Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows defender keeps alerting to Alureon J on Win 8.1


  • This topic is locked This topic is locked
12 replies to this topic

#1 Strade

Strade

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 26 August 2016 - 12:09 PM

After the recent windows update, windows defender found Trojan:DOS/ Alureon.J

Windows Defender entry:

The following error occurred: Error code 0x8007065b. Function failed during execution.

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items:
boot:\\.\PHYSICALDRIVE0\Partition0 (Type 00)
boot:\\.\PHYSICALDRIVE0\Partition1 (Type 00)
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by Michael (administrator) on WALDO (26-08-2016 10:31:52)
Running from C:\Users\Michael\Desktop
Loaded Profiles: Michael (Available Profiles: Michael)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
() C:\Program Files\RogueKiller\RogueKiller64.exe
(Microsoft Corporation) C:\Windows\System32\rdrleakdiag.exe
(Azureus Software, Inc) C:\Program Files\Vuze\Azureus.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-11-19] (Raptr, Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\RK_Default_ON_F_E781\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\RK_Default_ON_F_E781\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [630784 2014-10-28] (Microsoft Corporation)
HKU\RK_Default_ON_F_E781\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\RK_Default_ON_F_E781\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\logon.scr
HKU\RK_Michael_ON_F_8856\...\Run: [DAEMON Tools Lite] => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\RK_Michael_ON_F_8856\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe
HKU\RK_Michael_ON_F_8856\...\Run: [Akamai NetSession Interface] => "C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe"
HKU\RK_Michael_ON_F_8856\...\Policies\system: [LogonHoursAction] 2
HKU\RK_Michael_ON_F_8856\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\RK_Michael_ON_F_8856\...\Policies\Explorer: [HideSCAHealth] 1
HKU\RK_Michael_ON_F_8856\...\MountPoints2: {e1bf2d5e-2dc2-11df-9186-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-2519708249-347641370-1317237633-1003\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-2519708249-347641370-1317237633-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-2519708249-347641370-1317237633-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-2519708249-347641370-1317237633-1003\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [603392 2015-08-26] (NETGEAR Inc.)
HKU\S-1-5-21-2519708249-347641370-1317237633-1003\...\MountPoints2: {8fd1f71d-af80-11e4-8293-74d435917d3e} - "F:\CMADownloader.exe"
HKU\S-1-5-21-2519708249-347641370-1317237633-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [132608 2014-10-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ for PlayStation®.lnk [2016-02-24]
ShortcutTarget:  for PlayStation®.lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7855E00F-8236-4ED4-808A-19CA2B462FED}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\RK_Default_ON_F_E781\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\RK_Michael_ON_F_8856\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.msn.com/
HKU\RK_Michael_ON_F_8856\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKU\S-1-5-21-2519708249-347641370-1317237633-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
SearchScopes: HKU\RK_Michael_ON_F_8856 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP0E652A82-511D-4744-915A-836EB18DD543&q={searchTerms}&SSPV=
SearchScopes: HKU\RK_Michael_ON_F_8856 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP0E652A82-511D-4744-915A-836EB18DD543&q={searchTerms}&SSPV=
SearchScopes: HKU\RK_Michael_ON_F_8856 -> {080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC} URL = hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IEDS
SearchScopes: HKU\RK_Michael_ON_F_8856 -> {2C9E0EE4-2610-B903-9AF4-523D61CB8099} URL = hxxp://www.startnow.com/s/?q={searchTerms}&src=defsearch&provider=Bing&provider_code=Z095&partner_id=667&product_id=636&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110623&user_guid=2176C87B53C1411F9D28C0FD46F2D9A2&machine_id=802f4a88e46f8f42dac72bf78b013b44&browser=IE&os=win&os_version=6.0-x86-SP2
SearchScopes: HKU\RK_Michael_ON_F_8856 -> {43DA6A3C-250C-48EF-8071-3D3D22D71ABB} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\RK_Michael_ON_F_8856 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKU\RK_Michael_ON_F_8856 -> {70595C8A-8A6C-41D4-A162-C1D862E9759F} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7
SearchScopes: HKU\RK_Michael_ON_F_8856 -> {85995741-FC77-42BE-A734-D45D7DDD7D8E} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKU\RK_Michael_ON_F_8856 -> {88FE5868-6D5E-4E6C-BD0E-D70D8BEB729D} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\RK_Michael_ON_F_8856 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={AA978316-A7D1-464B-8560-35744888510E}&mid=9635f244cd084d1ed4fee4aece8763f5-33709e08479e01b6d631d837182b86500bdfe2c6&lang=en&ds=AVG&pr=fr&d=2013-11-05 00:02:30&v=17.1.3.3&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\RK_Michael_ON_F_8856 -> {9A653F9D-252C-42BD-9953-6A80E774A5EF} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3237160
BHO-x32: ATLAS Toolbar -> {3C6301ED-0F78-4AF2-8150-D9C052361A8E} -> C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL [2007-10-04] (FUJITSU LIMITED)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-21] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2016-08-03] (Perfect World Entertainment Inc)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-21] (Oracle Corporation)
Toolbar: HKLM-x32 - ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL [2007-10-04] (FUJITSU LIMITED)
Toolbar: HKU\RK_Michael_ON_F_8856 -> No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} -  No File
Toolbar: HKU\RK_Michael_ON_F_8856 -> No Name - {9D0F7EB2-452D-4766-B535-8D23E36C300E} -  No File

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\kaqjcxgt.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxp://www.gamefaqs.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @glance.net/GlanceClient -> C:\Program Files (x86)\Glance29\npglance.dll [2014-09-16] (Glance Networks, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2016-08-03] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\RK_Michael_ON_F_8856: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2519708249-347641370-1317237633-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2519708249-347641370-1317237633-1003: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-11-17] (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Extension: (Flash and Video Download) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\kaqjcxgt.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2016-08-17]
FF Extension: (MEGA) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\kaqjcxgt.default\Extensions\firefox@mega.co.nz.xpi [2016-08-24]
FF Extension: (ExHentai Easy 2) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\kaqjcxgt.default\Extensions\jid1-7NbXi2AqS1oUFw@jetpack.xpi [2014-02-28] [not signed]
FF Extension: (Video DownloadHelper) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\kaqjcxgt.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-08-02]
FF Extension: (Adblock Plus) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\kaqjcxgt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]

Chrome:
=======
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=994519&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=994519&fr=yo-yhp-ch"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=994519&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-16]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-27]
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 appdrvrem01; C:\Windows\System32\appdrvrem01.exe [476096 2014-05-19] (Protection Technology)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [88024 2016-08-03] (Perfect World Entertainment Inc)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-08-26] (NETGEAR)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4121080 2011-06-13] (INCA Internet Co., Ltd.) [File not signed]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-28] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 appdrv01; C:\Windows\System32\Drivers\appdrv01.sys [2325872 2014-05-19] (Protection Technology)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102912 2015-07-15] (Advanced Micro Devices)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-03-01] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 glancedrv; C:\Windows\system32\DRIVERS\glancedrv.sys [36384 2009-05-13] (Glance Networks, Inc)
R1 MpKsl516083ff; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C98D4F01-26D9-47D8-A79A-45C6773BF8D1}\MpKsl516083ff.sys [44928 2016-08-26] (Microsoft Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2016-01-30] (CACE Technologies, Inc.)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.) [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-08-25] ()
S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [233160 2013-01-02] (VIA Technologies, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [301256 2013-01-02] (VIA Technologies, Inc.)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-26 10:31 - 2016-08-26 10:32 - 00021367 _____ C:\Users\Michael\Desktop\FRST.txt
2016-08-25 21:29 - 2016-08-25 21:29 - 00000000 ____D C:\Users\Michael\Desktop\G156578
2016-08-25 19:51 - 2016-08-25 20:15 - 590636363 _____ C:\Users\Michael\Desktop\G156578.rar
2016-08-25 17:59 - 2016-08-26 10:31 - 00000000 ____D C:\FRST
2016-08-25 17:52 - 2016-08-25 17:52 - 02396160 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2016-08-25 17:19 - 2016-08-25 17:19 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-08-25 17:18 - 2016-08-25 17:18 - 00000870 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-08-25 17:18 - 2016-08-25 17:18 - 00000000 ____D C:\ProgramData\RogueKiller
2016-08-25 17:18 - 2016-08-25 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-08-25 17:18 - 2016-08-25 17:18 - 00000000 ____D C:\Program Files\RogueKiller
2016-08-25 17:15 - 2016-08-25 17:19 - 00001990 _____ C:\Users\Michael\Desktop\Rkill.txt
2016-08-25 17:06 - 2016-08-25 17:07 - 00209412 _____ C:\TDSSKiller.3.1.0.11_25.08.2016_17.06.04_log.txt
2016-08-25 16:59 - 2016-08-25 17:04 - 00216710 _____ C:\TDSSKiller.3.1.0.11_25.08.2016_16.59.06_log.txt
2016-08-25 16:45 - 2016-08-25 16:45 - 00212418 _____ C:\TDSSKiller.3.1.0.11_25.08.2016_16.45.00_log.txt
2016-08-25 16:35 - 2016-08-25 16:41 - 00000000 ____D C:\AdwCleaner
2016-08-25 16:29 - 2016-08-25 16:30 - 00419020 _____ C:\TDSSKiller.3.1.0.11_25.08.2016_16.29.05_log.txt
2016-08-25 16:23 - 2016-08-25 16:24 - 00211880 _____ C:\TDSSKiller.3.1.0.11_25.08.2016_16.23.59_log.txt
2016-08-25 16:11 - 2016-08-25 17:00 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-08-25 16:09 - 2016-08-25 16:12 - 00422618 _____ C:\TDSSKiller.3.1.0.11_25.08.2016_16.09.38_log.txt
2016-08-25 16:08 - 2016-08-25 16:08 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Michael\Desktop\tdsskiller.exe
2016-08-25 15:40 - 2016-08-25 15:40 - 00002975 _____ C:\Users\Michael\Desktop\HiJackThis.lnk
2016-08-25 15:40 - 2016-08-25 15:40 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2016-08-25 15:40 - 2016-08-25 15:40 - 00000000 ____D C:\Program Files (x86)\TrendMicro
2016-08-24 01:01 - 2016-08-24 01:11 - 00000000 ____D C:\Users\Michael\Desktop\mmd stuffs
2016-08-23 02:20 - 2016-08-23 02:20 - 00001009 _____ C:\Users\Michael\AppData\Local\recently-used.xbel
2016-08-23 01:35 - 2016-08-23 01:35 - 00000000 ____D C:\Users\Michael\Desktop\Yakyuken(1)
2016-08-22 15:05 - 2016-08-24 23:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-22 05:07 - 2016-08-22 05:08 - 247783723 _____ C:\Users\Michael\Desktop\[HH] Toshi Densetsu Series - Episode 2 [DVD] [5D63FC57].mp4
2016-08-22 05:06 - 2016-08-22 05:07 - 147858870 _____ C:\Users\Michael\Desktop\[HH] Toshi Densetsu Series - Episode 1 [DVD] [AC793857].mp4
2016-08-21 23:11 - 2016-08-21 23:11 - 00000000 ____D C:\Users\Michael\Desktop\AutoLink-v1.72 2016-06-24@1551
2016-08-21 23:09 - 2016-08-21 23:09 - 00222833 _____ C:\Users\Michael\Desktop\AutoLink-v1.72 2016-06-24@1551.rar
2016-08-21 23:02 - 2016-08-21 23:02 - 00002657 _____ C:\Users\Michael\Desktop\3DMGAME.ini
2016-08-21 14:58 - 2016-08-21 14:58 - 04658709 _____ C:\Users\Michael\Desktop\Conception II Children of the Seven Stars V1.00 Trainer +5 MrAntiFun.zip
2016-08-21 14:58 - 2016-08-21 14:58 - 00000000 ____D C:\Users\Michael\Desktop\Conception II Children of the Seven Stars V1.00 Trainer +5 MrAntiFun
2016-08-19 23:07 - 2016-08-24 00:16 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Conception2
2016-08-18 00:05 - 2016-08-19 23:07 - 00000000 ____D C:\Users\Michael\Desktop\Conception.II.Children.of.the.Seven.Stars-ALI213
2016-08-16 22:42 - 2016-08-16 22:42 - 00000222 _____ C:\Users\Michael\Desktop\Shop Heroes.url
2016-08-16 21:14 - 2016-08-16 21:14 - 00000000 ____D C:\Users\Michael\Desktop\ -Project DIVA- X Complete Collection-.hikarinoakari
2016-08-16 21:12 - 2016-08-16 21:14 - 251580466 _____ C:\Users\Michael\Desktop\ -Project DIVA- X Complete Collection-.hikarinoakari.zip
2016-08-14 23:11 - 2016-08-14 23:11 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SPLUSH WAVE
2016-08-14 23:11 - 2016-08-14 23:11 - 00000000 ____D C:\SPLUSH WAVE
2016-08-13 01:37 - 2016-08-13 01:37 - 08162444 _____ C:\Users\Michael\Desktop\Miki.rar
2016-08-13 01:37 - 2016-08-13 01:37 - 00000000 ____D C:\Users\Michael\Desktop\Miki
2016-08-12 17:02 - 2016-06-18 16:06 - 00590688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2016-08-12 17:02 - 2016-06-11 12:37 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-08-12 17:02 - 2016-06-10 15:04 - 03547136 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-08-12 17:02 - 2016-06-10 14:11 - 06521800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2016-08-12 17:02 - 2016-06-10 14:11 - 01487992 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2016-08-12 17:02 - 2016-06-10 14:11 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2016-08-12 17:02 - 2016-06-03 20:38 - 01613528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-08-12 17:02 - 2016-06-03 20:37 - 01970968 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-08-12 17:02 - 2016-05-29 03:08 - 22361344 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-08-12 17:02 - 2016-05-28 14:31 - 19788688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-08-12 17:02 - 2016-05-18 16:28 - 02635264 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2016-08-12 17:02 - 2016-05-13 17:42 - 03667968 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-08-12 17:02 - 2016-05-06 13:13 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-08-12 17:02 - 2016-04-16 09:56 - 01080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-08-12 17:02 - 2016-04-06 14:20 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2016-08-12 17:02 - 2016-04-06 14:17 - 18825216 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-08-12 17:02 - 2016-04-06 12:25 - 15158272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-08-12 17:01 - 2016-06-18 16:06 - 00072408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys
2016-08-12 17:01 - 2016-06-11 15:52 - 00379232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-08-12 17:01 - 2016-06-11 15:52 - 00057184 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2016-08-12 17:01 - 2016-06-11 14:05 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\gpresult.exe
2016-08-12 17:01 - 2016-06-11 13:14 - 00192512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpresult.exe
2016-08-12 17:01 - 2016-06-11 12:50 - 00987136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-12 17:01 - 2016-06-11 12:46 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\tpmvsc.dll
2016-08-12 17:01 - 2016-06-11 12:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-08-12 17:01 - 2016-06-11 12:24 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-12 17:01 - 2016-06-11 12:20 - 00413184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-08-12 17:01 - 2016-06-11 12:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-08-12 17:01 - 2016-06-10 23:44 - 00107984 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-08-12 17:01 - 2016-06-10 23:44 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-08-12 17:01 - 2016-06-10 16:07 - 03820544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2016-08-12 17:01 - 2016-06-10 16:03 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-12 17:01 - 2016-06-10 14:11 - 00125024 _____ (Microsoft Corporation) C:\Windows\system32\cryptxml.dll
2016-08-12 17:01 - 2016-06-10 14:10 - 00099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptxml.dll
2016-08-12 17:01 - 2016-06-10 14:07 - 03273728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2016-08-12 17:01 - 2016-06-10 14:04 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-12 17:01 - 2016-06-09 15:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-08-12 17:01 - 2016-06-09 14:18 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-08-12 17:01 - 2016-06-07 14:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\hbaapi.dll
2016-08-12 17:01 - 2016-06-07 13:13 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hbaapi.dll
2016-08-12 17:01 - 2016-05-18 17:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2016-08-12 17:01 - 2016-05-18 17:15 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2016-08-12 17:01 - 2016-05-18 16:56 - 01291776 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2016-08-12 17:01 - 2016-05-18 16:33 - 01060352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2016-08-12 17:01 - 2016-05-18 16:16 - 02317824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2016-08-12 17:01 - 2016-05-14 16:26 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-08-12 17:01 - 2016-05-14 01:19 - 01134768 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-08-12 17:01 - 2016-05-13 19:08 - 00111616 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2016-08-12 17:01 - 2016-05-13 19:08 - 00032768 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2016-08-12 17:01 - 2016-05-13 19:08 - 00032512 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2016-08-12 17:01 - 2016-05-13 18:24 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-08-12 17:01 - 2016-05-13 17:30 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-08-12 17:01 - 2016-05-13 17:29 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-08-12 17:01 - 2016-05-13 17:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2016-08-12 17:01 - 2016-05-13 17:27 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-08-12 17:01 - 2016-05-13 17:26 - 02230784 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-08-12 17:01 - 2016-05-13 17:26 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-08-12 17:01 - 2016-05-13 17:18 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-08-12 17:01 - 2016-05-13 17:18 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-08-12 17:01 - 2016-05-13 17:16 - 00727040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-08-12 17:01 - 2016-05-13 17:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-08-12 17:01 - 2016-05-12 14:36 - 00034600 _____ (Microsoft Corporation) C:\Windows\system32\UserAccountBroker.exe
2016-08-12 17:01 - 2016-05-12 13:39 - 00030984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserAccountBroker.exe
2016-08-12 17:01 - 2016-05-06 17:59 - 00331608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2016-08-12 17:01 - 2016-05-05 14:28 - 01661072 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-08-12 17:01 - 2016-05-05 13:39 - 01212256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-08-12 17:01 - 2016-05-05 13:18 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-08-12 17:01 - 2016-05-05 13:02 - 03320832 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-08-12 17:01 - 2016-05-05 12:37 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-08-12 17:01 - 2016-05-05 12:34 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-08-12 17:01 - 2016-05-05 12:29 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-08-12 17:01 - 2016-05-05 11:28 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-08-12 17:01 - 2016-05-05 11:16 - 02464768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-08-12 17:01 - 2016-04-10 01:35 - 00551256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2016-08-12 17:01 - 2016-04-09 18:15 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2016-08-12 17:01 - 2016-04-09 18:14 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Geolocation.dll
2016-08-12 17:01 - 2016-04-09 18:10 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-08-12 17:01 - 2016-04-09 18:09 - 00754176 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2016-08-12 17:01 - 2016-04-09 18:02 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2016-08-12 17:01 - 2016-04-09 17:59 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Geolocation.dll
2016-08-12 17:01 - 2016-04-09 17:59 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2016-08-12 17:01 - 2016-04-09 17:56 - 00543232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2016-08-12 17:01 - 2016-04-09 17:55 - 00881152 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2016-08-12 17:01 - 2016-04-09 17:52 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2016-08-12 17:01 - 2016-04-07 12:06 - 00927744 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2016-08-12 17:01 - 2016-04-06 17:21 - 00114528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys
2016-08-12 17:01 - 2016-04-05 18:37 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys
2016-08-12 17:01 - 2016-04-02 09:58 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfgLib.dll
2016-08-12 17:01 - 2016-04-01 13:40 - 00322048 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2016-08-12 17:01 - 2016-04-01 12:53 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2016-08-12 17:01 - 2016-04-01 12:50 - 00737280 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-08-12 17:01 - 2016-02-04 12:57 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\httpprxp.dll
2016-08-12 17:01 - 2016-02-04 12:49 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2016-08-12 17:01 - 2016-02-04 12:39 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2016-08-12 16:54 - 2016-08-02 02:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-12 16:54 - 2016-08-02 02:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-12 16:54 - 2016-08-02 02:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-12 16:54 - 2016-08-02 02:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-12 16:54 - 2016-08-02 02:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-12 16:54 - 2016-08-02 02:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-12 16:54 - 2016-08-02 01:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-12 16:54 - 2016-08-02 01:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-12 16:54 - 2016-08-02 01:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-12 16:54 - 2016-08-02 01:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-12 16:54 - 2016-08-02 01:46 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-08-12 16:54 - 2016-08-02 01:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-12 16:54 - 2016-08-02 01:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-12 16:54 - 2016-08-02 01:39 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-12 16:54 - 2016-08-02 01:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-12 16:54 - 2016-08-02 01:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-12 16:54 - 2016-08-02 01:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-12 16:54 - 2016-08-02 01:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-12 16:54 - 2016-08-02 01:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-12 16:54 - 2016-08-02 01:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-12 16:54 - 2016-08-02 01:20 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-08-12 16:54 - 2016-08-02 01:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-12 16:54 - 2016-08-02 01:15 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-12 16:54 - 2016-08-02 01:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-12 16:54 - 2016-08-02 01:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-12 16:54 - 2016-08-02 01:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-12 16:54 - 2016-08-02 00:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-12 16:54 - 2016-08-02 00:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-12 16:54 - 2016-08-02 00:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-12 16:54 - 2016-08-02 00:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-12 16:54 - 2016-07-08 10:18 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-12 16:51 - 2016-07-12 10:08 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2016-08-12 16:51 - 2016-07-08 20:09 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-12 16:51 - 2016-07-08 20:08 - 00332632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-12 16:51 - 2016-07-08 10:32 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2016-08-12 16:51 - 2016-07-08 10:25 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2016-08-12 16:51 - 2016-07-08 10:22 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-12 16:51 - 2016-07-08 10:19 - 00840704 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2016-08-12 16:51 - 2016-07-08 10:17 - 00696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2016-08-12 16:51 - 2016-07-07 18:33 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-12 16:51 - 2016-07-07 17:53 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-12 16:51 - 2016-07-07 16:06 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-12 16:51 - 2016-07-06 10:26 - 07793152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-08-12 16:51 - 2016-07-06 10:26 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-08-12 16:51 - 2016-07-06 10:23 - 05270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-08-12 16:51 - 2016-07-06 10:21 - 05265920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-08-12 16:51 - 2016-05-18 19:18 - 00563024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-08-12 16:51 - 2016-05-18 19:18 - 00397232 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-08-12 16:51 - 2016-05-18 19:16 - 00178016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-12 16:51 - 2016-05-18 18:28 - 00340880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-08-12 04:39 - 2016-08-12 04:39 - 00000000 ____D C:\Users\Michael\AppData\Roaming\com.playsaurus.ragnarokclicker
2016-08-09 21:23 - 2016-08-12 16:41 - 00000000 ____D C:\Users\Michael\Desktop\New Folder (3)
2016-08-09 19:54 - 2016-08-12 16:41 - 00000000 ____D C:\Users\Michael\Desktop\New folder
2016-08-08 10:29 - 2016-08-08 10:29 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\Inre
2016-08-06 23:07 - 2016-08-07 00:55 - 00000000 ____D C:\Program Files (x86)\Neverwinter_en
2016-08-06 23:06 - 2016-08-06 23:07 - 00000000 ___HD C:\ArcTemp
2016-08-06 23:04 - 2016-08-06 23:06 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Arc
2016-08-06 23:04 - 2016-08-06 23:04 - 00000000 ____D C:\Users\Public\Documents\Arc
2016-08-06 23:03 - 2016-08-06 23:07 - 00001935 _____ C:\Users\Public\Desktop\Neverwinter.lnk
2016-08-06 23:03 - 2016-08-06 23:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2016-08-06 23:03 - 2016-08-06 23:03 - 00001600 _____ C:\Users\Public\Desktop\Arc.lnk
2016-08-06 23:02 - 2016-08-08 12:23 - 00000000 ____D C:\Program Files (x86)\Arc
2016-08-02 02:31 - 2016-08-02 02:31 - 00262144 _____ C:\Windows\Minidump\080216-52734-01.dmp
2016-08-02 02:30 - 2016-08-02 02:30 - 804417454 _____ C:\Windows\MEMORY.DMP
2016-08-02 02:20 - 2016-08-02 02:20 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\FantasyDev

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-26 10:27 - 2014-02-28 19:07 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Azureus
2016-08-26 10:20 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\NDF
2016-08-26 10:13 - 2014-02-28 18:53 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-26 09:37 - 2014-03-02 16:09 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-26 00:39 - 2014-02-28 19:07 - 00000000 ____D C:\Users\Michael\Documents\Vuze Downloads
2016-08-25 20:37 - 2014-03-02 16:09 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-25 20:01 - 2015-01-06 22:57 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Frontwing
2016-08-25 20:01 - 2014-08-08 01:15 - 00000000 ____D C:\ProgramData\Steam
2016-08-25 18:09 - 2014-02-28 18:52 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2519708249-347641370-1317237633-1003
2016-08-25 17:10 - 2013-09-09 18:10 - 00338228 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-25 17:10 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf
2016-08-25 17:06 - 2014-07-01 23:41 - 00000000 ____D C:\Users\Michael\AppData\Local\TSVNCache
2016-08-25 17:05 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-25 16:42 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-08-25 16:25 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2016-08-25 14:32 - 2015-05-25 08:17 - 00000000 ____D C:\Users\Michael\AppData\Local\Avg
2016-08-25 14:31 - 2014-03-03 11:38 - 00000000 ____D C:\ProgramData\MFAData
2016-08-25 10:43 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2016-08-25 07:32 - 2014-03-03 05:03 - 00000000 ____D C:\Windows\system32\MRT
2016-08-25 00:04 - 2015-10-23 22:41 - 00000000 ____D C:\Program Files\Mugen Souls
2016-08-24 23:56 - 2015-11-02 15:37 - 00000000 ____D C:\ProgramData\Avg
2016-08-24 23:56 - 2014-03-03 11:57 - 00000000 ____D C:\Program Files (x86)\AVG
2016-08-24 23:55 - 2015-11-02 15:36 - 00000000 ____D C:\Users\Michael\AppData\Local\AvgSetupLog
2016-08-24 23:54 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-08-24 23:23 - 2013-08-22 10:44 - 00337664 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-24 23:22 - 2014-02-28 18:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-24 23:15 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
2016-08-24 23:13 - 2014-02-28 18:40 - 00000000 ____D C:\Users\Michael
2016-08-24 22:53 - 2014-02-28 23:14 - 00000000 ____D C:\Users\Michael\Desktop\a
2016-08-24 19:22 - 2015-02-01 21:49 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-23 02:20 - 2014-11-09 16:11 - 00000000 ____D C:\Users\Michael\.gimp-2.8
2016-08-23 01:55 - 2014-04-14 01:49 - 00000000 ____D C:\Users\Michael\AppData\Roaming\RenPy
2016-08-22 22:32 - 2014-02-28 22:18 - 00000000 ____D C:\Users\Michael\Desktop\Diablo III
2016-08-22 22:31 - 2014-03-01 00:05 - 00000000 ____D C:\Users\Michael\AppData\Local\Battle.net
2016-08-22 22:31 - 2014-03-01 00:05 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-08-22 07:08 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-08-21 23:13 - 2015-06-20 20:26 - 00000000 ____D C:\Program Files (x86)\DEAD OR ALIVE 5 Last Round
2016-08-21 23:05 - 2014-03-02 00:36 - 00000000 ____D C:\Games
2016-08-19 23:07 - 2014-03-01 05:44 - 00000000 ____D C:\Users\Michael\Documents\My Games
2016-08-19 22:56 - 2015-08-20 01:14 - 00000000 ____D C:\Users\Michael\Desktop\mmd models
2016-08-19 22:54 - 2016-05-31 15:30 - 00000000 ____D C:\Users\Michael\Desktop\Anime
2016-08-19 14:07 - 2015-07-07 13:58 - 00000000 ____D C:\Users\Michael\Desktop\New folder (2)
2016-08-17 02:16 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2016-08-15 23:03 - 2015-09-13 00:32 - 00001806 _____ C:\Users\Public\Desktop\Vuze.lnk
2016-08-15 23:03 - 2014-02-28 19:08 - 00001806 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2016-08-15 23:03 - 2014-02-28 19:07 - 00000000 ____D C:\Program Files\Vuze
2016-08-14 23:42 - 2015-08-20 01:42 - 00000000 ____D C:\Users\Michael\Desktop\H games
2016-08-13 13:11 - 2014-10-24 02:17 - 00001366 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MikuMikuDance (2).lnk
2016-08-13 01:10 - 2014-03-01 02:42 - 00000000 ___RD C:\Users\Michael\Desktop\Games
2016-08-12 19:42 - 2014-03-03 05:03 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-12 19:39 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2016-08-12 16:41 - 2016-06-06 05:14 - 00000000 ____D C:\Users\Michael\Desktop\TLS 0.17.4
2016-08-12 16:41 - 2016-06-05 15:30 - 00000000 ____D C:\Users\Michael\Desktop\Melodys_Escape_v1.0.0_setup
2016-08-12 16:41 - 2016-05-24 12:26 - 00000000 ____D C:\Users\Michael\Desktop\Youtubers Life V0.7.3 Trainer +3 MrAntiFun
2016-08-12 16:41 - 2016-04-27 07:20 - 00000000 ____D C:\Users\Michael\Desktop\Dark Souls 3 V1.03.1 Trainer +17 MrAntiFun
2016-08-12 16:41 - 2015-05-08 13:18 - 00000000 ____D C:\Users\Michael\Desktop\Hazel I. Smith - NewsandSentinel.com _ News, Sports, Jobs, Community Information - Parkersburg News and Sentinel_files
2016-08-12 16:41 - 2015-04-05 05:55 - 00000000 ___SD C:\Windows\system32\GWX
2016-08-12 16:41 - 2010-07-09 14:24 - 00000000 ____D C:\Users\Michael\Desktop\zsnesw151
2016-08-12 16:39 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-12 16:36 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\registration
2016-08-12 16:36 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\Sysprep
2016-08-12 16:35 - 2016-07-14 10:43 - 00000000 ____D C:\Users\Michael\Desktop\Renryuu Ascension Testversion 13.07.16
2016-08-12 16:35 - 2016-06-07 02:35 - 00000000 ____D C:\Users\Michael\Desktop\SAKDUN101C
2016-08-12 16:35 - 2016-06-01 06:29 - 00000000 ____D C:\Users\Michael\Desktop\Glassix v0.4
2016-08-12 16:35 - 2016-05-24 11:17 - 00000000 ____D C:\Users\Michael\Desktop\Youtuber's Life
2016-08-12 16:35 - 2015-11-25 02:46 - 00000000 ____D C:\Users\Michael\Desktop\Miku'n'POP
2016-08-12 16:35 - 2014-07-01 08:08 - 00000000 ____D C:\Users\Michael\Desktop\SimB
2016-08-12 15:36 - 2015-02-12 06:37 - 00000000 _____ C:\Recovery.txt
2016-08-12 12:49 - 2014-08-24 05:11 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-08 17:39 - 2014-03-02 16:10 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-06 23:03 - 2013-09-27 13:57 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-08-03 14:23 - 2013-08-22 11:43 - 00000000 ____D C:\Windows\DigitalLocker
2016-08-02 02:31 - 2014-02-24 15:53 - 00000000 ____D C:\Windows\Minidump
2016-07-28 20:32 - 2014-03-02 16:09 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 20:32 - 2014-03-02 16:09 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-28 16:00 - 2014-02-28 20:48 - 00000000 ____D C:\Users\Michael\Desktop\MikuMikuDanceE_v739
2016-07-27 15:25 - 2014-03-02 14:36 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-27 00:30 - 2015-09-10 12:00 - 00000000 ____D C:\Users\Michael\AppData\Roaming\BitTorrent Sync

==================== Files in the root of some directories =======

2014-12-16 02:49 - 2014-12-16 02:49 - 0000064 _____ () C:\Users\Michael\AppData\Local\cac2385838c6636cad52f5a3d493e38d
2015-08-22 02:08 - 2015-08-22 02:08 - 0000000 ___SH () C:\Users\Michael\AppData\Local\LumaEmu
2016-08-23 02:20 - 2016-08-23 02:20 - 0001009 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel
2015-10-03 18:02 - 2016-07-26 03:05 - 0007600 _____ () C:\Users\Michael\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\14-4-mobility-win7-win8-win8.1-64-dd-ccc-whql.exe
C:\Users\Michael\AppData\Local\Temp\6699d3ee8dd9cf775caae782c8f44f03.dll
C:\Users\Michael\AppData\Local\Temp\6_Offer_18.exe
C:\Users\Michael\AppData\Local\Temp\avg-1c464a24-a85e-4f7e-8785-0c43b6deab2d.exe
C:\Users\Michael\AppData\Local\Temp\avguirn_08123685575.exe
C:\Users\Michael\AppData\Local\Temp\avguirn_081317182199.exe
C:\Users\Michael\AppData\Local\Temp\avguirn_081383817413.exe
C:\Users\Michael\AppData\Local\Temp\avguirn_081404930968.exe
C:\Users\Michael\AppData\Local\Temp\avguirn_081832015176.exe
C:\Users\Michael\AppData\Local\Temp\avguirn_081837524886.exe
C:\Users\Michael\AppData\Local\Temp\avguirn_082038990495.exe
C:\Users\Michael\AppData\Local\Temp\avguirn_082062894530.exe
C:\Users\Michael\AppData\Local\Temp\avguirn_08443030947.exe
C:\Users\Michael\AppData\Local\Temp\avguirn_08563839965.exe
C:\Users\Michael\AppData\Local\Temp\bdzshl64.dll
C:\Users\Michael\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Michael\AppData\Local\Temp\comver.dll
C:\Users\Michael\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Michael\AppData\Local\Temp\drm_dyndata_7380012.dll
C:\Users\Michael\AppData\Local\Temp\EADB054.exe
C:\Users\Michael\AppData\Local\Temp\edfeb25568dbef3ba7e5ef018e178bf3.dll
C:\Users\Michael\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Michael\AppData\Local\Temp\FreemakeVideoConverterFull.exe
C:\Users\Michael\AppData\Local\Temp\Gw2.exe
C:\Users\Michael\AppData\Local\Temp\i4jdel0.exe
C:\Users\Michael\AppData\Local\Temp\inst.exe
C:\Users\Michael\AppData\Local\Temp\installer.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Michael\AppData\Local\Temp\libeay32.dll
C:\Users\Michael\AppData\Local\Temp\msvcr120.dll
C:\Users\Michael\AppData\Local\Temp\Nexus Mod Manager-0.55.7.exe
C:\Users\Michael\AppData\Local\Temp\Nexus Mod Manager-0.56.1.exe
C:\Users\Michael\AppData\Local\Temp\Nexus Mod Manager-0.60.3.exe
C:\Users\Michael\AppData\Local\Temp\Nexus Mod Manager-0.61.13.exe
C:\Users\Michael\AppData\Local\Temp\raptrpatch.exe
C:\Users\Michael\AppData\Local\Temp\raptr_stub.exe
C:\Users\Michael\AppData\Local\Temp\SIntf16.dll
C:\Users\Michael\AppData\Local\Temp\SIntf32.dll
C:\Users\Michael\AppData\Local\Temp\SIntfNT.dll
C:\Users\Michael\AppData\Local\Temp\sqlite-3.8.11.2-1387fe3f-eba8-4d0a-9011-c621ab8b6f63-sqlitejdbc.dll
C:\Users\Michael\AppData\Local\Temp\sqlite-3.8.11.2-2b25030f-c712-46c2-81c1-fdc374efa65f-sqlitejdbc.dll
C:\Users\Michael\AppData\Local\Temp\sqlite-3.8.11.2-660641b9-9597-4a6d-a152-28f7b3da8ddd-sqlitejdbc.dll
C:\Users\Michael\AppData\Local\Temp\sqlite-3.8.11.2-92f3bc39-e12f-4086-870e-384bd13dd813-sqlitejdbc.dll
C:\Users\Michael\AppData\Local\Temp\sqlite-3.8.11.2-971bf7c4-5f44-43c3-a0ee-78412ed51a63-sqlitejdbc.dll
C:\Users\Michael\AppData\Local\Temp\sqlite-3.8.11.2-9d32721b-503d-4b61-8b77-fa86e682e9c7-sqlitejdbc.dll
C:\Users\Michael\AppData\Local\Temp\sqlite-3.8.11.2-c5e03b1e-9503-4514-a629-dedccb811b68-sqlitejdbc.dll
C:\Users\Michael\AppData\Local\Temp\sqlite3.dll
C:\Users\Michael\AppData\Local\Temp\tf_update.exe
C:\Users\Michael\AppData\Local\Temp\tmp1917.exe
C:\Users\Michael\AppData\Local\Temp\tmp81BA.exe
C:\Users\Michael\AppData\Local\Temp\tmpB0D8.exe
C:\Users\Michael\AppData\Local\Temp\tmpBAB0.exe
C:\Users\Michael\AppData\Local\Temp\tmpBE06.exe
C:\Users\Michael\AppData\Local\Temp\tmpBF3B.exe
C:\Users\Michael\AppData\Local\Temp\tmpF761.exe
C:\Users\Michael\AppData\Local\Temp\TouchURL.exe
C:\Users\Michael\AppData\Local\Temp\UninstallEADM.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-25 10:09

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:27 PM

Posted 28 August 2016 - 12:28 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\RK_Michael_ON_F_8856\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKU\RK_Michael_ON_F_8856 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP0E652A82-511D-4744-915A-836EB18DD543&q={searchTerms}&SSPV=
SearchScopes: HKU\RK_Michael_ON_F_8856 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP0E652A82-511D-4744-915A-836EB18DD543&q={searchTerms}&SSPV=
SearchScopes: HKU\RK_Michael_ON_F_8856 -> {2C9E0EE4-2610-B903-9AF4-523D61CB8099} URL = hxxp://www.startnow.com/s/?q={searchTerms}&src=defsearch&provider=Bing&provider_code=Z095&partner_id=667&product_id=636&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110623&user_guid=2176C87B53C1411F9D28C0FD46F2D9A2&machine_id=802f4a88e46f8f42dac72bf78b013b44&browser=IE&os=win&os_version=6.0-x86-SP2
SearchScopes: HKU\RK_Michael_ON_F_8856 -> {43DA6A3C-250C-48EF-8071-3D3D22D71ABB} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\RK_Michael_ON_F_8856 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKU\RK_Michael_ON_F_8856 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={AA978316-A7D1-464B-8560-35744888510E}&mid=9635f244cd084d1ed4fee4aece8763f5-33709e08479e01b6d631d837182b86500bdfe2c6&lang=en&ds=AVG&pr=fr&d=2013-11-05 00:02:30&v=17.1.3.3&pid=safeguard&sg=0&sap=dsp&q=
SearchScopes: HKU\RK_Michael_ON_F_8856 -> {9A653F9D-252C-42BD-9953-6A80E774A5EF} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3237160
Toolbar: HKU\RK_Michael_ON_F_8856 -> No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} -  No File
Toolbar: HKU\RK_Michael_ON_F_8856 -> No Name - {9D0F7EB2-452D-4766-B535-8D23E36C300E} -  No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
S2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [X]
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Task: {138A5B9D-8336-4990-B480-A6553AE0D808} - \GeniusBox -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:A31FAD21 [95]


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)

===

Please post the fixlog.txt and let me know what problem persists.

#3 Strade

Strade
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 28 August 2016 - 09:44 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-08-2016
Ran by Michael (28-08-2016 22:29:44) Run:1
Running from C:\Users\Michael\Desktop
Loaded Profiles: Michael (Available Profiles: Michael)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\RK_Michael_ON_F_8856\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKU\RK_Michael_ON_F_8856 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP0E652A82-511D-4744-915A-836EB18DD543&q={searchTerms}&SSPV=
SearchScopes: HKU\RK_Michael_ON_F_8856 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP0E652A82-511D-4744-915A-836EB18DD543&q={searchTerms}&SSPV=
SearchScopes: HKU\RK_Michael_ON_F_8856 -> {2C9E0EE4-2610-B903-9AF4-523D61CB8099} URL = hxxp://www.startnow.com/s/?q={searchTerms}&src=defsearch&provider=Bing&provider_code=Z095&partner_id=667&product_id=636&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110623&user_guid=2176C87B53C1411F9D28C0FD46F2D9A2&machine_id=802f4a88e46f8f42dac72bf78b013b44&browser=IE&os=win&os_version=6.0-x86-SP2
SearchScopes: HKU\RK_Michael_ON_F_8856 -> {43DA6A3C-250C-48EF-8071-3D3D22D71ABB} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\RK_Michael_ON_F_8856 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKU\RK_Michael_ON_F_8856 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={AA978316-A7D1-464B-8560-35744888510E}&mid=9635f244cd084d1ed4fee4aece8763f5-33709e08479e01b6d631d837182b86500bdfe2c6&lang=en&ds=AVG&pr=fr&d=2013-11-05 00:02:30&v=17.1.3.3&pid=safeguard&sg=0&sap=dsp&q=
SearchScopes: HKU\RK_Michael_ON_F_8856 -> {9A653F9D-252C-42BD-9953-6A80E774A5EF} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3237160
Toolbar: HKU\RK_Michael_ON_F_8856 -> No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} -  No File
Toolbar: HKU\RK_Michael_ON_F_8856 -> No Name - {9D0F7EB2-452D-4766-B535-8D23E36C300E} -  No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
S2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [X]
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Task: {138A5B9D-8336-4990-B480-A6553AE0D808} - \GeniusBox -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:A31FAD21 [95]


End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\RK_Michael_ON_F_8856\Software\Microsoft\Internet Explorer\Main\\ICQ Search => value removed successfully
HKU\RK_Michael_ON_F_8856\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\RK_Michael_ON_F_8856\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => key removed successfully
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
"HKU\RK_Michael_ON_F_8856\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2C9E0EE4-2610-B903-9AF4-523D61CB8099}" => key removed successfully
HKCR\CLSID\{2C9E0EE4-2610-B903-9AF4-523D61CB8099} => key not found.
"HKU\RK_Michael_ON_F_8856\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{43DA6A3C-250C-48EF-8071-3D3D22D71ABB}" => key removed successfully
HKCR\CLSID\{43DA6A3C-250C-48EF-8071-3D3D22D71ABB} => key not found.
"HKU\RK_Michael_ON_F_8856\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}" => key removed successfully
HKCR\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19} => key not found.
"HKU\RK_Michael_ON_F_8856\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
"HKU\RK_Michael_ON_F_8856\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9A653F9D-252C-42BD-9953-6A80E774A5EF}" => key removed successfully
HKCR\CLSID\{9A653F9D-252C-42BD-9953-6A80E774A5EF} => key not found.
HKU\RK_Michael_ON_F_8856\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} => value removed successfully
HKCR\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC} => key not found.
HKU\RK_Michael_ON_F_8856\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D0F7EB2-452D-4766-B535-8D23E36C300E} => value removed successfully
HKCR\CLSID\{9D0F7EB2-452D-4766-B535-8D23E36C300E} => key not found.
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
PST Service => service removed successfully
AODDriver4.2.0 => service removed successfully
cpuz136 => service removed successfully
EagleX64 => service removed successfully
gdrv => service removed successfully
xhunter1 => service removed successfully
"C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{138A5B9D-8336-4990-B480-A6553AE0D808}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{138A5B9D-8336-4990-B480-A6553AE0D808}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GeniusBox => key not found.
C:\ProgramData\TEMP => ":A31FAD21" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11680330 B
Java, Flash, Steam htmlcache => 395221664 B
Windows/system/drivers => 847387833 B
Edge => 0 B
Chrome => 671663182 B
Firefox => 535307674 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 80852 B
systemprofile32 => 560 B
LocalService => 484013 B
NetworkService => 0 B
Michael => 5003707488 B

RecycleBin => 0 B
EmptyTemp: => 7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:38:04 ====

 

 

 

ok fixlog posted, sorry bout the late reply,  just got back from work

 

windows defender is still finding this:

 

Trojan:DOS/Alureon.J

 

The following error occurred: Error code 0x8007065b. Function failed during execution.

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items:
boot:\\.\PHYSICALDRIVE0\Partition0 (Type 00)
boot:\\.\PHYSICALDRIVE0\Partition1 (Type 00)
 


Edited by Strade, 28 August 2016 - 09:45 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:27 PM

Posted 29 August 2016 - 08:55 AM

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
aswMBRScan.gif
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
  • There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
    ===

    Wait for further instructions.


#5 Strade

Strade
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 29 August 2016 - 11:38 AM

tdss log:

 

12:28:20.0902 0x0d78  TDSS rootkit removing tool 3.1.0.11 Aug  5 2016 12:13:31
12:28:23.0263 0x0d78  ============================================================
12:28:23.0263 0x0d78  Current date / time: 2016/08/29 12:28:23.0263
12:28:23.0263 0x0d78  SystemInfo:
12:28:23.0263 0x0d78  
12:28:23.0263 0x0d78  OS Version: 6.3.9600 ServicePack: 0.0
12:28:23.0263 0x0d78  Product type: Workstation
12:28:23.0263 0x0d78  ComputerName: WALDO
12:28:23.0263 0x0d78  UserName: Michael
12:28:23.0263 0x0d78  Windows directory: C:\Windows
12:28:23.0263 0x0d78  System windows directory: C:\Windows
12:28:23.0263 0x0d78  Running under WOW64
12:28:23.0263 0x0d78  Processor architecture: Intel x64
12:28:23.0263 0x0d78  Number of processors: 8
12:28:23.0263 0x0d78  Page size: 0x1000
12:28:23.0263 0x0d78  Boot type: Normal boot
12:28:23.0263 0x0d78  CodeIntegrityOptions = 0x00000001
12:28:23.0263 0x0d78  ============================================================
12:28:23.0913 0x0d78  KLMD registered as C:\Windows\system32\drivers\52611283.sys
12:28:23.0913 0x0d78  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 9600.18378, osProperties = 0x19
12:28:25.0496 0x0d78  System UUID: {7EA9EC4B-0C4F-8B9A-70A4-33D6B472DCEE}
12:28:32.0721 0x0d78  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:28:32.0745 0x0d78  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:28:32.0758 0x0d78  ============================================================
12:28:32.0758 0x0d78  \Device\Harddisk0\DR0:
12:28:32.0758 0x0d78  MBR partitions:
12:28:32.0758 0x0d78  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x391F2147
12:28:32.0758 0x0d78  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x391F2186, BlocksNum 0x1192ABB
12:28:32.0758 0x0d78  \Device\Harddisk1\DR1:
12:28:32.0761 0x0d78  MBR partitions:
12:28:32.0761 0x0d78  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAF000
12:28:32.0761 0x0d78  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0xE8D58800
12:28:32.0761 0x0d78  ============================================================
12:28:32.0790 0x0d78  C: <-> \Device\Harddisk1\DR1\Partition2
12:28:32.0810 0x0d78  F: <-> \Device\Harddisk0\DR0\Partition1
12:28:32.0858 0x0d78  G: <-> \Device\Harddisk0\DR0\Partition2
12:28:32.0858 0x0d78  ============================================================
12:28:32.0858 0x0d78  Initialize success
12:28:32.0858 0x0d78  ============================================================
12:28:44.0661 0x0b2c  ============================================================
12:28:44.0661 0x0b2c  Scan started
12:28:44.0661 0x0b2c  Mode: Manual;
12:28:44.0661 0x0b2c  ============================================================
12:28:44.0661 0x0b2c  KSN ping started
12:28:44.0760 0x0b2c  KSN ping finished: true
12:28:46.0114 0x0b2c  ================ Scan system memory ========================
12:28:46.0114 0x0b2c  System memory - ok
12:28:46.0115 0x0b2c  ================ Scan services =============================
12:28:46.0216 0x0b2c  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
12:28:46.0245 0x0b2c  1394ohci - ok
12:28:46.0266 0x0b2c  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\Windows\system32\drivers\3ware.sys
12:28:46.0268 0x0b2c  3ware - ok
12:28:46.0398 0x0b2c  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:28:46.0407 0x0b2c  ACPI - ok
12:28:46.0421 0x0b2c  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
12:28:46.0422 0x0b2c  acpiex - ok
12:28:46.0438 0x0b2c  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
12:28:46.0447 0x0b2c  acpipagr - ok
12:28:46.0451 0x0b2c  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
12:28:46.0460 0x0b2c  AcpiPmi - ok
12:28:46.0477 0x0b2c  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
12:28:46.0486 0x0b2c  acpitime - ok
12:28:46.0549 0x0b2c  [ 32B31B696CB8E8F380831DFEB80A67E4, 8C8F6E16F2FB3E8F10569261B7712BBC931A2924B6C27D561E7F828041C4F3E6 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:28:46.0553 0x0b2c  AdobeFlashPlayerUpdateSvc - ok
12:28:46.0580 0x0b2c  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\Windows\system32\drivers\ADP80XX.SYS
12:28:46.0592 0x0b2c  ADP80XX - ok
12:28:46.0649 0x0b2c  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:28:46.0653 0x0b2c  AeLookupSvc - ok
12:28:46.0713 0x0b2c  [ A460C3AF3755A2A79A3C8EFE72E147B5, 62CEA85DA53D86D3E7B5D79F94095C6126FFF3DEE1427BBF3DEF5EA366B4513B ] AFD             C:\Windows\system32\drivers\afd.sys
12:28:46.0733 0x0b2c  AFD - ok
12:28:46.0754 0x0b2c  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:28:46.0756 0x0b2c  agp440 - ok
12:28:46.0810 0x0b2c  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\Windows\system32\DRIVERS\ahcache.sys
12:28:46.0821 0x0b2c  ahcache - ok
12:28:46.0875 0x0b2c  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\Windows\System32\alg.exe
12:28:46.0877 0x0b2c  ALG - ok
12:28:46.0893 0x0b2c  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
12:28:46.0903 0x0b2c  AmdK8 - ok
12:28:46.0925 0x0b2c  [ F2FF8C1B41B3784EDBD5C6D5397F403C, 104873700D2BDF4812DC48200B4609F46A63E7A50594A0599100EF1438863708 ] amdkmafd        C:\Windows\system32\drivers\amdkmafd.sys
12:28:46.0926 0x0b2c  amdkmafd - ok
12:28:46.0953 0x0b2c  amdkmdag - ok
12:28:46.0999 0x0b2c  [ 1E2E0FD45B2F9ADD2E5A5125D44F9BCE, B4D65566D15A26865A1506B5BE0E5E0CFBCCB655A2AD358314628FA37169EB6B ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
12:28:47.0053 0x0b2c  amdkmdap - ok
12:28:47.0080 0x0b2c  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
12:28:47.0082 0x0b2c  AmdPPM - ok
12:28:47.0100 0x0b2c  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:28:47.0102 0x0b2c  amdsata - ok
12:28:47.0120 0x0b2c  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:28:47.0124 0x0b2c  amdsbs - ok
12:28:47.0134 0x0b2c  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:28:47.0135 0x0b2c  amdxata - ok
12:28:47.0150 0x0b2c  [ A2EFE3869B976296E097DEF368280F95, 121CD4A16146A9DF59D6E415181F48CA0D1DCD4D2B6BC4CBDABC2F3D296E28C6 ] amd_sata        C:\Windows\system32\drivers\amd_sata.sys
12:28:47.0151 0x0b2c  amd_sata - ok
12:28:47.0156 0x0b2c  [ 625396421C29FB305C6C6235D01130B8, 3FAF8D3B530F1B74B2C9B0ED3377836746CE2D0A4008E1BC454095671AC9E1AF ] amd_xata        C:\Windows\system32\drivers\amd_xata.sys
12:28:47.0157 0x0b2c  amd_xata - ok
12:28:47.0215 0x0b2c  [ C3D487827E48CC5EC17994FEC5BDFF87, 5FCEA3EEA583755D0C9F6005ED3032E9DFECB57F504DC67701AE7D2D2631C30E ] AODDriver4.3    C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys
12:28:47.0215 0x0b2c  AODDriver4.3 - ok
12:28:47.0315 0x0b2c  [ BA562F4A564D3D47E020EA45662C7CD6, 561DFAD6E59A5AA30A221715C66D5F859BD629F99FE5170807E3C3B6C1F3A09E ] appdrv01        C:\Windows\system32\Drivers\appdrv01.sys
12:28:47.0399 0x0b2c  appdrv01 - ok
12:28:47.0405 0x0b2c  appdrvrem01 - ok
12:28:47.0457 0x0b2c  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\Windows\system32\drivers\appid.sys
12:28:47.0467 0x0b2c  AppID - ok
12:28:47.0517 0x0b2c  [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:28:47.0519 0x0b2c  AppIDSvc - ok
12:28:47.0572 0x0b2c  [ 734622FBA766DBD65B1803549B24A04A, 3B6872B87A60D4DA265D3B8AB0561A929CFE2C097419183E93D3843422363C89 ] Appinfo         C:\Windows\System32\appinfo.dll
12:28:47.0574 0x0b2c  Appinfo - ok
12:28:47.0583 0x0b2c  [ CC19A6452BA688EA32D14D8DBEC190F4, 6D52B63926E1766DB8BD00CC5CC0AD9EA3B68FC1E6C66FAF4E899606437468A3 ] AppleCharger    C:\Windows\system32\DRIVERS\AppleCharger.sys
12:28:47.0584 0x0b2c  AppleCharger - ok
12:28:47.0600 0x0b2c  [ 95EF7247C50C7241FDAE39A9B3AFF4AE, 6E08FB095C04B2E217B139D6431336C0F24C128A2A83082A3085DC8C44AA247D ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
12:28:47.0601 0x0b2c  AppleChargerSrv - ok
12:28:47.0662 0x0b2c  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\Windows\system32\AppReadiness.dll
12:28:47.0672 0x0b2c  AppReadiness - ok
12:28:47.0755 0x0b2c  [ E0F846ADE7DED88981D0908DE56FF160, D8F536438091878724A5004849306ADFB96A2778A9D958ED3DCC0CD9E35160BB ] AppXSvc         C:\Windows\system32\appxdeploymentserver.dll
12:28:47.0777 0x0b2c  AppXSvc - ok
12:28:47.0800 0x0b2c  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:28:47.0802 0x0b2c  arcsas - ok
12:28:47.0928 0x0b2c  [ 3C5C0C2011F4364F9A2BE393FDB9CD91, 156FC26E4095BB5F3FDB2A8B0A1069D584AEB814625B5B427D407A36FC50484E ] ArcService      C:\Program Files (x86)\Arc\ArcService.exe
12:28:47.0930 0x0b2c  ArcService - ok
12:28:47.0941 0x0b2c  [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:28:47.0942 0x0b2c  AsyncMac - ok
12:28:47.0952 0x0b2c  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:28:47.0953 0x0b2c  atapi - ok
12:28:47.0984 0x0b2c  [ AF6DD5993D46AF2492C19E1FF6D9A04C, 720F27791FF5D486AD07A447A4BC44D137AA245B91CE1D624E40B1DA78B6CACF ] AtiHDAudioService C:\Windows\system32\drivers\AtihdWB6.sys
12:28:47.0996 0x0b2c  AtiHDAudioService - ok
12:28:48.0034 0x0b2c  [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
12:28:48.0039 0x0b2c  AudioEndpointBuilder - ok
12:28:48.0070 0x0b2c  [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:28:48.0085 0x0b2c  Audiosrv - ok
12:28:48.0147 0x0b2c  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:28:48.0150 0x0b2c  AxInstSV - ok
12:28:48.0179 0x0b2c  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
12:28:48.0187 0x0b2c  b06bdrv - ok
12:28:48.0198 0x0b2c  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
12:28:48.0207 0x0b2c  BasicDisplay - ok
12:28:48.0261 0x0b2c  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
12:28:48.0270 0x0b2c  BasicRender - ok
12:28:48.0282 0x0b2c  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\Windows\System32\drivers\bcmfn2.sys
12:28:48.0282 0x0b2c  bcmfn2 - ok
12:28:48.0340 0x0b2c  [ 174394F4EF93C117BF7BE3878046A1B1, D58E868342D1DAFC4B04384A3713F729DF07F408AA6AE4762E6A4244F976526A ] BDESVC          C:\Windows\System32\bdesvc.dll
12:28:48.0347 0x0b2c  BDESVC - ok
12:28:48.0362 0x0b2c  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\Windows\system32\drivers\Beep.sys
12:28:48.0364 0x0b2c  Beep - ok
12:28:48.0432 0x0b2c  [ 5059D93764340D4EAEDF49C47133118F, 26C5779469E04BEAFD290B619CA355648F3911C66D41B22D2C3DCA909FCA0F6E ] BFE             C:\Windows\System32\bfe.dll
12:28:48.0447 0x0b2c  BFE - ok
12:28:48.0514 0x0b2c  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\Windows\System32\qmgr.dll
12:28:48.0529 0x0b2c  BITS - ok
12:28:48.0556 0x0b2c  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:28:48.0558 0x0b2c  bowser - ok
12:28:48.0614 0x0b2c  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
12:28:48.0620 0x0b2c  BrokerInfrastructure - ok
12:28:48.0675 0x0b2c  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\Windows\System32\browser.dll
12:28:48.0678 0x0b2c  Browser - ok
12:28:48.0695 0x0b2c  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
12:28:48.0714 0x0b2c  BthAvrcpTg - ok
12:28:48.0768 0x0b2c  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
12:28:48.0778 0x0b2c  BthHFEnum - ok
12:28:48.0793 0x0b2c  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
12:28:48.0802 0x0b2c  bthhfhid - ok
12:28:48.0852 0x0b2c  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\Windows\System32\BthHFSrv.dll
12:28:48.0891 0x0b2c  BthHFSrv - ok
12:28:48.0907 0x0b2c  [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
12:28:48.0933 0x0b2c  BTHMODEM - ok
12:28:48.0989 0x0b2c  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\Windows\system32\bthserv.dll
12:28:48.0991 0x0b2c  bthserv - ok
12:28:49.0000 0x0b2c  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:28:49.0002 0x0b2c  cdfs - ok
12:28:49.0019 0x0b2c  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\Windows\System32\drivers\cdrom.sys
12:28:49.0031 0x0b2c  cdrom - ok
12:28:49.0042 0x0b2c  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:28:49.0046 0x0b2c  CertPropSvc - ok
12:28:49.0059 0x0b2c  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\Windows\System32\drivers\circlass.sys
12:28:49.0068 0x0b2c  circlass - ok
12:28:49.0130 0x0b2c  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
12:28:49.0135 0x0b2c  CLFS - ok
12:28:49.0159 0x0b2c  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
12:28:49.0169 0x0b2c  CmBatt - ok
12:28:49.0224 0x0b2c  [ 5CBF8B3E27D824D2AA2A34AFB406F1D0, 955AF1307C02D2B4DEEB150F37F77B8631C0F3C450037C233E9E27D6571B0265 ] CNG             C:\Windows\system32\Drivers\cng.sys
12:28:49.0234 0x0b2c  CNG - ok
12:28:49.0246 0x0b2c  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
12:28:49.0255 0x0b2c  CompositeBus - ok
12:28:49.0259 0x0b2c  COMSysApp - ok
12:28:49.0266 0x0b2c  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\Windows\system32\drivers\condrv.sys
12:28:49.0267 0x0b2c  condrv - ok
12:28:49.0276 0x0b2c  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:28:49.0279 0x0b2c  CryptSvc - ok
12:28:49.0284 0x0b2c  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\Windows\system32\drivers\dam.sys
12:28:49.0285 0x0b2c  dam - ok
12:28:49.0354 0x0b2c  [ 7830CEA509693DE0817DF2F3F2D80E89, 7B1786CD225E2D6BCFA484D0BFB81DD162D5713EAEC80C53317CC6950E3D17F3 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:28:49.0369 0x0b2c  DcomLaunch - ok
12:28:49.0429 0x0b2c  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\Windows\System32\defragsvc.dll
12:28:49.0438 0x0b2c  defragsvc - ok
12:28:49.0504 0x0b2c  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\Windows\system32\das.dll
12:28:49.0511 0x0b2c  DeviceAssociationService - ok
12:28:49.0521 0x0b2c  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
12:28:49.0525 0x0b2c  DeviceInstall - ok
12:28:49.0539 0x0b2c  [ 5408A71E47FF21E357192FD4126B3002, D9EDDE26EFB7B3EBD8F21F5730A49D594D916A95E0D09ABBA7B6E7C59052A712 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
12:28:49.0541 0x0b2c  Dfsc - ok
12:28:49.0597 0x0b2c  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:28:49.0604 0x0b2c  Dhcp - ok
12:28:49.0690 0x0b2c  [ 21EDAD8188372C912B7BB9B1C6CB0D38, 4A102745DE8A2A82D2C069B30503BF9FF2312A035A82854F84EF9C27E3533CEE ] DiagTrack       C:\Windows\system32\diagtrack.dll
12:28:49.0718 0x0b2c  DiagTrack - ok
12:28:49.0778 0x0b2c  [ 8B1E62881D5AC68E673CD94B136B34AC, A0C50F17041E43AC07B67A74F2C408820316201439F47CDEA37A4F5891CC0E6F ] disk            C:\Windows\system32\drivers\disk.sys
12:28:49.0780 0x0b2c  disk - ok
12:28:49.0798 0x0b2c  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
12:28:49.0799 0x0b2c  dmvsc - ok
12:28:49.0815 0x0b2c  [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:28:49.0820 0x0b2c  Dnscache - ok
12:28:49.0875 0x0b2c  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:28:49.0881 0x0b2c  dot3svc - ok
12:28:49.0893 0x0b2c  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\Windows\system32\dps.dll
12:28:49.0896 0x0b2c  DPS - ok
12:28:49.0913 0x0b2c  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:28:49.0914 0x0b2c  drmkaud - ok
12:28:49.0965 0x0b2c  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
12:28:49.0969 0x0b2c  DsmSvc - ok
12:28:50.0024 0x0b2c  [ 6A0E850DDCB136AA3D2FB7234382DF12, C01863E95F45E1B74AC65C9CD12C8DC769299218255B3C94E3EBF58C4D79FEF3 ] dtsoftbus01     C:\Windows\System32\drivers\dtsoftbus01.sys
12:28:50.0029 0x0b2c  dtsoftbus01 - ok
12:28:50.0119 0x0b2c  [ F74B839FA0F4E6060CA1DA6B8DA17941, EF493E1F55FCD6A8C32B3D5D5809B7EFCCC9829E9A347522D1E6FE080D41BF37 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:28:50.0145 0x0b2c  DXGKrnl - ok
12:28:50.0175 0x0b2c  [ FA988D76745C917CDFE20031C06DE860, B01AA3611869854D3BCA8B6CD7A6F48CC3537145DD3EBE50F5BEF72239924BF7 ] e1iexpress      C:\Windows\system32\DRIVERS\e1i63x64.sys
12:28:50.0182 0x0b2c  e1iexpress - ok
12:28:50.0193 0x0b2c  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\Windows\System32\eapsvc.dll
12:28:50.0196 0x0b2c  Eaphost - ok
12:28:50.0272 0x0b2c  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
12:28:50.0321 0x0b2c  ebdrv - ok
12:28:50.0379 0x0b2c  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\Windows\System32\lsass.exe
12:28:50.0381 0x0b2c  EFS - ok
12:28:50.0394 0x0b2c  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
12:28:50.0395 0x0b2c  EhStorClass - ok
12:28:50.0409 0x0b2c  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
12:28:50.0411 0x0b2c  EhStorTcgDrv - ok
12:28:50.0419 0x0b2c  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\Windows\System32\drivers\errdev.sys
12:28:50.0428 0x0b2c  ErrDev - ok
12:28:50.0456 0x0b2c  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\Windows\system32\es.dll
12:28:50.0466 0x0b2c  EventSystem - ok
12:28:50.0490 0x0b2c  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:28:50.0494 0x0b2c  exfat - ok
12:28:50.0519 0x0b2c  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:28:50.0523 0x0b2c  fastfat - ok
12:28:50.0549 0x0b2c  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\Windows\system32\fxssvc.exe
12:28:50.0561 0x0b2c  Fax - ok
12:28:50.0578 0x0b2c  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\Windows\System32\drivers\fdc.sys
12:28:50.0587 0x0b2c  fdc - ok
12:28:50.0641 0x0b2c  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:28:50.0642 0x0b2c  fdPHost - ok
12:28:50.0695 0x0b2c  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:28:50.0696 0x0b2c  FDResPub - ok
12:28:50.0714 0x0b2c  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\Windows\system32\fhsvc.dll
12:28:50.0717 0x0b2c  fhsvc - ok
12:28:50.0770 0x0b2c  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:28:50.0771 0x0b2c  FileInfo - ok
12:28:50.0789 0x0b2c  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:28:50.0790 0x0b2c  Filetrace - ok
12:28:50.0804 0x0b2c  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
12:28:50.0813 0x0b2c  flpydisk - ok
12:28:50.0871 0x0b2c  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:28:50.0876 0x0b2c  FltMgr - ok
12:28:50.0956 0x0b2c  [ 2F225BC85B84C04EA01BAB8D8DACFA83, 1F6E20C8F0FFD3FA60BDF556FB8392FE014E6519C3F314D1D22D394DB2A040CA ] FontCache       C:\Windows\system32\FntCache.dll
12:28:50.0980 0x0b2c  FontCache - ok
12:28:51.0107 0x0b2c  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:28:51.0108 0x0b2c  FontCache3.0.0.0 - ok
12:28:51.0118 0x0b2c  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:28:51.0120 0x0b2c  FsDepends - ok
12:28:51.0132 0x0b2c  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:28:51.0133 0x0b2c  Fs_Rec - ok
12:28:51.0169 0x0b2c  [ B99C240DEA85007044E178C1C9C75659, 3EBF269FDCBAC46F47CC0670D6932D62A134EC489CDE4E87A8ED5F392A98EC76 ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
12:28:51.0171 0x0b2c  Futuremark SystemInfo Service - ok
12:28:51.0229 0x0b2c  [ D4AB6EE3D715BC44C00277FD934FAACF, DE8A8B14D7BA73BA1B5A833DE193CA65EDFE512A57D84F4F2CE19D9646D97F4E ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:28:51.0238 0x0b2c  fvevol - ok
12:28:51.0259 0x0b2c  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
12:28:51.0268 0x0b2c  FxPPM - ok
12:28:51.0282 0x0b2c  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:28:51.0283 0x0b2c  gagp30kx - ok
12:28:51.0295 0x0b2c  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
12:28:51.0296 0x0b2c  gencounter - ok
12:28:51.0342 0x0b2c  [ C057DB10C49472C9EA83B5096764C58C, DD6082427B17E6E3027339064CB27ACC369A90179E7EBF8CED126C874618E9A2 ] glancedrv       C:\Windows\system32\DRIVERS\glancedrv.sys
12:28:51.0397 0x0b2c  glancedrv - ok
12:28:51.0459 0x0b2c  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
12:28:51.0461 0x0b2c  GPIOClx0101 - ok
12:28:51.0543 0x0b2c  [ 9678FD4747A4F2E2318245EE6099482E, C76AE30E8BA77DC330F9CFE5ECEA58FAE0995396742923B564A2257DE24D7B32 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:28:51.0567 0x0b2c  gpsvc - ok
12:28:51.0680 0x0b2c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:28:51.0682 0x0b2c  gupdate - ok
12:28:51.0687 0x0b2c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:28:51.0689 0x0b2c  gupdatem - ok
12:28:51.0715 0x0b2c  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:28:51.0730 0x0b2c  HdAudAddService - ok
12:28:51.0787 0x0b2c  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
12:28:51.0788 0x0b2c  HDAudBus - ok
12:28:51.0815 0x0b2c  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
12:28:51.0824 0x0b2c  HidBatt - ok
12:28:51.0888 0x0b2c  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
12:28:51.0898 0x0b2c  HidBth - ok
12:28:51.0923 0x0b2c  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
12:28:51.0933 0x0b2c  hidi2c - ok
12:28:51.0961 0x0b2c  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\Windows\System32\drivers\hidir.sys
12:28:51.0963 0x0b2c  HidIr - ok
12:28:52.0008 0x0b2c  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\Windows\system32\hidserv.dll
12:28:52.0010 0x0b2c  hidserv - ok
12:28:52.0064 0x0b2c  [ 49676FEC898AB2A11B157F848269A56E, 011E6DDEF9570212520F92FEFD205E1F8104F198B57C40D11BE857FCBCC5F68D ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
12:28:52.0073 0x0b2c  HidUsb - ok
12:28:52.0134 0x0b2c  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:28:52.0137 0x0b2c  hkmsvc - ok
12:28:52.0193 0x0b2c  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:28:52.0198 0x0b2c  HomeGroupListener - ok
12:28:52.0258 0x0b2c  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:28:52.0266 0x0b2c  HomeGroupProvider - ok
12:28:52.0282 0x0b2c  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:28:52.0283 0x0b2c  HpSAMD - ok
12:28:52.0355 0x0b2c  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:28:52.0370 0x0b2c  HTTP - ok
12:28:52.0380 0x0b2c  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:28:52.0381 0x0b2c  hwpolicy - ok
12:28:52.0393 0x0b2c  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
12:28:52.0394 0x0b2c  hyperkbd - ok
12:28:52.0411 0x0b2c  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
12:28:52.0412 0x0b2c  HyperVideo - ok
12:28:52.0459 0x0b2c  [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
12:28:52.0470 0x0b2c  i8042prt - ok
12:28:52.0486 0x0b2c  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
12:28:52.0487 0x0b2c  iaLPSSi_GPIO - ok
12:28:52.0508 0x0b2c  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\Windows\System32\drivers\iaLPSSi_I2C.sys
12:28:52.0510 0x0b2c  iaLPSSi_I2C - ok
12:28:52.0537 0x0b2c  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\Windows\system32\drivers\iaStorAV.sys
12:28:52.0547 0x0b2c  iaStorAV - ok
12:28:52.0572 0x0b2c  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:28:52.0579 0x0b2c  iaStorV - ok
12:28:52.0582 0x0b2c  IEEtwCollectorService - ok
12:28:52.0624 0x0b2c  [ BD5F83AE5106A131E7C6E7A4CB15B6BE, 57CABC1FFC4F09D2C536112BB21494FA83AF7949532463FC458F12BC552D3ED2 ] IKEEXT          C:\Windows\System32\ikeext.dll
12:28:52.0643 0x0b2c  IKEEXT - ok
12:28:52.0741 0x0b2c  [ 7A93DBF7DD86A28C0B941F4D39B85A0E, DBA4AE976CD01C599B85933E9B8741D7F01FD88F5BEAF01DDA3BCCDD1550607A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:28:52.0803 0x0b2c  IntcAzAudAddService - ok
12:28:52.0832 0x0b2c  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:28:52.0833 0x0b2c  intelide - ok
12:28:52.0888 0x0b2c  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\Windows\system32\drivers\intelpep.sys
12:28:52.0888 0x0b2c  intelpep - ok
12:28:52.0906 0x0b2c  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
12:28:52.0916 0x0b2c  intelppm - ok
12:28:52.0931 0x0b2c  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:28:52.0933 0x0b2c  IpFilterDriver - ok
12:28:53.0001 0x0b2c  [ B452623C1DE60544054E784D94A7AA47, 57AECDEE0AB2B80DFFE11E43608988D46E9169288CB56D644DDE2CAFED6AFD40 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:28:53.0017 0x0b2c  iphlpsvc - ok
12:28:53.0075 0x0b2c  [ C800DCD904016B2BF6AB541083770A3A, 95A8FB9AB2818A4F44AFCBF2715B0B3024DCE38E1406EA639F2A5ECA105D2290 ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
12:28:53.0085 0x0b2c  IPMIDRV - ok
12:28:53.0143 0x0b2c  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:28:53.0154 0x0b2c  IPNAT - ok
12:28:53.0169 0x0b2c  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:28:53.0170 0x0b2c  IRENUM - ok
12:28:53.0182 0x0b2c  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:28:53.0182 0x0b2c  isapnp - ok
12:28:53.0233 0x0b2c  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
12:28:53.0237 0x0b2c  iScsiPrt - ok
12:28:53.0255 0x0b2c  [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
12:28:53.0256 0x0b2c  kbdclass - ok
12:28:53.0309 0x0b2c  [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
12:28:53.0318 0x0b2c  kbdhid - ok
12:28:53.0327 0x0b2c  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
12:28:53.0336 0x0b2c  kdnic - ok
12:28:53.0347 0x0b2c  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\Windows\system32\lsass.exe
12:28:53.0348 0x0b2c  KeyIso - ok
12:28:53.0399 0x0b2c  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:28:53.0401 0x0b2c  KSecDD - ok
12:28:53.0455 0x0b2c  [ 3D4AE520CD6F6FFE549DD195C1F515BE, 2AD3E07F504CE50956C391FD4633D20B354A854C940B3563A67B79BB6E40218F ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:28:53.0458 0x0b2c  KSecPkg - ok
12:28:53.0468 0x0b2c  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:28:53.0469 0x0b2c  ksthunk - ok
12:28:53.0494 0x0b2c  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:28:53.0502 0x0b2c  KtmRm - ok
12:28:53.0561 0x0b2c  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:28:53.0568 0x0b2c  LanmanServer - ok
12:28:53.0631 0x0b2c  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:28:53.0638 0x0b2c  LanmanWorkstation - ok
12:28:53.0663 0x0b2c  [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc           C:\Windows\System32\GeofenceMonitorService.dll
12:28:53.0673 0x0b2c  lfsvc - ok
12:28:53.0685 0x0b2c  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:28:53.0686 0x0b2c  lltdio - ok
12:28:53.0710 0x0b2c  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:28:53.0715 0x0b2c  lltdsvc - ok
12:28:53.0763 0x0b2c  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:28:53.0764 0x0b2c  lmhosts - ok
12:28:53.0783 0x0b2c  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:28:53.0785 0x0b2c  LSI_SAS - ok
12:28:53.0805 0x0b2c  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:28:53.0807 0x0b2c  LSI_SAS2 - ok
12:28:53.0824 0x0b2c  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\Windows\system32\drivers\lsi_sas3.sys
12:28:53.0827 0x0b2c  LSI_SAS3 - ok
12:28:53.0841 0x0b2c  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
12:28:53.0843 0x0b2c  LSI_SSS - ok
12:28:53.0913 0x0b2c  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\Windows\System32\lsm.dll
12:28:53.0927 0x0b2c  LSM - ok
12:28:53.0979 0x0b2c  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:28:53.0981 0x0b2c  luafv - ok
12:28:54.0003 0x0b2c  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\Windows\system32\drivers\megasas.sys
12:28:54.0004 0x0b2c  megasas - ok
12:28:54.0026 0x0b2c  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\Windows\system32\drivers\megasr.sys
12:28:54.0035 0x0b2c  megasr - ok
12:28:54.0092 0x0b2c  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\Windows\system32\mmcss.dll
12:28:54.0094 0x0b2c  MMCSS - ok
12:28:54.0107 0x0b2c  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\Windows\system32\drivers\modem.sys
12:28:54.0108 0x0b2c  Modem - ok
12:28:54.0125 0x0b2c  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\Windows\System32\drivers\monitor.sys
12:28:54.0126 0x0b2c  monitor - ok
12:28:54.0131 0x0b2c  [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
12:28:54.0132 0x0b2c  mouclass - ok
12:28:54.0142 0x0b2c  [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid          C:\Windows\System32\drivers\mouhid.sys
12:28:54.0151 0x0b2c  mouhid - ok
12:28:54.0193 0x0b2c  [ 9A788037D768809DFD677F4BA08A224A, E0686B3318F924E440ADA439D6671D44D3FF97C13D45C2E0A3A7B9E23DA38350 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:28:54.0193 0x0b2c  mountmgr - ok
12:28:54.0224 0x0b2c  [ A82AA5481A845F4AC0E5EE83904FBFED, 2E1640BCA51B1957815465E4DEE895FCD87C93EA80DDD3A80B5647B23D16FB67 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:28:54.0240 0x0b2c  MozillaMaintenance - ok
12:28:54.0318 0x0b2c  [ AA12FAF01013F63348B722D3588550FF, AADE8C93BFE0830AE43AD649F62D7D7E25FC14107B172815EF9F4069C19ADFCC ] MpKsl57406ad2   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{542D7551-1D62-4595-8DBF-8D92B09F53AC}\MpKsl57406ad2.sys
12:28:54.0318 0x0b2c  MpKsl57406ad2 - ok
12:28:54.0318 0x0b2c  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:28:54.0349 0x0b2c  mpsdrv - ok
12:28:54.0427 0x0b2c  [ D1418745A5472F3930A288E05B9E2C05, 95785F0FA7EE239459C0288DB37E9E54648029FD6FE45A61E6343526D67FFA32 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:28:54.0443 0x0b2c  MpsSvc - ok
12:28:54.0506 0x0b2c  [ D2AC8F07995CE6CD18848C129435B481, 839B04116B49A757950E049150F6AADE41335914CC699ED73BE886BECAC39D36 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:28:54.0521 0x0b2c  MRxDAV - ok
12:28:54.0584 0x0b2c  [ 5DCD41F62F71519D2A46D41F60C69B0C, A9C2F8B8F82BDBF48F34D5837ED27CE251C75232A07AF26F7B796D2A106795A0 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:28:54.0584 0x0b2c  mrxsmb - ok
12:28:54.0599 0x0b2c  [ D7C9BC4D37BF08C7DD436A0A5F321668, 30A5AF211BEC89E26134CDAE3E60D0D9F0AE2748F56E9D09B07431206AD381C6 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:28:54.0615 0x0b2c  mrxsmb10 - ok
12:28:54.0615 0x0b2c  [ 4065615E836BF8C61AF6278EB2A9D1D6, B9A0E40DEC36D1A228EC4EF48CCD9BE6C726E53D17F38280AA74C068E7887621 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:28:54.0631 0x0b2c  mrxsmb20 - ok
12:28:54.0677 0x0b2c  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
12:28:54.0693 0x0b2c  MsBridge - ok
12:28:54.0709 0x0b2c  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\Windows\System32\msdtc.exe
12:28:54.0724 0x0b2c  MSDTC - ok
12:28:54.0740 0x0b2c  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:28:54.0740 0x0b2c  Msfs - ok
12:28:54.0756 0x0b2c  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
12:28:54.0756 0x0b2c  msgpiowin32 - ok
12:28:54.0771 0x0b2c  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:28:54.0771 0x0b2c  mshidkmdf - ok
12:28:54.0771 0x0b2c  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
12:28:54.0771 0x0b2c  mshidumdf - ok
12:28:54.0787 0x0b2c  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:28:54.0787 0x0b2c  msisadrv - ok
12:28:54.0802 0x0b2c  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:28:54.0802 0x0b2c  MSiSCSI - ok
12:28:54.0802 0x0b2c  msiserver - ok
12:28:54.0818 0x0b2c  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:28:54.0818 0x0b2c  MSKSSRV - ok
12:28:54.0881 0x0b2c  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
12:28:54.0881 0x0b2c  MsLldp - ok
12:28:54.0896 0x0b2c  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:28:54.0896 0x0b2c  MSPCLOCK - ok
12:28:54.0912 0x0b2c  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:28:54.0912 0x0b2c  MSPQM - ok
12:28:54.0943 0x0b2c  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:28:54.0943 0x0b2c  MsRPC - ok
12:28:54.0959 0x0b2c  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
12:28:54.0959 0x0b2c  mssmbios - ok
12:28:54.0974 0x0b2c  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:28:54.0974 0x0b2c  MSTEE - ok
12:28:54.0990 0x0b2c  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
12:28:55.0006 0x0b2c  MTConfig - ok
12:28:55.0021 0x0b2c  [ 438EA7A2D8D4F9B8AFB64748ACA70BA8, AEEB7B657B645C4006C6D5E8D07ECE581DEE7AD22EA1A587C552574990CF091B ] Mup             C:\Windows\system32\Drivers\mup.sys
12:28:55.0037 0x0b2c  Mup - ok
12:28:55.0052 0x0b2c  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
12:28:55.0052 0x0b2c  mvumis - ok
12:28:55.0115 0x0b2c  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\Windows\system32\qagentRT.dll
12:28:55.0115 0x0b2c  napagent - ok
12:28:55.0177 0x0b2c  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:28:55.0193 0x0b2c  NativeWifiP - ok
12:28:55.0240 0x0b2c  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\Windows\System32\ncasvc.dll
12:28:55.0240 0x0b2c  NcaSvc - ok
12:28:55.0302 0x0b2c  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\Windows\System32\ncbservice.dll
12:28:55.0302 0x0b2c  NcbService - ok
12:28:55.0365 0x0b2c  [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
12:28:55.0365 0x0b2c  NcdAutoSetup - ok
12:28:55.0427 0x0b2c  [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:28:55.0443 0x0b2c  NDIS - ok
12:28:55.0459 0x0b2c  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:28:55.0459 0x0b2c  NdisCap - ok
12:28:55.0506 0x0b2c  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
12:28:55.0506 0x0b2c  NdisImPlatform - ok
12:28:55.0521 0x0b2c  [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:28:55.0537 0x0b2c  NdisTapi - ok
12:28:55.0552 0x0b2c  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:28:55.0552 0x0b2c  Ndisuio - ok
12:28:55.0568 0x0b2c  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
12:28:55.0568 0x0b2c  NdisVirtualBus - ok
12:28:55.0584 0x0b2c  [ C3755FCF9A0B5C6FE8ED9E873B85D3CE, 4D3DAFAFA5FB2930522D6DA536E3A731BABE0C24613C190D2330DB415D1A6515 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:28:55.0599 0x0b2c  NdisWan - ok
12:28:55.0599 0x0b2c  [ C3755FCF9A0B5C6FE8ED9E873B85D3CE, 4D3DAFAFA5FB2930522D6DA536E3A731BABE0C24613C190D2330DB415D1A6515 ] NdisWanLegacy   C:\Windows\system32\DRIVERS\ndiswan.sys
12:28:55.0599 0x0b2c  NdisWanLegacy - ok
12:28:55.0662 0x0b2c  [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:28:55.0662 0x0b2c  NDProxy - ok
12:28:55.0677 0x0b2c  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
12:28:55.0693 0x0b2c  Ndu - ok
12:28:55.0756 0x0b2c  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:28:55.0756 0x0b2c  NetBIOS - ok
12:28:55.0818 0x0b2c  [ 9DC17B7D9D84C37C102D379FCC7D4942, D522022ED4395686837E96F57EE29F8065FB749D1195B60D2A406FB33F696C09 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:28:55.0818 0x0b2c  NetBT - ok
12:28:55.0912 0x0b2c  [ 1B5F8F25CB6228E67B72370238A70901, 7E96B60E0FBF863AC9E5E5FED419DE32BD71AD7462896802A2A28A3673CC147A ] NETGEARGenieDaemon C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
12:28:55.0912 0x0b2c  NETGEARGenieDaemon - ok
12:28:55.0943 0x0b2c  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\Windows\system32\lsass.exe
12:28:55.0943 0x0b2c  Netlogon - ok
12:28:56.0006 0x0b2c  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\Windows\System32\netman.dll
12:28:56.0006 0x0b2c  Netman - ok
12:28:56.0068 0x0b2c  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\Windows\System32\netprofmsvc.dll
12:28:56.0084 0x0b2c  netprofm - ok
12:28:56.0115 0x0b2c  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:28:56.0162 0x0b2c  NetTcpPortSharing - ok
12:28:56.0193 0x0b2c  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\Windows\System32\drivers\netvsc63.sys
12:28:56.0209 0x0b2c  netvsc - ok
12:28:56.0256 0x0b2c  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:28:56.0271 0x0b2c  NlaSvc - ok
12:28:56.0318 0x0b2c  [ 351533ACC2A069B94E80BBFC177E8FDF, 54B2749E0496ECC94CE65657627762B485CBC825767BAEDDAD0D2598820FFB9E ] NPF             C:\Windows\system32\drivers\npf.sys
12:28:56.0318 0x0b2c  NPF - ok
12:28:56.0334 0x0b2c  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:28:56.0349 0x0b2c  Npfs - ok
12:28:56.0349 0x0b2c  npggsvc - ok
12:28:56.0349 0x0b2c  NPPTNT2 - ok
12:28:56.0365 0x0b2c  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
12:28:56.0365 0x0b2c  npsvctrig - ok
12:28:56.0412 0x0b2c  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\Windows\system32\nsisvc.dll
12:28:56.0412 0x0b2c  nsi - ok
12:28:56.0474 0x0b2c  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:28:56.0474 0x0b2c  nsiproxy - ok
12:28:56.0584 0x0b2c  [ 9980B262DBE439AE6BDC91AA985F19EE, E998E4CAE9CD103ADA9CA3C737C4DAD017D056828BFA42A41C7B4E4E108FB13C ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:28:56.0615 0x0b2c  Ntfs - ok
12:28:56.0615 0x0b2c  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\Windows\system32\drivers\Null.sys
12:28:56.0631 0x0b2c  Null - ok
12:28:56.0646 0x0b2c  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:28:56.0646 0x0b2c  nvraid - ok
12:28:56.0662 0x0b2c  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:28:56.0662 0x0b2c  nvstor - ok
12:28:56.0677 0x0b2c  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:28:56.0677 0x0b2c  nv_agp - ok
12:28:56.0740 0x0b2c  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:28:56.0740 0x0b2c  p2pimsvc - ok
12:28:56.0756 0x0b2c  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\Windows\system32\p2psvc.dll
12:28:56.0771 0x0b2c  p2psvc - ok
12:28:56.0787 0x0b2c  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\Windows\System32\drivers\parport.sys
12:28:56.0802 0x0b2c  Parport - ok
12:28:56.0834 0x0b2c  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:28:56.0834 0x0b2c  partmgr - ok
12:28:56.0865 0x0b2c  [ 0A2DF1055FEEA30DFF73DAC0DA45FDE4, 497B2AE591ABBCFA8FC571D9C1D750006212F2D2DDF12F5A9E7FFA811CD707A3 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:28:56.0881 0x0b2c  PcaSvc - ok
12:28:56.0943 0x0b2c  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\Windows\system32\drivers\pci.sys
12:28:56.0943 0x0b2c  pci - ok
12:28:56.0943 0x0b2c  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:28:56.0943 0x0b2c  pciide - ok
12:28:56.0959 0x0b2c  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:28:56.0974 0x0b2c  pcmcia - ok
12:28:56.0990 0x0b2c  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:28:56.0990 0x0b2c  pcw - ok
12:28:57.0037 0x0b2c  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\Windows\system32\drivers\pdc.sys
12:28:57.0037 0x0b2c  pdc - ok
12:28:57.0099 0x0b2c  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:28:57.0115 0x0b2c  PEAUTH - ok
12:28:57.0177 0x0b2c  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:28:57.0224 0x0b2c  PerfHost - ok
12:28:57.0318 0x0b2c  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\Windows\system32\pla.dll
12:28:57.0334 0x0b2c  pla - ok
12:28:57.0365 0x0b2c  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:28:57.0365 0x0b2c  PlugPlay - ok
12:28:57.0427 0x0b2c  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:28:57.0427 0x0b2c  PNRPAutoReg - ok
12:28:57.0427 0x0b2c  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:28:57.0443 0x0b2c  PNRPsvc - ok
12:28:57.0490 0x0b2c  [ 0FF8507A8B901B904E98EB36B9E347EE, FE4A9A6159A8490F3155D166656748722EFDEDCDC447C09155A5AD6D9F5D294D ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:28:57.0506 0x0b2c  PolicyAgent - ok
12:28:57.0521 0x0b2c  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\Windows\system32\umpo.dll
12:28:57.0521 0x0b2c  Power - ok
12:28:57.0552 0x0b2c  [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:28:57.0552 0x0b2c  PptpMiniport - ok
12:28:57.0677 0x0b2c  [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify     C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
12:28:57.0787 0x0b2c  PrintNotify - ok
12:28:57.0802 0x0b2c  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\Windows\System32\drivers\processr.sys
12:28:57.0818 0x0b2c  Processor - ok
12:28:57.0881 0x0b2c  [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc         C:\Windows\system32\profsvc.dll
12:28:57.0881 0x0b2c  ProfSvc - ok
12:28:57.0943 0x0b2c  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:28:57.0943 0x0b2c  Psched - ok
12:28:58.0006 0x0b2c  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\Windows\system32\qwave.dll
12:28:58.0006 0x0b2c  QWAVE - ok
12:28:58.0052 0x0b2c  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:28:58.0068 0x0b2c  QWAVEdrv - ok
12:28:58.0084 0x0b2c  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:28:58.0099 0x0b2c  RasAcd - ok
12:28:58.0146 0x0b2c  [ E8FFD8BE3C50E7A71C5FBB87BDD1128E, 3E3EB906CC9A1CCA09580DA9F94DD0E1162CABD343874B76718DC4F2E9069C4E ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:28:58.0146 0x0b2c  RasAgileVpn - ok
12:28:58.0209 0x0b2c  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\Windows\System32\rasauto.dll
12:28:58.0209 0x0b2c  RasAuto - ok
12:28:58.0256 0x0b2c  [ 235624C147E3CB4C288D5D3D8E8D64A2, B3F182019DBAD9C761FE9F62EAED34AD5902B41A13A766D814FC3E2EA29D8D92 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:28:58.0271 0x0b2c  Rasl2tp - ok
12:28:58.0334 0x0b2c  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\Windows\System32\rasmans.dll
12:28:58.0349 0x0b2c  RasMan - ok
12:28:58.0365 0x0b2c  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:28:58.0365 0x0b2c  RasPppoe - ok
12:28:58.0381 0x0b2c  [ 41F631007A158FEBB67F0E2AD1601BBA, EB5EA7277F4178BC27E55BF850AEBCD84B6BED80B2383CFB29548824AAFED135 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:28:58.0396 0x0b2c  RasSstp - ok
12:28:58.0443 0x0b2c  [ D67ED4AB59D1EF66B05AD1A81AC28B26, 72E750A9A6B484D8BEDE52FA6DABEF4D95765DE491152E1F6C856D0590B50C28 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:28:58.0459 0x0b2c  rdbss - ok
12:28:58.0506 0x0b2c  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
12:28:58.0506 0x0b2c  rdpbus - ok
12:28:58.0537 0x0b2c  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
12:28:58.0537 0x0b2c  RDPDR - ok
12:28:58.0584 0x0b2c  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:28:58.0584 0x0b2c  RdpVideoMiniport - ok
12:28:58.0646 0x0b2c  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:28:58.0646 0x0b2c  rdyboost - ok
12:28:58.0693 0x0b2c  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\Windows\system32\drivers\ReFS.sys
12:28:58.0709 0x0b2c  ReFS - ok
12:28:58.0740 0x0b2c  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:28:58.0740 0x0b2c  RemoteAccess - ok
12:28:58.0756 0x0b2c  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:28:58.0756 0x0b2c  RemoteRegistry - ok
12:28:58.0756 0x0b2c  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:28:58.0756 0x0b2c  RpcEptMapper - ok
12:28:58.0771 0x0b2c  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\Windows\system32\locator.exe
12:28:58.0771 0x0b2c  RpcLocator - ok
12:28:58.0849 0x0b2c  [ 7830CEA509693DE0817DF2F3F2D80E89, 7B1786CD225E2D6BCFA484D0BFB81DD162D5713EAEC80C53317CC6950E3D17F3 ] RpcSs           C:\Windows\system32\rpcss.dll
12:28:58.0865 0x0b2c  RpcSs - ok
12:28:58.0865 0x0b2c  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:28:58.0865 0x0b2c  rspndr - ok
12:28:58.0896 0x0b2c  [ C435AC77704EB16E85C9D630F4D4B4F7, DA508641AC9DFEDEE7E025B13CE0629C316742C4E95765FEDEF1A24112F45435 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
12:28:58.0896 0x0b2c  RTHDMIAzAudService - ok
12:28:58.0927 0x0b2c  [ 7D9DA8EC6784A9EE213C676709D46BE6, 9861D1EF107F7D1590B89098EAEA7F509C1EF46999C37703F3766BAD733D8AD2 ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
12:28:58.0943 0x0b2c  RTL8168 - ok
12:28:58.0959 0x0b2c  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
12:28:58.0959 0x0b2c  s3cap - ok
12:28:58.0974 0x0b2c  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\Windows\system32\lsass.exe
12:28:58.0974 0x0b2c  SamSs - ok
12:28:58.0990 0x0b2c  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:28:58.0990 0x0b2c  sbp2port - ok
12:28:59.0052 0x0b2c  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:28:59.0052 0x0b2c  SCardSvr - ok
12:28:59.0099 0x0b2c  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
12:28:59.0099 0x0b2c  ScDeviceEnum - ok
12:28:59.0162 0x0b2c  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:28:59.0177 0x0b2c  scfilter - ok
12:28:59.0256 0x0b2c  [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule        C:\Windows\system32\schedsvc.dll
12:28:59.0271 0x0b2c  Schedule - ok
12:28:59.0334 0x0b2c  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:28:59.0334 0x0b2c  SCPolicySvc - ok
12:28:59.0396 0x0b2c  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\Windows\System32\drivers\sdbus.sys
12:28:59.0396 0x0b2c  sdbus - ok
12:28:59.0459 0x0b2c  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
12:28:59.0459 0x0b2c  sdstor - ok
12:28:59.0490 0x0b2c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:28:59.0490 0x0b2c  secdrv - ok
12:28:59.0537 0x0b2c  [ 6627154693B6C2B8A59727F5B38728E8, F08251EE3436400295F120D48F3763E6F11BBF4132D674AD3E8112B6B3538455 ] seclogon        C:\Windows\system32\seclogon.dll
12:28:59.0537 0x0b2c  seclogon - ok
12:28:59.0599 0x0b2c  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\Windows\System32\sens.dll
12:28:59.0599 0x0b2c  SENS - ok
12:28:59.0646 0x0b2c  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:28:59.0662 0x0b2c  SensrSvc - ok
12:28:59.0677 0x0b2c  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
12:28:59.0677 0x0b2c  SerCx - ok
12:28:59.0724 0x0b2c  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
12:28:59.0740 0x0b2c  SerCx2 - ok
12:28:59.0756 0x0b2c  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\Windows\System32\drivers\serenum.sys
12:28:59.0756 0x0b2c  Serenum - ok
12:28:59.0771 0x0b2c  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\Windows\System32\drivers\serial.sys
12:28:59.0802 0x0b2c  Serial - ok
12:28:59.0849 0x0b2c  [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse        C:\Windows\System32\drivers\sermouse.sys
12:28:59.0865 0x0b2c  sermouse - ok
12:28:59.0912 0x0b2c  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\Windows\system32\sessenv.dll
12:28:59.0927 0x0b2c  SessionEnv - ok
12:28:59.0943 0x0b2c  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
12:28:59.0943 0x0b2c  sfloppy - ok
12:29:00.0021 0x0b2c  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:29:00.0021 0x0b2c  SharedAccess - ok
12:29:00.0052 0x0b2c  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:29:00.0068 0x0b2c  ShellHWDetection - ok
12:29:00.0099 0x0b2c  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:29:00.0099 0x0b2c  SiSRaid2 - ok
12:29:00.0115 0x0b2c  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:29:00.0115 0x0b2c  SiSRaid4 - ok
12:29:00.0162 0x0b2c  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\Windows\System32\smphost.dll
12:29:00.0162 0x0b2c  smphost - ok
12:29:00.0177 0x0b2c  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:29:00.0177 0x0b2c  SNMPTRAP - ok
12:29:00.0240 0x0b2c  [ B45AE0970B2D66CCE756DE6989E23EEC, 8393CF2DC4F65CD48D4D7B3C8C2D29E26728593B652D6CEAB65B50AEDA0884B7 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
12:29:00.0240 0x0b2c  spaceport - ok
12:29:00.0256 0x0b2c  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
12:29:00.0271 0x0b2c  SpbCx - ok
12:29:00.0334 0x0b2c  [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler         C:\Windows\System32\spoolsv.exe
12:29:00.0349 0x0b2c  Spooler - ok
12:29:00.0521 0x0b2c  [ F264662C057A54AA2DE41B3C7551712F, 2C123C6ACD967CDF1AD2855187CF3D8357B16A4FD9C2F18AE54CFA384165FA11 ] sppsvc          C:\Windows\system32\sppsvc.exe
12:29:00.0631 0x0b2c  sppsvc - ok
12:29:00.0709 0x0b2c  [ 69DC128CF54009A686E0F0C57E2BA0DC, 961B1F1F4CD07D85660E63DEC0AACDE1BF0DA30C0E39C497AE31BD37C5591B72 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:29:00.0709 0x0b2c  srv - ok
12:29:00.0724 0x0b2c  [ CED8576CD925E83ABEB14F65EA205C29, 37803AB047B5717EDBB7009F504C87B8DE110FBC5D67DFE6A9C8F04B30DD9629 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:29:00.0740 0x0b2c  srv2 - ok
12:29:00.0802 0x0b2c  [ 4396587119D8F4B72561ED24666E7567, 11754EA2668B2088363EFD2BCE4FDABC8836A6C9D78873F2A4F3517A48932ABF ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:29:00.0802 0x0b2c  srvnet - ok
12:29:00.0818 0x0b2c  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:29:00.0818 0x0b2c  SSDPSRV - ok
12:29:00.0881 0x0b2c  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:29:00.0881 0x0b2c  SstpSvc - ok
12:29:00.0990 0x0b2c  [ E06AA279D85877268E34E9A9BC41F560, 6EFE7E3850CD19B919053293B6D8CB61CC638D3B1626BB62594C681625132689 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
12:29:01.0021 0x0b2c  Steam Client Service - ok
12:29:01.0037 0x0b2c  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:29:01.0037 0x0b2c  stexstor - ok
12:29:01.0052 0x0b2c  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\Windows\System32\wiaservc.dll
12:29:01.0068 0x0b2c  stisvc - ok
12:29:01.0099 0x0b2c  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\Windows\system32\drivers\storahci.sys
12:29:01.0099 0x0b2c  storahci - ok
12:29:01.0131 0x0b2c  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
12:29:01.0131 0x0b2c  storflt - ok
12:29:01.0193 0x0b2c  [ 0EDD1F4D470C775740625B06A60C9DD5, 94964D0A793B1C984E87095249EE383A5E669D05BA6BF9F655587887E6CE3C19 ] stornvme        C:\Windows\system32\drivers\stornvme.sys
12:29:01.0193 0x0b2c  stornvme - ok
12:29:01.0256 0x0b2c  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\Windows\system32\storsvc.dll
12:29:01.0256 0x0b2c  StorSvc - ok
12:29:01.0271 0x0b2c  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\Windows\system32\drivers\storvsc.sys
12:29:01.0271 0x0b2c  storvsc - ok
12:29:01.0287 0x0b2c  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\Windows\system32\svsvc.dll
12:29:01.0287 0x0b2c  svsvc - ok
12:29:01.0334 0x0b2c  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\Windows\System32\drivers\swenum.sys
12:29:01.0349 0x0b2c  swenum - ok
12:29:01.0412 0x0b2c  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\Windows\System32\swprv.dll
12:29:01.0412 0x0b2c  swprv - ok
12:29:01.0490 0x0b2c  [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain         C:\Windows\system32\sysmain.dll
12:29:01.0521 0x0b2c  SysMain - ok
12:29:01.0552 0x0b2c  [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
12:29:01.0552 0x0b2c  SystemEventsBroker - ok
12:29:01.0615 0x0b2c  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:29:01.0615 0x0b2c  TabletInputService - ok
12:29:01.0631 0x0b2c  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:29:01.0646 0x0b2c  TapiSrv - ok
12:29:01.0740 0x0b2c  [ 1C8560E3A37A9D4F25B7769C3E3D4163, 3246F3CD6C9EA2BD874822D594A0FAC68A9DE0612C0893B50B8A3D5F1E9B0B33 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:29:01.0787 0x0b2c  Tcpip - ok
12:29:01.0834 0x0b2c  [ 1C8560E3A37A9D4F25B7769C3E3D4163, 3246F3CD6C9EA2BD874822D594A0FAC68A9DE0612C0893B50B8A3D5F1E9B0B33 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:29:01.0881 0x0b2c  TCPIP6 - ok
12:29:01.0943 0x0b2c  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:29:01.0974 0x0b2c  tcpipreg - ok
12:29:02.0021 0x0b2c  [ E0BD2D83875464FEEEB242CBA8B7E073, A3067165128F36035FA9F3CBA55CFED736E180C495497FA7332B3D97908C3D90 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:29:02.0037 0x0b2c  tdx - ok
12:29:02.0052 0x0b2c  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
12:29:02.0052 0x0b2c  terminpt - ok
12:29:02.0131 0x0b2c  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService     C:\Windows\System32\termsrv.dll
12:29:02.0146 0x0b2c  TermService - ok
12:29:02.0177 0x0b2c  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\Windows\system32\themeservice.dll
12:29:02.0177 0x0b2c  Themes - ok
12:29:02.0224 0x0b2c  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\Windows\system32\mmcss.dll
12:29:02.0224 0x0b2c  THREADORDER - ok
12:29:02.0271 0x0b2c  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
12:29:02.0271 0x0b2c  TimeBroker - ok
12:29:02.0334 0x0b2c  [ 80A2FC1A089A71F2DBE5D8394FFB009F, DEA30E751F6EA42E43E16869713FC7E37832B15DAFA0062B1798DFA476981385 ] TPM             C:\Windows\system32\drivers\tpm.sys
12:29:02.0334 0x0b2c  TPM - ok
12:29:02.0381 0x0b2c  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\Windows\System32\trkwks.dll
12:29:02.0396 0x0b2c  TrkWks - ok
12:29:02.0443 0x0b2c  [ 0D5A09B08568760AE85A801FCBC0F83D, 347ACBA74FDCBEAC671521739F8A34EC0E378CAF716C31F55616F9F843E4D0D3 ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
12:29:02.0490 0x0b2c  TrueSight - ok
12:29:02.0521 0x0b2c  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:29:02.0521 0x0b2c  TrustedInstaller - ok
12:29:02.0552 0x0b2c  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:29:02.0552 0x0b2c  TsUsbFlt - ok
12:29:02.0599 0x0b2c  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
12:29:02.0615 0x0b2c  TsUsbGD - ok
12:29:02.0631 0x0b2c  [ E85916632CD3B9E9B546968DB950BF42, DECE3852C763CC6293C7D1B772296C43A0AE1E47BBCC4979C96B3B2AD70413F3 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:29:02.0646 0x0b2c  tunnel - ok
12:29:02.0677 0x0b2c  [ A070ABB9D85582B2BECADBE6FCD12350, 3EBFA349F87933E20C4EADA2FA2E64206CCAC70DFB8B52C2E41670FFB16D7336 ] t_mouse.sys     C:\Windows\system32\DRIVERS\t_mouse.sys
12:29:02.0693 0x0b2c  t_mouse.sys - ok
12:29:02.0709 0x0b2c  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:29:02.0709 0x0b2c  uagp35 - ok
12:29:02.0724 0x0b2c  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
12:29:02.0724 0x0b2c  UASPStor - ok
12:29:02.0787 0x0b2c  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
12:29:02.0787 0x0b2c  UCX01000 - ok
12:29:02.0849 0x0b2c  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:29:02.0865 0x0b2c  udfs - ok
12:29:02.0881 0x0b2c  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\Windows\System32\drivers\UEFI.sys
12:29:02.0881 0x0b2c  UEFI - ok
12:29:02.0943 0x0b2c  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:29:02.0943 0x0b2c  UI0Detect - ok
12:29:02.0959 0x0b2c  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:29:02.0959 0x0b2c  uliagpkx - ok
12:29:02.0959 0x0b2c  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\Windows\System32\drivers\umbus.sys
12:29:02.0974 0x0b2c  umbus - ok
12:29:02.0990 0x0b2c  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\Windows\System32\drivers\umpass.sys
12:29:03.0006 0x0b2c  UmPass - ok
12:29:03.0052 0x0b2c  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\Windows\System32\umrdp.dll
12:29:03.0052 0x0b2c  UmRdpService - ok
12:29:03.0115 0x0b2c  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\Windows\System32\upnphost.dll
12:29:03.0131 0x0b2c  upnphost - ok
12:29:03.0177 0x0b2c  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
12:29:03.0177 0x0b2c  usbccgp - ok
12:29:03.0193 0x0b2c  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
12:29:03.0209 0x0b2c  usbcir - ok
12:29:03.0256 0x0b2c  [ C996CBEF922B5653A01E3F50DDCE2F86, 231EB5A36E7EE242197E796D3B4AB12F945D2C8570587BC8D57D45530A0C59B4 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
12:29:03.0271 0x0b2c  usbehci - ok
12:29:03.0287 0x0b2c  [ 4875DC63E548812C75D4FDEF84970C89, 6A29306BAB6F95F0384E16533A9588A654A6E3CFC35D55A4CEB2B14EF34EEE19 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
12:29:03.0287 0x0b2c  usbfilter - ok
12:29:03.0349 0x0b2c  [ CD81683F4553677B9BF5163A922153EB, 6B304B0D68B9BFF0245EC755CDAAF9DF59DF3A081727E32CB66672929F0DBC50 ] usbhub          C:\Windows\System32\drivers\usbhub.sys
12:29:03.0349 0x0b2c  usbhub - ok
12:29:03.0412 0x0b2c  [ 5C90D5379B53590FBB24BBAD4FA682EE, DC036340510C1C0999AB1CB845F8E6EB8B7696BAC9BBE6E936454C0000D1E9D4 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
12:29:03.0427 0x0b2c  USBHUB3 - ok
12:29:03.0474 0x0b2c  [ A0F0484C97D6441ED6A75D7426ECCC9E, FF928ADE1C5464E581BF929F7383D5762D110EA6C7E31A6F0887EA7357ADBEFE ] usbohci         C:\Windows\System32\drivers\usbohci.sys
12:29:03.0490 0x0b2c  usbohci - ok
12:29:03.0506 0x0b2c  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
12:29:03.0506 0x0b2c  usbprint - ok
12:29:03.0568 0x0b2c  [ 9D168BFA334D47BE404367EB58D4E130, 23279CBE6ACBD074E7B268BA2EDA14E2255C41F8117173B2BBE653D8259ECFA2 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
12:29:03.0568 0x0b2c  USBSTOR - ok
12:29:03.0584 0x0b2c  [ FC974B03C8B87455F44F734C8F31A3C8, D69F6EE8030F7DF96FF151D9EAA6AE65417ACAC5A267C7DB96E9611D5BC42D2C ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
12:29:03.0599 0x0b2c  usbuhci - ok
12:29:03.0646 0x0b2c  [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
12:29:03.0646 0x0b2c  USBXHCI - ok
12:29:03.0662 0x0b2c  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\Windows\system32\lsass.exe
12:29:03.0662 0x0b2c  VaultSvc - ok
12:29:03.0677 0x0b2c  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:29:03.0677 0x0b2c  vdrvroot - ok
12:29:03.0724 0x0b2c  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\Windows\System32\vds.exe
12:29:03.0740 0x0b2c  vds - ok
12:29:03.0802 0x0b2c  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
12:29:03.0802 0x0b2c  VerifierExt - ok
12:29:03.0881 0x0b2c  [ 5DB4AFA10A488EC4DDB3DA09B0425BE5, 480AFB6A6BCC95E86C5087C3D9DCD6058D48659A5A63F524A0B9ED3A8FEF6B9B ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
12:29:03.0881 0x0b2c  vhdmp - ok
12:29:03.0927 0x0b2c  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:29:03.0927 0x0b2c  viaide - ok
12:29:03.0974 0x0b2c  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
12:29:03.0974 0x0b2c  vmbus - ok
12:29:03.0990 0x0b2c  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
12:29:03.0990 0x0b2c  VMBusHID - ok
12:29:04.0052 0x0b2c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
12:29:04.0068 0x0b2c  vmicguestinterface - ok
12:29:04.0068 0x0b2c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
12:29:04.0084 0x0b2c  vmicheartbeat - ok
12:29:04.0099 0x0b2c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
12:29:04.0099 0x0b2c  vmickvpexchange - ok
12:29:04.0115 0x0b2c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\Windows\System32\ICSvc.dll
12:29:04.0115 0x0b2c  vmicrdv - ok
12:29:04.0131 0x0b2c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
12:29:04.0146 0x0b2c  vmicshutdown - ok
12:29:04.0146 0x0b2c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\Windows\System32\ICSvc.dll
12:29:04.0162 0x0b2c  vmictimesync - ok
12:29:04.0162 0x0b2c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\Windows\System32\ICSvc.dll
12:29:04.0177 0x0b2c  vmicvss - ok
12:29:04.0224 0x0b2c  [ 436E1A724E7E683F6B612D3D58F04241, 939B5EF0090DF3759295F88402FD0EA33F499DDA9F89E5D0E90D1F9AED65D491 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:29:04.0240 0x0b2c  volmgr - ok
12:29:04.0256 0x0b2c  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:29:04.0256 0x0b2c  volmgrx - ok
12:29:04.0318 0x0b2c  [ 17F7B0F2298D97F4B6C7A69511033D3D, 5BDFC225F31553786726808FB7952940FC05CA72B3977D684056F42AFAA59565 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:29:04.0334 0x0b2c  volsnap - ok
12:29:04.0381 0x0b2c  [ DAC438FB5FF85A9E72806E2341D5D732, B1D1EFCA8C588A6BF53CEC941CC59702C366F15C7D5943431736EC857E57C0A2 ] vpci            C:\Windows\System32\drivers\vpci.sys
12:29:04.0381 0x0b2c  vpci - ok
12:29:04.0396 0x0b2c  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:29:04.0396 0x0b2c  vsmraid - ok
12:29:04.0443 0x0b2c  [ D0CBA7B3531CCF2ADB985856D5F92434, 7FCBBCAF1AA85DCE8D75FB38DC4848AE12E8DD913CEBBC37BCD3D0123F0A3CAB ] VSS             C:\Windows\system32\vssvc.exe
12:29:04.0474 0x0b2c  VSS - ok
12:29:04.0490 0x0b2c  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
12:29:04.0490 0x0b2c  VSTXRAID - ok
12:29:04.0521 0x0b2c  [ 729833CD080FC5AEFFBD5A3DDECFCE12, 019633BE4EFBCCBDF776FC21B9CAECDFAA4D952AC3EFEE7DF8FAC5028C09B01B ] VUSB3HUB        C:\Windows\System32\drivers\ViaHub3.sys
12:29:04.0537 0x0b2c  VUSB3HUB - ok
12:29:04.0584 0x0b2c  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:29:04.0599 0x0b2c  vwifibus - ok
12:29:04.0646 0x0b2c  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\Windows\system32\w32time.dll
12:29:04.0662 0x0b2c  W32Time - ok
12:29:04.0677 0x0b2c  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
12:29:04.0677 0x0b2c  WacomPen - ok
12:29:04.0740 0x0b2c  [ 6505C9E72910F91D4C317EECF22D1DE6, 838BAEA6F0BBA916B3291EB165F65DA2F4EC35395678D450EEEB1E540A123FC4 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
12:29:04.0756 0x0b2c  Wanarp - ok
12:29:04.0756 0x0b2c  [ 6505C9E72910F91D4C317EECF22D1DE6, 838BAEA6F0BBA916B3291EB165F65DA2F4EC35395678D450EEEB1E540A123FC4 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:29:04.0756 0x0b2c  Wanarpv6 - ok
12:29:04.0834 0x0b2c  [ 139D842E5FB75A1E2F0212FBD7B0E457, F29F73B56865C5EBBE89B8F92AEFE2DB19E5C29A94D2E006A23243C23A41AE79 ] wbengine        C:\Windows\system32\wbengine.exe
12:29:04.0865 0x0b2c  wbengine - ok
12:29:04.0881 0x0b2c  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:29:04.0896 0x0b2c  WbioSrvc - ok
12:29:04.0912 0x0b2c  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
12:29:04.0912 0x0b2c  Wcmsvc - ok
12:29:04.0974 0x0b2c  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:29:04.0990 0x0b2c  wcncsvc - ok
12:29:05.0037 0x0b2c  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:29:05.0037 0x0b2c  WcsPlugInService - ok
12:29:05.0084 0x0b2c  [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
12:29:05.0099 0x0b2c  WdBoot - ok
12:29:05.0115 0x0b2c  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:29:05.0131 0x0b2c  Wdf01000 - ok
12:29:05.0146 0x0b2c  [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
12:29:05.0146 0x0b2c  WdFilter - ok
12:29:05.0209 0x0b2c  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:29:05.0209 0x0b2c  WdiServiceHost - ok
12:29:05.0209 0x0b2c  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:29:05.0209 0x0b2c  WdiSystemHost - ok
12:29:05.0224 0x0b2c  [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
12:29:05.0224 0x0b2c  WdNisDrv - ok
12:29:05.0240 0x0b2c  WdNisSvc - ok
12:29:05.0271 0x0b2c  [ A70CAF5EA36CBA5FCA24244306D4D5C6, 76C3E20B62B89D9699A1E817377FAD70B144B877BCC5C850A5B64CC68184D8DA ] WebClient       C:\Windows\System32\webclnt.dll
12:29:05.0287 0x0b2c  WebClient - ok
12:29:05.0334 0x0b2c  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:29:05.0334 0x0b2c  Wecsvc - ok
12:29:05.0381 0x0b2c  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
12:29:05.0396 0x0b2c  WEPHOSTSVC - ok
12:29:05.0443 0x0b2c  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:29:05.0443 0x0b2c  wercplsupport - ok
12:29:05.0506 0x0b2c  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\Windows\System32\WerSvc.dll
12:29:05.0506 0x0b2c  WerSvc - ok
12:29:05.0568 0x0b2c  [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
12:29:05.0568 0x0b2c  WFPLWFS - ok
12:29:05.0615 0x0b2c  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\Windows\System32\wiarpc.dll
12:29:05.0615 0x0b2c  WiaRpc - ok
12:29:05.0615 0x0b2c  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:29:05.0615 0x0b2c  WIMMount - ok
12:29:05.0631 0x0b2c  WinDefend - ok
12:29:05.0693 0x0b2c  [ 0E70990EC2E5D2331AA5E88DB0CFB826, 79DFF565C3FCBC691E8FEB669CEC00E340FD2A2AFA4488D23A7CC63A2A98A5C1 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
12:29:05.0709 0x0b2c  WinHttpAutoProxySvc - ok
12:29:05.0740 0x0b2c  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:29:05.0740 0x0b2c  Winmgmt - ok
12:29:05.0849 0x0b2c  [ 427873F889F2F508BE8BE982219CE578, CA8DCFB774BF0F747295A7A0CB46A6177DE12AD6BD58266182206C41A3C9001E ] WinRM           C:\Windows\system32\WsmSvc.dll
12:29:05.0896 0x0b2c  WinRM - ok
12:29:05.0927 0x0b2c  [ 3AF1FA17F1C4ACBDB660D8F98B1A9C13, 99B0851410B462685F6705EBF832D10943FB9634030B02D15BF5D0C66F26F2C2 ] WinUsb          C:\Windows\System32\drivers\WinUsb.sys
12:29:05.0943 0x0b2c  WinUsb - ok
12:29:06.0021 0x0b2c  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\Windows\System32\wlansvc.dll
12:29:06.0052 0x0b2c  WlanSvc - ok
12:29:06.0099 0x0b2c  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
12:29:06.0131 0x0b2c  wlidsvc - ok
12:29:06.0162 0x0b2c  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
12:29:06.0162 0x0b2c  WmiAcpi - ok
12:29:06.0224 0x0b2c  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:29:06.0240 0x0b2c  wmiApSrv - ok
12:29:06.0240 0x0b2c  WMPNetworkSvc - ok
12:29:06.0302 0x0b2c  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\Windows\system32\drivers\Wof.sys
12:29:06.0302 0x0b2c  Wof - ok
12:29:06.0381 0x0b2c  [ EDFA5CEDBE174FAAA4A09A6B297AEA42, 5998FE15462E4AD9C7B1444E5E2C17BD470DA3A5D474A0A118E02E47DADC678A ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
12:29:06.0412 0x0b2c  workfolderssvc - ok
12:29:06.0427 0x0b2c  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
12:29:06.0427 0x0b2c  wpcfltr - ok
12:29:06.0474 0x0b2c  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:29:06.0474 0x0b2c  WPCSvc - ok
12:29:06.0537 0x0b2c  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:29:06.0552 0x0b2c  WPDBusEnum - ok
12:29:06.0568 0x0b2c  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
12:29:06.0568 0x0b2c  WpdUpFltr - ok
12:29:06.0568 0x0b2c  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:29:06.0568 0x0b2c  ws2ifsl - ok
12:29:06.0631 0x0b2c  [ 501D5EFAB9711039479AE48401386D2B, C8C1184DE93E9D2C4E8A60E4E9980745C4E5470E5DA9B59165D18705330ADEFE ] wscsvc          C:\Windows\System32\wscsvc.dll
12:29:06.0631 0x0b2c  wscsvc - ok
12:29:06.0631 0x0b2c  WSearch - ok
12:29:06.0756 0x0b2c  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\Windows\System32\WSService.dll
12:29:06.0818 0x0b2c  WSService - ok
12:29:06.0927 0x0b2c  [ F3F60C88A6BBC8D0C68FE5B1C91181AF, AF9A4D282CD4BB1127BC3F48AB89DC294408D96F7906553C636F37D1503CFA48 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:29:06.0990 0x0b2c  wuauserv - ok
12:29:07.0006 0x0b2c  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:29:07.0006 0x0b2c  WudfPf - ok
12:29:07.0068 0x0b2c  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
12:29:07.0084 0x0b2c  WUDFRd - ok
12:29:07.0146 0x0b2c  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:29:07.0146 0x0b2c  wudfsvc - ok
12:29:07.0146 0x0b2c  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\Windows\System32\drivers\WUDFRd.sys
12:29:07.0162 0x0b2c  WUDFWpdFs - ok
12:29:07.0162 0x0b2c  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp      C:\Windows\System32\drivers\WUDFRd.sys
12:29:07.0162 0x0b2c  WUDFWpdMtp - ok
12:29:07.0224 0x0b2c  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:29:07.0240 0x0b2c  WwanSvc - ok
12:29:07.0271 0x0b2c  [ 2B85DB18AA20F98F69737F01F26C2059, 3809FB3A891800B8357EFBF0BCF6E525F08A5664CB59F11ED4E3759DC4978ECF ] xhcdrv          C:\Windows\System32\drivers\xhcdrv.sys
12:29:07.0271 0x0b2c  xhcdrv - ok
12:29:07.0334 0x0b2c  [ A0F661902AFCAAD77CC2ED3894927A10, 0DCD860F7F4029EBFE1F409BA23CC8BAA55BC22084C81940FF170B665E4804BD ] xusb22          C:\Windows\System32\drivers\xusb22.sys
12:29:07.0334 0x0b2c  xusb22 - ok
12:29:07.0349 0x0b2c  ================ Scan global ===============================
12:29:07.0396 0x0b2c  [ 3500AF0BA2EF095BF313EEB75D2366C6, C755E57B02BFA82151A182DF964349859575570EA5C3FBA81F747B8D2134A4D0 ] C:\Windows\system32\basesrv.dll
12:29:07.0459 0x0b2c  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\Windows\system32\winsrv.dll
12:29:07.0521 0x0b2c  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\Windows\system32\sxssrv.dll
12:29:07.0584 0x0b2c  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\Windows\system32\services.exe
12:29:07.0584 0x0b2c  [ Global ] - ok
12:29:07.0584 0x0b2c  ================ Scan MBR ==================================
12:29:07.0599 0x0b2c  [ 8913823FF508CCF109DB74B636C301DA ] \Device\Harddisk0\DR0
12:29:07.0802 0x0b2c  \Device\Harddisk0\DR0 - ok
12:29:07.0818 0x0b2c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
12:29:07.0959 0x0b2c  \Device\Harddisk1\DR1 - ok
12:29:07.0959 0x0b2c  ================ Scan VBR ==================================
12:29:07.0959 0x0b2c  [ 369751176505421D6D03A0DA43285385 ] \Device\Harddisk0\DR0\Partition1
12:29:07.0959 0x0b2c  \Device\Harddisk0\DR0\Partition1 - ok
12:29:07.0959 0x0b2c  [ 5C54362BDE202AD963303BE5FD9FE569 ] \Device\Harddisk0\DR0\Partition2
12:29:07.0959 0x0b2c  \Device\Harddisk0\DR0\Partition2 - ok
12:29:07.0959 0x0b2c  [ A36EFB7F72B7DC5C2393AFBBD31CF401 ] \Device\Harddisk1\DR1\Partition1
12:29:07.0959 0x0b2c  \Device\Harddisk1\DR1\Partition1 - ok
12:29:07.0974 0x0b2c  [ 149649A5BEC61928B3881B33416E2BA1 ] \Device\Harddisk1\DR1\Partition2
12:29:07.0974 0x0b2c  \Device\Harddisk1\DR1\Partition2 - ok
12:29:07.0974 0x0b2c  ================ Scan generic autorun ======================
12:29:08.0256 0x0b2c  [ A95B965C141A3FC74E7C246163253B0E, CB7DA2873231A7188CF7DC1CECF1F7F51F6EBDAF6DC5FA355381D000C372B734 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
12:29:08.0474 0x0b2c  RtHDVCpl - ok
12:29:08.0506 0x0b2c  [ DB367E8C8F46C26A05BA982715CC0DB5, 63AE8DD8E41260123E8C98905BD3D444BED86AEA6353F690483E5CB116433AC2 ] C:\Windows\system32\TiltWheelMouse.exe
12:29:08.0521 0x0b2c  MouseDriver - ok
12:29:08.0631 0x0b2c  [ 31F1D8A77C0486686DA850E91FAE2BBF, 29BE9A517B13C2EC85BF55B17D664EFAA09238ED14F2D34D6E79F49F7B494BA4 ] C:\Program Files (x86)\Raptr\raptrstub.exe
12:29:08.0631 0x0b2c  Raptr - ok
12:29:08.0693 0x0b2c  [ 163E43BC69AE78F468024EC2133C94A8, 782C79FA3A841FDC4F549A212E07C3B8397E1FBEE44833C0662FC7E43EA24997 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
12:29:08.0693 0x0b2c  SunJavaUpdateSched - ok
12:29:08.0756 0x0b2c  EA Core - ok
12:29:08.0912 0x0b2c  [ 683C9DF0582D8EEFAA90CE1514019BC1, 62C875888029BF32C19656B13C5504016209E4553B0B93FAE21F3930149EE9CA ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
12:29:08.0974 0x0b2c  DAEMON Tools Lite - ok
12:29:09.0131 0x0b2c  [ ADF6C78FC95716CA45A68FD3DA1C1A78, 8250D47AC8C25A3A2DB8AB2148350F7086141F91DB317D0431DA545430B843F5 ] C:\Program Files (x86)\Steam\steam.exe
12:29:09.0177 0x0b2c  Steam - ok
12:29:09.0302 0x0b2c  [ 70615F92EFB2B4E5B5B45C589DD4F120, 32EDB9F4BAAC63DB0FC6911CA506B721AA6A0C7C695705E1106EB6C70D83C2DF ] C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
12:29:09.0302 0x0b2c  NETGEARGenie - ok
12:29:09.0302 0x0b2c  Waiting for KSN requests completion. In queue: 118
12:29:10.0318 0x0b2c  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x61100 ( enabled : updated )
12:29:10.0318 0x0b2c  Win FW state via NFP2: enabled ( trusted )
12:29:10.0552 0x0b2c  ============================================================
12:29:10.0552 0x0b2c  Scan finished
12:29:10.0552 0x0b2c  ============================================================
12:29:10.0552 0x0890  Detected object count: 0
12:29:10.0552 0x0890  Actual detected object count: 0
 

 

aswmbr log:

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-08-29 12:31:15
-----------------------------
12:31:15.059    OS Version: Windows x64 6.2.9200
12:31:15.059    Number of processors: 8 586 0x200
12:31:15.059    ComputerName: WALDO  UserName:
12:31:17.591    Initialize success
12:31:17.763    VM: initialized successfully
12:31:17.763    VM: Amd CPU supported
12:31:45.138    Disk 0  \Device\Harddisk0\DR0 -> \Device\0000002c
12:31:45.138    Disk 0 Vendor: SAMSUNG_HD501LJ CR100-10 Size: 476940MB BusType: 11
12:31:45.138    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000002d
12:31:45.138    Disk 1 Vendor: TOSHIBA_DT01ACA200 MX4OABB0 Size: 1907729MB BusType: 11
12:31:45.310    Disk 1 MBR read successfully
12:31:45.310    Disk 1 MBR scan
12:31:45.310    Disk 1 Windows 7 default MBR code
12:31:45.310    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS          350 MB offset 2048
12:31:45.325    Disk 1 Partition 2 00     07    HPFS/NTFS NTFS      1907377 MB offset 718848
12:31:45.403    Disk 1 scanning C:\Windows\system32\drivers
12:31:55.341    Service scanning
12:32:01.856    Service MpKsl57406ad2 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{542D7551-1D62-4595-8DBF-8D92B09F53AC}\MpKsl57406ad2.sys **LOCKED** 32
12:32:11.679    Modules scanning
12:32:11.679    Disk 1 trace - called modules:
12:32:11.710    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
12:32:11.710    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xffffe00056031060]
12:32:11.710    3 CLASSPNP.SYS[fffff800fd13d170] -> nt!IofCallDriver -> [0xffffe00054f2cb30]
12:32:11.710    5 amd_xata.sys[fffff800fcd54634] -> nt!IofCallDriver -> \Device\0000002d[0xffffe00054f327c0]
12:32:11.710    Disk 1 statistics 110057/0/0 @ 5.76 MB/s
12:32:11.725    Scan finished successfully
12:32:25.944    Disk 1 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
12:32:26.022    The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"

Attached File  MBR.zip   596bytes   0 downloads



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:27 PM

Posted 30 August 2016 - 08:04 AM

What did the Rkill and Roguekiller found on this computer?

---

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#7 Strade

Strade
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 31 August 2016 - 12:11 AM

zoek doesn't seem to like my firefox.   it was stalled there for 15hours.  I went to work and was still at the same point when i got back



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:27 PM

Posted 31 August 2016 - 01:03 PM

Disable the process.

Restart the computer normally.

Run the Zoek tool one more time. It should not take more than 30 minutes to finish.

Post the log is you can.

How is the computer running now?

#9 Strade

Strade
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 31 August 2016 - 09:44 PM

It still won't complete,  tried 3 seperate times.  I haven't seen anything odd about the way the comp is running.   Just that defender is still picking up Alureon.J



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:27 PM

Posted 01 September 2016 - 08:48 AM

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======


Please scan your computer with ESET Online Scanner.
  • Click on this link to open ESET Online Scanner in a new window.
    • Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
    • Close all your programs and browsers.
    • Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    • Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.
  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.

p.s.
Other than this report from Windows Defender are you having any problems with this computer?

#11 Strade

Strade
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 01 September 2016 - 10:58 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 8.1 x64
Ran by Michael (Administrator) on 09/01/2016 Thu at 11:47:00.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 4

Successfully deleted: C:\ProgramData\esellerate (Folder)
Successfully deleted: C:\Users\Michael\AppData\Roaming\out of the park developments (Folder)
Successfully deleted: C:\Users\Michael\AppData\Roaming\red kawa (Folder)
Successfully deleted: C:\Program Files (x86)\red kawa (Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/01/2016 Thu at 11:50:09.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

No,  just the defender message.  I don't see or notice anything odd.

 

eset didn't give a log



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:27 PM

Posted 02 September 2016 - 08:07 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:27 PM

Posted 08 September 2016 - 08:58 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users