33:07.0717 0x0b0c  VMBusHID - ok
13:33:07.0725 0x0b0c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:33:07.0727 0x0b0c  volmgr - ok
13:33:07.0740 0x0b0c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:33:07.0746 0x0b0c  volmgrx - ok
13:33:07.0760 0x0b0c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:33:07.0764 0x0b0c  volsnap - ok
13:33:07.0791 0x0b0c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:33:07.0794 0x0b0c  vsmraid - ok
13:33:07.0835 0x0b0c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
13:33:07.0877 0x0b0c  VSS - ok
13:33:07.0889 0x0b0c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
13:33:07.0890 0x0b0c  vwifibus - ok
13:33:07.0897 0x0b0c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:33:07.0898 0x0b0c  vwififlt - ok
13:33:07.0900 0x0b0c  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
13:33:07.0901 0x0b0c  vwifimp - ok
13:33:07.0913 0x0b0c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
13:33:07.0919 0x0b0c  W32Time - ok
13:33:07.0964 0x0b0c  [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
13:33:07.0970 0x0b0c  W3SVC - ok
13:33:07.0981 0x0b0c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:33:07.0982 0x0b0c  WacomPen - ok
13:33:07.0991 0x0b0c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:33:07.0992 0x0b0c  WANARP - ok
13:33:07.0995 0x0b0c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:33:07.0996 0x0b0c  Wanarpv6 - ok
13:33:08.0005 0x0b0c  [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
13:33:08.0010 0x0b0c  WAS - ok
13:33:08.0046 0x0b0c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
13:33:08.0088 0x0b0c  wbengine - ok
13:33:08.0098 0x0b0c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:33:08.0102 0x0b0c  WbioSrvc - ok
13:33:08.0113 0x0b0c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:33:08.0119 0x0b0c  wcncsvc - ok
13:33:08.0130 0x0b0c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:33:08.0132 0x0b0c  WcsPlugInService - ok
13:33:08.0139 0x0b0c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
13:33:08.0140 0x0b0c  Wd - ok
13:33:08.0165 0x0b0c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:33:08.0181 0x0b0c  Wdf01000 - ok
13:33:08.0191 0x0b0c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:33:08.0193 0x0b0c  WdiServiceHost - ok
13:33:08.0196 0x0b0c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:33:08.0198 0x0b0c  WdiSystemHost - ok
13:33:08.0218 0x0b0c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
13:33:08.0222 0x0b0c  WebClient - ok
13:33:08.0236 0x0b0c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:33:08.0240 0x0b0c  Wecsvc - ok
13:33:08.0246 0x0b0c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:33:08.0248 0x0b0c  wercplsupport - ok
13:33:08.0266 0x0b0c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:33:08.0268 0x0b0c  WerSvc - ok
13:33:08.0277 0x0b0c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:33:08.0278 0x0b0c  WfpLwf - ok
13:33:08.0280 0x0b0c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:33:08.0281 0x0b0c  WIMMount - ok
13:33:08.0292 0x0b0c  WinDefend - ok
13:33:08.0295 0x0b0c  WinHttpAutoProxySvc - ok
13:33:08.0328 0x0b0c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:33:08.0332 0x0b0c  Winmgmt - ok
13:33:08.0376 0x0b0c  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:33:08.0419 0x0b0c  WinRM - ok
13:33:08.0447 0x0b0c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:33:08.0473 0x0b0c  Wlansvc - ok
13:33:08.0492 0x0b0c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
13:33:08.0492 0x0b0c  WmiAcpi - ok
13:33:08.0507 0x0b0c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:33:08.0510 0x0b0c  wmiApSrv - ok
13:33:08.0523 0x0b0c  WMPNetworkSvc - ok
13:33:08.0542 0x0b0c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:33:08.0544 0x0b0c  WPCSvc - ok
13:33:08.0555 0x0b0c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:33:08.0558 0x0b0c  WPDBusEnum - ok
13:33:08.0563 0x0b0c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:33:08.0564 0x0b0c  ws2ifsl - ok
13:33:08.0576 0x0b0c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
13:33:08.0578 0x0b0c  wscsvc - ok
13:33:08.0600 0x0b0c  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
13:33:08.0601 0x0b0c  WSDPrintDevice - ok
13:33:08.0602 0x0b0c  WSearch - ok
13:33:08.0676 0x0b0c  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:33:08.0728 0x0b0c  wuauserv - ok
13:33:08.0742 0x0b0c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:33:08.0743 0x0b0c  WudfPf - ok
13:33:08.0767 0x0b0c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:33:08.0770 0x0b0c  WUDFRd - ok
13:33:08.0782 0x0b0c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:33:08.0784 0x0b0c  wudfsvc - ok
13:33:08.0798 0x0b0c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:33:08.0802 0x0b0c  WwanSvc - ok
13:33:08.0817 0x0b0c  ================ Scan global ===============================
13:33:08.0833 0x0b0c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
13:33:08.0855 0x0b0c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:33:08.0863 0x0b0c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:33:08.0881 0x0b0c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
13:33:08.0897 0x0b0c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
13:33:08.0902 0x0b0c  [ Global ] - ok
13:33:08.0902 0x0b0c  ================ Scan MBR ==================================
13:33:08.0930 0x0b0c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
13:33:09.0004 0x0b0c  \Device\Harddisk0\DR0 - ok
13:33:09.0005 0x0b0c  ================ Scan VBR ==================================
13:33:09.0006 0x0b0c  [ 243A46B8780D547FB99B06EA74F40C01 ] \Device\Harddisk0\DR0\Partition1
13:33:09.0072 0x0b0c  \Device\Harddisk0\DR0\Partition1 - ok
13:33:09.0104 0x0b0c  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition2
13:33:09.0104 0x0b0c  \Device\Harddisk0\DR0\Partition2 - ok
13:33:09.0106 0x0b0c  [ D07DF73C432CB517F98A22BE8862320C ] \Device\Harddisk0\DR0\Partition3
13:33:09.0212 0x0b0c  \Device\Harddisk0\DR0\Partition3 - ok
13:33:09.0225 0x0b0c  [ 6D7FDA94DC7445A628AC3B38FF9629B8 ] \Device\Harddisk0\DR0\Partition4
13:33:09.0225 0x0b0c  \Device\Harddisk0\DR0\Partition4 - ok
13:33:09.0226 0x0b0c  ================ Scan generic autorun ======================
13:33:09.0310 0x0b0c  [ A6AAD37CDCAE75CB62D039E3A4D8F5E3, 4FF763B0D129175BA1B1E794BA313E6C63F7A89D377C786BF5E730AF2A1D95D1 ] c:\Program Files\Microsoft Security Client\msseces.exe
13:33:09.0334 0x0b0c  MSC - ok
13:33:09.0369 0x0b0c  [ 8B74E828C963385395DE10FD7EA0E5EF, F5CF669E51BE3888395EFD8A564B6C62E1CCBD56A8A8F27FF9005F2DE5C17F36 ] C:\Windows\system32\igfxtray.exe
13:33:09.0375 0x0b0c  IgfxTray - ok
13:33:09.0426 0x0b0c  [ C8DEB0D7725307CBEB27BCE3B316D374, 49F7A0F21A174CAF3BA5B117DB37FDE160E6788FAB90BB82211872A97891E118 ] C:\Windows\system32\hkcmd.exe
13:33:09.0441 0x0b0c  HotKeysCmds - ok
13:33:09.0478 0x0b0c  [ 77AF6B1BCA863AE4782985D332986DF9, 8CB7DD9E3EC9F19BB692EF8C7318F171775AFE628561036E94F6D55EEE80818F ] C:\Windows\system32\igfxpers.exe
13:33:09.0492 0x0b0c  Persistence - ok
13:33:09.0534 0x0b0c  [ 4A57AB2D5E3624D63E7F8854C79F3D8C, 2637E8933193F10BC8CD893EE0CCF7ABF7A7B32A2278EFE95D958FDAD3794696 ] C:\Program Files\IDT\WDM\sttray64.exe
13:33:09.0576 0x0b0c  SysTrayApp - ok
13:33:09.0587 0x0b0c  [ 96A1D93D16F959C6F5A63E749A9F2EF7, 9EDD4EEC5C625ECF4A1C82318ED6B74404E63A3D43312B53E4F627D76D47658C ] C:\Program Files\IDT\WDM\beats64.exe
13:33:09.0588 0x0b0c  BeatsOSDApp - ok
13:33:09.0628 0x0b0c  [ D38E57E6FF593B43D7BE013348A32CE6, ECD3BDD602B3B67106483EF8E438EA94C98FA9E0044137054DDCE10E96E72648 ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
13:33:09.0632 0x0b0c  USB3MON - ok
13:33:09.0688 0x0b0c  [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
13:33:09.0690 0x0b0c  BCSSync - ok
13:33:09.0739 0x0b0c  [ F916BA0DA28A4B4F7B1ADE76EB42F088, FB3C91D44709D039E959B275F6ECE26AF9307D272FE3E25CC41EAC259AA3B596 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
13:33:09.0747 0x0b0c  SunJavaUpdateSched - ok
13:33:09.0848 0x0b0c  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
13:33:09.0922 0x0b0c  SDTray - ok
13:33:09.0977 0x0b0c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:33:10.0002 0x0b0c  Sidebar - ok
13:33:10.0030 0x0b0c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:33:10.0032 0x0b0c  mctadmin - ok
13:33:10.0051 0x0b0c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:33:10.0064 0x0b0c  Sidebar - ok
13:33:10.0068 0x0b0c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:33:10.0069 0x0b0c  mctadmin - ok
13:33:10.0167 0x0b0c  [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] C:\Users\Kirk\AppData\Local\Google\Update\GoogleUpdate.exe
13:33:10.0169 0x0b0c  Google Update - ok
13:33:10.0216 0x0b0c  [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
13:33:10.0241 0x0b0c  SpybotPostWindows10UpgradeReInstall - ok
13:33:10.0242 0x0b0c  ultracopier - ok
13:33:10.0262 0x0b0c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:33:10.0275 0x0b0c  Sidebar - ok
13:33:10.0279 0x0b0c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:33:10.0280 0x0b0c  mctadmin - ok
13:33:10.0280 0x0b0c  Waiting for KSN requests completion. In queue: 118
13:33:11.0286 0x0b0c  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )
13:33:11.0288 0x0b0c  Win FW state via NFP2: enabled ( trusted )
13:33:11.0521 0x0b0c  ============================================================
13:33:11.0521 0x0b0c  Scan finished
13:33:11.0521 0x0b0c  ============================================================
13:33:11.0524 0x0b04  Detected object count: 0
13:33:11.0524 0x0b04  Actual detected object count: 0
 
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
# AdwCleaner v5.107 - Logfile created 28/03/2016 at 13:41:28
# Updated 28/03/2016 by Xplode
# Database : 2016-03-28.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Kirk - KIRK-HPI3
# Running from : C:\Users\Kirk\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\Kirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfmnkhhioonhiehehedmnjibmampjiab
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Kirk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cfmnkhhioonhiehehedmnjibmampjiab_0.localstorage
[-] File Deleted : C:\Users\Kirk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cfmnkhhioonhiehehedmnjibmampjiab_0.localstorage-journal
[-] File Deleted : C:\Users\Kirk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d22j4fzzszoii2.cloudfront.net_0.localstorage
[-] File Deleted : C:\Users\Kirk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal
[-] File Deleted : C:\Users\Kirk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d23716qn9q7omq.cloudfront.net_0.localstorage
[-] File Deleted : C:\Users\Kirk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d23716qn9q7omq.cloudfront.net_0.localstorage-journal
[-] File Deleted : C:\Users\Kirk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_dsms0mj1bbhn4.cloudfront.net_0.localstorage
[-] File Deleted : C:\Users\Kirk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_dsms0mj1bbhn4.cloudfront.net_0.localstorage-journal
[-] File Deleted : C:\Users\Kirk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_xoncisfktn-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Kirk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_xoncisfktn-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Kirk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_d2m2wsoho8qq12.cloudfront.net_0.localstorage
[-] File Deleted : C:\Users\Kirk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_d2m2wsoho8qq12.cloudfront.net_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\viewpoints.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.viewpoints.com
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Kirk\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Kirk\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Kirk\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mysearchdial.com
[-] [C:\Users\Kirk\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : newscientist.com
[-] [C:\Users\Kirk\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : 1and1.com
[-] [C:\Users\Kirk\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://start.mysearchdial.com/?f=1&a=ir_14_18_ch&cd=2XzuyEtN2Y1L1QzutDtDtAtDtCzz0Azy0BtD0EtDzyyBzz0FtN0D0Tzu0SzzyDtDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDtC0F0FtD0C0F0DtG0CtCtAtAtGtA0B0E0FtG0F0F0C0DtGtCyEtBzzyD0BtAtAyDtB0Dzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0BzzyC0ByCtDzytGtByB0AyDtGtBzyzzyEtGyByCzy0FtGtDyE0CtA0AtA0FtDtAyB0B0C2Q&cr=1512461043&ir=
[-] [C:\Users\Kirk\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : cfmnkhhioonhiehehedmnjibmampjiab
[-] [C:\Users\Kirk\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pbjikboenpfhbbejgkoklgkhjpfogcam
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [4179 bytes] - [28/03/2016 13:41:28]
C:\AdwCleaner\AdwCleaner[S2].txt - [4104 bytes] - [28/03/2016 13:38:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4325 bytes] ##########
 
 
---------------------------------------------------------------
---------------------------------------------------------------
---------------------------------------------------------------
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/28/2016
Scan Time: 1:55 PM
Logfile: malware bytes log.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.03.28.07
Rootkit Database: v2016.03.12.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kirk
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 392407
Time Elapsed: 4 min, 55 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:10 PM

Posted 28 March 2016 - 03:47 PM

Please run one more
cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 redwhiteblue

redwhiteblue
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 28 March 2016 - 03:53 PM

Thanks for the reply. Greatly appreciated.

 

Do I run ESET from safe mode?

 

 

Please run one more
cvMlKv6.pngESET Online Scanner

 



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:10 PM

Posted 28 March 2016 - 03:59 PM

Not necessary.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 redwhiteblue

redwhiteblue
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 28 March 2016 - 04:02 PM

If ESET finds problems, should I allow it to remove them?

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:10 PM

Posted 28 March 2016 - 04:14 PM

Yes
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 redwhiteblue

redwhiteblue
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 28 March 2016 - 05:10 PM

Log from ESET: 

 

 

C:\AAAAAAAAA - MOVING\Office.2010.Toolkit.and.EZ-Activator.2.2.3\Office 2010 Toolkit.exe a variant of MSIL/HackKMS.G potentially unsafe application cleaned by deleting
C:\AAAAAAAAA - MOVING\Officw Proffesional Plus on Affinitypc-7\Office.2010.Toolkit.and.EZ-Activator.2.2.3\Office 2010 Toolkit.exe a variant of MSIL/HackKMS.G potentially unsafe application cleaned by deleting
C:\Users\Kirk\Documents\Office 2010 Toolkit.exe a variant of MSIL/HackKMS.G potentially unsafe application cleaned by deleting
C:\Users\Kirk\Downloads\Nitro Pro 9.5.1.5 Final (x86-x64) Incl. Keygen-CORE.zip a variant of Win32/Keygen.AU potentially unsafe application deleted
C:\Users\Kirk\Downloads\Nitro\Nitro Pro 9.5.1.5 Final (x86-x64) Incl. Keygen-CORE\Keygen-CORE\Keygen.exe a variant of Win32/Keygen.AU potentially unsafe application deleted
C:\Windows\AutoKMS\AutoKMS.exe MSIL/HackKMS.A potentially unsafe application cleaned by deleting


#8 redwhiteblue

redwhiteblue
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 28 March 2016 - 05:34 PM

Looking at ESET log, those are keygens for programs I do own, but have used other methods for ease of installation. 

 

Do any of the other logs show a problem?



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:10 PM

Posted 29 March 2016 - 08:37 AM

The log shows the key gen is the key logger.
 

Keygens are designed by hackers; criminals. Simply put, they are individuals that are not to be trusted. They are known to bundle keygens with malware, either simply because they can or to benefit from others. (Steal banking account information, for instance.) After all, what's to stop them? They have the knowledge, and if you wanted to report them you would have to start by saying "During the commission of a crime..." Regardless, keygens are illegal, so security concerns should be a distant second, at least in my opinion. The way I see it, those who go playing in the sewers are bound to get dirty.

​CNET

The practice of using keygens, hacking tools, cracking tools, warez, torrents or any pirated software is not only considered illegal activity but it is a serious security risk.


Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

TrendMicro Warning


...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV


...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study


...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware


...a staggering 59% of the key generators and crack tools downloaded from P2P networks represent a security liability since they contain malicious and unwanted code. "25% of the Web sites we accessed offering counterfeit product keys, pirated software, key generators or crack tools attempted to install either malicious software or potentially unwanted software. A significant number of these Web sites attempted to install malicious or unwanted code...In addition to the peer-to-peer networks, 11% of the key generators and crack tools downloaded from Web sites were also plagued by malicious and unwanted software.

Microsoft Reveals the Risks of Using Pirated XP and Office
Whatever You Do, Do Not Download Windows 7 Via Torrent Sites

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

I strongly recommend that you remove all cracks and keygens immediately to reduce the risk of infection/reinfection. If not, then we are just wasting time trying to clean your system. Further, other tools used during the disinfection process may detect crack and keygens so they need to be removed.

Using these types of programs or the websites visited to get them is almost a guaranteed way to get yourself infected!!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 redwhiteblue

redwhiteblue
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 30 March 2016 - 07:50 PM

Thank you for the response. I have removed the offending items. 

 

Thank you again. 



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:10 PM

Posted 31 March 2016 - 01:53 PM

You're welcome!!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users