Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Granting programs permission to access files.


  • Please log in to reply
15 replies to this topic

#1 Warthog-Fan

Warthog-Fan

  • Members
  • 295 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Endicott, NY
  • Local time:05:03 AM

Posted 26 January 2017 - 04:23 PM

Hi,

 

I have two computers. The newer one runs Windows 7 Pro 64-bit. and the older one runs Windows 7 Pro 32-bit.

 

A few years ago, I purchased a service manual for one of our cars that came on a DVD. I installed the service manual program on both of my computers. This program runs under Windows XP Professional in a Virtual Machine named VMWare and the VMWare software was included on the DVD with the service manual program. Until recently, both of my computers would run the service manual program without a problem, although I did have to upgrade the VMWare software to a newer level before it would run on my newest computer.

 

Yesterday, I tried to start up the service manual program on my newest computer. The VMWare program started alright, but when I attempted to start the service manual program, I got the following error:

 

An error occurred while opening configuration file "C:\Program Files\GM database\Windows XP Professional.vmx": Insufficient permission to access the file.

Cannot open the configuration file C:\Program Files\GM database\Windows XP Professional.vmx.

 

Trying to run the service manual program on my older computer produced a similar error message.

 

I don't know why this suddenly became a problem. Since I wanted to prevent ransomware from being able to encrypt all of the drives on the computers on my network, I set Sharing for all of the drives on all of my computers to NO SHARING. Since doing this, I had not attempted to run the service manual program so I don't know if the problem would have showed up after changing Sharing.

 

Even after allowing Sharing in the folder shown above, I still get the error message. How do I go about granting permission to the service manual program to access the files (read and write, both I guess)?

 

Thanks in advance.

 

 



BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:03 AM

Posted 26 January 2017 - 04:55 PM

Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 
Click Go and paste the content into your next post.
 
Also...please Publish a Snapshot using Speccy taking care to post the link of the snapshot in your next post.

   Go to Piriform's website, and download the free version on the left.  Click Download from Piriform.com (the FileHippo link requires an extra click). Or if you want to use a portable version of Speccy (which doesn't require installation), click the builds page link and download the portable version. You will now be asked where you want to save the file. The best place to put it is the Desktop, as it will be easy to find later.

    After the file finishes downloading, you are ready to run Speccy. If you downloaded the installer, simply double-click on it and follow the prompts until installation is complete. If you downloaded the portable version, you will need to unzip it before use. Right-click the ZIP file and click Extract all. Click Next. Open up the extracted folder and double-click on Speccy.
 
     Once inside Speccy, it will look similar to this (with your computer's specifications, of course):
 
post-33068-0-86653600-1480692866_thumb.j

     Now, at the top, click File > Publish Snapshot.

     Click Yes > then Copy to Clipboard

Now, once you are back in the forum topic you are posting in, click the ADD REPLY or REPLY TO THIS TOPIC button. Right-click in the empty space of the Reply box and click Paste. Then, click Add Reply below the Reply box.

Louis



#3 Warthog-Fan

Warthog-Fan
  • Topic Starter

  • Members
  • 295 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Endicott, NY
  • Local time:05:03 AM

Posted 28 January 2017 - 08:11 AM

Louis,

 

Thanks for the reply. Here is the info that you asked for:

 

http://speccy.piriform.com/results/AoUyOuwNdrkB106lDDeTAU1

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Bob (ATTENTION: The logged in user is not administrator) on 28-01-2017 at 08:04:16
Running from "C:\Users\Bob\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Model: System Product Name Manufacturer: System manufacturer

Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/28/2017 07:56:11 AM) (Source: DbxSvc) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/27/2017 07:19:44 AM) (Source: DbxSvc) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/27/2017 07:18:30 AM) (Source: DbxSvc) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/27/2017 06:41:01 AM) (Source: DbxSvc) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/26/2017 06:18:46 AM) (Source: DbxSvc) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/25/2017 08:01:30 AM) (Source: DbxSvc) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/24/2017 10:33:27 AM) (Source: DbxSvc) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/23/2017 08:22:09 PM) (Source: DbxSvc) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/23/2017 08:22:08 PM) (Source: DbxSvc) (User: )
Description: Filter Unload failed with: (-2145452013) The system could not find the filter specified.

Error: (01/23/2017 08:06:56 AM) (Source: DbxSvc) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.


System errors:
=============
Error: (01/28/2017 08:03:35 AM) (Source: Service Control Manager) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/28/2017 07:59:31 AM) (Source: Service Control Manager) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/28/2017 07:56:03 AM) (Source: Application Popup) (User: )
Description: Driver ACPI returned invalid ID for a child device (5).

Error: (01/27/2017 09:35:25 PM) (Source: Service Control Manager) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 87 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/27/2017 09:31:21 PM) (Source: Service Control Manager) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 86 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/27/2017 09:27:17 PM) (Source: Service Control Manager) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 85 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/27/2017 09:23:13 PM) (Source: Service Control Manager) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 84 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/27/2017 09:19:09 PM) (Source: Service Control Manager) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 83 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/27/2017 09:15:05 PM) (Source: Service Control Manager) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 82 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/27/2017 09:11:00 PM) (Source: Service Control Manager) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 81 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (01/28/2017 07:56:11 AM) (Source: DbxSvc)(User: )
Description: (-2147024894) The system cannot find the file specified.

Error: (01/27/2017 07:19:44 AM) (Source: DbxSvc)(User: )
Description: (-2147024894) The system cannot find the file specified.

Error: (01/27/2017 07:18:30 AM) (Source: DbxSvc)(User: )
Description: (-2147024894) The system cannot find the file specified.

Error: (01/27/2017 06:41:01 AM) (Source: DbxSvc)(User: )
Description: (-2147024894) The system cannot find the file specified.

Error: (01/26/2017 06:18:46 AM) (Source: DbxSvc)(User: )
Description: (-2147024894) The system cannot find the file specified.

Error: (01/25/2017 08:01:30 AM) (Source: DbxSvc)(User: )
Description: (-2147024894) The system cannot find the file specified.

Error: (01/24/2017 10:33:27 AM) (Source: DbxSvc)(User: )
Description: (-2147024894) The system cannot find the file specified.

Error: (01/23/2017 08:22:09 PM) (Source: DbxSvc)(User: )
Description: (-2147024894) The system cannot find the file specified.

Error: (01/23/2017 08:22:08 PM) (Source: DbxSvc)(User: )
Description: (-2145452013) The system could not find the filter specified.

Error: (01/23/2017 08:06:56 AM) (Source: DbxSvc)(User: )
Description: (-2147024894) The system cannot find the file specified.


CodeIntegrity Errors:
===================================
  Date: 2016-08-29 07:21:25.094
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-29 07:21:15.075
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-29 07:21:15.060
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-28 21:46:07.025
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-28 21:45:57.200
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-28 21:45:57.169
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-28 07:21:43.143
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-28 07:21:33.262
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-28 07:21:33.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-27 07:55:11.299
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.19)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon MG7500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7500_series) (Version: 1.00 - Canon Inc.)
Canon MG7500 series On-screen Manual (HKLM-x32\...\Canon MG7500 series On-screen Manual) (Version: 7.7.0 - Canon Inc.)
Canon MG7500 series User Registration (HKLM-x32\...\Canon MG7500 series User Registration) (Version:  - ‭Canon Inc.)
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - )
Canon MP560 series User Registration (HKLM-x32\...\Canon MP560 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Cybereason RansomFree 2.2.2.0 (HKLM-x32\...\{A9358113-D16C-4843-9D4E-7891669EE548}) (Version: 2.2.2.0 - Cybereason Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 18.4.32 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.10 - Emsisoft Ltd.)
Eraser 6.2.0.2970 (HKLM\...\{58F37E51-2A83-49F3-9117-6005C63CF399}) (Version: 6.2.2970 - The Eraser Project)
EZ Vinyl/Tape Converter by Ion Audio 11.6.0 (HKLM-x32\...\EZ Vinyl/Tape Converter by Ion Audio_is1) (Version: 11.6.0 - Ion Audio LLC)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.0.36 - Intel Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Linksys Connect (HKLM-x32\...\Linksys Connect) (Version: 1.5.14350.0 - Linksys LLC)
Malwarebytes Anti-Exploit version 1.9.1.1291 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1291 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Mozilla Thunderbird 45.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.4.0 (x86 en-US)) (Version: 45.4.0 - Mozilla)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7576 - Realtek Semiconductor Corp.)
SafeZone Stable 1.51.2220.62 (HKLM-x32\...\SafeZone 1.51.2220.62) (Version: 1.51.2220.62 - Avast Software) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SoftMaker Office 2016 (HKLM-x32\...\{8EBB8452-274B-465D-8324-00B0832FBB05}) (Version: 16.0.3809 - SoftMaker Software GmbH)
SureThing Decal Maker (HKLM-x32\...\MVApplication1) (Version:  - )
VMware Player (HKLM\...\{57AA4E8A-E2C9-4F1C-B3F1-762C36E34472}) (Version: 12.1.0 - VMware, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

========================= Memory info: ===================================

Percentage of memory in use: 22%
Total physical RAM: 16261.89 MB
Available physical RAM: 12569.33 MB
Total Virtual: 32521.97 MB
Available Virtual: 28684.5 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.66 GB) (Free:142.92 GB) NTFS
2 Drive d: () (Fixed) (Total:465.76 GB) (Free:441.7 GB) NTFS

========================= Users: ========================================

User accounts for \\WARTWEASEL

Admin                    Administrator            Bob                      
Guest                    Jackie                   


**** End of log ****


Edited by hamluis, 28 January 2017 - 09:13 AM.


#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:03 AM

Posted 28 January 2017 - 09:16 AM

All of your Event Viewer Application and System errors...point to malware situations.  Such are not handled in the Win 7 forum.

 

Topic moved from Windows 7 to Am I Infected forum for malware check.

 

Louis



#5 Warthog-Fan

Warthog-Fan
  • Topic Starter

  • Members
  • 295 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Endicott, NY
  • Local time:05:03 AM

Posted 28 January 2017 - 02:01 PM

Thanks, Louis.

 

I'm running Emsisoft Anti-virus/Anti-malware and also Malwarebytes. I do scans regularly and nothing ever seems to be detected. I hope that someone will have some insight into this.


Edited by Warthog-Fan, 28 January 2017 - 02:14 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:03 AM

Posted 02 February 2017 - 12:58 PM

Sorry for the wait, please do these too.

3Al62Pm.pngMiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
SXvL3ZF.pngTDSSKiller
  • Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Warthog-Fan

Warthog-Fan
  • Topic Starter

  • Members
  • 295 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Endicott, NY
  • Local time:05:03 AM

Posted 02 February 2017 - 05:17 PM

boopme,

 

Here is some of the info that you asked for:

 

MINITOOLBOX

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Bob (ATTENTION: The logged in user is not administrator) on 02-02-2017 at 16:24:58
Running from "C:\Users\Bob\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Model: System Product Name Manufacturer: System manufacturer
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Connected)
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Connected)
TAP-Windows Adapter V9 = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="VMware Network Adapter VMnet1" address=192.168.175.1 mask=255.255.255.0
add address name="VMware Network Adapter VMnet8" address=192.168.66.1 mask=255.255.255.0
add address name="VMware Network Adapter VMnet1" address=192.168.75.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Wartweasel
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : stny.rr.com

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-72-17-68-C2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : stny.rr.com
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 30-5A-3A-0B-A5-98
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2604:6000:1209:a0c2:4500:90c8:c3c6:fd8c(Preferred)
   IPv6 Address. . . . . . . . . . . : fde3:f1c8:4920:0:4500:90c8:c3c6:fd8c(Preferred)
   Temporary IPv6 Address. . . . . . : 2604:6000:1209:a0c2:29f2:bada:a96:ef2a(Preferred)
   Temporary IPv6 Address. . . . . . : fde3:f1c8:4920:0:29f2:bada:a96:ef2a(Preferred)
   Link-local IPv6 Address . . . . . : fe80::4500:90c8:c3c6:fd8c%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.136(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, February 02, 2017 3:00:47 PM
   Lease Expires . . . . . . . . . . : Friday, February 03, 2017 3:00:47 PM
   Default Gateway . . . . . . . . . : fe80::c256:27ff:fe1a:4ebe%10
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 238049850
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-D4-3E-E2-30-5A-3A-0B-A5-98
   DNS Servers . . . . . . . . . . . : 209.18.47.62
                                       209.18.47.61
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet1:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
   Physical Address. . . . . . . . . : 00-50-56-C0-00-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1011:2771:d628:e6b6%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.75.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 268456022
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-D4-3E-E2-30-5A-3A-0B-A5-98
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet8:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
   Physical Address. . . . . . . . . : 00-50-56-C0-00-08
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::d3c:af49:2352:f816%14(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.66.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 285233238
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-D4-3E-E2-30-5A-3A-0B-A5-98
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{721768C2-6CF0-4E04-A5AD-07B2DD5F4E42}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{6DDDEBB4-E35E-4091-92ED-F5F0232736F5}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.stny.rr.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : stny.rr.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B8960271-6DB4-42AA-B232-7450A2B3B6D4}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dns-cac-lb-02.rr.com
Address:  209.18.47.62

Name:    google.com
Addresses:  2607:f8b0:4006:80f::200e
      172.217.4.206


Pinging google.com [2607:f8b0:4006:80f::200e] with 32 bytes of data:
Reply from 2607:f8b0:4006:80f::200e: time=39ms
Reply from 2607:f8b0:4006:80f::200e: time=40ms

Ping statistics for 2607:f8b0:4006:80f::200e:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 39ms, Maximum = 40ms, Average = 39ms
Server:  dns-cac-lb-02.rr.com
Address:  209.18.47.62

Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
      2001:4998:58:c02::a9
      2001:4998:c:a06::2:4008
      98.138.253.109
      98.139.183.24
      206.190.36.45


Pinging yahoo.com [2001:4998:c:a06::2:4008] with 32 bytes of data:
Request timed out.
Reply from 2001:4998:c:a06::2:4008: time=99ms

Ping statistics for 2001:4998:c:a06::2:4008:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 99ms, Maximum = 99ms, Average = 99ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 16...00 ff 72 17 68 c2 ......TAP-Windows Adapter V9
 10...30 5a 3a 0b a5 98 ......Realtek PCIe GBE Family Controller
 13...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
 14...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
  1...........................Software Loopback Interface 1
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.136     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.136    276
    192.168.1.136  255.255.255.255         On-link     192.168.1.136    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.136    276
     192.168.66.0    255.255.255.0         On-link      192.168.66.1    276
     192.168.66.1  255.255.255.255         On-link      192.168.66.1    276
   192.168.66.255  255.255.255.255         On-link      192.168.66.1    276
     192.168.75.0    255.255.255.0         On-link      192.168.75.1    276
     192.168.75.1  255.255.255.255         On-link      192.168.75.1    276
   192.168.75.255  255.255.255.255         On-link      192.168.75.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.66.1    276
        224.0.0.0        240.0.0.0         On-link      192.168.75.1    276
        224.0.0.0        240.0.0.0         On-link     192.168.1.136    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.66.1    276
  255.255.255.255  255.255.255.255         On-link      192.168.75.1    276
  255.255.255.255  255.255.255.255         On-link     192.168.1.136    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 10    276 ::/0                     fe80::c256:27ff:fe1a:4ebe
  1    306 ::1/128                  On-link
 10     28 2604:6000:1209:a0c2::/64 On-link
 10     36 2604:6000:1209:a0c2::/64 fe80::c256:27ff:fe1a:4ebe
 10    276 2604:6000:1209:a0c2:29f2:bada:a96:ef2a/128
                                    On-link
 10    276 2604:6000:1209:a0c2:4500:90c8:c3c6:fd8c/128
                                    On-link
 10     28 fde3:f1c8:4920::/64      On-link
 10    276 fde3:f1c8:4920:0:29f2:bada:a96:ef2a/128
                                    On-link
 10    276 fde3:f1c8:4920:0:4500:90c8:c3c6:fd8c/128
                                    On-link
 14    276 fe80::/64                On-link
 13    276 fe80::/64                On-link
 10    276 fe80::/64                On-link
 14    276 fe80::d3c:af49:2352:f816/128
                                    On-link
 13    276 fe80::1011:2771:d628:e6b6/128
                                    On-link
 10    276 fe80::4500:90c8:c3c6:fd8c/128
                                    On-link
  1    306 ff00::/8                 On-link
 14    276 ff00::/8                 On-link
 13    276 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/02/2017 04:08:16 PM) (Source: DbxSvc) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (02/02/2017 04:08:16 PM) (Source: DbxSvc) (User: )
Description: Filter Unload failed with: (-2145452013) The system could not find the filter specified.

Error: (02/02/2017 02:23:47 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (02/02/2017 09:32:38 AM) (Source: DbxSvc) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (02/01/2017 08:37:00 AM) (Source: DbxSvc) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/31/2017 08:33:47 AM) (Source: DbxSvc) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/30/2017 08:13:02 AM) (Source: DbxSvc) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/29/2017 07:00:05 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (01/29/2017 07:51:48 AM) (Source: DbxSvc) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/28/2017 09:38:02 PM) (Source: DbxSvc) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.


System errors:
=============
Error: (02/02/2017 04:21:30 PM) (Source: Service Control Manager) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 60 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/02/2017 04:17:26 PM) (Source: Service Control Manager) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 59 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/02/2017 04:13:22 PM) (Source: Service Control Manager) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 58 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/02/2017 04:09:17 PM) (Source: Service Control Manager) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 57 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/02/2017 04:05:13 PM) (Source: Service Control Manager) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 56 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/02/2017 04:01:09 PM) (Source: Service Control Manager) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 55 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/02/2017 03:57:05 PM) (Source: Service Control Manager) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 54 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/02/2017 03:53:00 PM) (Source: Service Control Manager) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 53 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/02/2017 03:48:56 PM) (Source: Service Control Manager) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 52 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/02/2017 03:44:52 PM) (Source: Service Control Manager) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 51 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (02/02/2017 04:08:16 PM) (Source: DbxSvc)(User: )
Description: (-2147024894) The system cannot find the file specified.

Error: (02/02/2017 04:08:16 PM) (Source: DbxSvc)(User: )
Description: (-2145452013) The system could not find the filter specified.

Error: (02/02/2017 02:23:47 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Bob\Desktop\esetsmartinstaller_enu.exe

Error: (02/02/2017 09:32:38 AM) (Source: DbxSvc)(User: )
Description: (-2147024894) The system cannot find the file specified.

Error: (02/01/2017 08:37:00 AM) (Source: DbxSvc)(User: )
Description: (-2147024894) The system cannot find the file specified.

Error: (01/31/2017 08:33:47 AM) (Source: DbxSvc)(User: )
Description: (-2147024894) The system cannot find the file specified.

Error: (01/30/2017 08:13:02 AM) (Source: DbxSvc)(User: )
Description: (-2147024894) The system cannot find the file specified.

Error: (01/29/2017 07:00:05 PM) (Source: Windows Backup)(User: )
Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (01/29/2017 07:51:48 AM) (Source: DbxSvc)(User: )
Description: (-2147024894) The system cannot find the file specified.

Error: (01/28/2017 09:38:02 PM) (Source: DbxSvc)(User: )
Description: (-2147024894) The system cannot find the file specified.


CodeIntegrity Errors:
===================================
  Date: 2016-08-29 07:21:25.094
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-29 07:21:15.075
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-29 07:21:15.060
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-28 21:46:07.025
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-28 21:45:57.200
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-28 21:45:57.169
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-28 07:21:43.143
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-28 07:21:33.262
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-28 07:21:33.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-27 07:55:11.299
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.19)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon MG7500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7500_series) (Version: 1.00 - Canon Inc.)
Canon MG7500 series On-screen Manual (HKLM-x32\...\Canon MG7500 series On-screen Manual) (Version: 7.7.0 - Canon Inc.)
Canon MG7500 series User Registration (HKLM-x32\...\Canon MG7500 series User Registration) (Version:  - ‭Canon Inc.)
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - )
Canon MP560 series User Registration (HKLM-x32\...\Canon MP560 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Cybereason RansomFree 2.2.3.0 (HKLM-x32\...\{D94D745E-266E-4B2B-B505-7B6042C0C1C9}) (Version: 2.2.3.0 - Cybereason Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.12 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.10 - Emsisoft Ltd.)
Eraser 6.2.0.2970 (HKLM\...\{58F37E51-2A83-49F3-9117-6005C63CF399}) (Version: 6.2.2970 - The Eraser Project)
EZ Vinyl/Tape Converter by Ion Audio 11.6.0 (HKLM-x32\...\EZ Vinyl/Tape Converter by Ion Audio_is1) (Version: 11.6.0 - Ion Audio LLC)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.0.36 - Intel Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Linksys Connect (HKLM-x32\...\Linksys Connect) (Version: 1.5.14350.0 - Linksys LLC)
Malwarebytes Anti-Exploit version 1.9.1.1291 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1291 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Mozilla Thunderbird 45.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.4.0 (x86 en-US)) (Version: 45.4.0 - Mozilla)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7576 - Realtek Semiconductor Corp.)
SafeZone Stable 1.51.2220.62 (HKLM-x32\...\SafeZone 1.51.2220.62) (Version: 1.51.2220.62 - Avast Software) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SoftMaker Office 2016 (HKLM-x32\...\{8EBB8452-274B-465D-8324-00B0832FBB05}) (Version: 16.0.3809 - SoftMaker Software GmbH)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SureThing Decal Maker (HKLM-x32\...\MVApplication1) (Version:  - )
VMware Player (HKLM\...\{57AA4E8A-E2C9-4F1C-B3F1-762C36E34472}) (Version: 12.1.0 - VMware, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

========================= Memory info: ===================================

Percentage of memory in use: 14%
Total physical RAM: 16261.89 MB
Available physical RAM: 13845.95 MB
Total Virtual: 32521.97 MB
Available Virtual: 29162.16 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.66 GB) (Free:143.11 GB) NTFS
2 Drive d: () (Fixed) (Total:465.76 GB) (Free:441.67 GB) NTFS

========================= Users: ========================================

User accounts for \\WARTWEASEL

Admin                    Administrator            Bob                      
Guest                    Jackie                   


**** End of log ****

 

 

TDSSKiller

 

16:27:41.0618 0x040c  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
16:27:41.0618 0x040c  UEFI system
16:27:48.0575 0x040c  ============================================================
16:27:48.0575 0x040c  Current date / time: 2017/02/02 16:27:48.0575
16:27:48.0575 0x040c  SystemInfo:
16:27:48.0575 0x040c  
16:27:48.0575 0x040c  OS Version: 6.1.7601 ServicePack: 1.0
16:27:48.0575 0x040c  Product type: Workstation
16:27:48.0575 0x040c  ComputerName: WARTWEASEL
16:27:48.0575 0x040c  UserName: Admin
16:27:48.0575 0x040c  Windows directory: C:\Windows
16:27:48.0575 0x040c  System windows directory: C:\Windows
16:27:48.0575 0x040c  Running under WOW64
16:27:48.0575 0x040c  Processor architecture: Intel x64
16:27:48.0575 0x040c  Number of processors: 4
16:27:48.0575 0x040c  Page size: 0x1000
16:27:48.0575 0x040c  Boot type: Normal boot
16:27:48.0575 0x040c  CodeIntegrityOptions = 0x00000001
16:27:48.0575 0x040c  ============================================================
16:27:53.0520 0x040c  KLMD registered as C:\Windows\system32\drivers\44493742.sys
16:27:53.0536 0x040c  KLMD ARK init status: drvProperties = 0x7FF00, osBuild = 7601.23572, osProperties = 0x1
16:27:53.0676 0x040c  System UUID: {763FA41B-2ED5-CE12-9DDF-057528C9085C}
16:27:53.0942 0x040c  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:27:53.0942 0x040c  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:27:53.0942 0x040c  ============================================================
16:27:53.0942 0x040c  \Device\Harddisk0\DR0:
16:27:53.0942 0x040c  GPT partitions:
16:27:53.0942 0x040c  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {2FD127EE-0D9C-47E2-A52E-0B8520D0B917}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
16:27:53.0942 0x040c  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {AD319162-178A-4A1D-890D-1A422A06BF8A}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
16:27:53.0942 0x040c  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {D8431981-DAEC-48D3-AC62-BF39D3D83725}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0x1D153000
16:27:53.0942 0x040c  MBR partitions:
16:27:53.0942 0x040c  \Device\Harddisk1\DR1:
16:27:53.0942 0x040c  MBR partitions:
16:27:53.0942 0x040c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
16:27:53.0942 0x040c  ============================================================
16:27:53.0942 0x040c  C: <-> \Device\Harddisk0\DR0\Partition3
16:27:53.0973 0x040c  D: <-> \Device\Harddisk1\DR1\Partition1
16:27:53.0973 0x040c  ============================================================
16:27:53.0973 0x040c  Initialize success
16:27:53.0973 0x040c  ============================================================
16:28:31.0085 0x0288  ============================================================
16:28:31.0085 0x0288  Scan started
16:28:31.0085 0x0288  Mode: Manual;
16:28:31.0085 0x0288  ============================================================
16:28:31.0085 0x0288  KSN ping started
16:28:31.0241 0x0288  KSN ping finished: true
16:28:31.0600 0x0288  ================ Scan system memory ========================
16:28:31.0600 0x0288  System memory - ok
16:28:31.0600 0x0288  ================ Scan services =============================
16:28:31.0631 0x0288  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:28:31.0631 0x0288  1394ohci - ok
16:28:31.0756 0x0288  [ 3C605D193603BB2D782A16C9C5BCFE1F, A18151A5CD53AC248C683F6F07B0ED95281AEC27F55A70DDE3B060902A442E94 ] a2AntiMalware   C:\Program Files\Emsisoft Anti-Malware\a2service.exe
16:28:31.0865 0x0288  a2AntiMalware - ok
16:28:31.0865 0x0288  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:28:31.0881 0x0288  ACPI - ok
16:28:31.0881 0x0288  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:28:31.0881 0x0288  AcpiPmi - ok
16:28:31.0881 0x0288  [ B932E0EE190778D840F1442DFC0F9612, 8780963F14D57279FDD585BE945ED40F24590D32676C7A9EF94002D38B8BA643 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:28:31.0881 0x0288  AdobeARMservice - ok
16:28:31.0896 0x0288  [ CA363F172E1978FD155764F2840B0BE8, CB14E2C94ABB8C8809F4E96472F6D1A9A3A0860217631F592E0F62F043165575 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:28:31.0896 0x0288  AdobeFlashPlayerUpdateSvc - ok
16:28:31.0912 0x0288  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:28:31.0912 0x0288  adp94xx - ok
16:28:31.0912 0x0288  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:28:31.0928 0x0288  adpahci - ok
16:28:31.0928 0x0288  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:28:31.0928 0x0288  adpu320 - ok
16:28:31.0928 0x0288  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:28:31.0928 0x0288  AeLookupSvc - ok
16:28:31.0943 0x0288  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
16:28:31.0943 0x0288  AFD - ok
16:28:31.0959 0x0288  [ 98022774D9930ECBB292E70DB7601DF6, BE64A40B9BE997D73C0FC14D97E204C9D886EDA07EC4C9391A70CE477084E5F1 ] AGERESoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
16:28:31.0974 0x0288  AGERESoftModem - ok
16:28:31.0974 0x0288  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
16:28:31.0974 0x0288  agp440 - ok
16:28:31.0990 0x0288  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
16:28:31.0990 0x0288  ALG - ok
16:28:31.0990 0x0288  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:28:31.0990 0x0288  aliide - ok
16:28:31.0990 0x0288  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:28:31.0990 0x0288  amdide - ok
16:28:31.0990 0x0288  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:28:31.0990 0x0288  AmdK8 - ok
16:28:31.0990 0x0288  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:28:31.0990 0x0288  AmdPPM - ok
16:28:32.0006 0x0288  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:28:32.0006 0x0288  amdsata - ok
16:28:32.0006 0x0288  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:28:32.0006 0x0288  amdsbs - ok
16:28:32.0006 0x0288  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:28:32.0006 0x0288  amdxata - ok
16:28:32.0006 0x0288  [ FCE5C79717A487BDC71F3DEC78A684CA, F5520F112A4EBDD10444AA5E9FDB9125219FCF768FEB95AB608BC84D60136816 ] AppID           C:\Windows\system32\drivers\appid.sys
16:28:32.0021 0x0288  AppID - ok
16:28:32.0021 0x0288  [ 8921E1D8AE5171691F186A7C5B98B630, 4A37313BB94D4B49D0294C9439AD0793DE328F9F4DA1C47E34E6ACEA46AF6E14 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:28:32.0021 0x0288  AppIDSvc - ok
16:28:32.0021 0x0288  [ DE23E052E557580674785CDF45B613F3, A955ADC6CC7D816BA7CE1065F911E7A3295A1908C22BE0A3C506C38CFEE8DE0D ] Appinfo         C:\Windows\System32\appinfo.dll
16:28:32.0021 0x0288  Appinfo - ok
16:28:32.0021 0x0288  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
16:28:32.0021 0x0288  AppMgmt - ok
16:28:32.0037 0x0288  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:28:32.0037 0x0288  arc - ok
16:28:32.0037 0x0288  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:28:32.0037 0x0288  arcsas - ok
16:28:32.0037 0x0288  [ 798DE15F187C1F013095BBBEB6FB6197, 436CCAB6F62FA2D29827916E054ADE7ACAE485B3DE1D3E5C6C62D3DEBF1480E7 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
16:28:32.0037 0x0288  AsIO - ok
16:28:32.0037 0x0288  [ A1EB3F68EC05EFD41176819D3CCBE094, 5E2B158F203B5D5D8851068036A60C14E8A04B9EBE72A34589BF6A479ADB06DB ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
16:28:32.0037 0x0288  asmthub3 - ok
16:28:32.0052 0x0288  [ B49B4ED4756D336DA1939D399E851067, 2B7C0526E381EABAF5EDBE7FA2C6B0BCEBC444DECED9DBF0B4C586A65181319B ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
16:28:32.0052 0x0288  asmtxhci - ok
16:28:32.0068 0x0288  [ EE424A5CE56E3923D59BB7DE2E15036D, 8B8196870EFE74D43EDA72674021A46846D370E97A6A058134D84A721AECD091 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:28:32.0068 0x0288  aspnet_state - ok
16:28:32.0068 0x0288  [ E4ABC023E251D2BB6B98C9FCAF5CF16D, 2A94320A3EF16E641B693BF6EABABB57C891B914B00F73ACD7ADB8CA5089EC40 ] aswTap          C:\Windows\system32\DRIVERS\aswTap.sys
16:28:32.0068 0x0288  aswTap - ok
16:28:32.0068 0x0288  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:28:32.0068 0x0288  AsyncMac - ok
16:28:32.0068 0x0288  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:28:32.0068 0x0288  atapi - ok
16:28:32.0084 0x0288  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:28:32.0099 0x0288  AudioEndpointBuilder - ok
16:28:32.0099 0x0288  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:28:32.0115 0x0288  AudioSrv - ok
16:28:32.0115 0x0288  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:28:32.0115 0x0288  AxInstSV - ok
16:28:32.0130 0x0288  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
16:28:32.0130 0x0288  b06bdrv - ok
16:28:32.0130 0x0288  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:28:32.0130 0x0288  b57nd60a - ok
16:28:32.0146 0x0288  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:28:32.0146 0x0288  BDESVC - ok
16:28:32.0146 0x0288  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:28:32.0146 0x0288  Beep - ok
16:28:32.0162 0x0288  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
16:28:32.0162 0x0288  BFE - ok
16:28:32.0177 0x0288  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
16:28:32.0193 0x0288  BITS - ok
16:28:32.0193 0x0288  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:28:32.0193 0x0288  blbdrive - ok
16:28:32.0193 0x0288  [ ABA3984C822E4D3F889699912D85D6C5, 2251FA135CC290DA13DAE4743F393C7CC9E6A737C054707CB8D72C369D1FFACB ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:28:32.0193 0x0288  bowser - ok
16:28:32.0193 0x0288  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:28:32.0193 0x0288  BrFiltLo - ok
16:28:32.0193 0x0288  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:28:32.0193 0x0288  BrFiltUp - ok
16:28:32.0208 0x0288  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
16:28:32.0208 0x0288  Browser - ok
16:28:32.0208 0x0288  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:28:32.0208 0x0288  Brserid - ok
16:28:32.0224 0x0288  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:28:32.0224 0x0288  BrSerWdm - ok
16:28:32.0224 0x0288  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:28:32.0224 0x0288  BrUsbMdm - ok
16:28:32.0224 0x0288  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:28:32.0224 0x0288  BrUsbSer - ok
16:28:32.0224 0x0288  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:28:32.0224 0x0288  BTHMODEM - ok
16:28:32.0224 0x0288  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
16:28:32.0224 0x0288  bthserv - ok
16:28:32.0240 0x0288  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:28:32.0240 0x0288  cdfs - ok
16:28:32.0240 0x0288  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
16:28:32.0240 0x0288  cdrom - ok
16:28:32.0240 0x0288  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:28:32.0240 0x0288  CertPropSvc - ok
16:28:32.0255 0x0288  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:28:32.0255 0x0288  circlass - ok
16:28:32.0255 0x0288  [ 3D67C27DD17B254D7915FA16A5AE3573, 5B3A6C6A7F940C06362775DAF13CEADA37C7AA84A509458A57C23B4369970A90 ] CLFS            C:\Windows\system32\CLFS.sys
16:28:32.0255 0x0288  CLFS - ok
16:28:32.0271 0x0288  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:28:32.0271 0x0288  clr_optimization_v2.0.50727_32 - ok
16:28:32.0271 0x0288  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:28:32.0271 0x0288  clr_optimization_v2.0.50727_64 - ok
16:28:32.0271 0x0288  [ 5BAF4F1296D4D91FC28560CDB4C37C4B, ACA4BC57ED1F8432F18F0F215EC7FF956BAEF6E02760779E264E4008A979E9DD ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:28:32.0271 0x0288  clr_optimization_v4.0.30319_32 - ok
16:28:32.0286 0x0288  [ 569B54004A7E85A74FD92841DE6058E2, 58949313D0F6B1C06359B2F3C68E29940B1655A17E93FFC3718F6D2EAE1633E4 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:28:32.0286 0x0288  clr_optimization_v4.0.30319_64 - ok
16:28:32.0286 0x0288  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:28:32.0286 0x0288  CmBatt - ok
16:28:32.0286 0x0288  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:28:32.0286 0x0288  cmdide - ok
16:28:32.0302 0x0288  [ A98CED39AD91B445E2E442A9BD67E8B4, B4189DEEF1C0EE22AE983119047B1A40FFDD8F3E163DFFABD7C2706231B0B1B0 ] CNG             C:\Windows\system32\Drivers\cng.sys
16:28:32.0302 0x0288  CNG - ok
16:28:32.0302 0x0288  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:28:32.0302 0x0288  Compbatt - ok
16:28:32.0302 0x0288  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:28:32.0302 0x0288  CompositeBus - ok
16:28:32.0302 0x0288  COMSysApp - ok
16:28:32.0318 0x0288  [ 182CDDEB846E7A3750B0520E82B65385, 1C66EB6D7DF0F52BAD7E16B33117E4578F75B371CBA15FDEF4F45DFD782D24F9 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
16:28:32.0318 0x0288  cphs - ok
16:28:32.0318 0x0288  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:28:32.0318 0x0288  crcdisk - ok
16:28:32.0333 0x0288  [ 2C6632CECFDBBE793FDA8AF9CA55A9CC, 335188515F798483660E529204A13012E4D21B0ECA489224A11C26F91A5B3CCE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:28:32.0333 0x0288  CryptSvc - ok
16:28:32.0333 0x0288  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
16:28:32.0349 0x0288  CSC - ok
16:28:32.0349 0x0288  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
16:28:32.0364 0x0288  CscService - ok
16:28:32.0364 0x0288  [ BAF4A5A28AE1A1A4831008FF668D3551, 6FB4D3125EC3E9ED93ABE582E1DD58D5E3CB8AE18551D9648C621DE244F9AA0D ] CybereasonRansomFree C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
16:28:32.0364 0x0288  CybereasonRansomFree - ok
16:28:32.0364 0x0288  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdate        C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
16:28:32.0364 0x0288  dbupdate - ok
16:28:32.0380 0x0288  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdatem       C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
16:28:32.0380 0x0288  dbupdatem - ok
16:28:32.0380 0x0288  dbx - ok
16:28:32.0380 0x0288  [ 2C5A991F0320D95BAC80D0C31F43A79E, CC7887132AF15C77676A3186429FE0071DCC8DC9C6252314D99C02E54867BE10 ] DbxSvc          C:\Windows\system32\DbxSvc.exe
16:28:32.0380 0x0288  DbxSvc - ok
16:28:32.0396 0x0288  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:28:32.0396 0x0288  DcomLaunch - ok
16:28:32.0396 0x0288  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
16:28:32.0411 0x0288  defragsvc - ok
16:28:32.0411 0x0288  [ 9B38580063D281A99E68EF5813022A5F, D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DA ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:28:32.0411 0x0288  DfsC - ok
16:28:32.0411 0x0288  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:28:32.0427 0x0288  Dhcp - ok
16:28:32.0442 0x0288  [ EE9954237F15BE4DD9304D12E4D305ED, F295C9BAF20F0E669B673AFCC16B4969EE31B6A3808980DAB93D9B0F167DA3C0 ] DiagTrack       C:\Windows\system32\diagtrack.dll
16:28:32.0458 0x0288  DiagTrack - ok
16:28:32.0458 0x0288  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
16:28:32.0458 0x0288  discache - ok
16:28:32.0458 0x0288  [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk            C:\Windows\system32\drivers\disk.sys
16:28:32.0458 0x0288  Disk - ok
16:28:32.0474 0x0288  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:28:32.0474 0x0288  Dnscache - ok
16:28:32.0474 0x0288  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:28:32.0474 0x0288  dot3svc - ok
16:28:32.0474 0x0288  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
16:28:32.0489 0x0288  DPS - ok
16:28:32.0489 0x0288  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:28:32.0489 0x0288  drmkaud - ok
16:28:32.0505 0x0288  [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:28:32.0505 0x0288  DXGKrnl - ok
16:28:32.0520 0x0288  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
16:28:32.0520 0x0288  EapHost - ok
16:28:32.0567 0x0288  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
16:28:32.0598 0x0288  ebdrv - ok
16:28:32.0598 0x0288  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] EFS             C:\Windows\System32\lsass.exe
16:28:32.0598 0x0288  EFS - ok
16:28:32.0614 0x0288  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:28:32.0614 0x0288  ehRecvr - ok
16:28:32.0630 0x0288  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
16:28:32.0630 0x0288  ehSched - ok
16:28:32.0630 0x0288  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:28:32.0645 0x0288  elxstor - ok
16:28:32.0645 0x0288  [ 0E840AA66CAB02CBA9730C772BBE305B, 8862583E653D13D1D10A1A4A33704E4F70576E80370943AAFD1EAED6657A0104 ] epp             C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys
16:28:32.0645 0x0288  epp - ok
16:28:32.0645 0x0288  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:28:32.0645 0x0288  ErrDev - ok
16:28:32.0645 0x0288  [ DFF2F2688183E47F54B9BA12785B38BF, A9192F351F30FD8974444C2AEFE57F6C6B7A0A5348BAB2093F47630952C28C09 ] ESProtectionDriver C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
16:28:32.0645 0x0288  ESProtectionDriver - ok
16:28:32.0661 0x0288  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
16:28:32.0661 0x0288  EventSystem - ok
16:28:32.0676 0x0288  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
16:28:32.0676 0x0288  exfat - ok
16:28:32.0676 0x0288  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:28:32.0676 0x0288  fastfat - ok
16:28:32.0692 0x0288  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
16:28:32.0692 0x0288  Fax - ok
16:28:32.0708 0x0288  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:28:32.0708 0x0288  fdc - ok
16:28:32.0708 0x0288  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
16:28:32.0708 0x0288  fdPHost - ok
16:28:32.0708 0x0288  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:28:32.0708 0x0288  FDResPub - ok
16:28:32.0708 0x0288  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:28:32.0708 0x0288  FileInfo - ok
16:28:32.0708 0x0288  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:28:32.0708 0x0288  Filetrace - ok
16:28:32.0723 0x0288  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:28:32.0723 0x0288  flpydisk - ok
16:28:32.0723 0x0288  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:28:32.0723 0x0288  FltMgr - ok
16:28:32.0739 0x0288  [ 700A5373FA66F1DAAECBD2CFB88C73ED, D6C1C4C846BC24EB6539ECC701A456FA53BB6679C79391F5B70580D47B6CE395 ] FontCache       C:\Windows\system32\FntCache.dll
16:28:32.0754 0x0288  FontCache - ok
16:28:32.0754 0x0288  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:28:32.0754 0x0288  FontCache3.0.0.0 - ok
16:28:32.0770 0x0288  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:28:32.0770 0x0288  FsDepends - ok
16:28:32.0770 0x0288  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:28:32.0770 0x0288  Fs_Rec - ok
16:28:32.0770 0x0288  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:28:32.0770 0x0288  fvevol - ok
16:28:32.0770 0x0288  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:28:32.0770 0x0288  gagp30kx - ok
16:28:32.0786 0x0288  [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc           C:\Windows\System32\gpsvc.dll
16:28:32.0801 0x0288  gpsvc - ok
16:28:32.0801 0x0288  [ 053EEEE1ABAE53F044F1E386E22AE525, 195C8B78C0CF68F3DC1C08E58CE2A7146764F9273C39EF369194A366FA8EE1AD ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:28:32.0801 0x0288  gupdate - ok
16:28:32.0801 0x0288  [ 053EEEE1ABAE53F044F1E386E22AE525, 195C8B78C0CF68F3DC1C08E58CE2A7146764F9273C39EF369194A366FA8EE1AD ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:28:32.0817 0x0288  gupdatem - ok
16:28:32.0817 0x0288  [ 279527CC9B260CDB1FD883D43902A2EA, 6504EE8CA013D4C7FFA83E1FA07CCE8B022DF437D094BED16B8EDB7B9F64D4D1 ] hcmon           C:\Windows\system32\drivers\hcmon.sys
16:28:32.0817 0x0288  hcmon - ok
16:28:32.0817 0x0288  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:28:32.0817 0x0288  hcw85cir - ok
16:28:32.0817 0x0288  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:28:32.0832 0x0288  HdAudAddService - ok
16:28:32.0832 0x0288  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:28:32.0832 0x0288  HDAudBus - ok
16:28:32.0832 0x0288  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:28:32.0832 0x0288  HidBatt - ok
16:28:32.0832 0x0288  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:28:32.0832 0x0288  HidBth - ok
16:28:32.0848 0x0288  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:28:32.0848 0x0288  HidIr - ok
16:28:32.0848 0x0288  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
16:28:32.0848 0x0288  hidserv - ok
16:28:32.0848 0x0288  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:28:32.0848 0x0288  HidUsb - ok
16:28:32.0848 0x0288  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:28:32.0848 0x0288  hkmsvc - ok
16:28:32.0864 0x0288  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:28:32.0864 0x0288  HomeGroupListener - ok
16:28:32.0864 0x0288  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:28:32.0864 0x0288  HomeGroupProvider - ok
16:28:32.0864 0x0288  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:28:32.0864 0x0288  HpSAMD - ok
16:28:32.0879 0x0288  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:28:32.0895 0x0288  HTTP - ok
16:28:32.0895 0x0288  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:28:32.0895 0x0288  hwpolicy - ok
16:28:32.0895 0x0288  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:28:32.0895 0x0288  i8042prt - ok
16:28:32.0926 0x0288  [ 12859E1215AA083A42E7ADCDE5C061D1, 262F9C65C3FA7EB69C4FA7C6547E1C79DB49697A083309909BC78726A116557F ] iaStorA         C:\Windows\system32\DRIVERS\iaStorA.sys
16:28:32.0942 0x0288  iaStorA - ok
16:28:32.0942 0x0288  [ 91F97C1A0ABCD7FA487E8EF7A249C15C, 834D85B7833DD1EDE0938320A68237315F60263ABCB6714974E711EBA91178E9 ] iaStorF         C:\Windows\system32\DRIVERS\iaStorF.sys
16:28:32.0942 0x0288  iaStorF - ok
16:28:32.0942 0x0288  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:28:32.0957 0x0288  iaStorV - ok
16:28:32.0957 0x0288  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:28:32.0973 0x0288  idsvc - ok
16:28:32.0973 0x0288  IEEtwCollectorService - ok
16:28:33.0113 0x0288  [ 9A08E6FEFBD52D89327018087B442D04, 64DBA4A310793F3BB834CF5D91F81EC4411E4682B68D7EC7312B3480B6D6B195 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
16:28:33.0222 0x0288  igfx - ok
16:28:33.0238 0x0288  [ E3DD03421423ADC31C81B7DE71F2ED8F, 6ABF0154F88922E15C102B7D88057D0C167EBC51079642DF448D79A2C5AC8F75 ] igfxCUIService2.0.0.0 C:\Windows\system32\igfxCUIService.exe
16:28:33.0238 0x0288  igfxCUIService2.0.0.0 - ok
16:28:33.0238 0x0288  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:28:33.0254 0x0288  iirsp - ok
16:28:33.0254 0x0288  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
16:28:33.0269 0x0288  IKEEXT - ok
16:28:33.0285 0x0288  [ E300D1E37B737ED14F7A08CD5604E5D9, 5C1135081E29D7F4A97D5CAA2C8FBE1DD04EC7A3D8E648E69F2AA9EBDD88EBBB ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
16:28:33.0285 0x0288  IntcDAud - ok
16:28:33.0300 0x0288  [ B63CF22D1AD2ABDC39D85851B2BEAA6D, 37E9043BABB5895BFD2B59AFB60C438B992C6EAA1B5FDE5B3445314343F4C406 ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
16:28:33.0316 0x0288  Intel® Capability Licensing Service TCP IP Interface - ok
16:28:33.0316 0x0288  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:28:33.0316 0x0288  intelide - ok
16:28:33.0316 0x0288  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:28:33.0316 0x0288  intelppm - ok
16:28:33.0316 0x0288  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:28:33.0316 0x0288  IPBusEnum - ok
16:28:33.0316 0x0288  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:28:33.0332 0x0288  IpFilterDriver - ok
16:28:33.0332 0x0288  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:28:33.0347 0x0288  iphlpsvc - ok
16:28:33.0347 0x0288  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:28:33.0347 0x0288  IPMIDRV - ok
16:28:33.0347 0x0288  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:28:33.0347 0x0288  IPNAT - ok
16:28:33.0347 0x0288  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:28:33.0347 0x0288  IRENUM - ok
16:28:33.0347 0x0288  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:28:33.0347 0x0288  isapnp - ok
16:28:33.0363 0x0288  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:28:33.0363 0x0288  iScsiPrt - ok
16:28:33.0378 0x0288  [ A7A2E0D3932B1986990AC7077B1658CD, F8CC75A711E6C4E5299557F05C0C6B957E8508EA496BC74CCF4827385B046CB4 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
16:28:33.0378 0x0288  iusb3hub - ok
16:28:33.0394 0x0288  [ FD9C74D20E6F97EDC442091F9DBC1189, 01DD3D862FD7A429E9D79B3B1BC657594628747B0C4C124E976D733065498EDB ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
16:28:33.0394 0x0288  iusb3xhc - ok
16:28:33.0410 0x0288  [ 51054A35D0303B0466F2031DAFDCE302, C02CB422BA3451C89D9524068D4F6B72073337035EC08C11397931A16E11590A ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
16:28:33.0410 0x0288  jhi_service - ok
16:28:33.0410 0x0288  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:28:33.0410 0x0288  kbdclass - ok
16:28:33.0410 0x0288  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:28:33.0410 0x0288  kbdhid - ok
16:28:33.0410 0x0288  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] KeyIso          C:\Windows\system32\lsass.exe
16:28:33.0425 0x0288  KeyIso - ok
16:28:33.0425 0x0288  [ 6F5F0C6160EF237F0243C1E416EEBA98, 8BA8AA0D71350A74E294A731226B1638C6059013D645ABDE7188F7733E320FBD ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:28:33.0425 0x0288  KSecDD - ok
16:28:33.0425 0x0288  [ 05529E53B286FD60E7EF04EF138CABFD, 6C045750DCD3EE76F748582513AD4FA99C0E8E56B616725CD48DCA1068FF8923 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:28:33.0425 0x0288  KSecPkg - ok
16:28:33.0425 0x0288  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:28:33.0425 0x0288  ksthunk - ok
16:28:33.0441 0x0288  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:28:33.0441 0x0288  KtmRm - ok
16:28:33.0441 0x0288  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:28:33.0456 0x0288  LanmanServer - ok
16:28:33.0456 0x0288  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:28:33.0456 0x0288  LanmanWorkstation - ok
16:28:33.0456 0x0288  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:28:33.0456 0x0288  lltdio - ok
16:28:33.0472 0x0288  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:28:33.0472 0x0288  lltdsvc - ok
16:28:33.0472 0x0288  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:28:33.0472 0x0288  lmhosts - ok
16:28:33.0472 0x0288  [ 36E02306E8697940D42C1DDA1CD1CE2A, BF98F2978FCFD13D8A7CC16AA0F8015DBDF14C92206C55FAF1EDB89728F5DC81 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:28:33.0488 0x0288  LMS - ok
16:28:33.0488 0x0288  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:28:33.0488 0x0288  LSI_FC - ok
16:28:33.0488 0x0288  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:28:33.0488 0x0288  LSI_SAS - ok
16:28:33.0503 0x0288  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:28:33.0503 0x0288  LSI_SAS2 - ok
16:28:33.0503 0x0288  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:28:33.0503 0x0288  LSI_SCSI - ok
16:28:33.0503 0x0288  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
16:28:33.0503 0x0288  luafv - ok
16:28:33.0503 0x0288  [ F4E29A91DF19BA8C4D72695887AA4DEF, 67F5D137209EF1323A03EC6F31DFCA10C7D1F19102FAC735D0DF8924879E22AA ] MbaeSvc         C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
16:28:33.0519 0x0288  MbaeSvc - ok
16:28:33.0519 0x0288  [ 78BFF5425E044086E74E78650A359FBB, 294738C10F3ED933D4EC40EA0659372FCF19A3C6D45D356917438CA495F2CB45 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
16:28:33.0519 0x0288  MBAMProtector - ok
16:28:33.0534 0x0288  [ 9611577752E293259C7DCE19E9026362, 8CB5DFD63FA15603BB6FA6B501E09ED7F4DE0E8F68CB28B78CECAC3711BEFD24 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
16:28:33.0550 0x0288  MBAMScheduler - ok
16:28:33.0566 0x0288  [ F1A89A34388B5626F1548D393B23ECB1, EA00AC76C4C8C9340753B58A3313C9177A9B98F9F1BDE08F184CD0F53D0C186F ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
16:28:33.0581 0x0288  MBAMService - ok
16:28:33.0581 0x0288  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
16:28:33.0597 0x0288  MBAMSwissArmy - ok
16:28:33.0597 0x0288  [ 452ACB7A9914398D9E18CCCFFCF92208, 754AF45C19731C356E7E84497B04E0333759AC86DC553BA275EFC09845E43E4D ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
16:28:33.0597 0x0288  MBAMWebAccessControl - ok
16:28:33.0597 0x0288  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:28:33.0597 0x0288  Mcx2Svc - ok
16:28:33.0597 0x0288  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:28:33.0597 0x0288  megasas - ok
16:28:33.0612 0x0288  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:28:33.0612 0x0288  MegaSR - ok
16:28:33.0612 0x0288  [ E08DEA9226C94DF1C530153F830C5B51, A85CE8650F1A5D3CCE807DFF7E01FC969186587DCAB8677CDAACE47D9F9524C1 ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
16:28:33.0612 0x0288  MEIx64 - ok
16:28:33.0612 0x0288  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
16:28:33.0612 0x0288  MMCSS - ok
16:28:33.0628 0x0288  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
16:28:33.0628 0x0288  Modem - ok
16:28:33.0628 0x0288  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:28:33.0628 0x0288  monitor - ok
16:28:33.0628 0x0288  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:28:33.0628 0x0288  mouclass - ok
16:28:33.0628 0x0288  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:28:33.0628 0x0288  mouhid - ok
16:28:33.0628 0x0288  [ 8ADB5445B29941CB41AF2846FD5C93C7, 689582430FE29EC0845B1DB841D3CC49D5D09DE264586E3999EEFE616986D12B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:28:33.0628 0x0288  mountmgr - ok
16:28:33.0644 0x0288  [ ADF79A49E942C91D1FC9863CBFDD6B58, C2B2A792C4717133DCAE6297EE3F5D985B11D3C1E68A8DC23985AC6B78ACDE98 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:28:33.0644 0x0288  MozillaMaintenance - ok
16:28:33.0644 0x0288  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:28:33.0644 0x0288  mpio - ok
16:28:33.0644 0x0288  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:28:33.0644 0x0288  mpsdrv - ok
16:28:33.0659 0x0288  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:28:33.0675 0x0288  MpsSvc - ok
16:28:33.0675 0x0288  [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:28:33.0675 0x0288  MRxDAV - ok
16:28:33.0690 0x0288  [ 632E8A00090E4F85F304E152C92C7F2C, A3098941251A8327C95E6B1122384D54FB0ED705A9215577D968EA5B5FD88C87 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:28:33.0690 0x0288  mrxsmb - ok
16:28:33.0690 0x0288  [ 0D9C05484F2F4BD9D33A615D5DBE67EA, 1E164B631B1CD85DD5B205284CB547B189609946490AAABD22741743BFB413DF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:28:33.0690 0x0288  mrxsmb10 - ok
16:28:33.0690 0x0288  [ 6123E6FECC1C164022868FB1982271BE, 417E6C7AFF8B014B31AFCC202B0DCEECBDBB73205DF8C3EFC7E313664E284178 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:28:33.0706 0x0288  mrxsmb20 - ok
16:28:33.0706 0x0288  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:28:33.0706 0x0288  msahci - ok
16:28:33.0706 0x0288  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:28:33.0706 0x0288  msdsm - ok
16:28:33.0706 0x0288  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
16:28:33.0706 0x0288  MSDTC - ok
16:28:33.0722 0x0288  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:28:33.0722 0x0288  Msfs - ok
16:28:33.0722 0x0288  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:28:33.0722 0x0288  mshidkmdf - ok
16:28:33.0722 0x0288  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:28:33.0722 0x0288  msisadrv - ok
16:28:33.0722 0x0288  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:28:33.0722 0x0288  MSiSCSI - ok
16:28:33.0722 0x0288  msiserver - ok
16:28:33.0737 0x0288  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:28:33.0737 0x0288  MSKSSRV - ok
16:28:33.0737 0x0288  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:28:33.0737 0x0288  MSPCLOCK - ok
16:28:33.0737 0x0288  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:28:33.0737 0x0288  MSPQM - ok
16:28:33.0737 0x0288  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:28:33.0753 0x0288  MsRPC - ok
16:28:33.0753 0x0288  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:28:33.0753 0x0288  mssmbios - ok
16:28:33.0753 0x0288  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:28:33.0753 0x0288  MSTEE - ok
16:28:33.0753 0x0288  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:28:33.0753 0x0288  MTConfig - ok
16:28:33.0753 0x0288  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
16:28:33.0753 0x0288  Mup - ok
16:28:33.0768 0x0288  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
16:28:33.0768 0x0288  napagent - ok
16:28:33.0768 0x0288  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:28:33.0784 0x0288  NativeWifiP - ok
16:28:33.0800 0x0288  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:28:33.0800 0x0288  NDIS - ok
16:28:33.0800 0x0288  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:28:33.0800 0x0288  NdisCap - ok
16:28:33.0815 0x0288  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:28:33.0815 0x0288  NdisTapi - ok
16:28:33.0815 0x0288  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:28:33.0815 0x0288  Ndisuio - ok
16:28:33.0815 0x0288  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:28:33.0815 0x0288  NdisWan - ok
16:28:33.0815 0x0288  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:28:33.0815 0x0288  NDProxy - ok
16:28:33.0831 0x0288  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:28:33.0831 0x0288  NetBIOS - ok
16:28:33.0831 0x0288  [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:28:33.0831 0x0288  NetBT - ok
16:28:33.0831 0x0288  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] Netlogon        C:\Windows\system32\lsass.exe
16:28:33.0831 0x0288  Netlogon - ok
16:28:33.0846 0x0288  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
16:28:33.0846 0x0288  Netman - ok
16:28:33.0846 0x0288  [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:28:33.0846 0x0288  NetMsmqActivator - ok
16:28:33.0862 0x0288  [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:28:33.0862 0x0288  NetPipeActivator - ok
16:28:33.0862 0x0288  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
16:28:33.0878 0x0288  netprofm - ok
16:28:33.0878 0x0288  [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:28:33.0878 0x0288  NetTcpActivator - ok
16:28:33.0878 0x0288  [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:28:33.0878 0x0288  NetTcpPortSharing - ok
16:28:33.0878 0x0288  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:28:33.0878 0x0288  nfrd960 - ok
16:28:33.0893 0x0288  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:28:33.0893 0x0288  NlaSvc - ok
16:28:33.0893 0x0288  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:28:33.0893 0x0288  Npfs - ok
16:28:33.0893 0x0288  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
16:28:33.0893 0x0288  nsi - ok
16:28:33.0909 0x0288  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:28:33.0909 0x0288  nsiproxy - ok
16:28:33.0924 0x0288  [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:28:33.0940 0x0288  Ntfs - ok
16:28:33.0940 0x0288  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
16:28:33.0956 0x0288  Null - ok
16:28:33.0956 0x0288  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:28:33.0956 0x0288  nvraid - ok
16:28:33.0956 0x0288  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:28:33.0956 0x0288  nvstor - ok
16:28:33.0956 0x0288  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:28:33.0971 0x0288  nv_agp - ok
16:28:33.0971 0x0288  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:28:33.0971 0x0288  ohci1394 - ok
16:28:33.0971 0x0288  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:28:33.0971 0x0288  p2pimsvc - ok
16:28:33.0987 0x0288  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
16:28:33.0987 0x0288  p2psvc - ok
16:28:34.0002 0x0288  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:28:34.0002 0x0288  Parport - ok
16:28:34.0002 0x0288  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:28:34.0002 0x0288  partmgr - ok
16:28:34.0002 0x0288  [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:28:34.0002 0x0288  PcaSvc - ok
16:28:34.0018 0x0288  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
16:28:34.0018 0x0288  pci - ok
16:28:34.0018 0x0288  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
16:28:34.0018 0x0288  pciide - ok
16:28:34.0018 0x0288  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:28:34.0018 0x0288  pcmcia - ok
16:28:34.0018 0x0288  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:28:34.0018 0x0288  pcw - ok
16:28:34.0034 0x0288  [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:28:34.0049 0x0288  PEAUTH - ok
16:28:34.0065 0x0288  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
16:28:34.0080 0x0288  PeerDistSvc - ok
16:28:34.0080 0x0288  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:28:34.0080 0x0288  PerfHost - ok
16:28:34.0112 0x0288  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
16:28:34.0127 0x0288  pla - ok
16:28:34.0127 0x0288  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:28:34.0143 0x0288  PlugPlay - ok
16:28:34.0143 0x0288  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:28:34.0143 0x0288  PNRPAutoReg - ok
16:28:34.0143 0x0288  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:28:34.0158 0x0288  PNRPsvc - ok
16:28:34.0158 0x0288  [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:28:34.0158 0x0288  PolicyAgent - ok
16:28:34.0174 0x0288  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
16:28:34.0174 0x0288  Power - ok
16:28:34.0174 0x0288  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:28:34.0174 0x0288  PptpMiniport - ok
16:28:34.0174 0x0288  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:28:34.0174 0x0288  Processor - ok
16:28:34.0190 0x0288  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:28:34.0190 0x0288  ProfSvc - ok
16:28:34.0190 0x0288  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] ProtectedStorage C:\Windows\system32\lsass.exe
16:28:34.0190 0x0288  ProtectedStorage - ok
16:28:34.0190 0x0288  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:28:34.0205 0x0288  Psched - ok
16:28:34.0221 0x0288  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:28:34.0236 0x0288  ql2300 - ok
16:28:34.0236 0x0288  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:28:34.0236 0x0288  ql40xx - ok
16:28:34.0252 0x0288  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
16:28:34.0252 0x0288  QWAVE - ok
16:28:34.0252 0x0288  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:28:34.0252 0x0288  QWAVEdrv - ok
16:28:34.0252 0x0288  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:28:34.0252 0x0288  RasAcd - ok
16:28:34.0252 0x0288  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:28:34.0252 0x0288  RasAgileVpn - ok
16:28:34.0268 0x0288  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
16:28:34.0268 0x0288  RasAuto - ok
16:28:34.0268 0x0288  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:28:34.0268 0x0288  Rasl2tp - ok
16:28:34.0283 0x0288  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
16:28:34.0283 0x0288  RasMan - ok
16:28:34.0283 0x0288  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:28:34.0283 0x0288  RasPppoe - ok
16:28:34.0283 0x0288  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:28:34.0283 0x0288  RasSstp - ok
16:28:34.0299 0x0288  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:28:34.0299 0x0288  rdbss - ok
16:28:34.0299 0x0288  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:28:34.0299 0x0288  rdpbus - ok
16:28:34.0299 0x0288  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:28:34.0299 0x0288  RDPCDD - ok
16:28:34.0314 0x0288  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
16:28:34.0314 0x0288  RDPDR - ok
16:28:34.0314 0x0288  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:28:34.0314 0x0288  RDPENCDD - ok
16:28:34.0314 0x0288  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:28:34.0314 0x0288  RDPREFMP - ok
16:28:34.0314 0x0288  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:28:34.0330 0x0288  RDPWD - ok
16:28:34.0330 0x0288  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:28:34.0330 0x0288  rdyboost - ok
16:28:34.0330 0x0288  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:28:34.0330 0x0288  RemoteAccess - ok
16:28:34.0346 0x0288  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:28:34.0346 0x0288  RemoteRegistry - ok
16:28:34.0346 0x0288  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:28:34.0346 0x0288  RpcEptMapper - ok
16:28:34.0346 0x0288  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
16:28:34.0346 0x0288  RpcLocator - ok
16:28:34.0361 0x0288  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs           C:\Windows\system32\rpcss.dll
16:28:34.0361 0x0288  RpcSs - ok
16:28:34.0361 0x0288  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:28:34.0361 0x0288  rspndr - ok
16:28:34.0377 0x0288  [ DCF7221D6588EDA8CD77CB27AE9B1844, 7741A4F513952CC3C4D5056958D0D50F8F2A9D3142C7478707F73A83D3CDE01C ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
16:28:34.0392 0x0288  RTL8167 - ok
16:28:34.0392 0x0288  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
16:28:34.0392 0x0288  s3cap - ok
16:28:34.0392 0x0288  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] SamSs           C:\Windows\system32\lsass.exe
16:28:34.0392 0x0288  SamSs - ok
16:28:34.0408 0x0288  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:28:34.0408 0x0288  sbp2port - ok
16:28:34.0408 0x0288  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:28:34.0408 0x0288  SCardSvr - ok
16:28:34.0408 0x0288  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:28:34.0408 0x0288  scfilter - ok
16:28:34.0424 0x0288  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
16:28:34.0439 0x0288  Schedule - ok
16:28:34.0439 0x0288  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:28:34.0439 0x0288  SCPolicySvc - ok
16:28:34.0455 0x0288  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:28:34.0455 0x0288  SDRSVC - ok
16:28:34.0455 0x0288  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:28:34.0455 0x0288  secdrv - ok
16:28:34.0455 0x0288  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
16:28:34.0455 0x0288  seclogon - ok
16:28:34.0455 0x0288  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
16:28:34.0455 0x0288  SENS - ok
16:28:34.0470 0x0288  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:28:34.0470 0x0288  SensrSvc - ok
16:28:34.0470 0x0288  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:28:34.0470 0x0288  Serenum - ok
16:28:34.0470 0x0288  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:28:34.0470 0x0288  Serial - ok
16:28:34.0470 0x0288  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:28:34.0470 0x0288  sermouse - ok
16:28:34.0486 0x0288  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
16:28:34.0486 0x0288  SessionEnv - ok
16:28:34.0486 0x0288  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:28:34.0486 0x0288  sffdisk - ok
16:28:34.0486 0x0288  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:28:34.0486 0x0288  sffp_mmc - ok
16:28:34.0486 0x0288  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:28:34.0486 0x0288  sffp_sd - ok
16:28:34.0486 0x0288  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:28:34.0486 0x0288  sfloppy - ok
16:28:34.0502 0x0288  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:28:34.0502 0x0288  SharedAccess - ok
16:28:34.0502 0x0288  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:28:34.0517 0x0288  ShellHWDetection - ok
16:28:34.0517 0x0288  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:28:34.0517 0x0288  SiSRaid2 - ok
16:28:34.0517 0x0288  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:28:34.0517 0x0288  SiSRaid4 - ok
16:28:34.0517 0x0288  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:28:34.0517 0x0288  Smb - ok
16:28:34.0533 0x0288  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:28:34.0533 0x0288  SNMPTRAP - ok
16:28:34.0533 0x0288  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:28:34.0533 0x0288  spldr - ok
16:28:34.0548 0x0288  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
16:28:34.0548 0x0288  Spooler - ok
16:28:34.0595 0x0288  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
16:28:34.0626 0x0288  sppsvc - ok
16:28:34.0642 0x0288  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:28:34.0642 0x0288  sppuinotify - ok
16:28:34.0642 0x0288  [ EC666682FE8344CF7E6ED69E74FA9F4F, DCD2A1C046425630689E2C9A6A6E356FE5A2A6664D12C20CFE236FCB32240DF9 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:28:34.0658 0x0288  srv - ok
16:28:34.0658 0x0288  [ E450C0318DCE8ED28ED272C8806B8495, D2FD459F8C5E42103EF2F71421FA175A4F0821F8C2A3763093122D433D1C50FB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:28:34.0658 0x0288  srv2 - ok
16:28:34.0673 0x0288  [ 9C12C78AD36C23D925711A4640228225, FF72C23F2A08EDF0C41BAF1EB0245AB44FF91365C5466F09C47A8F0928D20994 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:28:34.0673 0x0288  srvnet - ok
16:28:34.0673 0x0288  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:28:34.0673 0x0288  SSDPSRV - ok
16:28:34.0689 0x0288  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:28:34.0689 0x0288  SstpSvc - ok
16:28:34.0689 0x0288  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:28:34.0689 0x0288  stexstor - ok
16:28:34.0689 0x0288  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
16:28:34.0704 0x0288  stisvc - ok
16:28:34.0704 0x0288  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
16:28:34.0704 0x0288  storflt - ok
16:28:34.0704 0x0288  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
16:28:34.0704 0x0288  StorSvc - ok
16:28:34.0704 0x0288  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
16:28:34.0720 0x0288  storvsc - ok
16:28:34.0720 0x0288  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:28:34.0720 0x0288  swenum - ok
16:28:34.0720 0x0288  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
16:28:34.0736 0x0288  swprv - ok
16:28:34.0751 0x0288  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
16:28:34.0782 0x0288  SysMain - ok
16:28:34.0782 0x0288  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:28:34.0782 0x0288  TabletInputService - ok
16:28:34.0782 0x0288  [ 134B275751051C5D03F9ACCDC4F8CAAB, D50F96485AF6F26EA9A5A3A2ADEACC2DFD3B2ABCDAB88195B75CC72EAC543BE2 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
16:28:34.0782 0x0288  tap0901 - ok
16:28:34.0798 0x0288  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:28:34.0798 0x0288  TapiSrv - ok
16:28:34.0798 0x0288  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
16:28:34.0798 0x0288  TBS - ok
16:28:34.0829 0x0288  [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:28:34.0845 0x0288  Tcpip - ok
16:28:34.0876 0x0288  [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:28:34.0892 0x0288  TCPIP6 - ok
16:28:34.0892 0x0288  [ 7FE5586314EE7D6AA8483264A089E5AF, 4E3EA68713A45C22F1B9A1AA125E15D06D0C5E637B815537431ADFB6D7563879 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:28:34.0892 0x0288  tcpipreg - ok
16:28:34.0907 0x0288  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:28:34.0907 0x0288  TDPIPE - ok
16:28:34.0907 0x0288  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:28:34.0907 0x0288  TDTCP - ok
16:28:34.0907 0x0288  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:28:34.0907 0x0288  tdx - ok
16:28:34.0907 0x0288  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:28:34.0907 0x0288  TermDD - ok
16:28:34.0923 0x0288  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
16:28:34.0923 0x0288  TermService - ok
16:28:34.0938 0x0288  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
16:28:34.0938 0x0288  Themes - ok
16:28:34.0938 0x0288  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
16:28:34.0938 0x0288  THREADORDER - ok
16:28:34.0938 0x0288  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
16:28:34.0938 0x0288  TrkWks - ok
16:28:34.0954 0x0288  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:28:34.0954 0x0288  TrustedInstaller - ok
16:28:34.0954 0x0288  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:28:34.0954 0x0288  tssecsrv - ok
16:28:34.0954 0x0288  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:28:34.0954 0x0288  TsUsbFlt - ok
16:28:34.0954 0x0288  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:28:34.0970 0x0288  tunnel - ok
16:28:34.0970 0x0288  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:28:34.0970 0x0288  uagp35 - ok
16:28:34.0970 0x0288  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:28:34.0970 0x0288  udfs - ok
16:28:34.0985 0x0288  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:28:34.0985 0x0288  UI0Detect - ok
16:28:34.0985 0x0288  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:28:34.0985 0x0288  uliagpkx - ok
16:28:34.0985 0x0288  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
16:28:34.0985 0x0288  umbus - ok
16:28:34.0985 0x0288  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:28:34.0985 0x0288  UmPass - ok
16:28:35.0001 0x0288  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
16:28:35.0001 0x0288  UmRdpService - ok
16:28:35.0001 0x0288  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
16:28:35.0016 0x0288  upnphost - ok
16:28:35.0016 0x0288  [ 28B81917A195B67617AF7DCF4DFE5736, 40A4D2AAE1BDE5ABA8708ED150396E913C566ECD5CDA40D6C6DB256F1B9FD4A9 ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
16:28:35.0016 0x0288  usbccgp - ok
16:28:35.0016 0x0288  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:28:35.0016 0x0288  usbcir - ok
16:28:35.0016 0x0288  [ B626F048318DAE65A3317F0592BE592C, 284D8FFE1D35F852EFDA182A72288AC3A10D6ED825FE2CC5812497D3FE291AF1 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
16:28:35.0016 0x0288  usbehci - ok
16:28:35.0032 0x0288  [ 390109E8E05BA00375DCB1ED64DC60AF, B8628502590B423BEFB6F7C8C69FAD0667AD0746FF6B444EE02016E8E1052B78 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
16:28:35.0032 0x0288  usbhub - ok
16:28:35.0032 0x0288  [ B4DF0F4C1D9D25DFE1DAD1D8670F1D4F, 4317C2DEDC639527B53864BAEC46CBE022D298C0503E29E1072DD1C851D92BFC ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:28:35.0032 0x0288  usbohci - ok
16:28:35.0032 0x0288  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:28:35.0032 0x0288  usbprint - ok
16:28:35.0032 0x0288  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:28:35.0048 0x0288  usbscan - ok
16:28:35.0048 0x0288  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:28:35.0048 0x0288  USBSTOR - ok
16:28:35.0048 0x0288  [ CFEAAF96E666E3DCBD8F6DFF516784AE, 006218A3DB5851790CC0A7F3DCD7B3AF82F624DA679296DE507AFD36C5468317 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:28:35.0048 0x0288  usbuhci - ok
16:28:35.0048 0x0288  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
16:28:35.0048 0x0288  UxSms - ok
16:28:35.0048 0x0288  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] VaultSvc        C:\Windows\system32\lsass.exe
16:28:35.0048 0x0288  VaultSvc - ok
16:28:35.0048 0x0288  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:28:35.0063 0x0288  vdrvroot - ok
16:28:35.0063 0x0288  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
16:28:35.0079 0x0288  vds - ok
16:28:35.0079 0x0288  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:28:35.0079 0x0288  vga - ok
16:28:35.0079 0x0288  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:28:35.0079 0x0288  VgaSave - ok
16:28:35.0079 0x0288  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:28:35.0094 0x0288  vhdmp - ok
16:28:35.0094 0x0288  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:28:35.0094 0x0288  viaide - ok
16:28:35.0094 0x0288  [ 5F9CBD6D40E32CAEB55DB4A0799EBA72, 2F67D76F8DFC63C4886CDF1F83E012F1FFAE57914DC18338993B2292E1FED008 ] VMAuthdService  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
16:28:35.0094 0x0288  VMAuthdService - ok
16:28:35.0094 0x0288  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
16:28:35.0110 0x0288  vmbus - ok
16:28:35.0110 0x0288  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
16:28:35.0110 0x0288  VMBusHID - ok
16:28:35.0110 0x0288  [ 23B3E571717D59C8B0A6963B79061B57, B41BF84972DE78FDD9FA1D69D0514FEABB238321A29608A5304D97EB6CC02B3F ] vmci            C:\Windows\system32\DRIVERS\vmci.sys
16:28:35.0110 0x0288  vmci - ok
16:28:35.0110 0x0288  [ A3412EC3FF7A5AC2CA3A3951476BFA9C, 8A3D241168205B6B5348F44DF89875067CDD5B29BE8CF14ADA8403225AE2A379 ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
16:28:35.0110 0x0288  VMnetAdapter - ok
16:28:35.0110 0x0288  [ F76AD463DBE8D30CB715A09DF9FF2BE9, 5B2184582496ED0EE8582C6AD3BCF49674690C585439B6F57B43ADC12DF941F6 ] VMnetBridge     C:\Windows\system32\DRIVERS\vmnetbridge.sys
16:28:35.0110 0x0288  VMnetBridge - ok
16:28:35.0126 0x0288  [ C84A6FA836262BD7CBE611F08B554E8B, 01DBC1DF1B03EA41FE2B61E29C79A3460A491E00A3E3329E80CE722071DC1740 ] VMnetDHCP       C:\Windows\SysWOW64\vmnetdhcp.exe
16:28:35.0126 0x0288  VMnetDHCP - ok
16:28:35.0126 0x0288  [ 75ABEBF8F9FD94D6E17AB8CCAF1EEABD, 3793482B17772A1E3962D07AE35C86A0331D93B2E7F965355321F3EB9CD3E3B9 ] VMnetuserif     C:\Windows\system32\drivers\vmnetuserif.sys
16:28:35.0126 0x0288  VMnetuserif - ok
16:28:35.0126 0x0288  [ AB8C8A34049A86F685B8D74BA2F73209, 34A48FEB9CD055A86C7812EC9E5DF619A1AD3E5FF27BC3FAB0A007D21D9EC0FA ] VMparport       C:\Windows\system32\drivers\VMparport.sys
16:28:35.0126 0x0288  VMparport - ok
16:28:35.0141 0x0288  [ B30B940E999CC59A701B564A7E359D09, 390BAD5C691EEAC17FC74659169ED1A3937CA2EB8B15842070C25D536CC4AC59 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
16:28:35.0157 0x0288  VMUSBArbService - ok
16:28:35.0172 0x0288  [ DF89A1667D769377CA5441A6F62F9031, F25A85B2E16AF3EDAFE2BF3534F664563E0CDB3B8B9FB90447781FD0BD8BAB41 ] VMware NAT Service C:\Windows\SysWOW64\vmnat.exe
16:28:35.0172 0x0288  VMware NAT Service - ok
16:28:35.0172 0x0288  [ E46D38C01BA7E4C914CC9191B15B6DB2, 4A194F06848835318E1A8C80D308AE3B923084BFFD23098022E8B5D508F34F62 ] vmx86           C:\Windows\system32\drivers\vmx86.sys
16:28:35.0172 0x0288  vmx86 - ok
16:28:35.0172 0x0288  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:28:35.0172 0x0288  volmgr - ok
16:28:35.0188 0x0288  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:28:35.0188 0x0288  volmgrx - ok
16:28:35.0204 0x0288  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:28:35.0204 0x0288  volsnap - ok
16:28:35.0204 0x0288  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:28:35.0204 0x0288  vsmraid - ok
16:28:35.0204 0x0288  [ 7639A7B4A8E5204BB37B479C2D1C8934, 2A35B3A7B20EE3F5888A089D1E46A7FD7B2D86AB36D3401A224F7CD39ABE7F27 ] vsock           C:\Windows\system32\drivers\vsock.sys
16:28:35.0204 0x0288  vsock - ok
16:28:35.0235 0x0288  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
16:28:35.0250 0x0288  VSS - ok
16:28:35.0250 0x0288  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:28:35.0250 0x0288  vwifibus - ok
16:28:35.0266 0x0288  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
16:28:35.0266 0x0288  W32Time - ok
16:28:35.0266 0x0288  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:28:35.0266 0x0288  WacomPen - ok
16:28:35.0266 0x0288  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:28:35.0266 0x0288  WANARP - ok
16:28:35.0282 0x0288  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:28:35.0282 0x0288  Wanarpv6 - ok
16:28:35.0297 0x0288  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
16:28:35.0313 0x0288  WatAdminSvc - ok
16:28:35.0328 0x0288  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
16:28:35.0344 0x0288  wbengine - ok
16:28:35.0344 0x0288  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:28:35.0360 0x0288  WbioSrvc - ok
16:28:35.0360 0x0288  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:28:35.0360 0x0288  wcncsvc - ok
16:28:35.0375 0x0288  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:28:35.0375 0x0288  WcsPlugInService - ok
16:28:35.0375 0x0288  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:28:35.0375 0x0288  Wd - ok
16:28:35.0375 0x0288  [ D0335A55E5C3F812548E18300C2ACB62, 7EF7C3A21E97197E1A6D2956D0F5A7C23F2D590C9709708394426031634990A5 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
16:28:35.0375 0x0288  WDC_SAM - ok
16:28:35.0391 0x0288  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:28:35.0391 0x0288  Wdf01000 - ok
16:28:35.0406 0x0288  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:28:35.0406 0x0288  WdiServiceHost - ok
16:28:35.0406 0x0288  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:28:35.0406 0x0288  WdiSystemHost - ok
16:28:35.0406 0x0288  [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient       C:\Windows\System32\webclnt.dll
16:28:35.0422 0x0288  WebClient - ok
16:28:35.0422 0x0288  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:28:35.0422 0x0288  Wecsvc - ok
16:28:35.0422 0x0288  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:28:35.0422 0x0288  wercplsupport - ok
16:28:35.0438 0x0288  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:28:35.0438 0x0288  WerSvc - ok
16:28:35.0438 0x0288  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:28:35.0438 0x0288  WfpLwf - ok
16:28:35.0438 0x0288  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:28:35.0438 0x0288  WIMMount - ok
16:28:35.0438 0x0288  WinDefend - ok
16:28:35.0438 0x0288  WinHttpAutoProxySvc - ok
16:28:35.0453 0x0288  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:28:35.0453 0x0288  Winmgmt - ok
16:28:35.0484 0x0288  [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM           C:\Windows\system32\WsmSvc.dll
16:28:35.0500 0x0288  WinRM - ok
16:28:35.0516 0x0288  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:28:35.0516 0x0288  WinUsb - ok
16:28:35.0531 0x0288  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:28:35.0531 0x0288  Wlansvc - ok
16:28:35.0578 0x0288  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:28:35.0594 0x0288  wlidsvc - ok
16:28:35.0594 0x0288  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:28:35.0594 0x0288  WmiAcpi - ok
16:28:35.0609 0x0288  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:28:35.0609 0x0288  wmiApSrv - ok
16:28:35.0609 0x0288  WMPNetworkSvc - ok
16:28:35.0609 0x0288  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:28:35.0609 0x0288  WPCSvc - ok
16:28:35.0609 0x0288  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:28:35.0609 0x0288  WPDBusEnum - ok
16:28:35.0625 0x0288  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:28:35.0625 0x0288  ws2ifsl - ok
16:28:35.0625 0x0288  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
16:28:35.0625 0x0288  wscsvc - ok
16:28:35.0625 0x0288  WSearch - ok
16:28:35.0672 0x0288  [ 31F32E0C1A8BA9A37EEC23DE5F27F847, 0180832BC6172C9A4C32B5B222BB3F91EA615A5EBDA98DB79ED4FED258C2D257 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:28:35.0687 0x0288  wuauserv - ok
16:28:35.0703 0x0288  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:28:35.0703 0x0288  WudfPf - ok
16:28:35.0703 0x0288  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:28:35.0703 0x0288  WUDFRd - ok
16:28:35.0703 0x0288  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:28:35.0718 0x0288  wudfsvc - ok
16:28:35.0718 0x0288  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:28:35.0718 0x0288  WwanSvc - ok
16:28:35.0734 0x0288  ================ Scan global ===============================
16:28:35.0734 0x0288  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
16:28:35.0734 0x0288  [ 93E5D2B763374F484918A0909724B3EB, 900F1CCAEFCF77AB678C74D542ABDDA7134CD33D7811537E2829FC69E99F2B3E ] C:\Windows\system32\winsrv.dll
16:28:35.0750 0x0288  [ 93E5D2B763374F484918A0909724B3EB, 900F1CCAEFCF77AB678C74D542ABDDA7134CD33D7811537E2829FC69E99F2B3E ] C:\Windows\system32\winsrv.dll
16:28:35.0750 0x0288  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
16:28:35.0750 0x0288  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
16:28:35.0765 0x0288  [ Global ] - ok
16:28:35.0765 0x0288  ================ Scan MBR ==================================
16:28:35.0765 0x0288  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:28:35.0765 0x0288  \Device\Harddisk0\DR0 - ok
16:28:36.0249 0x0288  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:28:36.0264 0x0288  \Device\Harddisk1\DR1 - ok
16:28:36.0264 0x0288  ================ Scan VBR ==================================
16:28:36.0280 0x0288  [ 8A2209F9006971EF610B5F8C2F3A0DC8 ] \Device\Harddisk0\DR0\Partition1
16:28:36.0280 0x0288  \Device\Harddisk0\DR0\Partition1 - ok
16:28:36.0280 0x0288  [ A1A1CC4BA4AE1C51FC0245E9B1587FFB ] \Device\Harddisk0\DR0\Partition2
16:28:36.0280 0x0288  \Device\Harddisk0\DR0\Partition2 - ok
16:28:36.0296 0x0288  [ 35C31A79DFDBF661716A2081360A34BB ] \Device\Harddisk0\DR0\Partition3
16:28:36.0296 0x0288  \Device\Harddisk0\DR0\Partition3 - ok
16:28:36.0296 0x0288  [ DEBA48AD19B59DF5EBE9AE0935995F80 ] \Device\Harddisk1\DR1\Partition1
16:28:36.0296 0x0288  \Device\Harddisk1\DR1\Partition1 - ok
16:28:36.0296 0x0288  ================ Scan generic autorun ======================
16:28:36.0327 0x0288  [ B73E8CF29007982C778D52319006C04F, BF26199F668A61F94EC8E4E5B67F244A40BE8A69FBFB9CF852CFB332EC9D5AAD ] C:\Program Files\Eraser\Eraser.exe
16:28:36.0342 0x0288  Eraser - ok
16:28:36.0420 0x0288  [ 3CBAA23AB6ED2824DC5D8BE8B6AFBCE9, D11ECBFBAAFFC58D26594923CDD096DEFED0E081EEADE05B65A4173F1866AD42 ] C:\Users\Bob\Desktop\GWX_control_panel(1).exe
16:28:36.0467 0x0288  GwxControlPanelMonitor - ok
16:28:36.0576 0x0288  [ 5D6BD1FB841531C75F652B0A5F5DD3C0, BDD7E4B83C852FF84C2299686E6B5366F56CC2E1E3715ED98286A837A2B2D1A3 ] c:\program files\emsisoft anti-malware\a2guard.exe
16:28:36.0654 0x0288  emsisoft anti-malware - ok
16:28:36.0670 0x0288  [ E81041736C4AA69F9122887E4E974BAD, 93F78069B5D3EF76FECDA509696F81CFD71A9059B47F647FCF4EB1B000D5F9A6 ] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe
16:28:36.0670 0x0288  IMSS - ok
16:28:36.0670 0x0288  [ CB46168FFDEA91E2B3435E51BB436558, 848D12E11B79722B07C42D848D831C6B782E1338B8F844924CB8938FE11F379D ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
16:28:36.0686 0x0288  USB3MON - ok
16:28:36.0686 0x0288  [ F8A8125BF28F03D79CDEA5B0B69FF60B, 13E5DE36EB61384B0726447442F0CE4838C20E4F3F730B9B9BB84A2020A68A82 ] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
16:28:36.0686 0x0288  IJNetworkScannerSelectorEX - ok
16:28:36.0701 0x0288  Dropbox - ok
16:28:36.0732 0x0288  [ FAAD67B0B5514A10F981CEB08F888A0F, E129B5B80F191214A6DC9F673B914CF25194692DB408B7DF2F64EDDBBD85CB52 ] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
16:28:36.0764 0x0288  Malwarebytes Anti-Exploit - ok
16:28:36.0779 0x0288  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:28:36.0795 0x0288  Sidebar - ok
16:28:36.0795 0x0288  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:28:36.0795 0x0288  mctadmin - ok
16:28:36.0810 0x0288  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:28:36.0826 0x0288  Sidebar - ok
16:28:36.0826 0x0288  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:28:36.0826 0x0288  mctadmin - ok
16:28:36.0826 0x0288  GwxControlPanelMonitor - ok
16:28:36.0826 0x0288  Waiting for KSN requests completion. In queue: 104
16:28:37.0871 0x0288  AV detected via SS2: Emsisoft Anti-Malware, C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2start.exe ( 2017.1.0.7138 ), 0x41000 ( enabled : updated )
16:28:37.0887 0x0288  Win FW state via NFP2: enabled ( trusted )
16:28:38.0136 0x0288  ============================================================
16:28:38.0136 0x0288  Scan finished
16:28:38.0136 0x0288  ============================================================
16:28:38.0136 0x0bc4  Detected object count: 0
16:28:38.0136 0x0bc4  Actual detected object count: 0
 

 

---------------------------------------------------------------------------------------

 

I downloaded Adwarecleaner from the link in your post and tried to run it as an administrator. I got a message telling me that this copy was out of date, and to click OK and I would be taken it a link to the latest version. After Firefox told me that the download was complete, I looked on the desktop and it did not appear. it was on the list of downloaded files in Firefox. Because it was not on the desktop, I could not run it as an administrator....so I didn't run it.

 

Also, after trying the download a couple of time, when I restarted Firefox, I received a message telling me that Firefox was not my default browser. I also found out that all of my bookmarks had been deleted from Firefox. Is there some kind of problem with the download of Adwarecleaner on the Bleeping Computer website?

 

For JRT and ESET, the procedure in your link to shut down protection software didn't work as advertised. When I right-clicked on Emsisoft in the System Tray, the option to Pause Protection was "grayed out" and could not be selected. I could not see any other way to disable Emsisoft. Since I could not disable Emsisoft, I did not run JRT or ESET.

 

I also have Malwarebytes Anti-Exploit installed. When I right-click on this icon in the system tray, the "Start Protection" and "Stop Protection" options are also "grayed out".

 

Okay, I decided to log onto my Administrator account and found that the Adwcleaner installer icons were on the Administrator desktop. I'm not sure how they got there, since I downloaded them from my User account.

 

I also found that while being logged onto the Administrator account I can disable Emsisoft and Malwarebytes. Apparently, since they are security-related, only an administrator is allowed to disable them. I will now run the rest of the programs that you specified, above.

 

Also, my problem with Firefox cleared itself up, too.
 


Edited by Warthog-Fan, 02 February 2017 - 07:36 PM.


#8 Warthog-Fan

Warthog-Fan
  • Topic Starter

  • Members
  • 295 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Endicott, NY
  • Local time:05:03 AM

Posted 02 February 2017 - 08:40 PM

boopme,

 

Here is the rest of the information that you requested:

 

ADWCleaner:

 

# AdwCleaner v6.043 - Logfile created 02/02/2017 at 19:42:07
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-02.4 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Admin - WARTWEASEL
# Running from : C:\Users\Admin\Desktop\adwcleaner_6.043.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

File Found:  C:\ProgramData\NTUSER.POL


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2315 Bytes] - [20/04/2016 12:09:41]
C:\AdwCleaner\AdwCleaner[S1].txt - [2107 Bytes] - [20/04/2016 12:07:59]
C:\AdwCleaner\AdwCleaner[S2].txt - [909 Bytes] - [25/04/2016 13:01:23]
C:\AdwCleaner\AdwCleaner[S3].txt - [1550 Bytes] - [02/02/2017 19:42:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1623 Bytes] ##########

 

 

 

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Professional x64
Ran by Admin (Administrator) on Thu 02/02/2017 at 20:30:07.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 19

Successfully deleted: C:\Users\Admin\AppData\Local\{03630A2D-891F-438E-8D04-6AE148804D3B} (Empty Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\{338475C0-57EC-4A4A-9089-357865606DCB} (Empty Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\{51A2BC24-757E-4C0E-89A6-7D2529536BE5} (Empty Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\{BD13E104-C287-4662-BA7A-9891686BAC9F} (Empty Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\{C8012071-7B4B-4873-8560-250CABF4BBA5} (Empty Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CAX3JMVH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XGX0PSHG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZME9ALH9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CAX3JMVH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XGX0PSHG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZME9ALH9 (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/02/2017 at 20:30:48.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

ESET:

 

C:\$Recycle.Bin\S-1-5-21-676091870-3092876150-1642442642-1001\$R5I7VLX.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XGX0PSHG\winzip_en_64[1].msi    a variant of Win32/Systweak.L potentially unwanted application    deleted
C:\Users\Admin\AppData\Local\Temp\in71CF9CF0\72788325_stp\RAM.dll    a variant of Win32/InstallCore.ACL potentially unwanted application    cleaned by deleting
 

 

Let me know if you need anything else.


 



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:03 AM

Posted 03 February 2017 - 02:33 PM

Good, remove what ADWcleaner found and restart system. See how its running.

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Warthog-Fan

Warthog-Fan
  • Topic Starter

  • Members
  • 295 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Endicott, NY
  • Local time:05:03 AM

Posted 03 February 2017 - 05:05 PM

boopme,

 

I followed the instructions above and reran Adwcleaner. It found the four threats listed previously. Then I ran the clean function and generated a log file. It is shown below:

 

 

# AdwCleaner v6.043 - Logfile created 03/02/2017 at 16:46:04
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-03.1 [Local]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Admin - WARTWEASEL
# Running from : C:\Users\Admin\Desktop\adwcleaner_6.043.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2315 Bytes] - [20/04/2016 12:09:41]
C:\AdwCleaner\AdwCleaner[C2].txt - [1681 Bytes] - [03/02/2017 16:38:03]
C:\AdwCleaner\AdwCleaner[S1].txt - [2107 Bytes] - [20/04/2016 12:07:59]
C:\AdwCleaner\AdwCleaner[S2].txt - [909 Bytes] - [25/04/2016 13:01:23]
C:\AdwCleaner\AdwCleaner[S3].txt - [1710 Bytes] - [02/02/2017 19:42:07]
C:\AdwCleaner\AdwCleaner[S4].txt - [1770 Bytes] - [03/02/2017 16:34:21]
C:\AdwCleaner\AdwCleaner[S5].txt - [1449 Bytes] - [03/02/2017 16:46:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1522 Bytes] ##########

 

 

The four threats in the Registry are now gone. I will try to run the program that was failing before and let you know what happens.
 



#11 Warthog-Fan

Warthog-Fan
  • Topic Starter

  • Members
  • 295 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Endicott, NY
  • Local time:05:03 AM

Posted 03 February 2017 - 05:13 PM

boopme,

 

Okay, I tried to run the VMware virtual machine and the automotive service manual again after cleaning up the computer. It fails in the same way.

 

Since the error involves not having permissions to access certain files (as noted in the first post), does this seem to you like something that is related to malware? To me, it seems to relate to some kind of program or OS settings somewhere. If you still believe that this could be malware, I will be glad to pursue any more ideas that you have.



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:03 AM

Posted 06 February 2017 - 01:19 PM

Try running this with the appropriate 32 or 64 version.

Download FixExec.exe to your desktop.
Double click on downloaded file to run the fix.
When the program has finished, it will generate a log on the desktop called FixExec.exe.
Post the log in your next reply.

NOTE. If for any reason you're not able to execute FixExec.exe rename it to FixExec.com, FixExec.pif or FixExec.scr.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Warthog-Fan

Warthog-Fan
  • Topic Starter

  • Members
  • 295 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Endicott, NY
  • Local time:05:03 AM

Posted 06 February 2017 - 03:10 PM

boopme,

 

The FixExec.exe downloaded and ran alright, but it did not generate a log file. The FixExec.exe file that is on the desktop is an executable, not a text file.

 

Also, the service manual program still does not run. I get the same error about not having permissions.



#14 RolandJS

RolandJS

  • Members
  • 4,533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:04:03 AM

Posted 06 February 2017 - 03:57 PM

If your gut feeling is telling you this might very well be a system files/operations problem, I'd like to suggest tweaking.com's Windows Repair (All in One).  Safe Mode with Networking is the best choice, check the permissions boxes, check items 26 & 27; you may have to restart a couple of times, and let Windows take all the time it needs to smooth things out and come to full Desktop.  Then try that cool program again.  Of course, continue with boopme - that person and others will not steer you wrong!

Going forward, because I also had problems in the past with my Windows XP Mode, I made a folder on my Data partition, and after each successful Windows XP Mode alteration, updates, etc., i.e. everything works -- I would copy the entire folder from "C drive" [my OS partition's VM folder where this XP resides -- into the backup folder on my "d drive" [my data partition].  Yes, correct, that copy operation does take some time, 23GB worth for me.


Edited by RolandJS, 06 February 2017 - 03:58 PM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#15 Warthog-Fan

Warthog-Fan
  • Topic Starter

  • Members
  • 295 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Endicott, NY
  • Local time:05:03 AM

Posted 16 February 2017 - 04:55 PM

boopme,

 

So, are you confident that there is no malware on my computer at this point...???






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users