Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

syshost.exe and my eset nod disabled? and can't enable it


  • This topic is locked This topic is locked
15 replies to this topic

#1 Deping

Deping

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 15 August 2016 - 11:37 AM

I don't know when i got this problem , but since I started my computer about 3 days ago , I got pop up about syshost error? can you help me about that? and after i closed task manager , some pop up appear and said pcwumdll missing

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-08-2016
Ran by deping (administrator) on ACUNOROGIA (16-08-2016 00:26:28)
Running from E:\
Loaded Profiles: deping (Available Profiles: deping)
Platform: Microsoft Windows 7 Ultimate  (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files\RocketDock\RocketDock.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Windows\Installer\{DF3D1638-E9B2-832F-D29B-8DE7B27750D7}\syshost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
Failed to access process -> dllhost.exe
Failed to access process -> dllhost.exe
Failed to access process -> WmiPrvSE.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2219184 2011-01-12] (ESET)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2396096 2016-03-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM\...\Run: [syshost32] => C:\Windows\Installer\{DF3D1638-E9B2-832F-D29B-8DE7B27750D7}\syshost.exe [168048 2016-08-03] ()
HKU\S-1-5-21-4249735179-2202973721-3797583070-1000\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-4249735179-2202973721-3797583070-1000\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-4249735179-2202973721-3797583070-1000\...\Winlogon: [Shell] C:\Windows\expstart.exe [916480 2016-05-20] () <==== ATTENTION
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
Startup: C:\Users\deping\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-11-10]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\deping\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs [2016-08-14] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0D7A716B-7988-4DA9-9CC7-A65F8C18BF48}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{0E202656-BBE8-4CD1-972A-7E0E5ABCB250}: [DhcpNameServer] 10.3.0.1
Tcpip\..\Interfaces\{3F2751D4-92AB-43BC-B642-BFC3A7BCC214}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{8E9588BD-6D1F-4210-ACA2-D16C9ECC6B72}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9A0FCF76-5E12-4A1A-BF9D-7D2B7C5031FA}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-28] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-28] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\deping\AppData\Roaming\Mozilla\Firefox\Profiles\1bev5kwp.default-1452595649154
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1223183.dll [2015-12-22] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-28] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2011-06-16] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-02-24] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-02-24] (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2010-02-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2010-02-03] (RealNetworks, Inc.)
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4249735179-2202973721-3797583070-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\deping\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Plugin HKU\S-1-5-21-4249735179-2202973721-3797583070-1000: xyzgl-plugin@xyz-soft.com -> C:\Program Files\Alfheim\npxyzgl.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: anonymoX - C:\Users\deping\AppData\Roaming\Mozilla\Firefox\Profiles\1bev5kwp.default-1452595649154\Extensions\client@anonymox.net.xpi [2016-03-10]
FF Extension: betternet - C:\Users\deping\AppData\Roaming\Mozilla\Firefox\Profiles\1bev5kwp.default-1452595649154\Extensions\jid1-l6VQSR2FeKnliQ@jetpack.xpi [2016-03-10]
FF Extension: Adblock Plus - C:\Users\deping\AppData\Roaming\Mozilla\Firefox\Profiles\1bev5kwp.default-1452595649154\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-07-28]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-06-01] [not signed]
FF HKU\S-1-5-21-4249735179-2202973721-3797583070-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-03-10]
FF HKU\S-1-5-21-4249735179-2202973721-3797583070-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\deping\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\deping\AppData\Roaming\IDM\idmmzcc5 [2016-08-15] [not signed]
FF HKU\S-1-5-21-4249735179-2202973721-3797583070-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi

Chrome:
=======
CHR Profile: C:\Users\deping\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\deping\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-06]
CHR Extension: (Google Docs) - C:\Users\deping\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-06]
CHR Extension: (Google Drive) - C:\Users\deping\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-06]
CHR Extension: (YouTube) - C:\Users\deping\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-06]
CHR Extension: (Google Search) - C:\Users\deping\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-06]
CHR Extension: (Google Sheets) - C:\Users\deping\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-06]
CHR Extension: (Google Docs Offline) - C:\Users\deping\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-16]
CHR Extension: (IDM Integration Module) - C:\Users\deping\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-08-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\deping\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-16]
CHR Extension: (Gmail) - C:\Users\deping\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-06]
CHR Extension: (Chrome Media Router) - C:\Users\deping\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-16]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-02-11]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"42ad30799d0cce11" => service could not be unlocked. <===== ATTENTION

S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2011-01-12] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [929728 2016-03-30] (NVIDIA Corporation)
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-15] ()
S3 npggsvc; C:\Windows\system32\GameMon.des [3792688 2015-12-01] (INCA Internet Co., Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-03-30] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2904512 2016-03-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016704 2016-03-30] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\W32X86\3\PrintConfig.dll [2205696 2012-07-25] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2014-09-02] (Microsoft Corporation) [File not signed]
U2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S4 AIPS; C:\Program Files\netcut\services\AIPS.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 apf004; C:\Windows\system32\apf004.sys [15112 2014-10-17] ()
S2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137144 2010-12-21] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-12-21] (ESET)
S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [95384 2010-12-21] (ESET)
R3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-14] (VIA Technologies, Inc.              )
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2009-07-14] () [File not signed]
S3 MsRPC; C:\Windows\system32\Drivers\MsRPC.sys [162896 2009-07-14] () [File not signed]
R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [28240 2009-07-14] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6144 2009-07-14] () [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [12288 2009-07-14] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [49728 2009-07-14] () [File not signed]
S3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-14] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [710720 2009-07-14] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-14] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-14] () [File not signed]
S3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [45568 2009-07-14] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2009-07-14] () [File not signed]
R3 NDProxy; C:\Windows\system32\Drivers\NDProxy.sys [48128 2009-07-14] () [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [36352 2009-07-14] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2009-07-14] () [File not signed]
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [44624 2009-07-14] () [File not signed]
R1 Npfs; C:\Windows\system32\Drivers\Npfs.sys [35328 2009-07-14] () [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16896 2009-07-14] () [File not signed]
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1210432 2009-07-14] ()
R1 Null; C:\Windows\system32\Drivers\Null.sys [4608 2009-07-14] () [File not signed]
R3 NVHDA; C:\Windows\System32\drivers\nvhda32v.sys [170128 2015-12-17] () [File not signed]
R3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [10533824 2016-02-24] () [File not signed]
S3 nvraid; C:\Windows\system32\DRIVERS\nvraid.sys [117312 2009-07-14] () [File not signed]
S3 nvstor; C:\Windows\system32\DRIVERS\nvstor.sys [142416 2009-07-14] () [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [25536 2016-03-30] () [File not signed]
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [50752 2016-03-22] () [File not signed]
S3 nv_agp; C:\Windows\system32\DRIVERS\nv_agp.sys [105024 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\DRIVERS\ohci1394.sys [62464 2009-07-14] () [File not signed]
R3 Parport; C:\Windows\System32\DRIVERS\parport.sys [79360 2009-07-14] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [56912 2009-07-14] () [File not signed]
R2 Parvdm; C:\Windows\System32\DRIVERS\parvdm.sys [8704 2009-07-14] () [File not signed]
R0 pci; C:\Windows\System32\DRIVERS\pci.sys [153680 2009-07-14] () [File not signed]
S3 pciide; C:\Windows\system32\DRIVERS\pciide.sys [12368 2009-07-14] () [File not signed]
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [180288 2009-07-14] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [43088 2009-07-14] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [586752 2009-07-14] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [73728 2009-07-14] () [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [52224 2009-07-14] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [104448 2009-07-14] () [File not signed]
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1383488 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [106064 2009-07-14] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-14] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2009-07-14] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-14] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-14] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-14] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [75264 2009-07-14] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [241664 2009-07-14] () [File not signed]
R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [18944 2009-07-14] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6656 2009-07-14] () [File not signed]
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [133120 2009-07-14] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6656 2009-07-14] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-14] () [File not signed]
S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [177152 2009-07-14] () [File not signed]
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [173648 2009-07-14] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-14] () [File not signed]
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt86win7.sys [139776 2009-07-14] () [File not signed]
S3 s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [5632 2009-07-14] () [File not signed]
S3 sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [85568 2009-07-14] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2009-07-14] () [File not signed]
S3 SDGame; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2009-07-14] () [File not signed]
R3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [17920 2009-07-14] () [File not signed]
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [83456 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [19968 2009-07-14] () [File not signed]
S3 sffdisk; C:\Windows\system32\DRIVERS\sffdisk.sys [11264 2009-07-14] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\DRIVERS\sffp_mmc.sys [12288 2009-07-14] () [File not signed]
S3 sffp_sd; C:\Windows\system32\DRIVERS\sffp_sd.sys [12800 2009-07-14] () [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [13824 2009-07-14] () [File not signed]
S3 sisagp; C:\Windows\system32\DRIVERS\sisagp.sys [52304 2009-07-14] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [40016 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [77888 2009-07-14] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-14] () [File not signed]
R0 spldr; C:\Windows\system32\Drivers\spldr.sys [17472 2009-07-14] () [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [309760 2009-07-14] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [306688 2009-07-14] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [113664 2009-07-14] () [File not signed]
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [21072 2009-07-14] () [File not signed]
R0 storflt; C:\Windows\System32\DRIVERS\vmstorfl.sys [40896 2009-07-14] () [File not signed]
S3 storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [28224 2009-07-14] () [File not signed]
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12240 2009-07-14] () [File not signed]
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1285712 2009-07-14] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1285712 2009-07-14] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [34816 2009-07-14] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [17920 2009-07-14] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24064 2009-07-14] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74240 2009-07-14] () [File not signed]
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [51776 2009-07-14] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [30208 2009-07-14] () [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2009-07-14] () [File not signed]
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [55888 2009-07-14] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2009-07-14] () [File not signed]
S3 uliagpkx; C:\Windows\system32\DRIVERS\uliagpkx.sys [57424 2009-07-14] () [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [39936 2009-07-14] () [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [8192 2009-07-14] () [File not signed]
S3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [75264 2009-07-14] () [File not signed]
S3 usbcir; C:\Windows\system32\DRIVERS\usbcir.sys [86016 2009-07-14] () [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [41472 2009-07-14] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2009-07-14] () [File not signed]
S3 usbohci; C:\Windows\system32\DRIVERS\usbohci.sys [20480 2009-07-14] () [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [19968 2009-07-14] () [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [74752 2009-07-14] () [File not signed]
R3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [24064 2009-07-14] () [File not signed]
S3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [15872 2009-07-14] () [File not signed]
R0 vdrvroot; C:\Windows\System32\DRIVERS\vdrvroot.sys [32832 2009-07-14] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-14] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-14] () [File not signed]
S3 vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [159824 2009-07-14] () [File not signed]
S3 viaagp; C:\Windows\system32\DRIVERS\viaagp.sys [53328 2009-07-14] () [File not signed]
S3 ViaC7; C:\Windows\system32\DRIVERS\viac7.sys [52736 2009-07-14] () [File not signed]
S3 viaide; C:\Windows\system32\DRIVERS\viaide.sys [16976 2009-07-14] () [File not signed]
S3 vmbus; C:\Windows\system32\DRIVERS\vmbus.sys [175824 2009-07-14] () [File not signed]
S3 VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [17920 2009-07-14] () [File not signed]
R0 volmgr; C:\Windows\System32\DRIVERS\volmgr.sys [53312 2009-07-14] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] () [File not signed]
R0 volsnap; C:\Windows\System32\DRIVERS\volsnap.sys [245328 2009-07-14] () [File not signed]
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [141904 2009-07-14] () [File not signed]
S3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [19968 2009-07-14] () [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [21632 2009-07-14] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2009-07-14] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2009-07-14] () [File not signed]
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [19024 2009-07-14] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [445008 2009-07-14] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-14] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [19008 2009-07-14] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [34944 2009-07-14] () [File not signed]
S3 WmiAcpi; C:\Windows\system32\DRIVERS\wmiacpi.sys [11264 2009-07-14] () [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [16384 2009-07-14] () [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [92672 2009-07-14] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [132224 2009-07-14] () [File not signed]
U5 42ad30799d0cce11; C:\Windows\System32\Drivers\42ad30799d0cce11.sys [82432 2016-08-03] () <===== ATTENTION Necurs Rootkit?
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 gkernel; \??\C:\Users\deping\AppData\Local\Temp\gkernel.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 xspirit; \??\C:\Windows\xspirit.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-16 00:05 - 2016-08-16 00:26 - 00000000 ____D C:\FRST
2016-08-15 23:39 - 2016-08-15 23:39 - 00000000 ____D C:\ProgramData\BlueStacksGameManager.old
2016-08-15 23:39 - 2016-08-15 23:39 - 00000000 ____D C:\Program Files\BlueStacks.old
2016-08-03 19:35 - 2016-08-03 19:35 - 00082432 _____ C:\Windows\system32\Drivers\42ad30799d0cce11.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-16 00:25 - 2009-07-14 12:34 - 00016528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-16 00:25 - 2009-07-14 12:34 - 00016528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-16 00:00 - 2014-10-19 19:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-15 23:59 - 2015-12-06 23:36 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-15 23:48 - 2016-05-18 11:14 - 00000000 ____D C:\Program Files\BlueStacks
2016-08-15 23:48 - 2016-05-09 00:28 - 00000000 ____D C:\Users\deping\AppData\Local\BlueStacks
2016-08-15 23:36 - 2014-09-11 17:13 - 00000000 ____D C:\Users\deping\AppData\Roaming\DMCache
2016-08-15 08:23 - 2015-12-06 23:36 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-15 08:23 - 2009-07-14 12:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-15 08:23 - 2008-01-08 05:08 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-14 21:15 - 2016-01-12 21:05 - 00000000 ____D C:\Users\deping\AppData\Local\CrashDumps
2016-08-12 22:11 - 2016-05-08 23:04 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-08-09 06:00 - 2015-12-06 23:41 - 00002144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-09 06:00 - 2015-12-06 23:41 - 00002132 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-04 12:17 - 2016-03-06 13:07 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-27 00:17 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\system32\NDF
2016-07-20 11:17 - 2016-05-06 17:47 - 00000000 ____D C:\Program Files\betternet
2016-07-19 13:05 - 2016-02-07 16:10 - 00000000 ____D C:\Users\deping\AppData\Roaming\uTorrent

==================== Files in the root of some directories =======

2016-06-19 02:17 - 2016-06-19 02:17 - 0000013 _____ () C:\Users\deping\AppData\Roaming\0E0ZI53K.txt
2016-06-27 14:00 - 2016-06-27 14:00 - 0000016 _____ () C:\Users\deping\AppData\Roaming\1GDKIPEX.txt
2016-06-20 22:22 - 2016-06-20 22:22 - 0000013 _____ () C:\Users\deping\AppData\Roaming\3HM7RVF4.txt
2016-06-20 22:28 - 2016-06-20 22:28 - 0000012 _____ () C:\Users\deping\AppData\Roaming\7V4ZD8QJ.txt
2016-06-18 12:22 - 2016-06-18 12:22 - 0000013 _____ () C:\Users\deping\AppData\Roaming\ADHHONK7.txt
2016-06-21 07:50 - 2016-06-21 07:50 - 0000013 _____ () C:\Users\deping\AppData\Roaming\AN5X3RC3.txt
2016-06-19 21:50 - 2016-06-19 21:50 - 0000012 _____ () C:\Users\deping\AppData\Roaming\N1NDF0VV.txt
2016-06-17 14:24 - 2016-06-17 14:24 - 0000013 _____ () C:\Users\deping\AppData\Roaming\OD7IQP5B.txt
2016-06-26 02:45 - 2016-06-26 02:46 - 0000018 _____ () C:\Users\deping\AppData\Roaming\PD1UWE56.txt
2016-06-29 18:45 - 2016-06-29 18:46 - 0000015 _____ () C:\Users\deping\AppData\Roaming\Q8RKXGP8.txt
2016-07-01 12:56 - 2016-07-01 12:56 - 0000012 _____ () C:\Users\deping\AppData\Roaming\QP1ZWPTH.txt
2016-06-19 18:50 - 2016-06-19 19:00 - 0000017 _____ () C:\Users\deping\AppData\Roaming\SB4LV25D.txt
2016-06-30 11:30 - 2016-06-30 11:30 - 0000015 _____ () C:\Users\deping\AppData\Roaming\TDDRBOM2.txt
2016-06-20 01:55 - 2016-06-20 01:55 - 0000013 _____ () C:\Users\deping\AppData\Roaming\V4ATAT5Y.txt
2016-07-01 13:03 - 2016-07-01 13:03 - 0000015 _____ () C:\Users\deping\AppData\Roaming\Y0SBCNFA.txt
2014-08-29 22:57 - 2014-08-29 22:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe
[2009-07-14 07:37] - [2010-11-20 04:17] - 0285696 ____A (Microsoft Corporation) C3EB9EA34EBE459F13F3F890F56CE72A

C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2009-07-14 07:24] - [2010-11-20 04:21] - 0812032 ____N (Microsoft Corporation) CF97D64D7EC169C53C93B0A192218B29

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys
[2009-07-14 07:11] - [2009-07-14 09:19] - 0245328 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\system32\Drivers\volsnap.sys => no Company Name <===== ATTENTION



LastRegBack: 2016-08-06 02:36

==================== End of FRST.txt ============================

Attached Files


Edited by Deping, 15 August 2016 - 11:48 AM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:44 PM

Posted 15 August 2016 - 05:09 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

 
2.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Edited by fireman4it, 15 August 2016 - 05:09 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Deping

Deping
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 15 August 2016 - 07:35 PM

Hello ! I did as you said

 

08:26:12.0665 0x0b50  SetPrivileges failed!
08:26:12.0665 0x0b50  TDSS rootkit removing tool 3.1.0.11 Aug  5 2016 12:13:31
08:26:13.0430 0x0b50  ============================================================
08:26:13.0430 0x0b50  Current date / time: 2016/08/16 08:26:13.0430
08:26:13.0430 0x0b50  SystemInfo:
08:26:13.0430 0x0b50  
08:26:13.0430 0x0b50  OS Version: 6.1.7600 ServicePack: 0.0
08:26:13.0430 0x0b50  Product type: Workstation
08:26:13.0430 0x0b50  ComputerName: ACUNOROGIA
08:26:13.0430 0x0b50  UserName: deping
08:26:13.0430 0x0b50  Windows directory: C:\Windows
08:26:13.0430 0x0b50  System windows directory: C:\Windows
08:26:13.0430 0x0b50  Processor architecture: Intel x86
08:26:13.0430 0x0b50  Number of processors: 2
08:26:13.0430 0x0b50  Page size: 0x1000
08:26:13.0430 0x0b50  Boot type: Normal boot
08:26:13.0430 0x0b50  CodeIntegrityOptions = 0x00000000
08:26:13.0430 0x0b50  ============================================================
08:26:13.0430 0x0b50  KLMD ARK init status: drvProperties = 0xFFFF00, osBuild = 7600.16385, osProperties = 0x0
08:26:13.0430 0x0b50  KLMD BG init status: drvProperties = 0xFFFF00, osBuild = 7600.16385, osProperties = 0x0
08:26:13.0430 0x0b50  BG loaded
08:26:14.0459 0x0b50  System UUID: {C011B5C8-BB02-9770-CBC3-7B3DFED61EE5}
08:26:14.0880 0x0b50  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:26:14.0880 0x0b50  ============================================================
08:26:14.0880 0x0b50  \Device\Harddisk0\DR0:
08:26:14.0880 0x0b50  MBR partitions:
08:26:14.0880 0x0b50  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61AB7E8
08:26:14.0896 0x0b50  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x61AB866, BlocksNum 0x1869E559
08:26:14.0912 0x0b50  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1E849DFE, BlocksNum 0x1BB3AE43
08:26:14.0912 0x0b50  ============================================================
08:26:14.0943 0x0b50  C: <-> \Device\Harddisk0\DR0\Partition1
08:26:15.0317 0x0b50  D: <-> \Device\Harddisk0\DR0\Partition2
08:26:15.0348 0x0b50  E: <-> \Device\Harddisk0\DR0\Partition3
08:26:15.0348 0x0b50  ============================================================
08:26:15.0348 0x0b50  Initialize success
08:26:15.0348 0x0b50  ============================================================
08:29:24.0032 0x1360  ============================================================
08:29:24.0032 0x1360  Scan started
08:29:24.0032 0x1360  Mode: Manual;
08:29:24.0032 0x1360  ============================================================
08:29:24.0032 0x1360  KSN ping started
08:29:47.0179 0x1360  KSN ping finished: true
08:29:50.0564 0x1360  ================ Scan system memory ========================
08:29:50.0564 0x1360  System memory - ok
08:29:50.0564 0x1360  ================ Scan services =============================
08:29:50.0704 0x1360  [ 6D2ACA41739BFE8CB86EE8E85F29697D, 74A4F53C8309A8E5E94CDE4D440DD5308566185E6D8D98FD08E70A25BD728C91 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
08:29:50.0704 0x1360  1394ohci - ok
08:29:50.0735 0x1360  [ F0E07D144C8685B8774BC32FC8DA4DF0, 39816ED2623CA9ABE2B2EDCDB2F8481634742F00FEEF7E324F34D2BAAD668A67 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
08:29:50.0735 0x1360  ACPI - ok
08:29:50.0751 0x1360  [ 98D81CA942D19F7D9153B095162AC013, ACE5C073323176621F3312AA9B1EE1A3382F8CDD590D90DC57B34035FD6BC281 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
08:29:50.0767 0x1360  AcpiPmi - ok
08:29:50.0845 0x1360  [ 68E7DEA59FDEF410BAF29FDB5B7A6EEF, B808FCF0C30B465A1330E47947B84FC722A3B4C46260E261C54B1EED725A288F ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
08:29:50.0845 0x1360  AdobeARMservice - ok
08:29:50.0907 0x1360  [ 32B31B696CB8E8F380831DFEB80A67E4, 8C8F6E16F2FB3E8F10569261B7712BBC931A2924B6C27D561E7F828041C4F3E6 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:29:50.0907 0x1360  AdobeFlashPlayerUpdateSvc - ok
08:29:50.0954 0x1360  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
08:29:50.0969 0x1360  adp94xx - ok
08:29:50.0985 0x1360  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
08:29:50.0985 0x1360  adpahci - ok
08:29:51.0001 0x1360  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
08:29:51.0016 0x1360  adpu320 - ok
08:29:51.0047 0x1360  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
08:29:51.0047 0x1360  AeLookupSvc - ok
08:29:51.0079 0x1360  [ DDC040FDB01EF1712A6B13E52AFB104C, BF17E91BBB85A04F1EEF580CD006101332CDE5B876A0D04C6932F30707BB184F ] AFD             C:\Windows\system32\drivers\afd.sys
08:29:51.0094 0x1360  AFD - ok
08:29:51.0110 0x1360  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
08:29:51.0110 0x1360  agp440 - ok
08:29:51.0125 0x1360  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
08:29:51.0125 0x1360  aic78xx - ok
08:29:51.0157 0x1360  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
08:29:51.0157 0x1360  ALG - ok
08:29:51.0172 0x1360  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
08:29:51.0172 0x1360  aliide - ok
08:29:51.0188 0x1360  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\DRIVERS\amdagp.sys
08:29:51.0188 0x1360  amdagp - ok
08:29:51.0203 0x1360  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
08:29:51.0203 0x1360  amdide - ok
08:29:51.0219 0x1360  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
08:29:51.0219 0x1360  AmdK8 - ok
08:29:51.0235 0x1360  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
08:29:51.0235 0x1360  AmdPPM - ok
08:29:51.0250 0x1360  [ 2101A86C25C154F8314B24EF49D7FBC2, E4C1326CF55850793B45B2BFDF361C4E98A07FB13E08BFD6DB50135489700998 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
08:29:51.0250 0x1360  amdsata - ok
08:29:51.0266 0x1360  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
08:29:51.0266 0x1360  amdsbs - ok
08:29:51.0281 0x1360  [ B81C2B5616F6420A9941EA093A92B150, DA2000C9E06533232F8716A6674BC9DFD5C3AAE1FC46F7A91B8E917DB913F42F ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
08:29:51.0281 0x1360  amdxata - ok
08:29:51.0344 0x1360  [ 13E5C8E5A161AA7851D1497C690291C1, 34E839F160ED56D6764BA3E9BE0F55DA04ACFB9F18AB3FB4B762C8367332C21A ] apf004          C:\Windows\system32\apf004.sys
08:29:51.0344 0x1360  apf004 - ok
08:29:51.0375 0x1360  [ FEB834C02CE1E84B6A38F953CA067706, E5A7F8B632ABFBD1283C3D44FB02449814EDB653B204E1720DAA780A6D64FD01 ] AppID           C:\Windows\system32\drivers\appid.sys
08:29:51.0375 0x1360  AppID - ok
08:29:51.0406 0x1360  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
08:29:51.0406 0x1360  AppIDSvc - ok
08:29:51.0406 0x1360  [ 7DEAD9E3F65DCB2794F2711003BBF650, F541C30EEFD1BDB70F361B878B6E51DC728873695DD137148CE531FBACCDA21B ] Appinfo         C:\Windows\System32\appinfo.dll
08:29:51.0406 0x1360  Appinfo - ok
08:29:51.0437 0x1360  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
08:29:51.0453 0x1360  AppMgmt - ok
08:29:51.0469 0x1360  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
08:29:51.0469 0x1360  arc - ok
08:29:51.0484 0x1360  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
08:29:51.0484 0x1360  arcsas - ok
08:29:51.0562 0x1360  [ 2FE0D5DB69014980A970D3BF9A85D2B1, 3837F176B0CB7FEA2689D90B50B62F660FE579A5EB1E47C827DFA95596B72D1E ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
08:29:51.0562 0x1360  aspnet_state - ok
08:29:51.0593 0x1360  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
08:29:51.0593 0x1360  AsyncMac - ok
08:29:51.0609 0x1360  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
08:29:51.0609 0x1360  atapi - ok
08:29:51.0640 0x1360  [ 510C873BFA135AA829F4180352772734, BC528D840EB338B0C5D11801C63D8EADD40AF8043DC77ACB4B42E8D20767538F ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:29:51.0640 0x1360  AudioEndpointBuilder - ok
08:29:51.0656 0x1360  [ 510C873BFA135AA829F4180352772734, BC528D840EB338B0C5D11801C63D8EADD40AF8043DC77ACB4B42E8D20767538F ] Audiosrv        C:\Windows\System32\Audiosrv.dll
08:29:51.0671 0x1360  Audiosrv - ok
08:29:51.0687 0x1360  [ DD6A431B43E34B91A767D1CE33728175, 8BFF6474C9DFBEC96FA7B2789EF9B17C7910B52DBCF70CDA1F0C698CFA5EFB6E ] AxInstSV        C:\Windows\System32\AxInstSV.dll
08:29:51.0687 0x1360  AxInstSV - ok
08:29:51.0703 0x1360  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
08:29:51.0718 0x1360  b06bdrv - ok
08:29:51.0734 0x1360  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
08:29:51.0749 0x1360  b57nd60x - ok
08:29:51.0765 0x1360  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
08:29:51.0765 0x1360  BDESVC - ok
08:29:51.0781 0x1360  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
08:29:51.0781 0x1360  Beep - ok
08:29:51.0812 0x1360  [ 85AC71C045CEB054ED48A7841AAE0C11, BA0C0CC50E5C49838116AC9A12A7CF1A683601FD08D3CF6EC06620C51C0806FF ] BFE             C:\Windows\System32\bfe.dll
08:29:51.0827 0x1360  BFE - ok
08:29:51.0859 0x1360  [ 53F476476F55A27F580661BDE09C4EC4, 90DFBF97F011CFF41D2CFA2E33978BC746A7E693AC75EED1436130C4F10B4E67 ] BITS            C:\Windows\System32\qmgr.dll
08:29:51.0874 0x1360  BITS - ok
08:29:51.0890 0x1360  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
08:29:51.0890 0x1360  blbdrive - ok
08:29:51.0905 0x1360  [ FCAFAEF6798D7B51FF029F99A9898961, BFB37686B1386EB883B99DB6AC342C20514939F8B7A5CEC5D63865B3DC2B4D4F ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
08:29:51.0905 0x1360  bowser - ok
08:29:51.0921 0x1360  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:29:51.0921 0x1360  BrFiltLo - ok
08:29:51.0937 0x1360  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:29:51.0937 0x1360  BrFiltUp - ok
08:29:51.0952 0x1360  [ 598E1280E7FF3744F4B8329366CC5635, 9B6392AEBE7EF26253487AF8C7C114822ABB187BA32DA8DBF622DB1B8DA6F1C0 ] Browser         C:\Windows\System32\browser.dll
08:29:51.0952 0x1360  Browser - ok
08:29:51.0968 0x1360  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
08:29:51.0983 0x1360  Brserid - ok
08:29:51.0999 0x1360  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
08:29:51.0999 0x1360  BrSerWdm - ok
08:29:51.0999 0x1360  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
08:29:51.0999 0x1360  BrUsbMdm - ok
08:29:52.0015 0x1360  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
08:29:52.0015 0x1360  BrUsbSer - ok
08:29:52.0030 0x1360  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
08:29:52.0030 0x1360  BTHMODEM - ok
08:29:52.0061 0x1360  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
08:29:52.0061 0x1360  bthserv - ok
08:29:52.0077 0x1360  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
08:29:52.0077 0x1360  cdfs - ok
08:29:52.0108 0x1360  [ BA6E70AA0E6091BC39DE29477D866A77, A17A68BDA46995F75FB1C2C593A81CD3B2BFE290CEAA45FA2380DDF5537A23C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
08:29:52.0108 0x1360  cdrom - ok
08:29:52.0139 0x1360  [ 628A9E30EC5E18DD5DE6BE4DBDC12198, DDA43DCCB195440D6BD5752BD00D984F45BD6D23DBE2A656C33E3CD1E5D17AD7 ] CertPropSvc     C:\Windows\System32\certprop.dll
08:29:52.0139 0x1360  CertPropSvc - ok
08:29:52.0155 0x1360  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
08:29:52.0155 0x1360  circlass - ok
08:29:52.0171 0x1360  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
08:29:52.0171 0x1360  CLFS - ok
08:29:52.0217 0x1360  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:29:52.0217 0x1360  clr_optimization_v2.0.50727_32 - ok
08:29:52.0249 0x1360  [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:29:52.0264 0x1360  clr_optimization_v4.0.30319_32 - ok
08:29:52.0280 0x1360  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
08:29:52.0280 0x1360  CmBatt - ok
08:29:52.0295 0x1360  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
08:29:52.0295 0x1360  cmdide - ok
08:29:52.0311 0x1360  [ 1B675691ED940766149C93E8F4488D68, A55C41B2B343B1CF53D737ED1752D0510052094FFC60FDB833279A8A52398132 ] CNG             C:\Windows\system32\Drivers\cng.sys
08:29:52.0327 0x1360  CNG - ok
08:29:52.0342 0x1360  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
08:29:52.0342 0x1360  Compbatt - ok
08:29:52.0358 0x1360  [ F1724BA27E97D627F808FB0BA77A28A6, F7D69082EEFEC0FB8B309F6AEE282D4A5DFC1A40851ED65904AA9582C5DEA5AB ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
08:29:52.0358 0x1360  CompositeBus - ok
08:29:52.0373 0x1360  COMSysApp - ok
08:29:52.0389 0x1360  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
08:29:52.0389 0x1360  crcdisk - ok
08:29:52.0420 0x1360  [ 9C231178CE4FB385F4B54B0A9080B8A4, 08EFAEBFF68D5CCE432D75116ED4BDC63FEA651459C9AD363CBEEDB769806527 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
08:29:52.0420 0x1360  CryptSvc - ok
08:29:52.0451 0x1360  [ 27C9490BDD0AE48911AB8CF1932591ED, 751F576F797F8A7BA576C32598BD6FD2E60D4FACC7836CC5BA3F68C38D27CCCA ] CSC             C:\Windows\system32\drivers\csc.sys
08:29:52.0467 0x1360  CSC - ok
08:29:52.0498 0x1360  [ 56FB5F222EA30D3D3FC459879772CB73, 2C4646774575858E26DBA9C73853E06D0BD18CC8A4C73C633071FF5FE04CA0F4 ] CscService      C:\Windows\System32\cscsvc.dll
08:29:52.0498 0x1360  CscService - ok
08:29:52.0545 0x1360  [ B82CD39E336973359D7C9BF911E8E84F, 45DB8F1E88FC25A81D2F3C2F8A8CDB6B34C44950B038E24FB71DCDD9823DB22A ] DcomLaunch      C:\Windows\system32\rpcss.dll
08:29:52.0545 0x1360  DcomLaunch - ok
08:29:52.0576 0x1360  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
08:29:52.0592 0x1360  defragsvc - ok
08:29:52.0607 0x1360  [ 8E09E52EE2E3CEB199EF3DD99CF9E3FB, B03D0CF11C1D0DCBB76E74D796F3AFA2F9598C918017C29670BED4E3A9962EF5 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
08:29:52.0607 0x1360  DfsC - ok
08:29:52.0623 0x1360  [ C56495FBD770712367CAD35E5DE72DA6, 9D5456A2E208F542F0B6C951EFCABA2A10919777C4287D7298A28F543D5BAC32 ] Dhcp            C:\Windows\system32\dhcpcore.dll
08:29:52.0639 0x1360  Dhcp - ok
08:29:52.0639 0x1360  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
08:29:52.0639 0x1360  discache - ok
08:29:52.0670 0x1360  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
08:29:52.0670 0x1360  Disk - ok
08:29:52.0685 0x1360  [ D0722E963D3C6145446874241401B209, 542B3E6EC7E0161AB4732380343139959775E749996A97684A5D423833DDB196 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
08:29:52.0685 0x1360  Dnscache - ok
08:29:52.0701 0x1360  [ 4408C85C21EEA48EB0CE486BAEEF0502, 67EA726F4053665D94D7790EC89616EA0698A7548073A9211E3F75937B4384BE ] dot3svc         C:\Windows\System32\dot3svc.dll
08:29:52.0717 0x1360  dot3svc - ok
08:29:52.0732 0x1360  [ 7FA81C6E11CAA594ADB52084DA73A1E5, 9ED1C585D9CA091E75E4A2A1E5B923B104EBDC5FC9D12154DE909C583E4D0CAE ] DPS             C:\Windows\system32\dps.dll
08:29:52.0732 0x1360  DPS - ok
08:29:52.0732 0x1360  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
08:29:52.0748 0x1360  drmkaud - ok
08:29:52.0763 0x1360  [ 39806CFEDDCC55E686A49BCCD2972F23, EFD5816D3E8E7F0F8D8E52AB9C534737F32D2D6D3EACCA78940792C553881C64 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
08:29:52.0779 0x1360  DXGKrnl - ok
08:29:52.0810 0x1360  [ 04CBA07E73F152970FC34D66D3892E2A, CB5C77C4C34985102868715BD5D0DF1A6B0DA37A3245AD033F0B5C1D856F7E8C ] eamonm          C:\Windows\system32\DRIVERS\eamonm.sys
08:29:52.0826 0x1360  eamonm - ok
08:29:52.0841 0x1360  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
08:29:52.0857 0x1360  EapHost - ok
08:29:52.0935 0x1360  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
08:29:53.0013 0x1360  ebdrv - ok
08:29:53.0044 0x1360  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] EFS             C:\Windows\System32\lsass.exe
08:29:53.0044 0x1360  EFS - ok
08:29:53.0060 0x1360  [ FE7824239D132AD9EBD8645FE1199B30, 899FF66F6F657F9CDB7C17ABCED74CCFD2CADE46B856C8398DBC14FBCAB1CE31 ] ehdrv           C:\Windows\system32\DRIVERS\ehdrv.sys
08:29:53.0060 0x1360  ehdrv - ok
08:29:53.0107 0x1360  [ 3A74A6E33685662B125A3269B1F2114F, 183E180E4B35E549B5D7363D926E17226FF70CFDE7328F7B0B3676B9A27E2569 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
08:29:53.0107 0x1360  ehRecvr - ok
08:29:53.0122 0x1360  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
08:29:53.0122 0x1360  ehSched - ok
08:29:53.0153 0x1360  [ 68D91A34CE51CF15C45DD68F7F1257E8, 81698C9D6E69506637208CA564B14B7FEBBFE4EFBC574C490332A985ADCBB12D ] EhttpSrv        C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
08:29:53.0153 0x1360  EhttpSrv - ok
08:29:53.0185 0x1360  [ 191D8ECCC40F05B52FAC0513F35BA01D, F618E0C4142B4F951677F1077B93F482561E94E1197B37C7BAE44752E81478DC ] ekrn            C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
08:29:53.0200 0x1360  ekrn - ok
08:29:53.0247 0x1360  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
08:29:53.0263 0x1360  elxstor - ok
08:29:53.0278 0x1360  [ DDB45F6371714601A43E8BE38145BE18, 633013323EB06AFB9BE96011506FD8BA9E802D00B69423CBB27E5B3EF1BDDA3F ] epfwwfpr        C:\Windows\system32\DRIVERS\epfwwfpr.sys
08:29:53.0278 0x1360  epfwwfpr - ok
08:29:53.0294 0x1360  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
08:29:53.0294 0x1360  ErrDev - ok
08:29:53.0325 0x1360  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
08:29:53.0341 0x1360  EventSystem - ok
08:29:53.0356 0x1360  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
08:29:53.0356 0x1360  exfat - ok
08:29:53.0372 0x1360  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
08:29:53.0372 0x1360  fastfat - ok
08:29:53.0403 0x1360  [ F7EA23CC5E6BF2181F3F399D54F6EFC1, 4659A2EDC5D5171668FB20BED7B56466A674876888519D6F524F7456EBD11263 ] Fax             C:\Windows\system32\fxssvc.exe
08:29:53.0419 0x1360  Fax - ok
08:29:53.0419 0x1360  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
08:29:53.0419 0x1360  fdc - ok
08:29:53.0434 0x1360  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
08:29:53.0434 0x1360  fdPHost - ok
08:29:53.0450 0x1360  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
08:29:53.0450 0x1360  FDResPub - ok
08:29:53.0481 0x1360  [ F5CB6CB6D12F495516BE27CFFCCDE4BF, 52F61636E9C7CD967A78DC4401C4CF7D7768B9C940F1DCC01EB4DD1A48837E89 ] FETNDIS         C:\Windows\system32\DRIVERS\fetnd6.sys
08:29:53.0481 0x1360  FETNDIS - ok
08:29:53.0481 0x1360  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
08:29:53.0497 0x1360  FileInfo - ok
08:29:53.0497 0x1360  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
08:29:53.0497 0x1360  Filetrace - ok
08:29:53.0512 0x1360  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
08:29:53.0528 0x1360  flpydisk - ok
08:29:53.0543 0x1360  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
08:29:53.0543 0x1360  FltMgr - ok
08:29:53.0575 0x1360  [ B6512A85815FDC3D560C3705F5BDB93D, A04D60BF4649DD7582C0E26E9CED93841D8B2729FDF6E1551F48A94AFD5A6436 ] FontCache       C:\Windows\system32\FntCache.dll
08:29:53.0590 0x1360  FontCache - ok
08:29:53.0637 0x1360  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:29:53.0637 0x1360  FontCache3.0.0.0 - ok
08:29:53.0637 0x1360  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
08:29:53.0653 0x1360  FsDepends - ok
08:29:53.0668 0x1360  [ A574B4360E438977038AAE4BF60D79A2, 7255CCDDDAC4853FA72E6487408C4B7390CBA37549CE952929B2A9CF3327C616 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
08:29:53.0668 0x1360  Fs_Rec - ok
08:29:53.0684 0x1360  [ 5592F5DBA26282D24D2B080EB438A4D7, 5376D6CFFE9A1406CFA0BF4325EB65206F57A5C50034DA7EB4238BEB08D4D6DB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
08:29:53.0684 0x1360  fvevol - ok
08:29:53.0699 0x1360  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
08:29:53.0715 0x1360  gagp30kx - ok
08:29:53.0793 0x1360  [ 80BCF736AC70B5EF9166F9A77C0A0B44, 57A046B32189BB8C0CBB69C940315B83312351A216DB0ECD5E49255246C2C65C ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
08:29:53.0809 0x1360  GfExperienceService - ok
08:29:53.0855 0x1360  [ 8BA3C04702BF8F927AB36AE8313CA4EE, 3B6460C8134AA9D6E4FB978201B35FE9B67DD5BBB6C8D9625F3097DDA30C2893 ] gpsvc           C:\Windows\System32\gpsvc.dll
08:29:53.0855 0x1360  gpsvc - ok
08:29:53.0918 0x1360  [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
08:29:53.0918 0x1360  gupdate - ok
08:29:53.0918 0x1360  [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
08:29:53.0918 0x1360  gupdatem - ok
08:29:53.0949 0x1360  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
08:29:53.0949 0x1360  hcw85cir - ok
08:29:53.0980 0x1360  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F, 6706B8AD211A4B89B6571ACD227412026EAD87D71456B3EC6E7DD8FA15B997BE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:29:53.0980 0x1360  HdAudAddService - ok
08:29:53.0996 0x1360  [ 717A2207FD6F13AD3E664C7D5A43C7BF, BF28A6F00B64FA0E801493E3289CFFD5E313E724DF7B5AB521C9E37A20890DCF ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
08:29:53.0996 0x1360  HDAudBus - ok
08:29:54.0027 0x1360  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
08:29:54.0027 0x1360  HidBatt - ok
08:29:54.0027 0x1360  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
08:29:54.0043 0x1360  HidBth - ok
08:29:54.0058 0x1360  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
08:29:54.0058 0x1360  HidIr - ok
08:29:54.0074 0x1360  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
08:29:54.0089 0x1360  hidserv - ok
08:29:54.0105 0x1360  [ 25072FB35AC90B25F9E4E3BACF774102, EBCE089947CC5A251A517CB91E81FCB948B18405FBACA04C874D4A48AF88676D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
08:29:54.0105 0x1360  HidUsb - ok
08:29:54.0121 0x1360  [ 741C2A45CA8407E374AABA3E330B7872, FCF31C46297CFDF8240F0E783A61C8463FEDB1EF7A676AB89DFF0EAE9F3534B4 ] hkmsvc          C:\Windows\system32\kmsvc.dll
08:29:54.0121 0x1360  hkmsvc - ok
08:29:54.0136 0x1360  [ A768CA158BB06782A2835B907F4873C3, EFF736C6BA38FB8FC8807286AB273E7274F505E8E59D952E8563DF77C412C5AE ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:29:54.0152 0x1360  HomeGroupListener - ok
08:29:54.0167 0x1360  [ FB08DEC5EF43D0C66D83B8E9694E7549, 9C9ECE9E90F524791FC5DCE797BAE39605F966592126FF058BA3FA0BEFD07BEB ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:29:54.0167 0x1360  HomeGroupProvider - ok
08:29:54.0183 0x1360  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
08:29:54.0199 0x1360  HpSAMD - ok
08:29:54.0214 0x1360  [ C531C7FD9E8B62021112787C4E2C5A5A, 09205E2A5BFB6C623B312B8AC82F7F7CA8A922B1D9A0E3952BD3BA47BBE1F18C ] HTTP            C:\Windows\system32\drivers\HTTP.sys
08:29:54.0214 0x1360  HTTP - ok
08:29:54.0230 0x1360  [ 8305F33CDE89AD6C7A0763ED0B5A8D42, A7CA4978DC1FF6105EA39124DF854F0B1FD478476B871ED0E018AF3AE2165282 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
08:29:54.0230 0x1360  hwpolicy - ok
08:29:54.0245 0x1360  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
08:29:54.0245 0x1360  i8042prt - ok
08:29:54.0277 0x1360  [ 934AF4D7C5F457B9F0743F4299B77B67, F232554352BB7CD716D6173FC1AB2661E49480994BB22E9A6FE7A33B51F0A51B ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
08:29:54.0277 0x1360  iaStorV - ok
08:29:54.0339 0x1360  [ 302C0B9850DCC522EC95C4B71068203F, 3CBDFAD026A93F905981E569D4D554E9029905A56A661F11B65993794966EB3C ] IDMWFP          C:\Windows\system32\DRIVERS\idmwfp.sys
08:29:54.0339 0x1360  IDMWFP - ok
08:29:54.0386 0x1360  [ 5AF815EB5BC9802E5A064E2BA62BFC0C, DC8CED05F623D30C57E8A7A382A219B4266C9C766ABF8A8D71783EACB8607B82 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:29:54.0401 0x1360  idsvc - ok
08:29:54.0417 0x1360  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
08:29:54.0433 0x1360  iirsp - ok
08:29:54.0479 0x1360  [ C5E4602D85029C666A42890A3B2DFA45, 0D462704C507A83CB447AA0DF8A9FFAE2A16DD2D6882798E26C03F8B2C8A2C62 ] IJPLMSVC        C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
08:29:54.0495 0x1360  IJPLMSVC - ok
08:29:54.0526 0x1360  [ FAC0EE6562B121B1399D6E855583F7A5, 034C9EE9232EB2CE64297EC4BCBEB5DA443ED9176C436CC754EF84FFB4AD4B08 ] IKEEXT          C:\Windows\System32\ikeext.dll
08:29:54.0542 0x1360  IKEEXT - ok
08:29:54.0651 0x1360  [ 19B572DD46F038509846589DCB702B19, C887F184665F04AC3C02CB154D428E47917BBAD50295166C53BA03265092ABAB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
08:29:54.0698 0x1360  IntcAzAudAddService - ok
08:29:54.0713 0x1360  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
08:29:54.0713 0x1360  intelide - ok
08:29:54.0713 0x1360  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
08:29:54.0713 0x1360  intelppm - ok
08:29:54.0729 0x1360  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
08:29:54.0745 0x1360  IPBusEnum - ok
08:29:54.0760 0x1360  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:29:54.0760 0x1360  IpFilterDriver - ok
08:29:54.0791 0x1360  [ 477397B432A256A50EE7E4339EB9EA14, 3722938E69D16962F773F39669E9B90279DC9527BBC63564B33C89DAFD283497 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
08:29:54.0807 0x1360  iphlpsvc - ok
08:29:54.0807 0x1360  [ E4454B6C37D7FFD5649611F6496308A7, 5B2AA8C06076C9A1FF944E5EA07C29BA7FABEBB38E6BFB388ED46933EAC465FB ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
08:29:54.0823 0x1360  IPMIDRV - ok
08:29:54.0838 0x1360  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
08:29:54.0838 0x1360  IPNAT - ok
08:29:54.0854 0x1360  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
08:29:54.0854 0x1360  IRENUM - ok
08:29:54.0854 0x1360  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
08:29:54.0869 0x1360  isapnp - ok
08:29:54.0869 0x1360  [ ED46C223AE46C6866AB77CDC41C404B7, 1B2A4A3FF0E5F8F02717F20983D57612D62DFF809064A7E524700E7254BB7DB3 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
08:29:54.0885 0x1360  iScsiPrt - ok
08:29:54.0901 0x1360  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
08:29:54.0901 0x1360  kbdclass - ok
08:29:54.0916 0x1360  [ 3D9F0EBF350EDCFD6498057301455964, B3CB5F0C045B06C86E683F3C67DC0D4E37AF16E20B189B05C926A5A7011438FB ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
08:29:54.0916 0x1360  kbdhid - ok
08:29:54.0932 0x1360  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] KeyIso          C:\Windows\system32\lsass.exe
08:29:54.0932 0x1360  KeyIso - ok
08:29:54.0947 0x1360  [ E36A061EC11B373826905B21BE10948F, CB9F8B76E0A99307A841B66CBD96C7087CC0B068699CBEF01040E37C6EA60E6A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
08:29:54.0947 0x1360  KSecDD - ok
08:29:54.0963 0x1360  [ 26C046977E85B95036453D7B88BA1820, 375B284AFB407CAE417D2090B112A0ED1CCD516ABFDDBFCD5D6AADE859F14ACD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
08:29:54.0963 0x1360  KSecPkg - ok
08:29:54.0994 0x1360  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
08:29:54.0994 0x1360  KtmRm - ok
08:29:55.0025 0x1360  [ BCA92CB047A4326925ECEF759DBAA233, C2A188F5526882A2E3AC4CC0190452DA37CBD93043DFE5571A20E8EFE9D56DA3 ] LanmanServer    C:\Windows\system32\srvsvc.dll
08:29:55.0025 0x1360  LanmanServer - ok
08:29:55.0041 0x1360  [ B9891F885DCF1F0513A51CB58493CB1F, C883D243E1E7B7AEA031FB90FE4FCEED631F835DC95F9D9D60BC554E6EC358C2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:29:55.0057 0x1360  LanmanWorkstation - ok
08:29:55.0072 0x1360  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
08:29:55.0072 0x1360  lltdio - ok
08:29:55.0088 0x1360  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
08:29:55.0088 0x1360  lltdsvc - ok
08:29:55.0103 0x1360  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
08:29:55.0103 0x1360  lmhosts - ok
08:29:55.0135 0x1360  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
08:29:55.0135 0x1360  LSI_FC - ok
08:29:55.0150 0x1360  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
08:29:55.0150 0x1360  LSI_SAS - ok
08:29:55.0166 0x1360  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:29:55.0181 0x1360  LSI_SAS2 - ok
08:29:55.0181 0x1360  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:29:55.0197 0x1360  LSI_SCSI - ok
08:29:55.0213 0x1360  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
08:29:55.0213 0x1360  luafv - ok
08:29:55.0228 0x1360  [ E2B0887816ED336685954E3D8FDAA51D, 4DCB08ADC6A89DCA68D1285734B283B567888EF72249F6BBA73A63D1BD462466 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
08:29:55.0228 0x1360  Mcx2Svc - ok
08:29:55.0244 0x1360  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
08:29:55.0244 0x1360  megasas - ok
08:29:55.0259 0x1360  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
08:29:55.0259 0x1360  MegaSR - ok
08:29:55.0322 0x1360  [ FAFE367D032ED82E9332B4C741A20216, 7B123766E360570E0FCB211835B7910D6A1806C25A06BCA9227AB9E993376CA8 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
08:29:55.0322 0x1360  Microsoft Office Groove Audit Service - ok
08:29:55.0337 0x1360  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
08:29:55.0337 0x1360  MMCSS - ok
08:29:55.0353 0x1360  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
08:29:55.0353 0x1360  Modem - ok
08:29:55.0369 0x1360  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
08:29:55.0369 0x1360  monitor - ok
08:29:55.0384 0x1360  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
08:29:55.0384 0x1360  mouclass - ok
08:29:55.0400 0x1360  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
08:29:55.0400 0x1360  mouhid - ok
08:29:55.0415 0x1360  [ 921C18727C5920D6C0300736646931C2, 19ACE502982E9C5B0134676102EAEE96675C9CA237E410DB36C389D6B4078301 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
08:29:55.0415 0x1360  mountmgr - ok
08:29:55.0478 0x1360  [ 69E23C730974BAC8C11DF2B7C4C9D37B, 8DC4448EC9C9647381952D7822B39C89E0997B4B964A785AE274144FADEE3C02 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:29:55.0478 0x1360  MozillaMaintenance - ok
08:29:55.0493 0x1360  [ 2AF5997438C55FB79D33D015C30E1974, E8F048A02FEB400C133D0BFC1659921E73B59549E3F7D2A13929901B87A1901F ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
08:29:55.0509 0x1360  mpio - ok
08:29:55.0525 0x1360  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
08:29:55.0525 0x1360  mpsdrv - ok
08:29:55.0556 0x1360  [ 5CD996CECF45CBC3E8D109C86B82D69E, ABE40DA4DA555D3D5054BE28BF82E775D90DCB9E31409DC95FABF2F016B17700 ] MpsSvc          C:\Windows\system32\mpssvc.dll
08:29:55.0571 0x1360  MpsSvc - ok
08:29:55.0587 0x1360  [ B1BE47008D20E43DA3ADC37C24CDB89D, 6E8555E84B42E5098227B35EA5ABADF2CD3AC247B37CB9E9304FF67064EBE59B ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
08:29:55.0587 0x1360  MRxDAV - ok
08:29:55.0603 0x1360  [ F4A054BE78AF7F410129C4B64B07DC9B, 65E14D38CCAB4FBB0C0D4A12F11B2E150AEC00AC692EE92A5CE6C982CF1190F5 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
08:29:55.0618 0x1360  mrxsmb - ok
08:29:55.0618 0x1360  [ DEFFA295BD1895C6ED8E3078412AC60B, 3F13CD67659EC2C8ABADC2C5B48B939ECDC6DB7CAAAAC3C2823AC12842BC1630 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:29:55.0634 0x1360  mrxsmb10 - ok
08:29:55.0634 0x1360  [ 24D76ABE5DCAD22F19D105F76FDF0CE1, D0A7E033B4DF4AA5A9600A2A7A890FDE20AC7CE87C660817EB92FE10E2DAD343 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:29:55.0649 0x1360  mrxsmb20 - ok
08:29:55.0649 0x1360  [ 4326D168944123F38DD3B2D9C37A0B12, 322AE93418BE3BA6B3E11C86431EC3F4B23CADC3B968B92978A08A7C0D0D8902 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
08:29:55.0649 0x1360  msahci - ok
08:29:55.0681 0x1360  [ 455029C7174A2DBB03DBA8A0D8BDDD9A, 614D71978B024109ADD9A7A74F74ABD5FAA1C36A2E859AF288398EAE7CD76DF2 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
08:29:55.0681 0x1360  msdsm - ok
08:29:55.0696 0x1360  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
08:29:55.0696 0x1360  MSDTC - ok
08:29:55.0727 0x1360  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
08:29:55.0727 0x1360  Msfs - ok
08:29:55.0743 0x1360  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
08:29:55.0743 0x1360  mshidkmdf - ok
08:29:55.0759 0x1360  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
08:29:55.0759 0x1360  msisadrv - ok
08:29:55.0774 0x1360  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
08:29:55.0790 0x1360  MSiSCSI - ok
08:29:55.0790 0x1360  msiserver - ok
08:29:55.0821 0x1360  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
08:29:55.0821 0x1360  MSKSSRV - ok
08:29:55.0837 0x1360  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
08:29:55.0837 0x1360  MSPCLOCK - ok
08:29:55.0837 0x1360  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
08:29:55.0837 0x1360  MSPQM - ok
08:29:55.0852 0x1360  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
08:29:55.0852 0x1360  MsRPC - ok
08:29:55.0883 0x1360  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
08:29:55.0883 0x1360  mssmbios - ok
08:29:55.0899 0x1360  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
08:29:55.0899 0x1360  MSTEE - ok
08:29:55.0915 0x1360  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
08:29:55.0915 0x1360  MTConfig - ok
08:29:55.0915 0x1360  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
08:29:55.0930 0x1360  Mup - ok
08:29:55.0946 0x1360  [ 80284F1985C70C86F0B5F86DA2DFE1DF, 424A5BBC28C72DA0DBABEB9E423B8C409754CD1BA3DFC9E174BF22D8BCE1BE63 ] napagent        C:\Windows\system32\qagentRT.dll
08:29:55.0961 0x1360  napagent - ok
08:29:55.0977 0x1360  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
08:29:55.0993 0x1360  NativeWifiP - ok
08:29:56.0024 0x1360  [ 23759D175A0A9BAAF04D05047BC135A8, 2C8C553B4E1ED3A644F619F16BCEDD5A3C6D74A17E6E75A3E740E06B1D636348 ] NDIS            C:\Windows\system32\drivers\ndis.sys
08:29:56.0039 0x1360  NDIS - ok
08:29:56.0039 0x1360  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
08:29:56.0055 0x1360  NdisCap - ok
08:29:56.0071 0x1360  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
08:29:56.0071 0x1360  NdisTapi - ok
08:29:56.0086 0x1360  [ B30AE7F2B6D7E343B0DF32E6C08FCE75, 39BBBF7AF886732CB9ED3E6C06DA4318554089F3BEA74C74328FE1C6EF68E70B ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
08:29:56.0086 0x1360  Ndisuio - ok
08:29:56.0102 0x1360  [ 267C415EADCBE53C9CA873DEE39CF3A4, BAA8626BDA7B68176B19A99FBBD40FB2A774C8F44B56F9FFB99A1F5C16A1C555 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
08:29:56.0102 0x1360  NdisWan - ok
08:29:56.0117 0x1360  [ AF7E7C63DCEF3F8772726F86039D6EB4, 1CFDED48E8844138864786DBF9D5519162A6DB28F885A781934E8AFBD52EAC50 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
08:29:56.0133 0x1360  NDProxy - ok
08:29:56.0149 0x1360  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
08:29:56.0149 0x1360  NetBIOS - ok
08:29:56.0164 0x1360  [ DD52A733BF4CA5AF84562A5E2F963B91, 5CEB9664CED3D120F5408A12035748728710D41090A289CF66023CED4C838A1F ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
08:29:56.0164 0x1360  NetBT - ok
08:29:56.0180 0x1360  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] Netlogon        C:\Windows\system32\lsass.exe
08:29:56.0180 0x1360  Netlogon - ok
08:29:56.0211 0x1360  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
08:29:56.0211 0x1360  Netman - ok
08:29:56.0242 0x1360  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:29:56.0242 0x1360  NetMsmqActivator - ok
08:29:56.0258 0x1360  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:29:56.0258 0x1360  NetPipeActivator - ok
08:29:56.0273 0x1360  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
08:29:56.0273 0x1360  netprofm - ok
08:29:56.0289 0x1360  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:29:56.0289 0x1360  NetTcpActivator - ok
08:29:56.0305 0x1360  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:29:56.0305 0x1360  NetTcpPortSharing - ok
08:29:56.0336 0x1360  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
08:29:56.0336 0x1360  nfrd960 - ok
08:29:56.0351 0x1360  [ 2226496E34BD40734946A054B1CD657F, 98392D98C9213822268971432BB55047ABD8B4EBD42483FA69BF50FB8FAD64A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
08:29:56.0351 0x1360  NlaSvc - ok
08:29:56.0367 0x1360  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
08:29:56.0367 0x1360  Npfs - ok
08:29:56.0383 0x1360  npggsvc - ok
08:29:56.0398 0x1360  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
08:29:56.0414 0x1360  nsi - ok
08:29:56.0414 0x1360  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
08:29:56.0414 0x1360  nsiproxy - ok
08:29:56.0461 0x1360  [ 3795DCD21F740EE799FB7223234215AF, B03DBFD33B201134473D23038E0BD86CFE64556754BF4EBA42C10B67AEECAEA6 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
08:29:56.0492 0x1360  Ntfs - ok
08:29:56.0507 0x1360  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
08:29:56.0507 0x1360  Null - ok
08:29:56.0539 0x1360  [ 2E918562FE52470B166EC28081AE43CA, 302ABB48B44796C58ED9B8A92CA4AAFB9AB05D37B600808B30B936ADD8844821 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
08:29:56.0539 0x1360  NVHDA - ok
08:29:56.0819 0x1360  [ 07550F01BD7BE299D9DBE73AC8961602, B3F69F99862C0BBAA70CAC6E7131E6D11568FF53EB28166A8C85117477A55206 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:29:56.0975 0x1360  nvlddmkm - ok
08:29:57.0085 0x1360  [ AF9BDCDDDDDDF7D99F821E1F96AA5C6A, 1FCF538F7B08BABD8AB8545C1868CA791F3641E69CB28D98209A17D03D836892 ] NvNetworkService C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
08:29:57.0116 0x1360  NvNetworkService - ok
08:29:57.0131 0x1360  [ 3F3D04B1D08D43C16EA7963954EC768D, BA82C1D3D9F4AA5F1C9729D61D4E06DB961FDF2B1E9B483D29DB308204DF0754 ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
08:29:57.0147 0x1360  nvraid - ok
08:29:57.0163 0x1360  [ C99F251A5DE63C6F129CF71933ACED0F, 24D48A5F5D699AB0DD4D4435F8F7C6B73A924AEF8F9D1170FD644E26499546A2 ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
08:29:57.0163 0x1360  nvstor - ok
08:29:57.0209 0x1360  [ 080549922862A612EC95E0D7CD7A310B, 0EC0D2811EB2B166016732D8AB80D12C5C5176A163F8B9FEE245FA7BFE668869 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
08:29:57.0209 0x1360  NvStreamKms - ok
08:29:57.0303 0x1360  [ 1DBA2B3B8B5E977E77BD9FCAD4CA1A38, AE91B352DD52F20CF15391D54619B54A9BFECFE697BA803C4EA52BD9AC218BF4 ] NvStreamNetworkSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
08:29:57.0334 0x1360  NvStreamNetworkSvc - ok
08:29:57.0412 0x1360  [ 2E1F8A44359785D97761B9B3D40C7A75, F57883CAF8D307926A5118C0E692D920DCF2D3C1DC9211E89A8AEAF60DC6A2A5 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
08:29:57.0443 0x1360  NvStreamSvc - ok
08:29:57.0506 0x1360  [ 1056B2EA51A627B6F87EE0C8BD40FAFD, 92A3526A71BC862C9A695FFD1297F41A58F8675D58F6BD446B2BE67C33499F3C ] nvsvc           C:\Windows\system32\nvvsvc.exe
08:29:57.0521 0x1360  nvsvc - ok
08:29:57.0537 0x1360  [ EFBE8FAA664796E1595274D1868883DC, D52E5B40EC945AE8D0EA4B42DC5FB4145CBD87289652C2819B7DBB13389F1D48 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad32v.sys
08:29:57.0537 0x1360  nvvad_WaveExtensible - ok
08:29:57.0553 0x1360  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
08:29:57.0553 0x1360  nv_agp - ok
08:29:57.0615 0x1360  [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:29:57.0615 0x1360  odserv - ok
08:29:57.0631 0x1360  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
08:29:57.0631 0x1360  ohci1394 - ok
08:29:57.0693 0x1360  [ 2184024728C007F57C22A5CFB967F75F, 2AF3596C61C16283520A3B964F242E7515C5D334F4B6405A1875DCE6AAB6671C ] OpenVPNService  C:\Program Files\OpenVPN\bin\openvpnserv.exe
08:29:57.0709 0x1360  OpenVPNService - ok
08:29:57.0724 0x1360  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:29:57.0740 0x1360  ose - ok
08:29:57.0771 0x1360  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
08:29:57.0771 0x1360  p2pimsvc - ok
08:29:57.0802 0x1360  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
08:29:57.0802 0x1360  p2psvc - ok
08:29:57.0818 0x1360  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
08:29:57.0818 0x1360  Parport - ok
08:29:57.0833 0x1360  [ FF4218952B51DE44FE910953A3E686B9, 871E4F8300AFE2AE770B8F00C12911A08D8BBD8E07C37A11AFF67CA92607A602 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
08:29:57.0833 0x1360  partmgr - ok
08:29:57.0849 0x1360  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
08:29:57.0849 0x1360  Parvdm - ok
08:29:57.0865 0x1360  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
08:29:57.0865 0x1360  PcaSvc - ok
08:29:57.0880 0x1360  [ C858CB77C577780ECC456A892E7E7D0F, 21AE545B736739DE5A7B02CF227516BA6D02B1AAAECD8CC516CCF9F1FD710BCF ] pci             C:\Windows\system32\DRIVERS\pci.sys
08:29:57.0880 0x1360  pci - ok
08:29:57.0896 0x1360  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
08:29:57.0896 0x1360  pciide - ok
08:29:57.0927 0x1360  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
08:29:57.0927 0x1360  pcmcia - ok
08:29:57.0943 0x1360  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
08:29:57.0943 0x1360  pcw - ok
08:29:57.0974 0x1360  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
08:29:57.0974 0x1360  PEAUTH - ok
08:29:58.0083 0x1360  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
08:29:58.0130 0x1360  PeerDistSvc - ok
08:29:58.0208 0x1360  [ 9C1BFF7910C89A1D12E57343475840CB, 62E00E1278BD263B2AC8CB803C31F2818C54DB143C49470FAD07731E04BD2DE3 ] pla             C:\Windows\system32\pla.dll
08:29:58.0286 0x1360  pla - ok
08:29:58.0317 0x1360  [ 2CC2008F1296968FBA162ED9F9AFE328, 670E2BE4EB8210C9D6AEA635DFA20E390936762A22B2BB413BF9C7AF418150D6 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
08:29:58.0333 0x1360  PlugPlay - ok
08:29:58.0333 0x1360  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
08:29:58.0348 0x1360  PNRPAutoReg - ok
08:29:58.0411 0x1360  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
08:29:58.0411 0x1360  PNRPsvc - ok
08:29:58.0457 0x1360  [ 48E1B75C6DC0232FD92BAAE4BD344721, 5BA4EB5A60725836D8085EABF87F51160BA57E318A0C4378410217911A393CE7 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
08:29:58.0457 0x1360  PolicyAgent - ok
08:29:58.0473 0x1360  [ DBFF83F709A91049621C1D35DD45C92C, 0A722A44F431CAB5EA77FF5F25EB6975C2111B605564FF9FB59751067E7CD3A7 ] Power           C:\Windows\system32\umpo.dll
08:29:58.0489 0x1360  Power - ok
08:29:58.0504 0x1360  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
08:29:58.0520 0x1360  PptpMiniport - ok
08:29:58.0629 0x1360  [ 2D55A1BE48C6D5B695D05A829E528D42, AC797C4FD9912BAD8A91E9596455276A6CBA2E98D36EE17A1687FE24BC9442C8 ] PrintNotify     C:\Windows\system32\spool\DRIVERS\W32X86\3\PrintConfig.dll
08:29:58.0738 0x1360  PrintNotify - ok
08:29:58.0754 0x1360  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
08:29:58.0754 0x1360  Processor - ok
08:29:58.0785 0x1360  [ 630CF26F0227498B7D5A92B12548960F, 7B6E2A3C398DF2E8F63C03ED5B59BB8DA47D5C1ACA9F37438F71F35633ACD6CD ] ProfSvc         C:\Windows\system32\profsvc.dll
08:29:58.0785 0x1360  ProfSvc - ok
08:29:58.0801 0x1360  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:29:58.0801 0x1360  ProtectedStorage - ok
08:29:58.0816 0x1360  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
08:29:58.0816 0x1360  Psched - ok
08:29:58.0879 0x1360  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
08:29:58.0910 0x1360  ql2300 - ok
08:29:58.0925 0x1360  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
08:29:58.0925 0x1360  ql40xx - ok
08:29:58.0957 0x1360  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
08:29:58.0957 0x1360  QWAVE - ok
08:29:58.0972 0x1360  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
08:29:58.0972 0x1360  QWAVEdrv - ok
08:29:58.0988 0x1360  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
08:29:58.0988 0x1360  RasAcd - ok
08:29:59.0019 0x1360  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
08:29:59.0019 0x1360  RasAgileVpn - ok
08:29:59.0019 0x1360  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
08:29:59.0035 0x1360  RasAuto - ok
08:29:59.0035 0x1360  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
08:29:59.0050 0x1360  Rasl2tp - ok
08:29:59.0066 0x1360  [ 0CE66EC736B7FC526D78F7624C7D2A94, D70B45AA413691CF84B24E966EBA1689955E54BDDA206380CAB7CD50F56D5CEB ] RasMan          C:\Windows\System32\rasmans.dll
08:29:59.0066 0x1360  RasMan - ok
08:29:59.0081 0x1360  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
08:29:59.0081 0x1360  RasPppoe - ok
08:29:59.0097 0x1360  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
08:29:59.0097 0x1360  RasSstp - ok
08:29:59.0113 0x1360  [ 835D7E81BF517A3B72384BDCC85E1CE6, DC855AF17150C1B27926293115C01B5E1FD00FABCE18AFAEAB3DC68BDE4C908B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
08:29:59.0113 0x1360  rdbss - ok
08:29:59.0128 0x1360  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
08:29:59.0128 0x1360  rdpbus - ok
08:29:59.0144 0x1360  [ 1E016846895B15A99F9A176A05029075, 78AE674B6E7D3A69099B24AC07E06563A4C867F9DCD8548E4DAAE6FC5ACA4E29 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
08:29:59.0144 0x1360  RDPCDD - ok
08:29:59.0159 0x1360  [ C5FF95883FFEF704D50C40D21CFB3AB5, 26CC53DDE126A6BD99F606695F063BB7FDC4BBABB9F75F7AD7A84B58C837EEAA ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
08:29:59.0175 0x1360  RDPDR - ok
08:29:59.0191 0x1360  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
08:29:59.0191 0x1360  RDPENCDD - ok
08:29:59.0206 0x1360  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
08:29:59.0206 0x1360  RDPREFMP - ok
08:29:59.0222 0x1360  [ 801371BA9782282892D00AADB08EE367, 884DDC24B8400E76F65F54C249053333AD29543224F9EC156C64A6BDF584DDCD ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
08:29:59.0222 0x1360  RDPWD - ok
08:29:59.0237 0x1360  [ 4EA225BF1CF05E158853F30A99CA29A7, F211480F13E2FE36C31110AE67ABE74E9D572D3A36BEEDE29E14ECBD8C246878 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
08:29:59.0253 0x1360  rdyboost - ok
08:29:59.0269 0x1360  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
08:29:59.0269 0x1360  RemoteAccess - ok
08:29:59.0284 0x1360  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
08:29:59.0300 0x1360  RemoteRegistry - ok
08:29:59.0315 0x1360  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
08:29:59.0315 0x1360  RpcEptMapper - ok
08:29:59.0331 0x1360  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
08:29:59.0331 0x1360  RpcLocator - ok
08:29:59.0347 0x1360  [ B82CD39E336973359D7C9BF911E8E84F, 45DB8F1E88FC25A81D2F3C2F8A8CDB6B34C44950B038E24FB71DCDD9823DB22A ] RpcSs           C:\Windows\system32\rpcss.dll
08:29:59.0362 0x1360  RpcSs - ok
08:29:59.0378 0x1360  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
08:29:59.0378 0x1360  rspndr - ok
08:29:59.0393 0x1360  [ 7DFD48E24479B68B258D8770121155A0, 3B5F7309403C46855DB888CF2058B07C9029690DBC7FB3224BAC7BE5547D2D57 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
08:29:59.0393 0x1360  RTL8167 - ok
08:29:59.0425 0x1360  [ 5423D8437051E89DD34749F242C98648, 28FD190E13676B0FD452A73C3069B72206E2938DB2240BAA9BDB56687C748A2B ] s3cap           C:\Windows\system32\DRIVERS\vms3cap.sys
08:29:59.0425 0x1360  s3cap - ok
08:29:59.0425 0x1360  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] SamSs           C:\Windows\system32\lsass.exe
08:29:59.0440 0x1360  SamSs - ok
08:29:59.0456 0x1360  [ 34EE0C44B724E3E4CE2EFF29126DE5B5, D27AAF77CB8830893558A600E19CDBF9A6AA7D69DE4B34F317ED4AFD38E8CAFB ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
08:29:59.0456 0x1360  sbp2port - ok
08:29:59.0471 0x1360  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
08:29:59.0487 0x1360  SCardSvr - ok
08:29:59.0487 0x1360  [ A95C54B2AC3CC9C73FCDF9E51A1D6B51, 8C0189A6AF9AEC46CBA4DA422C52B2D3E4858B2F2658DB6CA7996B5F368D2503 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
08:29:59.0503 0x1360  scfilter - ok
08:29:59.0534 0x1360  [ 3E8B0C453E25613A1F59762A5C42AA75, 86801C49664441A08F7E95031E52AD2518D61CCB945A857A18F0714351A8158C ] Schedule        C:\Windows\system32\schedsvc.dll
08:29:59.0549 0x1360  Schedule - ok
08:29:59.0565 0x1360  [ 628A9E30EC5E18DD5DE6BE4DBDC12198, DDA43DCCB195440D6BD5752BD00D984F45BD6D23DBE2A656C33E3CD1E5D17AD7 ] SCPolicySvc     C:\Windows\System32\certprop.dll
08:29:59.0565 0x1360  SCPolicySvc - ok
08:29:59.0581 0x1360  SDGame - ok
08:29:59.0596 0x1360  [ 5FD90ABDBFAEE85986802622CBB03446, 0A8D9DC09C2ACA9EAABED04737E9EBF6EFB92BB2B9E5F37F10BFDF47CBF7DEDB ] SDRSVC          C:\Windows\System32\SDRSVC.dll
08:29:59.0596 0x1360  SDRSVC - ok
08:29:59.0627 0x1360  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
08:29:59.0627 0x1360  secdrv - ok
08:29:59.0643 0x1360  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
08:29:59.0643 0x1360  seclogon - ok
08:29:59.0643 0x1360  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
08:29:59.0643 0x1360  SENS - ok
08:29:59.0674 0x1360  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
08:29:59.0674 0x1360  SensrSvc - ok
08:29:59.0690 0x1360  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
08:29:59.0705 0x1360  Serenum - ok
08:29:59.0705 0x1360  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
08:29:59.0705 0x1360  Serial - ok
08:29:59.0721 0x1360  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
08:29:59.0721 0x1360  sermouse - ok
08:29:59.0737 0x1360  [ 8F55CE568C543D5ADF45C409D16718FC, 64D45854A91B656C1AF36EB272FDC54E9B5FB0200CB93E20F7D997DDA109EF7F ] SessionEnv      C:\Windows\system32\sessenv.dll
08:29:59.0752 0x1360  SessionEnv - ok
08:29:59.0752 0x1360  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
08:29:59.0752 0x1360  sffdisk - ok
08:29:59.0768 0x1360  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
08:29:59.0768 0x1360  sffp_mmc - ok
08:29:59.0783 0x1360  [ 4F1E5B0FE7C8050668DBFADE8999AEFB, E36DAACC3D11F004808A3F44C471BBFDC2F33411D9F5C18B55B0DB2A6DA6E74C ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
08:29:59.0783 0x1360  sffp_sd - ok
08:29:59.0799 0x1360  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
08:29:59.0799 0x1360  sfloppy - ok
08:29:59.0830 0x1360  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
08:29:59.0830 0x1360  SharedAccess - ok
08:29:59.0846 0x1360  [ CD2E48FA5B29EE2B3B5858056D246EF2, B743F92D0121CF3D827753C85F1F5A14C2DAA1CAFD42C7810C3BECB853DB6175 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:29:59.0861 0x1360  ShellHWDetection - ok
08:29:59.0877 0x1360  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\DRIVERS\sisagp.sys
08:29:59.0877 0x1360  sisagp - ok
08:29:59.0893 0x1360  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:29:59.0893 0x1360  SiSRaid2 - ok
08:29:59.0908 0x1360  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
08:29:59.0908 0x1360  SiSRaid4 - ok
08:29:59.0924 0x1360  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
08:29:59.0939 0x1360  Smb - ok
08:29:59.0955 0x1360  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
08:29:59.0971 0x1360  SNMPTRAP - ok
08:29:59.0971 0x1360  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
08:29:59.0986 0x1360  spldr - ok
08:30:00.0002 0x1360  [ 49B6DD6AB3715B7A67965F17194E98A9, 331D69F3630BA978AC13471A2E7465351D04416343A595C62B94BADFFCD02B3A ] Spooler         C:\Windows\System32\spoolsv.exe
08:30:00.0002 0x1360  Spooler - ok
08:30:00.0095 0x1360  [ 4C287F9069FEDBD791178876EE9DE536, 6099E76FF6FBA002EBA2BA7BE4E3238D91332E077524D1DD402E0C9ADA22E852 ] sppsvc          C:\Windows\system32\sppsvc.exe
08:30:00.0142 0x1360  sppsvc - ok
08:30:00.0158 0x1360  [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7, E7A8A5774C62DC12B56DC3E0A385ACA9069F3A5E6AC664AD0C383EF44DCF81B3 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
08:30:00.0173 0x1360  sppuinotify - ok
08:30:00.0189 0x1360  [ 2BA4EBC7DFBA845A1EDBE1F75913BE33, 58D0B957469D55026A53C3963508C8B36BDB360A0A5B870332B79A39200DB3AC ] srv             C:\Windows\system32\DRIVERS\srv.sys
08:30:00.0205 0x1360  srv - ok
08:30:00.0205 0x1360  [ DCE7E10FEAABD4CAE95948B3DE5340BB, B1E9CD14DC24BB161EFC83D83CE95D0A98008AD790041785C6C8B87564A491D7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
08:30:00.0220 0x1360  srv2 - ok
08:30:00.0236 0x1360  [ B5665BAA2120B8A54E22E9CD07C05106, 86E50853D412ACDC752AD182ED52B49DD679D75843E1E9D6A6425E750594692C ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
08:30:00.0236 0x1360  srvnet - ok
08:30:00.0251 0x1360  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
08:30:00.0251 0x1360  SSDPSRV - ok
08:30:00.0267 0x1360  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
08:30:00.0283 0x1360  SstpSvc - ok
08:30:00.0329 0x1360  [ BE826A247D22F2FDF24B92AD40049F89, 06996ECCE5A694DEFDC99DB56F45DD0ABD9A2150581F1FD132FBBD863C474DE3 ] Steam Client Service C:\Program Files\Common Files\Steam\SteamService.exe
08:30:00.0345 0x1360  Steam Client Service - ok
08:30:00.0392 0x1360  [ B7E93F6DF15E84CDDE6AEBABC434E392, 0B6FAC02212467FE222D4469D550CF2A0B72C4E8F1B5A5278DB30385837200E4 ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
08:30:00.0407 0x1360  Stereo Service - ok
08:30:00.0423 0x1360  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
08:30:00.0423 0x1360  stexstor - ok
08:30:00.0470 0x1360  [ A22825E7BB7018E8AF3E229A5AF17221, 5C97557F8BC6ABBB5BE624AE41AAC22C3D845F76C3E930337A4C07B2381086D7 ] StiSvc          C:\Windows\System32\wiaservc.dll
08:30:00.0470 0x1360  StiSvc - ok
08:30:00.0501 0x1360  [ 957E346CA948668F2496A6CCF6FF82CC, 5C0E0F0E0F2D36E3213885C60BC3B075AFD2257FEB4B8186FC1FE253E0C218AF ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
08:30:00.0501 0x1360  storflt - ok
08:30:00.0517 0x1360  [ D5751969DC3E4B88BF482AC8EC9FE019, DAEB50C0045364C75965B0E94744C6E2E1E85C8D00F1E8A5593F3EC780BDD7D9 ] storvsc         C:\Windows\system32\DRIVERS\storvsc.sys
08:30:00.0517 0x1360  storvsc - ok
08:30:00.0532 0x1360  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
08:30:00.0532 0x1360  swenum - ok
08:30:00.0563 0x1360  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
08:30:00.0563 0x1360  swprv - ok
08:30:00.0610 0x1360  [ 04105C8DA62353589C29BDAEB8D88BD8, CC7A3A779A143E09FE5C0AA6795A7B13496C4E121347949CB23F7946EE5E2DED ] SysMain         C:\Windows\system32\sysmain.dll
08:30:00.0626 0x1360  SysMain - ok
08:30:00.0641 0x1360  [ FCFB6C552FBC0DA299799CBD50AD9FD4, A2A90829087B1A7F9B57D6F184EB4AE38D10B2986B0DC8D2ACA5EE9412CA3976 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:30:00.0641 0x1360  TabletInputService - ok
08:30:00.0673 0x1360  [ 432D9D823C4C26B6070C41BAD4404CE4, 741B41F7467D312AF4CC733EA31F647FBCD06985CBB6A14117E8A87A6F7B06F5 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
08:30:00.0673 0x1360  tap0901 - ok
08:30:00.0688 0x1360  [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF, FF66CBA014F3F8B721088F5AB3D004C1711E7F587CC8D4AC3DCFB45CDB746800 ] TapiSrv         C:\Windows\System32\tapisrv.dll
08:30:00.0704 0x1360  TapiSrv - ok
08:30:00.0704 0x1360  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
08:30:00.0704 0x1360  TBS - ok
08:30:00.0751 0x1360  [ 2CC3D75488ABD3EC628BBB9A4FC84EFC, 62917CDBC6529D1CC3D7F6E211C717DC44033955749333DCBD052F9BF6639767 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
08:30:00.0782 0x1360  Tcpip - ok
08:30:00.0829 0x1360  [ 2CC3D75488ABD3EC628BBB9A4FC84EFC, 62917CDBC6529D1CC3D7F6E211C717DC44033955749333DCBD052F9BF6639767 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
08:30:00.0860 0x1360  TCPIP6 - ok
08:30:00.0875 0x1360  [ E64444523ADD154F86567C469BC0B17F, FBE8A1DC28C102068183754F6BF0D03F5D18FD24BEB7E4B57D1CFCEBB13B381F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
08:30:00.0891 0x1360  tcpipreg - ok
08:30:00.0907 0x1360  [ 1875C1490D99E70E449E3AFAE9FCBADF, FFDF03826DAB748D51B53B648B632E79B3CD6238F684FDEA749B4D0F93BE5A77 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
08:30:00.0907 0x1360  TDPIPE - ok
08:30:00.0922 0x1360  [ 7551E91EA999EE9A8E9C331D5A9C31F3, C98C97DFD6C7276CD999545A7BC67B56E1BDDFB2886412E9198012322F95A10D ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
08:30:00.0922 0x1360  TDTCP - ok
08:30:00.0938 0x1360  [ CB39E896A2A83702D1737BFD402B3542, FA77D98EA3606CA2FCEF0E0949FDE2C32A080B47CAFDE46CE903CA3CBFC5DF35 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
08:30:00.0938 0x1360  tdx - ok
08:30:00.0953 0x1360  [ C36F41EE20E6999DBF4B0425963268A5, 9DB789A17DF2C283D6E803EEA15F2BDFC56EE3BE342A5606DD5C179C3550ECA6 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
08:30:00.0953 0x1360  TermDD - ok
08:30:00.0985 0x1360  [ A01E50A04D7B1960B33E92B9080E6A94, 0512BF11F2FD62BDBD2B1AA34D509BE82AC374C37B925C8C0ED119C6331930FD ] TermService     C:\Windows\System32\termsrv.dll
08:30:01.0000 0x1360  TermService - ok
08:30:01.0016 0x1360  [ 59CFDA4EACB3788F8B17F87B49B0AC0E, 653CE0697A31BA79BE1094601BA3A94912B368E29212AF79288B010D45AD7658 ] Themes          C:\Windows\system32\themeservice.dll
08:30:01.0016 0x1360  Themes - ok
08:30:01.0031 0x1360  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
08:30:01.0031 0x1360  THREADORDER - ok
08:30:01.0047 0x1360  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
08:30:01.0063 0x1360  TrkWks - ok
08:30:01.0094 0x1360  [ 41A4C781D2286208D397D72099304133, 447CAAD5589AA499EEE49FBA2CB53210359DB76AFF1DF2F0BD4D92A397037C1D ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:30:01.0094 0x1360  TrustedInstaller - ok
08:30:01.0109 0x1360  [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242, 9606DACB8CBDAF520282BE8C8F064535767405F138D9E9A215D2C59183E93CC1 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
08:30:01.0125 0x1360  tssecsrv - ok
08:30:01.0141 0x1360  [ 3E461D890A97F9D4C168F5FDA36E1D00, 82A8778F404F7AC5102802CF46F279F1E58AC74244665D06FD0C68A8BD887536 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
08:30:01.0141 0x1360  tunnel - ok
08:30:01.0172 0x1360  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
08:30:01.0172 0x1360  uagp35 - ok
08:30:01.0187 0x1360  [ 09CC3E16F8E5EE7168E01CF8FCBE061A, 81EEAC72A7C4D72666C743DEFF8096FDB465AA1FA8076C60D19CC192846F01CA ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
08:30:01.0187 0x1360  udfs - ok
08:30:01.0219 0x1360  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
08:30:01.0219 0x1360  UI0Detect - ok
08:30:01.0234 0x1360  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
08:30:01.0250 0x1360  uliagpkx - ok
08:30:01.0265 0x1360  [ 049B3A50B3D646BAEEEE9EEC9B0668DC, 5774438BBD0976424C20559E14BA2AC158D9FF5D4E1FDC1C9C9F4D7A5CE8C377 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
08:30:01.0265 0x1360  umbus - ok
08:30:01.0281 0x1360  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
08:30:01.0281 0x1360  UmPass - ok
08:30:01.0297 0x1360  [ 8ECACA5454844F66386F7BE4AE0D7CD1, F3B02A9F598C6A9EFA019F5833959DD1A86FDFDB9FDDF99A8687BBB6211AAD00 ] UmRdpService    C:\Windows\System32\umrdp.dll
08:30:01.0312 0x1360  UmRdpService - ok
08:30:01.0328 0x1360  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
08:30:01.0328 0x1360  upnphost - ok
08:30:01.0343 0x1360  [ 8455C4ED038EFD09E99327F9D2D48FFA, D166F98EA3D85F7DD6B5258949C186714A17EF89B6FDC9804165F7B4FA811C30 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
08:30:01.0343 0x1360  usbccgp - ok
08:30:01.0359 0x1360  [ 04EC7CEC62EC3B6D9354EEE93327FC82, 6CB41D8644618A5F701F6CA91FB65BB94AA83EA48992133B5262DC539B334B2E ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
08:30:01.0359 0x1360  usbcir - ok
08:30:01.0375 0x1360  [ 1C333BFD60F2FED2C7AD5DAF533CB742, 97AE9CA39482B886FCD063E80B8AB153E1FC1459452657393D8B1745EF69E1C3 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
08:30:01.0375 0x1360  usbehci - ok
08:30:01.0390 0x1360  [ EE6EF93CCFA94FAE8C6AB298273D8AE2, CBEE16CEAD02E994F0C2AD77DD8C01CB9964C6B42DE49FF7A787849CD25767B4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
08:30:01.0390 0x1360  usbhub - ok
08:30:01.0406 0x1360  [ A6FB7957EA7AFB1165991E54CE934B74, 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
08:30:01.0406 0x1360  usbohci - ok
08:30:01.0421 0x1360  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
08:30:01.0421 0x1360  usbprint - ok
08:30:01.0437 0x1360  [ D8889D56E0D27E57ED4591837FE71D27, DB1B65EEBFB036086EC3347C1181D9D01FF65870EAEC4A1BA08AF43C35075647 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:30:01.0437 0x1360  USBSTOR - ok
08:30:01.0453 0x1360  [ 78780C3EBCE17405B1CCD07A3A8A7D72, FBFF3111E22EE0B4BCAFA81F89AAE985135BFF48EEFD130C09B49CCF8A9946B9 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
08:30:01.0453 0x1360  usbuhci - ok
08:30:01.0468 0x1360  [ D82F43D15FDAA666856C0190CB73E7C9, A998F5F0535ADCFE0E6F37E4B222262F59D4E43CB596D62E785EF8E0D7E296F6 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
08:30:01.0484 0x1360  usb_rndisx - ok
08:30:01.0499 0x1360  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
08:30:01.0499 0x1360  UxSms - ok
08:30:01.0515 0x1360  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] VaultSvc        C:\Windows\system32\lsass.exe
08:30:01.0515 0x1360  VaultSvc - ok
08:30:01.0531 0x1360  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
08:30:01.0531 0x1360  vdrvroot - ok
08:30:01.0562 0x1360  [ 8C4E7C49D3641BC9E299E466A7F8867D, 4F2E742EFE2DE47EE187B3BCDFDCB525FE484B74700A226D7894F9633F957AFA ] vds             C:\Windows\System32\vds.exe
08:30:01.0562 0x1360  vds - ok
08:30:01.0577 0x1360  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
08:30:01.0577 0x1360  vga - ok
08:30:01.0593 0x1360  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
08:30:01.0593 0x1360  VgaSave - ok
08:30:01.0609 0x1360  [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583, 33DF8F7C9A3176175113CA10D69FAF17A5412C055943F14DDC9923531FADB82D ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
08:30:01.0624 0x1360  vhdmp - ok
08:30:01.0640 0x1360  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\DRIVERS\viaagp.sys
08:30:01.0655 0x1360  viaagp - ok
08:30:01.0671 0x1360  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
08:30:01.0671 0x1360  ViaC7 - ok
08:30:01.0687 0x1360  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
08:30:01.0687 0x1360  viaide - ok
08:30:01.0702 0x1360  [ 379B349F65F453D2A6E75EA6B7448E49, F52B1B3AE9F5D38B45C889A7B1EBE59533C17E73678D355D1466B5EF3338BF16 ] vmbus           C:\Windows\system32\DRIVERS\vmbus.sys
08:30:01.0718 0x1360  vmbus - ok
08:30:01.0718 0x1360  [ EC2BBAB4B84D0738C6C83D2234DC36FE, 8BA2FA187DAC6994D5A29897AE5F46E6424FB53C827553E0BB148E31825D6676 ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
08:30:01.0718 0x1360  VMBusHID - ok
08:30:01.0733 0x1360  [ 384E5A2AA49934295171E499F86BA6F3, C79271F98506392422325C075144F45436F9979FE1E002B57F9426F3DA96CEF0 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
08:30:01.0733 0x1360  volmgr - ok
08:30:01.0765 0x1360  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
08:30:01.0765 0x1360  volmgrx - ok
08:30:01.0780 0x1360  [ 58DF9D2481A56EDDE167E51B334D44FD, C77D7BE83CF1C0DEC80429C5A519E794FD2E8C1E6DAD6F5C92B5EB5694CEB8EA ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
08:30:01.0796 0x1360  volsnap - ok
08:30:01.0827 0x1360  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
08:30:01.0827 0x1360  vsmraid - ok
08:30:01.0874 0x1360  [ 7EA2BCD94D9CFAF4C556F5CC94532A6C, 7CD6637BE0A08E3B0F9991D79751DCA8AEC9224B83301821DAA29C9F42B7A9E3 ] VSS             C:\Windows\system32\vssvc.exe
08:30:01.0905 0x1360  VSS - ok
08:30:01.0921 0x1360  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
08:30:01.0936 0x1360  vwifibus - ok
08:30:01.0952 0x1360  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
08:30:01.0967 0x1360  W32Time - ok
08:30:01.0999 0x1360  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
08:30:02.0014 0x1360  WacomPen - ok
08:30:02.0045 0x1360  [ 692A712062146E96D28BA0B7D75DE31B, B6D260272330E0C8EBFAD8F09212F48F1EFED42E6BD3F29A5780D0B691D55B34 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
08:30:02.0045 0x1360  WANARP - ok
08:30:02.0045 0x1360  [ 692A712062146E96D28BA0B7D75DE31B, B6D260272330E0C8EBFAD8F09212F48F1EFED42E6BD3F29A5780D0B691D55B34 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
08:30:02.0045 0x1360  Wanarpv6 - ok
08:30:02.0092 0x1360  [ 7790B77FE1E5EE47DCC66247095BB4C9, FFB541F83CDE32E65007D41217C2F46CDDF68121E2846B638EAB620ACA940B05 ] wbengine        C:\Windows\system32\wbengine.exe
08:30:02.0123 0x1360  wbengine - ok
08:30:02.0155 0x1360  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
08:30:02.0155 0x1360  WbioSrvc - ok
08:30:02.0186 0x1360  [ D0F88AA11EE1A62BCC6D6A8A7783CA11, 3DBC1806E6F8CD58A9E93EA2A0CDC83C1A90E37B5E385209E4D9A0C81922F447 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
08:30:02.0201 0x1360  wcncsvc - ok
08:30:02.0201 0x1360  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:30:02.0217 0x1360  WcsPlugInService - ok
08:30:02.0233 0x1360  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
08:30:02.0233 0x1360  Wd - ok
08:30:02.0264 0x1360  [ 9950E3D0F08141C7E89E64456AE7DC73, DE4B96812B305A63F5874BBF2DC40354FB45B3D96C1D33436E677099760BA448 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
08:30:02.0279 0x1360  Wdf01000 - ok
08:30:02.0295 0x1360  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
08:30:02.0295 0x1360  WdiServiceHost - ok
08:30:02.0311 0x1360  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
08:30:02.0311 0x1360  WdiSystemHost - ok
08:30:02.0326 0x1360  [ D87C7D2C517F82A5AB7A73E203063D9E, 8861AB4ECEDAE801008BE0406FCB19418AA2864E89D0776B94E25773E6DB5E88 ] WebClient       C:\Windows\System32\webclnt.dll
08:30:02.0342 0x1360  WebClient - ok
08:30:02.0357 0x1360  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
08:30:02.0373 0x1360  Wecsvc - ok
08:30:02.0389 0x1360  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
08:30:02.0389 0x1360  wercplsupport - ok
08:30:02.0420 0x1360  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
08:30:02.0420 0x1360  WerSvc - ok
08:30:02.0451 0x1360  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
08:30:02.0451 0x1360  WfpLwf - ok
08:30:02.0467 0x1360  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
08:30:02.0467 0x1360  WIMMount - ok
08:30:02.0513 0x1360  [ 3FAE8F94296001C32EAB62CD7D82E0FD, 180FAECC426CF8F46700C855022E5865D528B1A20686F96D11080AB2FE2E0430 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
08:30:02.0529 0x1360  WinDefend - ok
08:30:02.0545 0x1360  WinHttpAutoProxySvc - ok
08:30:02.0591 0x1360  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
08:30:02.0591 0x1360  Winmgmt - ok
08:30:02.0701 0x1360  [ C4F5D3901D1B41D602DDC196E0B95B51, 20FF2A9DEE3ECBFB163DFA62A407E30ED49F609EF46936F286C2A08A24EA3E7C ] WinRM           C:\Windows\system32\WsmSvc.dll
08:30:02.0763 0x1360  WinRM - ok
08:30:02.0810 0x1360  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE, 04374450882504D9031951F4E9317E5A128EBA5A22A3555ACD28BC742861AF9C ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
08:30:02.0825 0x1360  WinUsb - ok
08:30:02.0857 0x1360  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
08:30:02.0888 0x1360  Wlansvc - ok
08:30:02.0903 0x1360  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
08:30:02.0903 0x1360  WmiAcpi - ok
08:30:02.0935 0x1360  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
08:30:02.0935 0x1360  wmiApSrv - ok
08:30:03.0044 0x1360  [ 77FBD400984CF72BA0FC4B3489D65F74, 9AA404F17177FEB43A9EA1A86061B452E7C4A93C873E61B68269047519CD433E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
08:30:03.0075 0x1360  WMPNetworkSvc - ok
08:30:03.0106 0x1360  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
08:30:03.0106 0x1360  WPCSvc - ok
08:30:03.0122 0x1360  [ B7F658A2EBC07129538AD9AB35212637, 86774A760189E4B126C972A778F890C00C1C30EDD28044DD43B40644A8778B4D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
08:30:03.0122 0x1360  WPDBusEnum - ok
08:30:03.0153 0x1360  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
08:30:03.0153 0x1360  ws2ifsl - ok
08:30:03.0169 0x1360  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
08:30:03.0169 0x1360  wscsvc - ok
08:30:03.0169 0x1360  WSearch - ok
08:30:03.0247 0x1360  [ A33408CC036F9C08142B11BE5E93F0A1, A6CE3681EE4DE3C9A8B8B5DA4E8E46DB4443A32D1339F7D0893F1F2153635D86 ] wuauserv        C:\Windows\system32\wuaueng.dll
08:30:03.0278 0x1360  wuauserv - ok
08:30:03.0325 0x1360  [ 6F9B6C0C93232CFF47D0F72D6DB1D21E, C685A458951820ED0F09E6197251CE6FC55AAB75D4FBEFF2992805309239A47A ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
08:30:03.0340 0x1360  WudfPf - ok
08:30:03.0371 0x1360  [ F91FF1E51FCA30B3C3981DB7D5924252, D7052B58F22638CA8B59C6FD7408D6D6DD1C33910912CACC05C133472CE0DDCE ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
08:30:03.0371 0x1360  WUDFRd - ok
08:30:03.0387 0x1360  [ DDEE3682FE97037C45F4D7AB467CB8B6, D5A8F07AF4EDD9D7E17FEC6222D187E2981C177A479511E407756E0E5CB8D387 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
08:30:03.0387 0x1360  wudfsvc - ok
08:30:03.0418 0x1360  [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc         C:\Windows\System32\wwansvc.dll
08:30:03.0434 0x1360  WwanSvc - ok
08:30:03.0465 0x1360  ================ Scan global ===============================
08:30:03.0496 0x1360  [ 9A595DF601070DA78C40481120DD2C06, 4C2D6216F212DE9346339ED29152962A39E4435E70F18DD655156727E70818F6 ] C:\Windows\system32\basesrv.dll
08:30:03.0512 0x1360  [ 827E4F75901CA3F990B1487D3301841E, A0B17C83D52DB95EDBA81C6ABD78E5E4E3BB65CB57F977B07172A96D4C2B743B ] C:\Windows\system32\winsrv.dll
08:30:03.0527 0x1360  [ 827E4F75901CA3F990B1487D3301841E, A0B17C83D52DB95EDBA81C6ABD78E5E4E3BB65CB57F977B07172A96D4C2B743B ] C:\Windows\system32\winsrv.dll
08:30:03.0543 0x1360  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
08:30:03.0574 0x1360  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
08:30:03.0590 0x1360  [ Global ] - ok
08:30:03.0590 0x1360  ================ Scan MBR ==================================
08:30:03.0590 0x1360  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:30:04.0042 0x1360  \Device\Harddisk0\DR0 - ok
08:30:04.0042 0x1360  ================ Scan VBR ==================================
08:30:04.0058 0x1360  [ B2DB4F684749174AF5128ADA54F5A551 ] \Device\Harddisk0\DR0\Partition1
08:30:04.0058 0x1360  \Device\Harddisk0\DR0\Partition1 - ok
08:30:04.0073 0x1360  [ 0C0206F07756CC167C974DE652A5D721 ] \Device\Harddisk0\DR0\Partition2
08:30:04.0073 0x1360  \Device\Harddisk0\DR0\Partition2 - ok
08:30:04.0089 0x1360  [ C1BC82F00F38E1E8CDAE9A0C9B0CE71B ] \Device\Harddisk0\DR0\Partition3
08:30:04.0120 0x1360  \Device\Harddisk0\DR0\Partition3 - ok
08:30:04.0120 0x1360  ================ Scan generic autorun ======================
08:30:04.0261 0x1360  [ 6163A64C97ED1F2D9FCF7DEBCD774501, 56B21FFA2F2C26A6B1E78F3F5FA3BC46F2E0E3E6D21CB8DCC2FC6AE750A9D2B6 ] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
08:30:04.0307 0x1360  egui - ok
08:30:04.0354 0x1360  [ 38D198A2DD54A67120040566A38103BA, 01604BD91A5B2C0DDC7B52036511F8219952626716E75979D8464F2C56BA0114 ] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
08:30:04.0354 0x1360  GrooveMonitor - ok
08:30:04.0432 0x1360  [ EEE565252F4585B2DD840C8CE871C6C0, AF1FBA9CBBA218F1C511282242A647AC3462D1D83FA9209F1FEBFBD39E68FC2F ] C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
08:30:04.0479 0x1360  NvBackend - ok
08:30:04.0495 0x1360  [ 51138BEEA3E2C21EC44D0932C71762A8, 5AD3C37E6F2B9DB3EE8B5AEEDC474645DE90C66E3D95F8620C48102F1EBA4124 ] C:\Windows\system32\rundll32.exe
08:30:04.0495 0x1360  ShadowPlay - ok
08:30:04.0510 0x1360  [ 163E43BC69AE78F468024EC2133C94A8, 782C79FA3A841FDC4F549A212E07C3B8397E1FBEE44833C0662FC7E43EA24997 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
08:30:04.0526 0x1360  SunJavaUpdateSched - ok
08:30:04.0557 0x1360  [ 32E7AE3822069E3B9EE5C09EBF4366E2, 33D65ABA4024FFA22E117555CF5469C6008EEA65DE0B34ABEEBDD2E7B595215B ] C:\Program Files\ClamWin\bin\ClamTray.exe
08:30:04.0557 0x1360  ClamWin - ok
08:30:04.0619 0x1360  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files\Windows Sidebar\Sidebar.exe
08:30:04.0651 0x1360  Sidebar - ok
08:30:04.0666 0x1360  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
08:30:04.0666 0x1360  mctadmin - ok
08:30:04.0713 0x1360  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files\Windows Sidebar\Sidebar.exe
08:30:04.0729 0x1360  Sidebar - ok
08:30:04.0744 0x1360  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
08:30:04.0744 0x1360  mctadmin - ok
08:30:04.0775 0x1360  [ 7DFCCC67990B6DE7F30F553A4E4612A4, 9FF98D6FD2539CEFC9F42103A7F72388BED6EE590400559B92BC7430228DA36A ] C:\Program Files\RocketDock\RocketDock.exe
08:30:04.0791 0x1360  RocketDock - ok
08:30:04.0838 0x1360  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files\Windows Sidebar\Sidebar.exe
08:30:04.0853 0x1360  Sidebar - ok
08:30:04.0978 0x1360  [ 747767623C50CDD8287050A87B274F27, FC35E90ADEA8CE9C750B84DC764FCDA4ADA2643A5146ADC30EF77D9FF20D6B7C ] C:\Program Files\Internet Download Manager\IDMan.exe
08:30:05.0041 0x1360  IDMan - ok
08:30:05.0056 0x1360  [ 7DFCCC67990B6DE7F30F553A4E4612A4, 9FF98D6FD2539CEFC9F42103A7F72388BED6EE590400559B92BC7430228DA36A ] C:\Program Files\RocketDock\RocketDock.exe
08:30:05.0072 0x1360  RocketDock - ok
08:30:05.0212 0x1360  [ 341ADA552AAC541FD34C262296C256EE, 32672460EDDD46550955508343904705D8F26E10F713E3CACDC84689567A9ECF ] D:\GAME\steam\steam.exe
08:30:05.0290 0x1360  Steam - ok
08:30:05.0306 0x1360  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
08:30:05.0306 0x1360  mctadmin - ok
08:30:05.0306 0x1360  Waiting for KSN requests completion. In queue: 259
08:30:06.0320 0x1360  Waiting for KSN requests completion. In queue: 259
08:30:07.0334 0x1360  Waiting for KSN requests completion. In queue: 259
08:30:08.0348 0x1360  Waiting for KSN requests completion. In queue: 259
08:30:09.0362 0x1360  Waiting for KSN requests completion. In queue: 259
08:30:10.0391 0x1360  AV detected via SS2: ESET NOD32 Antivirus 4.2, C:\Program Files\ESET\ESET NOD32 Antivirus\ecmd.exe ( 4.2.71.2 ), 0x41010 ( enabled : outofdate )
08:30:10.0407 0x1360  Win FW state via NFP2: enabled ( trusted )
08:30:23.0870 0x1360  ============================================================
08:30:23.0870 0x1360  Scan finished
08:30:23.0870 0x1360  ============================================================
08:30:23.0870 0x1358  Detected object count: 0
08:30:23.0870 0x1358  Actual detected object count: 0
08:31:49.0858 0x0afc  Deinitialize success
 

Attached Files



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:44 PM

Posted 16 August 2016 - 07:43 AM

Please run FRST againas you did the first time you ran it and post the new FRST.txt log.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Deping

Deping
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 16 August 2016 - 09:54 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-08-2016 01
Ran by deping (administrator) on ACUNOROGIA (16-08-2016 22:53:06)
Running from C:\Users\deping\Desktop
Loaded Profiles: deping (Available Profiles: deping)
Platform: Microsoft Windows 7 Ultimate  (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\RocketDock\RocketDock.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
Failed to access process -> dllhost.exe
Failed to access process -> dllhost.exe
Failed to access process -> WmiPrvSE.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2219184 2011-01-12] (ESET)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2396096 2016-03-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-4249735179-2202973721-3797583070-1000\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
Startup: C:\Users\deping\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-11-10]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0D7A716B-7988-4DA9-9CC7-A65F8C18BF48}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{0E202656-BBE8-4CD1-972A-7E0E5ABCB250}: [DhcpNameServer] 10.3.0.1
Tcpip\..\Interfaces\{3F2751D4-92AB-43BC-B642-BFC3A7BCC214}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{8E9588BD-6D1F-4210-ACA2-D16C9ECC6B72}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9A0FCF76-5E12-4A1A-BF9D-7D2B7C5031FA}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-28] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-28] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\deping\AppData\Roaming\Mozilla\Firefox\Profiles\1bev5kwp.default-1452595649154
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1223183.dll [2015-12-22] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-28] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2011-06-16] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-02-24] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-02-24] (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2010-02-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2010-02-03] (RealNetworks, Inc.)
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4249735179-2202973721-3797583070-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\deping\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: anonymoX - C:\Users\deping\AppData\Roaming\Mozilla\Firefox\Profiles\1bev5kwp.default-1452595649154\Extensions\client@anonymox.net.xpi [2016-03-10]
FF Extension: betternet - C:\Users\deping\AppData\Roaming\Mozilla\Firefox\Profiles\1bev5kwp.default-1452595649154\Extensions\jid1-l6VQSR2FeKnliQ@jetpack.xpi [2016-03-10]
FF Extension: Adblock Plus - C:\Users\deping\AppData\Roaming\Mozilla\Firefox\Profiles\1bev5kwp.default-1452595649154\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-07-28]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-06-01] [not signed]
FF HKU\S-1-5-21-4249735179-2202973721-3797583070-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-03-10]
FF HKU\S-1-5-21-4249735179-2202973721-3797583070-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\deping\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\deping\AppData\Roaming\IDM\idmmzcc5 [2016-08-16] [not signed]
FF HKU\S-1-5-21-4249735179-2202973721-3797583070-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi

Chrome:
=======
CHR Profile: C:\Users\deping\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\deping\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-06]
CHR Extension: (Google Docs) - C:\Users\deping\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-06]
CHR Extension: (Google Drive) - C:\Users\deping\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-06]
CHR Extension: (YouTube) - C:\Users\deping\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-06]
CHR Extension: (Google Search) - C:\Users\deping\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-06]
CHR Extension: (Google Sheets) - C:\Users\deping\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-06]
CHR Extension: (Google Docs Offline) - C:\Users\deping\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-16]
CHR Extension: (IDM Integration Module) - C:\Users\deping\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-08-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\deping\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-16]
CHR Extension: (Gmail) - C:\Users\deping\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-06]
CHR Extension: (Chrome Media Router) - C:\Users\deping\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-16]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-02-11]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2011-01-12] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [929728 2016-03-30] (NVIDIA Corporation)
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-15] ()
S3 npggsvc; C:\Windows\system32\GameMon.des [3792688 2015-12-01] (INCA Internet Co., Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-03-30] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2904512 2016-03-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016704 2016-03-30] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\W32X86\3\PrintConfig.dll [2205696 2012-07-25] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2014-09-02] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 apf004; C:\Windows\system32\apf004.sys [15112 2014-10-17] ()
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137144 2010-12-21] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-12-21] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [95384 2010-12-21] (ESET)
R3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-14] (VIA Technologies, Inc.              )
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [25536 2016-03-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [50752 2016-03-22] (NVIDIA Corporation)
S3 SDGame; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-16 09:08 - 2016-08-16 09:09 - 01080492 _____ C:\Users\deping\Downloads\yaru32.v.1.54.win.zip
2016-08-16 08:26 - 2016-08-16 08:31 - 00199118 _____ C:\TDSSKiller.3.1.0.11_16.08.2016_08.26.12_log.txt
2016-08-16 08:25 - 2016-08-16 08:26 - 00005855 _____ C:\Users\deping\Desktop\Fixlog.txt
2016-08-16 08:24 - 2016-08-16 08:24 - 00000000 ____D C:\Users\deping\Desktop\FRST-OlderVersion
2016-08-16 08:24 - 2016-08-16 08:24 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-08-16 07:54 - 2016-08-16 07:54 - 04747704 _____ (AO Kaspersky Lab) C:\Users\deping\Desktop\tdsskiller.exe
2016-08-16 07:52 - 2016-08-16 22:53 - 00014320 _____ C:\Users\deping\Desktop\FRST.txt
2016-08-16 07:52 - 2016-08-16 08:24 - 01744896 _____ (Farbar) C:\Users\deping\Desktop\FRST.exe
2016-08-16 07:52 - 2016-08-16 00:27 - 00031619 _____ C:\Users\deping\Desktop\Addition.txt
2016-08-16 01:47 - 2016-08-16 02:16 - 00394994 _____ C:\Windows\ntbtlog.txt
2016-08-16 00:05 - 2016-08-16 22:53 - 00000000 ____D C:\FRST

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-16 22:00 - 2014-10-19 19:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-16 21:59 - 2015-12-06 23:36 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-16 21:48 - 2009-07-14 12:34 - 00016528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-16 21:48 - 2009-07-14 12:34 - 00016528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-16 13:46 - 2015-12-06 23:36 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-16 13:46 - 2009-07-14 12:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-16 13:46 - 2008-01-08 05:08 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-16 09:17 - 2013-06-01 21:27 - 00000000 ____D C:\Users\deping
2016-08-16 09:16 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\registration
2016-08-16 09:16 - 2008-01-08 05:08 - 00000000 ____D C:\Users\UpdatusUser
2016-08-16 08:59 - 2014-09-11 17:13 - 00000000 ____D C:\Users\deping\AppData\Roaming\DMCache
2016-08-16 02:16 - 2014-08-30 09:30 - 00000000 ____D C:\Users\deping\AppData\Local\ElevatedDiagnostics
2016-08-16 01:49 - 2016-01-12 21:05 - 00000000 ____D C:\Users\deping\AppData\Local\CrashDumps
2016-08-16 01:08 - 2009-07-14 12:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-08-09 06:00 - 2015-12-06 23:41 - 00002144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-09 06:00 - 2015-12-06 23:41 - 00002132 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-04 12:17 - 2016-03-06 13:07 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-27 00:17 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2014-08-29 22:57 - 2014-08-29 22:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe
[2009-07-14 07:37] - [2010-11-20 04:17] - 0285696 ____A (Microsoft Corporation) C3EB9EA34EBE459F13F3F890F56CE72A

C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2009-07-14 07:24] - [2010-11-20 04:21] - 0812032 ____N (Microsoft Corporation) CF97D64D7EC169C53C93B0A192218B29

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-16 07:21

==================== End of FRST.txt ============================



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:44 PM

Posted 16 August 2016 - 10:19 AM

How is your computer running now?

 

ZN3USrZ.png Emsisoft Emergency Kit

  • Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:
    dQVDkTW.png
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon qwL1Upn.png will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    yEgPemv.png
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    RUeRoi4.png
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    P7FSALs.png
  • Please Copy and Paste the contents of the scan log in your next reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Deping

Deping
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 16 August 2016 - 11:34 AM

It's running normally , anti virus has no problem so far , task manager too and everytime i reboot it , not a single error pop up appeared

Here is the result of EEK :

 

Emsisoft Emergency Kit - Version 11.9
Scan log

Date    Scan Method    Objects Scanned    Objects Detected    Duration    Type    Computer Name    
8/17/2016 12:27:17 AM    Malware    72622    8    0:03:39    Manual scan    ACUNOROGIA    
 



#8 Deping

Deping
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 16 August 2016 - 11:36 AM

or this one maybe :

 

Emsisoft Emergency Kit - Version 11.9
Last update: 8/17/2016 12:26:57 AM
User account: ACUNOROGIA\deping
Computer name: ACUNOROGIA
OS version: Windows 7x86

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    8/17/2016 12:27:17 AM
C:\Program Files\TweakBit     detected: Application.AdTweak (A)
Key: HKEY_USERS\S-1-5-21-4249735179-2202973721-3797583070-1000\SOFTWARE\CLASSES\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}     detected: Application.Toolbar (A)
Key: HKEY_USERS\S-1-5-21-4249735179-2202973721-3797583070-1000\SOFTWARE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}     detected: Application.Toolbar (A)
Key: HKEY_USERS\S-1-5-21-4249735179-2202973721-3797583070-1000\SOFTWARE\WEBAPP     detected: Application.Toolbar (A)
C:\Users\deping\AppData\Local\Temp\27aAF\temp\Vinyl Shakerz - One Night in Bangkok.mp3.exe     detected: Gen:Variant.Sobrab.4 (B)
C:\Users\deping\AppData\Local\Temp\HYD3B6B.tmp.1454832708\HTA\3rdparty\OCComSDK.dll     detected: Application.InstallAd (A)
C:\Users\deping\AppData\Local\Temp\HYD3B6B.tmp.1454832708\HTA\3rdparty\OCSetupHlp.dll     detected: Application.InstallAd (A)
C:\Users\deping\AppData\Local\Temp\HYDA3ED.tmp.1454832669\HTA\3rdparty\OCComSDK.dll     detected: Application.InstallAd (A)

Scanned    72622
Found    8

Scan end:    8/17/2016 12:30:56 AM
Scan time:    0:03:39

C:\Users\deping\AppData\Local\Temp\HYDA3ED.tmp.1454832669\HTA\3rdparty\OCComSDK.dll     Application.InstallAd (A)
C:\Users\deping\AppData\Local\Temp\HYD3B6B.tmp.1454832708\HTA\3rdparty\OCSetupHlp.dll     Application.InstallAd (A)
C:\Users\deping\AppData\Local\Temp\HYD3B6B.tmp.1454832708\HTA\3rdparty\OCComSDK.dll     Application.InstallAd (A)
C:\Users\deping\AppData\Local\Temp\27aAF\temp\Vinyl Shakerz - One Night in Bangkok.mp3.exe     Gen:Variant.Sobrab.4 (B)
Key: HKEY_USERS\S-1-5-21-4249735179-2202973721-3797583070-1000\SOFTWARE\CLASSES\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}     Application.Toolbar (A)
Key: HKEY_USERS\S-1-5-21-4249735179-2202973721-3797583070-1000\SOFTWARE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}     Application.Toolbar (A)
Key: HKEY_USERS\S-1-5-21-4249735179-2202973721-3797583070-1000\SOFTWARE\WEBAPP     Application.Toolbar (A)
C:\Program Files\TweakBit     Application.AdTweak (A)

Quarantined    8
 



#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:44 PM

Posted 16 August 2016 - 12:51 PM

Nice to hear everything is running better. Lets run a couple other scanners for any leftovers.
 
1.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
  • 2.
    Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.
    • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
    • Malwarebytes will automatically open to its Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"

      malwarebytes-anti-malware-fix-now.jpg
      .
    • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
      .
    • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
    • You will be prompted to update Malwarebytes...click on the Update Now button.

      malwarebytes-anti-malware-2-0-update-now
      .
    • The THREAT SCAN will automatically begin.

      malwarebytes-anti-malware-scan.jpg
      .
    • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.

      malwarebytes-anti-malware-potential-thre
      .
    • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

      mbam4_zps490948cc.png
      .
    • After rebooting the computer, copy and paste the mbam.log in your next reply.
    • .
      To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
      • Open Malwarebytes Anti-Malware.
      • Click the History Tab at the top and select Application Logs.
      • Select (check) the box next to Scan Log. Choose the most current scan.
      • Click the View button.
      • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
      • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
      • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
      To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
      • Open Malwarebytes Anti-Malware.
      • Click the Scan Tab at the top.
      • Click the View detailed log link on the right.
      • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
      • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
      • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
      Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
      -- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
      -- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

Edited by fireman4it, 16 August 2016 - 12:51 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 Deping

Deping
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 16 August 2016 - 08:03 PM

yes, thanks to you

Here it is :

 

# AdwCleaner v6.000 - Logfile created 17/08/2016 at 08:13:43
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-16.1 [Server]
# Operating System : Windows 7 Ultimate  (X86)
# Username : deping - ACUNOROGIA
# Running from : C:\Users\deping\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****

[-] File deleted: C:\Windows\Reimage.ini
[-] File deleted: C:\Users\deping\AppData\Roaming\Mozilla\Firefox\Profiles\1bev5kwp.default-1452595649154\invalidprefs.js


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKCU\Software\29d6cda0b5fddbd1
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key deleted: HKLM\SOFTWARE\TWEAKBIT


***** [ Web browsers ] *****

[-] [aol.com] [Search Provider] Deleted: aol.com
[-] [ask.com] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1896 Bytes] - [17/08/2016 08:13:43]
C:\AdwCleaner\AdwCleaner[S0].txt - [2211 Bytes] - [17/08/2016 08:09:59]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2042 Bytes] ##########
 


Edited by Deping, 16 August 2016 - 08:04 PM.


#11 Deping

Deping
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 16 August 2016 - 08:05 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/17/2016
Scan Time: 8:40 AM
Logfile: ScanMBAM.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.08.16.12
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x86
File System: NTFS
User: deping

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 287548
Time Elapsed: 6 min, 3 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
Trojan.Downloader, C:\Program Files\Internet Download Manager\idm.6.25.patch.exe, Quarantined, [be0e68e3efabdc5a740d3e8eb1535fa1],
PUP.Optional.OpenCandy, C:\Users\deping\AppData\Local\Temp\HYDA3ED.tmp.1454832669\HTA\install.1454832669.zip, Quarantined, [28a4f556f2a874c222f55109bb49aa56],

Physical Sectors: 0
(No malicious items detected)


(end)



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:44 PM

Posted 17 August 2016 - 07:24 AM

It Appears That Your Pc Is Now Clean!

***


Clean up:

***


Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.

***


Here are some Preventive tips to reduce the potential for spyware infection in the future

:step1: Browse more secure :step2: Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 / 8 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
:step3: Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
:step4: Use only one anti-virus software and keep it up-to-date.

:step5: Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

:step6: Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

:step7: Use Strong passwords!

:step8: Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
And you could install Malwarebytes Anti-Exploit to run alongside your traditional anti-virus or anti-malware products.

Make sure your programs are up to date - because older versions may contain Security Leaks.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 Deping

Deping
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 17 August 2016 - 08:52 AM

thank you so much fireman4it , really such a big help for me.

I already uninstalled Adwcleaner and run Delfix and here is the log :

isn't it good using USBFix program ? but since it removed by Delfix i think it's a bad program

 

# DelFix v1.013 - Logfile created 17/08/2016 at 21:40:35
# Updated 17/04/2016 by Xplode
# Username : deping - ACUNOROGIA
# Operating System : Windows 7 Ultimate  (32 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\USBFix
Deleted : C:\FRST
Deleted : C:\TDSSKiller_Quarantine
Deleted : C:\Users\deping\Desktop\FRST-OlderVersion
Deleted : C:\TDSSKiller.3.1.0.11_16.08.2016_08.26.12_log.txt
Deleted : C:\Users\deping\Desktop\Addition.txt
Deleted : C:\Users\deping\Desktop\Fixlog.txt
Deleted : C:\Users\deping\Desktop\FRST.exe
Deleted : C:\Users\deping\Desktop\FRST.txt
Deleted : C:\Users\deping\Desktop\tdsskiller.exe
Deleted : C:\Users\deping\Desktop\UsbFix.lnk
Deleted : HKCU\Software\USBFix
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USBFix

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #258 [Scheduled Checkpoint | 08/17/2016 01:31:15]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:44 PM

Posted 17 August 2016 - 09:01 AM

Delfix is a program we use to clean up all the tools and logs that we produce while fixing your machine. It doesn't mean the programs are bad.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 Deping

Deping
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 17 August 2016 - 09:08 AM

I see. Thanks again for everything here.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users