Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GMER detecting rootkit like activity


  • This topic is locked This topic is locked
8 replies to this topic

#1 user122132

user122132

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 19 July 2017 - 04:46 PM

Hi,

 

GMER is detecting rootkit like activity on my PC.

Please find attached the log file.

I very careful when browsing.

I installed malware bytes and it is not detecting any rootkits.

 

Is this a false positive?

 

I would appreciate your help and insights.

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 PM

Posted 20 July 2017 - 07:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

We need more information/

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs.

Wait for further instructions.

p.s.
If you have issues with this computer please explain.

#3 user122132

user122132
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 20 July 2017 - 08:43 AM

please find the two files attached.

 

I gave glasswire installed and I noticed that Host Process for Windows Service is connecting to and uploading data to the following addresses:

 

ff02::1:2

ff02::1:3

 

I couldn't resolve these addresses online.

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 PM

Posted 20 July 2017 - 12:25 PM

Hi,

Nothing suspicious was found on your logs.
We will check your BIOS and Master boot record.

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • ===

    Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
  • There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
    ===

    Wait for further instructions.

    Wait for further instructions.
  • [/list]

Edited by nasdaq, 20 July 2017 - 12:34 PM.


#5 user122132

user122132
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 20 July 2017 - 01:39 PM

this is my TDSKiIler log:

 

14:26:41.0540 0x15e4  TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02
14:26:41.0540 0x15e4  UEFI system
14:26:46.0415 0x15e4  ============================================================
14:26:46.0415 0x15e4  Current date / time: 2017/07/20 14:26:46.0415
14:26:46.0415 0x15e4  SystemInfo:
14:26:46.0415 0x15e4 
14:26:46.0415 0x15e4  OS Version: 6.3.9600 ServicePack: 0.0
14:26:46.0415 0x15e4  Product type: Workstation
14:26:46.0415 0x15e4  ComputerName: PC8
14:26:46.0415 0x15e4  UserName: PC
14:26:46.0415 0x15e4  Windows directory: C:\Windows
14:26:46.0415 0x15e4  System windows directory: C:\Windows
14:26:46.0415 0x15e4  Running under WOW64
14:26:46.0415 0x15e4  Processor architecture: Intel x64
14:26:46.0415 0x15e4  Number of processors: 8
14:26:46.0415 0x15e4  Page size: 0x1000
14:26:46.0415 0x15e4  Boot type: Normal boot
14:26:46.0415 0x15e4  CodeIntegrityOptions = 0x00000001
14:26:46.0415 0x15e4  ============================================================
14:26:46.0478 0x15e4  KLMD registered as C:\Windows\system32\drivers\97323262.sys
14:26:46.0478 0x15e4  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 9600.18730, osProperties = 0x19
14:26:46.0558 0x15e4  System UUID: {245F25EA-1A90-60B1-D32B-3858C20BC222}
14:26:46.0902 0x15e4  Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:26:47.0171 0x15e4  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:26:47.0187 0x15e4  ============================================================
14:26:47.0187 0x15e4  \Device\Harddisk0\DR0:
14:26:47.0187 0x15e4  GPT partitions:
14:26:47.0187 0x15e4  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {E8589A5C-AF2E-4676-A904-080B4310E18D}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x96000
14:26:47.0187 0x15e4  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {50694724-0EF7-475E-9734-B5551D794605}, Name: EFI system partition, StartLBA 0x96800, BlocksNum 0x32000
14:26:47.0187 0x15e4  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {74577308-E279-424C-9C5E-44292976E120}, Name: Microsoft reserved partition, StartLBA 0xC8800, BlocksNum 0x40000
14:26:47.0187 0x15e4  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {CE0AE720-52CB-4F56-B515-1EAEE1865047}, Name: Basic data partition, StartLBA 0x108800, BlocksNum 0x1DBEA800
14:26:47.0187 0x15e4  MBR partitions:
14:26:47.0187 0x15e4  \Device\Harddisk1\DR1:
14:26:47.0187 0x15e4  Invalid mbr signature
14:26:47.0187 0x15e4  ============================================================
14:26:47.0187 0x15e4  C: <-> \Device\Harddisk0\DR0\Partition4
14:26:47.0187 0x15e4  ============================================================
14:26:47.0187 0x15e4  Initialize success
14:26:47.0187 0x15e4  ============================================================
14:27:28.0167 0x0a8c  ============================================================
14:27:28.0167 0x0a8c  Scan started
14:27:28.0167 0x0a8c  Mode: Manual;
14:27:28.0167 0x0a8c  ============================================================
14:27:28.0167 0x0a8c  KSN ping started
14:27:28.0338 0x0a8c  KSN ping finished: true
14:27:28.0526 0x0a8c  ================ Scan system memory ========================
14:27:28.0526 0x0a8c  System memory - ok
14:27:28.0526 0x0a8c  ================ Scan services =============================
14:27:28.0557 0x0a8c  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
14:27:28.0557 0x0a8c  1394ohci - ok
14:27:28.0573 0x0a8c  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\Windows\system32\drivers\3ware.sys
14:27:28.0573 0x0a8c  3ware - ok
14:27:28.0588 0x0a8c  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:27:28.0588 0x0a8c  ACPI - ok
14:27:28.0588 0x0a8c  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
14:27:28.0588 0x0a8c  acpiex - ok
14:27:28.0604 0x0a8c  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
14:27:28.0604 0x0a8c  acpipagr - ok
14:27:28.0604 0x0a8c  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
14:27:28.0604 0x0a8c  AcpiPmi - ok
14:27:28.0604 0x0a8c  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
14:27:28.0604 0x0a8c  acpitime - ok
14:27:28.0620 0x0a8c  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\Windows\system32\drivers\ADP80XX.SYS
14:27:28.0635 0x0a8c  ADP80XX - ok
14:27:28.0635 0x0a8c  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:27:28.0635 0x0a8c  AeLookupSvc - ok
14:27:28.0651 0x0a8c  [ A460C3AF3755A2A79A3C8EFE72E147B5, 62CEA85DA53D86D3E7B5D79F94095C6126FFF3DEE1427BBF3DEF5EA366B4513B ] AFD             C:\Windows\system32\drivers\afd.sys
14:27:28.0667 0x0a8c  AFD - ok
14:27:28.0667 0x0a8c  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:27:28.0667 0x0a8c  agp440 - ok
14:27:28.0667 0x0a8c  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\Windows\system32\DRIVERS\ahcache.sys
14:27:28.0667 0x0a8c  ahcache - ok
14:27:28.0682 0x0a8c  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\Windows\System32\alg.exe
14:27:28.0682 0x0a8c  ALG - ok
14:27:28.0682 0x0a8c  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
14:27:28.0682 0x0a8c  AmdK8 - ok
14:27:28.0682 0x0a8c  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
14:27:28.0682 0x0a8c  AmdPPM - ok
14:27:28.0698 0x0a8c  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:27:28.0698 0x0a8c  amdsata - ok
14:27:28.0698 0x0a8c  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:27:28.0698 0x0a8c  amdsbs - ok
14:27:28.0698 0x0a8c  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:27:28.0714 0x0a8c  amdxata - ok
14:27:28.0714 0x0a8c  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\Windows\system32\drivers\appid.sys
14:27:28.0714 0x0a8c  AppID - ok
14:27:28.0714 0x0a8c  [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:27:28.0714 0x0a8c  AppIDSvc - ok
14:27:28.0714 0x0a8c  [ 734622FBA766DBD65B1803549B24A04A, 3B6872B87A60D4DA265D3B8AB0561A929CFE2C097419183E93D3843422363C89 ] Appinfo         C:\Windows\System32\appinfo.dll
14:27:28.0729 0x0a8c  Appinfo - ok
14:27:28.0729 0x0a8c  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\Windows\system32\AppReadiness.dll
14:27:28.0745 0x0a8c  AppReadiness - ok
14:27:28.0760 0x0a8c  [ E0F846ADE7DED88981D0908DE56FF160, D8F536438091878724A5004849306ADFB96A2778A9D958ED3DCC0CD9E35160BB ] AppXSvc         C:\Windows\system32\appxdeploymentserver.dll
14:27:28.0792 0x0a8c  AppXSvc - ok
14:27:28.0792 0x0a8c  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:27:28.0792 0x0a8c  arcsas - ok
14:27:28.0792 0x0a8c  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:27:28.0792 0x0a8c  atapi - ok
14:27:28.0807 0x0a8c  [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
14:27:28.0807 0x0a8c  AudioEndpointBuilder - ok
14:27:28.0823 0x0a8c  [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
14:27:28.0839 0x0a8c  Audiosrv - ok
14:27:28.0839 0x0a8c  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:27:28.0839 0x0a8c  AxInstSV - ok
14:27:28.0854 0x0a8c  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
14:27:28.0870 0x0a8c  b06bdrv - ok
14:27:28.0870 0x0a8c  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
14:27:28.0870 0x0a8c  BasicDisplay - ok
14:27:28.0870 0x0a8c  [ 195BD339B4B782B42C19489DCFB4D110, E63CC0AEF1875D5D127E341CF65117DABC9E376A83E615EC8D01F6AB705DABAD ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
14:27:28.0870 0x0a8c  BasicRender - ok
14:27:28.0870 0x0a8c  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\Windows\System32\drivers\bcmfn2.sys
14:27:28.0870 0x0a8c  bcmfn2 - ok
14:27:28.0885 0x0a8c  [ 174394F4EF93C117BF7BE3878046A1B1, D58E868342D1DAFC4B04384A3713F729DF07F408AA6AE4762E6A4244F976526A ] BDESVC          C:\Windows\System32\bdesvc.dll
14:27:28.0885 0x0a8c  BDESVC - ok
14:27:28.0885 0x0a8c  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\Windows\system32\drivers\Beep.sys
14:27:28.0885 0x0a8c  Beep - ok
14:27:28.0901 0x0a8c  [ 5059D93764340D4EAEDF49C47133118F, 26C5779469E04BEAFD290B619CA355648F3911C66D41B22D2C3DCA909FCA0F6E ] BFE             C:\Windows\System32\bfe.dll
14:27:28.0917 0x0a8c  BFE - ok
14:27:28.0932 0x0a8c  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\Windows\System32\qmgr.dll
14:27:28.0948 0x0a8c  BITS - ok
14:27:28.0948 0x0a8c  [ 4938A9236300A356F97E378491EE4844, 60D892960D48EEF48F8EC4DE4F174EBD0BC0E7B28B6D8723D554CD1979EB55B4 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:27:28.0963 0x0a8c  bowser - ok
14:27:28.0963 0x0a8c  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
14:27:28.0963 0x0a8c  BrokerInfrastructure - ok
14:27:28.0979 0x0a8c  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\Windows\System32\browser.dll
14:27:28.0979 0x0a8c  Browser - ok
14:27:28.0979 0x0a8c  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
14:27:28.0979 0x0a8c  BthAvrcpTg - ok
14:27:28.0979 0x0a8c  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
14:27:28.0979 0x0a8c  BthHFEnum - ok
14:27:28.0995 0x0a8c  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
14:27:28.0995 0x0a8c  bthhfhid - ok
14:27:28.0995 0x0a8c  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\Windows\System32\BthHFSrv.dll
14:27:28.0995 0x0a8c  BthHFSrv - ok
14:27:29.0010 0x0a8c  [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
14:27:29.0010 0x0a8c  BTHMODEM - ok
14:27:29.0010 0x0a8c  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\Windows\system32\bthserv.dll
14:27:29.0010 0x0a8c  bthserv - ok
14:27:29.0010 0x0a8c  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:27:29.0026 0x0a8c  cdfs - ok
14:27:29.0026 0x0a8c  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\Windows\System32\drivers\cdrom.sys
14:27:29.0026 0x0a8c  cdrom - ok
14:27:29.0026 0x0a8c  [ ACFDC4EE40EC6E4A0AB91D923B8288C8, D31555AB31F504C247049219BE0ECDF26BB18E210BE7C45E8575FD166FD7EE23 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:27:29.0042 0x0a8c  CertPropSvc - ok
14:27:29.0042 0x0a8c  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\Windows\System32\drivers\circlass.sys
14:27:29.0042 0x0a8c  circlass - ok
14:27:29.0042 0x0a8c  [ B02ABFC429213E57019A56E2C204935C, 827E66D32EB078CAC6E96F7267BE91AAD78F982545D26C6758508D57F453342D ] CLFS            C:\Windows\system32\drivers\CLFS.sys
14:27:29.0057 0x0a8c  CLFS - ok
14:27:29.0057 0x0a8c  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
14:27:29.0057 0x0a8c  CmBatt - ok
14:27:29.0073 0x0a8c  [ C8823A6ECE66B997C8E9F413D1D671E7, D739A194BCA4C1979C5B2A71F4B8DAB0BCC1524808C50BA302847B6C82D77250 ] CNG             C:\Windows\system32\Drivers\cng.sys
14:27:29.0073 0x0a8c  CNG - ok
14:27:29.0089 0x0a8c  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
14:27:29.0089 0x0a8c  CompositeBus - ok
14:27:29.0089 0x0a8c  COMSysApp - ok
14:27:29.0089 0x0a8c  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\Windows\system32\drivers\condrv.sys
14:27:29.0089 0x0a8c  condrv - ok
14:27:29.0104 0x0a8c  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:27:29.0104 0x0a8c  CryptSvc - ok
14:27:29.0104 0x0a8c  [ 389C998C64319CD97625B0550E52ECFA, DD0EDDD9C8412F78D2D2B648D67DA887C3040E05DF29F48F71299CB68FDDD0F8 ] dam             C:\Windows\system32\drivers\dam.sys
14:27:29.0104 0x0a8c  dam - ok
14:27:29.0120 0x0a8c  [ 20CC6E9FE25ACD34BE4FCDDB7B08364D, 295B2BBDC860A4CD65CD09C975D08CA1B8E4FE60AD0CA084CAB149A3E9D64B40 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:27:29.0135 0x0a8c  DcomLaunch - ok
14:27:29.0151 0x0a8c  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\Windows\System32\defragsvc.dll
14:27:29.0151 0x0a8c  defragsvc - ok
14:27:29.0167 0x0a8c  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\Windows\system32\das.dll
14:27:29.0167 0x0a8c  DeviceAssociationService - ok
14:27:29.0167 0x0a8c  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
14:27:29.0167 0x0a8c  DeviceInstall - ok
14:27:29.0182 0x0a8c  [ 4FED6AD69C9EE1EE7FD3C88437138855, 71E0863898F2E3B1F9769C8A9980E2063042961D417FE0C969B2E5B7A0013978 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
14:27:29.0182 0x0a8c  Dfsc - ok
14:27:29.0182 0x0a8c  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:27:29.0198 0x0a8c  Dhcp - ok
14:27:29.0229 0x0a8c  [ 0AC9F83A5508935DE89C447473085EEA, 223782B17BACEFB0A663EB13514B68B919C95EF641CDDA7AC30CB239BC4307EC ] DiagTrack       C:\Windows\system32\diagtrack.dll
14:27:29.0245 0x0a8c  DiagTrack - ok
14:27:29.0245 0x0a8c  [ 8B1E62881D5AC68E673CD94B136B34AC, A0C50F17041E43AC07B67A74F2C408820316201439F47CDEA37A4F5891CC0E6F ] disk            C:\Windows\system32\drivers\disk.sys
14:27:29.0245 0x0a8c  disk - ok
14:27:29.0260 0x0a8c  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
14:27:29.0260 0x0a8c  dmvsc - ok
14:27:29.0260 0x0a8c  [ 1E365F2B4C8F6D4D9FF0D1B4A93C230C, 5CAC22131F376D55F09BF875F7CBC4D8827EBC189EEB5D713D693A3510B20077 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:27:29.0260 0x0a8c  Dnscache - ok
14:27:29.0276 0x0a8c  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:27:29.0276 0x0a8c  dot3svc - ok
14:27:29.0276 0x0a8c  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\Windows\system32\dps.dll
14:27:29.0292 0x0a8c  DPS - ok
14:27:29.0292 0x0a8c  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:27:29.0292 0x0a8c  drmkaud - ok
14:27:29.0292 0x0a8c  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
14:27:29.0307 0x0a8c  DsmSvc - ok
14:27:29.0323 0x0a8c  [ 24C40570BAFEA48E9CB2B87008DCA152, 2D7CCBE5C354667BFBA0B6D6B8F34201AD2992273FB98767C9AD3C72D890A628 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:27:29.0354 0x0a8c  DXGKrnl - ok
14:27:29.0354 0x0a8c  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\Windows\System32\eapsvc.dll
14:27:29.0354 0x0a8c  Eaphost - ok
14:27:29.0417 0x0a8c  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
14:27:29.0463 0x0a8c  ebdrv - ok
14:27:29.0479 0x0a8c  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\Windows\System32\lsass.exe
14:27:29.0479 0x0a8c  EFS - ok
14:27:29.0479 0x0a8c  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
14:27:29.0479 0x0a8c  EhStorClass - ok
14:27:29.0479 0x0a8c  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
14:27:29.0495 0x0a8c  EhStorTcgDrv - ok
14:27:29.0495 0x0a8c  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\Windows\System32\drivers\errdev.sys
14:27:29.0495 0x0a8c  ErrDev - ok
14:27:29.0495 0x0a8c  [ 5C9CA030C451CB3553DB9094C68EE6E9, 0C2E6C874F4B19CA4A603B7767077378ABBDA325D9D73DB971D5DDF52C827745 ] ESProtectionDriver C:\Windows\system32\drivers\mbae64.sys
14:27:29.0495 0x0a8c  ESProtectionDriver - ok
14:27:29.0510 0x0a8c  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\Windows\system32\es.dll
14:27:29.0510 0x0a8c  EventSystem - ok
14:27:29.0526 0x0a8c  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\Windows\system32\drivers\exfat.sys
14:27:29.0526 0x0a8c  exfat - ok
14:27:29.0526 0x0a8c  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:27:29.0542 0x0a8c  fastfat - ok
14:27:29.0542 0x0a8c  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\Windows\system32\fxssvc.exe
14:27:29.0557 0x0a8c  Fax - ok
14:27:29.0557 0x0a8c  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\Windows\System32\drivers\fdc.sys
14:27:29.0557 0x0a8c  fdc - ok
14:27:29.0557 0x0a8c  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:27:29.0557 0x0a8c  fdPHost - ok
14:27:29.0573 0x0a8c  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:27:29.0573 0x0a8c  FDResPub - ok
14:27:29.0573 0x0a8c  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\Windows\system32\fhsvc.dll
14:27:29.0573 0x0a8c  fhsvc - ok
14:27:29.0573 0x0a8c  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:27:29.0588 0x0a8c  FileInfo - ok
14:27:29.0588 0x0a8c  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:27:29.0588 0x0a8c  Filetrace - ok
14:27:29.0588 0x0a8c  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
14:27:29.0588 0x0a8c  flpydisk - ok
14:27:29.0604 0x0a8c  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:27:29.0604 0x0a8c  FltMgr - ok
14:27:29.0635 0x0a8c  [ 223CD19D2F84B7B42081F4FB530B658F, 4A9D1A6688C3C8F0B866B0FE2715C9FBA62BE66D4ADCC327A8CABF9EA876A664 ] FontCache       C:\Windows\system32\FntCache.dll
14:27:29.0651 0x0a8c  FontCache - ok
14:27:29.0651 0x0a8c  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:27:29.0651 0x0a8c  FontCache3.0.0.0 - ok
14:27:29.0651 0x0a8c  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:27:29.0651 0x0a8c  FsDepends - ok
14:27:29.0667 0x0a8c  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:27:29.0667 0x0a8c  Fs_Rec - ok
14:27:29.0667 0x0a8c  [ D4AB6EE3D715BC44C00277FD934FAACF, DE8A8B14D7BA73BA1B5A833DE193CA65EDFE512A57D84F4F2CE19D9646D97F4E ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:27:29.0682 0x0a8c  fvevol - ok
14:27:29.0682 0x0a8c  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
14:27:29.0682 0x0a8c  FxPPM - ok
14:27:29.0682 0x0a8c  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:27:29.0682 0x0a8c  gagp30kx - ok
14:27:29.0698 0x0a8c  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
14:27:29.0698 0x0a8c  gencounter - ok
14:27:29.0760 0x0a8c  [ BE02B05F254CEB1801B84AF26329AC47, 879EF2DFD0444DF21BE44C81F1835D4271CD4AC646D2A4B33E8E8215B7721717 ] GlassWire       C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
14:27:29.0823 0x0a8c  GlassWire - ok
14:27:29.0838 0x0a8c  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
14:27:29.0838 0x0a8c  GPIOClx0101 - ok
14:27:29.0854 0x0a8c  [ 2DAFF4F76A90E3C523C2FE50338537E9, 625745E538208B50E8F5A9A2C09C6CD03D51E424BB16BC6C5B156CBC25373B6D ] gpsvc           C:\Windows\System32\gpsvc.dll
14:27:29.0885 0x0a8c  gpsvc - ok
14:27:29.0885 0x0a8c  [ 0545A3EB959CFA4790D267BFB8C1ACA4, 69061E33ACB7587D773D05000390F9101F71DFD6EED7973B551594EAF3F04193 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:27:29.0885 0x0a8c  gupdate - ok
14:27:29.0885 0x0a8c  [ 0545A3EB959CFA4790D267BFB8C1ACA4, 69061E33ACB7587D773D05000390F9101F71DFD6EED7973B551594EAF3F04193 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:27:29.0885 0x0a8c  gupdatem - ok
14:27:29.0901 0x0a8c  [ 77621A3DF170D246DC744CD0767BFAB3, 08BA4984D8B19337A34E4A2BBCE4AD681FDE09D02A6C421A16F5A717AA12CD84 ] gwdrv           C:\Windows\system32\DRIVERS\gwdrv.sys
14:27:29.0901 0x0a8c  gwdrv - ok
14:27:29.0911 0x0a8c  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:27:29.0915 0x0a8c  HdAudAddService - ok
14:27:29.0920 0x0a8c  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
14:27:29.0920 0x0a8c  HDAudBus - ok
14:27:29.0920 0x0a8c  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
14:27:29.0920 0x0a8c  HidBatt - ok
14:27:29.0920 0x0a8c  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
14:27:29.0920 0x0a8c  HidBth - ok
14:27:29.0935 0x0a8c  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
14:27:29.0935 0x0a8c  hidi2c - ok
14:27:29.0935 0x0a8c  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\Windows\System32\drivers\hidir.sys
14:27:29.0935 0x0a8c  HidIr - ok
14:27:29.0935 0x0a8c  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\Windows\system32\hidserv.dll
14:27:29.0935 0x0a8c  hidserv - ok
14:27:29.0951 0x0a8c  [ 894D982CEAB8CD45A56AE2C9988E86C0, AA2DEB62CB69FF1AEF772989342F2CF77CA48F212C9489A92A4FF97FD46D3866 ] HIDSwitch       C:\Windows\System32\drivers\AsHIDSwitch64.sys
14:27:29.0951 0x0a8c  HIDSwitch - ok
14:27:29.0951 0x0a8c  [ 49676FEC898AB2A11B157F848269A56E, 011E6DDEF9570212520F92FEFD205E1F8104F198B57C40D11BE857FCBCC5F68D ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
14:27:29.0951 0x0a8c  HidUsb - ok
14:27:29.0951 0x0a8c  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:27:29.0951 0x0a8c  hkmsvc - ok
14:27:29.0967 0x0a8c  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:27:29.0967 0x0a8c  HomeGroupListener - ok
14:27:29.0982 0x0a8c  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:27:29.0982 0x0a8c  HomeGroupProvider - ok
14:27:29.0982 0x0a8c  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:27:29.0982 0x0a8c  HpSAMD - ok
14:27:30.0013 0x0a8c  [ 61C5D4EF4BE4EA271B90135490C67447, E44027338E1DF863372ECF6EFF02C881F938C7D7751C8810AABDF1E13E33DDC5 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:27:30.0013 0x0a8c  HTTP - ok
14:27:30.0029 0x0a8c  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:27:30.0029 0x0a8c  hwpolicy - ok
14:27:30.0029 0x0a8c  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
14:27:30.0029 0x0a8c  hyperkbd - ok
14:27:30.0029 0x0a8c  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
14:27:30.0029 0x0a8c  HyperVideo - ok
14:27:30.0029 0x0a8c  [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
14:27:30.0045 0x0a8c  i8042prt - ok
14:27:30.0045 0x0a8c  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
14:27:30.0045 0x0a8c  iaLPSSi_GPIO - ok
14:27:30.0045 0x0a8c  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\Windows\System32\drivers\iaLPSSi_I2C.sys
14:27:30.0045 0x0a8c  iaLPSSi_I2C - ok
14:27:30.0060 0x0a8c  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\Windows\system32\drivers\iaStorAV.sys
14:27:30.0076 0x0a8c  iaStorAV - ok
14:27:30.0076 0x0a8c  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:27:30.0092 0x0a8c  iaStorV - ok
14:27:30.0092 0x0a8c  IEEtwCollectorService - ok
14:27:30.0107 0x0a8c  [ 5697FD05EC6915A1E7193D658D8D6E05, 0179C3AF29880AA21F609CB471034EA5FA49324ACCE12736866675C037EBEC7A ] IKEEXT          C:\Windows\System32\ikeext.dll
14:27:30.0123 0x0a8c  IKEEXT - ok
14:27:30.0217 0x0a8c  [ 4CF43145153C8C7F4F0368B1EFBF32B3, AD4BD5D813565933817E92AEA35FEE931B1F7D173B78BB176CFA936CE167D3C2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:27:30.0295 0x0a8c  IntcAzAudAddService - ok
14:27:30.0295 0x0a8c  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:27:30.0295 0x0a8c  intelide - ok
14:27:30.0310 0x0a8c  [ 7AA01AB1C110916825E6E1389F1B9AF2, E2885955AFA0908E194B1BC364C9582249B2B2AFFF93F17F3414F55B1E5F2C42 ] intelpep        C:\Windows\system32\drivers\intelpep.sys
14:27:30.0310 0x0a8c  intelpep - ok
14:27:30.0310 0x0a8c  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
14:27:30.0310 0x0a8c  intelppm - ok
14:27:30.0310 0x0a8c  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:27:30.0310 0x0a8c  IpFilterDriver - ok
14:27:30.0342 0x0a8c  [ B452623C1DE60544054E784D94A7AA47, 57AECDEE0AB2B80DFFE11E43608988D46E9169288CB56D644DDE2CAFED6AFD40 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:27:30.0342 0x0a8c  iphlpsvc - ok
14:27:30.0357 0x0a8c  [ C800DCD904016B2BF6AB541083770A3A, 95A8FB9AB2818A4F44AFCBF2715B0B3024DCE38E1406EA639F2A5ECA105D2290 ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
14:27:30.0357 0x0a8c  IPMIDRV - ok
14:27:30.0357 0x0a8c  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:27:30.0357 0x0a8c  IPNAT - ok
14:27:30.0357 0x0a8c  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:27:30.0357 0x0a8c  IRENUM - ok
14:27:30.0373 0x0a8c  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:27:30.0373 0x0a8c  isapnp - ok
14:27:30.0373 0x0a8c  [ 744DE92A339763C15C6B988C27439633, B566E04BB3C7BBE736158DFA19A6361ABD7E43ABC5F690CFDA6AD50405C17A94 ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
14:27:30.0373 0x0a8c  iScsiPrt - ok
14:27:30.0388 0x0a8c  [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
14:27:30.0388 0x0a8c  kbdclass - ok
14:27:30.0388 0x0a8c  [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
14:27:30.0388 0x0a8c  kbdhid - ok
14:27:30.0388 0x0a8c  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
14:27:30.0388 0x0a8c  kdnic - ok
14:27:30.0388 0x0a8c  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\Windows\system32\lsass.exe
14:27:30.0388 0x0a8c  KeyIso - ok
14:27:30.0404 0x0a8c  [ 304DA394D958BC3B62AF6DF514005B01, 8D17777C82F034E800181E82D30FCED800CBC46CD659AE2E0D972CA1381BD4C2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:27:30.0404 0x0a8c  KSecDD - ok
14:27:30.0404 0x0a8c  [ 3D4AE520CD6F6FFE549DD195C1F515BE, 2AD3E07F504CE50956C391FD4633D20B354A854C940B3563A67B79BB6E40218F ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:27:30.0404 0x0a8c  KSecPkg - ok
14:27:30.0404 0x0a8c  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:27:30.0404 0x0a8c  ksthunk - ok
14:27:30.0420 0x0a8c  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:27:30.0420 0x0a8c  KtmRm - ok
14:27:30.0435 0x0a8c  [ A64BE9AD14BBFE9C8F540F8E9286CFC9, 60A616BFBB9A1B81CD7947A0142058825D66230BBF15EF4699FBEDF4D2D003F8 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:27:30.0435 0x0a8c  LanmanServer - ok
14:27:30.0451 0x0a8c  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:27:30.0451 0x0a8c  LanmanWorkstation - ok
14:27:30.0467 0x0a8c  [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc           C:\Windows\System32\GeofenceMonitorService.dll
14:27:30.0467 0x0a8c  lfsvc - ok
14:27:30.0482 0x0a8c  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:27:30.0482 0x0a8c  lltdio - ok
14:27:30.0482 0x0a8c  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:27:30.0482 0x0a8c  lltdsvc - ok
14:27:30.0498 0x0a8c  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:27:30.0498 0x0a8c  lmhosts - ok
14:27:30.0498 0x0a8c  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:27:30.0498 0x0a8c  LSI_SAS - ok
14:27:30.0498 0x0a8c  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:27:30.0498 0x0a8c  LSI_SAS2 - ok
14:27:30.0513 0x0a8c  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\Windows\system32\drivers\lsi_sas3.sys
14:27:30.0513 0x0a8c  LSI_SAS3 - ok
14:27:30.0513 0x0a8c  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
14:27:30.0513 0x0a8c  LSI_SSS - ok
14:27:30.0529 0x0a8c  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\Windows\System32\lsm.dll
14:27:30.0545 0x0a8c  LSM - ok
14:27:30.0545 0x0a8c  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\Windows\system32\drivers\luafv.sys
14:27:30.0545 0x0a8c  luafv - ok
14:27:30.0545 0x0a8c  [ 19956478146DC7884812C24B74D7132E, D6795397398C942530B8618F15B7BE6FDB84BAD61DE1B61A9AB85EBCB29EAEF3 ] MBAMFarflt      C:\Windows\system32\drivers\farflt.sys
14:27:30.0560 0x0a8c  MBAMFarflt - ok
14:27:30.0560 0x0a8c  [ 149E252142950594695178971748D056, 6F3EBAD6CB87A21B457AA09CA56EF01B48D4478CB94BD09834E72BE9A41265A4 ] MBAMProtection  C:\Windows\system32\drivers\mbam.sys
14:27:30.0560 0x0a8c  MBAMProtection - ok
14:27:30.0638 0x0a8c  [ D76E56108E6482905D3FAEA0649919E4, E10285889570A01E544B027F4A17BA7242E5E3EF93D20A19B05091DB237C6DD1 ] MBAMService     C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
14:27:30.0685 0x0a8c  MBAMService - ok
14:27:30.0701 0x0a8c  [ C3549BE8C1FE4ECBEE21DAD3378F6CD0, E4FB6856C1A8B9185322EFC4AF31A3748365ED2E3E4FB6DF57B35569D8D42AAD ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
14:27:30.0701 0x0a8c  MBAMSwissArmy - ok
14:27:30.0701 0x0a8c  [ 56D97EB1ACE0B76D500E7E1F1AB72023, 37A3103598CF739B36E370E2033BA208C499D6479F661820AA1708212D20FAFC ] MBAMWebProtection C:\Windows\system32\drivers\mwac.sys
14:27:30.0701 0x0a8c  MBAMWebProtection - ok
14:27:30.0701 0x0a8c  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\Windows\system32\drivers\megasas.sys
14:27:30.0717 0x0a8c  megasas - ok
14:27:30.0717 0x0a8c  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\Windows\system32\drivers\megasr.sys
14:27:30.0732 0x0a8c  megasr - ok
14:27:30.0732 0x0a8c  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\Windows\system32\mmcss.dll
14:27:30.0732 0x0a8c  MMCSS - ok
14:27:30.0732 0x0a8c  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\Windows\system32\drivers\modem.sys
14:27:30.0732 0x0a8c  Modem - ok
14:27:30.0748 0x0a8c  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\Windows\System32\drivers\monitor.sys
14:27:30.0748 0x0a8c  monitor - ok
14:27:30.0748 0x0a8c  [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
14:27:30.0748 0x0a8c  mouclass - ok
14:27:30.0748 0x0a8c  [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid          C:\Windows\System32\drivers\mouhid.sys
14:27:30.0748 0x0a8c  mouhid - ok
14:27:30.0748 0x0a8c  [ E5E8665272EBCD87A0A632314F0D221D, 37FDC4CEB8E5FC39C10DE875676863D090CFEA708AC3A8415114DCDD94BD7A1D ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:27:30.0763 0x0a8c  mountmgr - ok
14:27:30.0763 0x0a8c  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:27:30.0763 0x0a8c  mpsdrv - ok
14:27:30.0779 0x0a8c  [ D1418745A5472F3930A288E05B9E2C05, 95785F0FA7EE239459C0288DB37E9E54648029FD6FE45A61E6343526D67FFA32 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:27:30.0795 0x0a8c  MpsSvc - ok
14:27:30.0795 0x0a8c  [ 3F818C1518DA702C8F10259095C9BDE0, B98C1A6F9A3C01A10503B2B2C45CC89AFF17B346B15990F4DB4820F68BDC62C8 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:27:30.0795 0x0a8c  MRxDAV - ok
14:27:30.0810 0x0a8c  [ E2FC654EC895E92A022794329BFC53EC, BDEFF410B8A1D213B652A86DBF53774A3EBD58C32CCB9180712F9F3777307688 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:27:30.0810 0x0a8c  mrxsmb - ok
14:27:30.0826 0x0a8c  [ B213149BE26DD213C44AD61DB19C1251, E28886C1E78E54BBA74DD9779BB18B20D9CB8DF1CCD387FE415F1748719EE5F6 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:27:30.0826 0x0a8c  mrxsmb10 - ok
14:27:30.0826 0x0a8c  [ B37B58F9F80A51098C42663D5FA5F2BA, 996E2D8344F0095C136D1670D63A476E6B6F6BBA9DD773EEE5F0FD580562B000 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:27:30.0842 0x0a8c  mrxsmb20 - ok
14:27:30.0842 0x0a8c  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
14:27:30.0842 0x0a8c  MsBridge - ok
14:27:30.0842 0x0a8c  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\Windows\System32\msdtc.exe
14:27:30.0842 0x0a8c  MSDTC - ok
14:27:30.0857 0x0a8c  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:27:30.0857 0x0a8c  Msfs - ok
14:27:30.0857 0x0a8c  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
14:27:30.0857 0x0a8c  msgpiowin32 - ok
14:27:30.0857 0x0a8c  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:27:30.0857 0x0a8c  mshidkmdf - ok
14:27:30.0857 0x0a8c  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
14:27:30.0857 0x0a8c  mshidumdf - ok
14:27:30.0873 0x0a8c  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:27:30.0873 0x0a8c  msisadrv - ok
14:27:30.0873 0x0a8c  [ A06142B3850B06972F1C89748FAA2C02, B1CCC5C8D100FEB384FCC85FED2A77F47DA4C9BA5F6889A130F4D73E30ACAA78 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:27:30.0873 0x0a8c  MSiSCSI - ok
14:27:30.0873 0x0a8c  msiserver - ok
14:27:30.0873 0x0a8c  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:27:30.0873 0x0a8c  MSKSSRV - ok
14:27:30.0888 0x0a8c  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
14:27:30.0888 0x0a8c  MsLldp - ok
14:27:30.0888 0x0a8c  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:27:30.0888 0x0a8c  MSPCLOCK - ok
14:27:30.0888 0x0a8c  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:27:30.0888 0x0a8c  MSPQM - ok
14:27:30.0904 0x0a8c  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:27:30.0904 0x0a8c  MsRPC - ok
14:27:30.0904 0x0a8c  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
14:27:30.0904 0x0a8c  mssmbios - ok
14:27:30.0904 0x0a8c  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:27:30.0904 0x0a8c  MSTEE - ok
14:27:30.0920 0x0a8c  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
14:27:30.0920 0x0a8c  MTConfig - ok
14:27:30.0920 0x0a8c  [ 438EA7A2D8D4F9B8AFB64748ACA70BA8, AEEB7B657B645C4006C6D5E8D07ECE581DEE7AD22EA1A587C552574990CF091B ] Mup             C:\Windows\system32\Drivers\mup.sys
14:27:30.0920 0x0a8c  Mup - ok
14:27:30.0920 0x0a8c  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
14:27:30.0920 0x0a8c  mvumis - ok
14:27:30.0935 0x0a8c  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\Windows\system32\qagentRT.dll
14:27:30.0935 0x0a8c  napagent - ok
14:27:30.0951 0x0a8c  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:27:30.0951 0x0a8c  NativeWifiP - ok
14:27:30.0967 0x0a8c  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\Windows\System32\ncasvc.dll
14:27:30.0967 0x0a8c  NcaSvc - ok
14:27:30.0967 0x0a8c  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\Windows\System32\ncbservice.dll
14:27:30.0982 0x0a8c  NcbService - ok
14:27:30.0982 0x0a8c  [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
14:27:30.0982 0x0a8c  NcdAutoSetup - ok
14:27:30.0998 0x0a8c  [ FFAA6C6E798FBA448FA7628A1B277F5C, 9E1F2C848A019CE6397F652A21AE43B76149EF95452BB8353249BD9E28D98083 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:27:31.0014 0x0a8c  NDIS - ok
14:27:31.0014 0x0a8c  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:27:31.0014 0x0a8c  NdisCap - ok
14:27:31.0029 0x0a8c  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
14:27:31.0029 0x0a8c  NdisImPlatform - ok
14:27:31.0029 0x0a8c  [ DC1D9F692C2AD84C214584C28501C1F7, 96FC0D1EC48FED963E02648541A2AAC8E72ED00D797EA8E3D0ED02F5EB4816C5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:27:31.0029 0x0a8c  NdisTapi - ok
14:27:31.0029 0x0a8c  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:27:31.0029 0x0a8c  Ndisuio - ok
14:27:31.0029 0x0a8c  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
14:27:31.0029 0x0a8c  NdisVirtualBus - ok
14:27:31.0045 0x0a8c  [ C3755FCF9A0B5C6FE8ED9E873B85D3CE, 4D3DAFAFA5FB2930522D6DA536E3A731BABE0C24613C190D2330DB415D1A6515 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:27:31.0045 0x0a8c  NdisWan - ok
14:27:31.0045 0x0a8c  [ C3755FCF9A0B5C6FE8ED9E873B85D3CE, 4D3DAFAFA5FB2930522D6DA536E3A731BABE0C24613C190D2330DB415D1A6515 ] NdisWanLegacy   C:\Windows\system32\DRIVERS\ndiswan.sys
14:27:31.0045 0x0a8c  NdisWanLegacy - ok
14:27:31.0060 0x0a8c  [ B8F36CBC72FC5C8B8A30AD850165EA8E, 478454B1399700B745265A64EC9C797C66BD0141471200BCF222F5EB15B0F40C ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:27:31.0060 0x0a8c  NDProxy - ok
14:27:31.0060 0x0a8c  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
14:27:31.0060 0x0a8c  Ndu - ok
14:27:31.0060 0x0a8c  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:27:31.0060 0x0a8c  NetBIOS - ok
14:27:31.0076 0x0a8c  [ 9DC17B7D9D84C37C102D379FCC7D4942, D522022ED4395686837E96F57EE29F8065FB749D1195B60D2A406FB33F696C09 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:27:31.0076 0x0a8c  NetBT - ok
14:27:31.0076 0x0a8c  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\Windows\system32\lsass.exe
14:27:31.0076 0x0a8c  Netlogon - ok
14:27:31.0092 0x0a8c  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\Windows\System32\netman.dll
14:27:31.0092 0x0a8c  Netman - ok
14:27:31.0107 0x0a8c  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\Windows\System32\netprofmsvc.dll
14:27:31.0107 0x0a8c  netprofm - ok
14:27:31.0123 0x0a8c  [ 10D5997E2F5F16FE3BC3BD1A4BF31EA8, 0DDC4855C00A581A35AB2A11D2AAACC844C460F13F524DD9B92B8F00C31173A7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:27:31.0123 0x0a8c  NetTcpPortSharing - ok
14:27:31.0123 0x0a8c  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\Windows\System32\drivers\netvsc63.sys
14:27:31.0138 0x0a8c  netvsc - ok
14:27:31.0138 0x0a8c  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:27:31.0154 0x0a8c  NlaSvc - ok
14:27:31.0154 0x0a8c  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:27:31.0154 0x0a8c  Npfs - ok
14:27:31.0154 0x0a8c  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
14:27:31.0154 0x0a8c  npsvctrig - ok
14:27:31.0154 0x0a8c  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\Windows\system32\nsisvc.dll
14:27:31.0154 0x0a8c  nsi - ok
14:27:31.0154 0x0a8c  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:27:31.0170 0x0a8c  nsiproxy - ok
14:27:31.0201 0x0a8c  [ 275CF7F20338B2B1F5264C665033073F, 2295D5120C4750CA10771471ECEE700215289F97B4C5AFE6FBC9A90C4DEB7F87 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:27:31.0232 0x0a8c  Ntfs - ok
14:27:31.0232 0x0a8c  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\Windows\system32\drivers\Null.sys
14:27:31.0232 0x0a8c  Null - ok
14:27:31.0232 0x0a8c  [ 1A0AA47B610D80780E9D8B3A2FE84E64, B30BD689989685C676A44FC2ECE1072526F473A4E5798324B1AF5CF822298915 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
14:27:31.0248 0x0a8c  NVHDA - ok
14:27:31.0404 0x0a8c  [ EE1B3752121C4B4E8C279A3FB272C136, 7BE853950FD79588A99E4BBCC99FBF1A805B74FA0BB6D2B3232D3132F960C26F ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:27:31.0545 0x0a8c  nvlddmkm - ok
14:27:31.0560 0x0a8c  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:27:31.0560 0x0a8c  nvraid - ok
14:27:31.0576 0x0a8c  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:27:31.0576 0x0a8c  nvstor - ok
14:27:31.0592 0x0a8c  [ AA1305BD98009DB1766925E335911060, AF57AE2598B000AB615097FD24AD54F4D3E8EAF8880CC0119F1A20E42D67765D ] nvsvc           C:\Windows\system32\nvvsvc.exe
14:27:31.0607 0x0a8c  nvsvc - ok
14:27:31.0607 0x0a8c  [ FCA541F2278DD0886DF2A06926373DCC, 3689EB606B3F23C071ABADC9490321126DF6C171FA62EB21CC8838D0DE522FFE ] NVVADARM        C:\Windows\system32\drivers\nvvadarm.sys
14:27:31.0607 0x0a8c  NVVADARM - ok
14:27:31.0607 0x0a8c  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:27:31.0623 0x0a8c  nv_agp - ok
14:27:31.0623 0x0a8c  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:27:31.0638 0x0a8c  p2pimsvc - ok
14:27:31.0638 0x0a8c  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\Windows\system32\p2psvc.dll
14:27:31.0654 0x0a8c  p2psvc - ok
14:27:31.0654 0x0a8c  [ 57DCE4FB0467986AE78E1C6FC5240D32, F7F3ADD1B48E4D6BB0A664A2FE556F71ED7453054B4FB667A29BE050C845045B ] Parport         C:\Windows\System32\drivers\parport.sys
14:27:31.0654 0x0a8c  Parport - ok
14:27:31.0654 0x0a8c  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:27:31.0654 0x0a8c  partmgr - ok
14:27:31.0670 0x0a8c  [ 0A2DF1055FEEA30DFF73DAC0DA45FDE4, 497B2AE591ABBCFA8FC571D9C1D750006212F2D2DDF12F5A9E7FFA811CD707A3 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:27:31.0670 0x0a8c  PcaSvc - ok
14:27:31.0685 0x0a8c  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\Windows\system32\drivers\pci.sys
14:27:31.0685 0x0a8c  pci - ok
14:27:31.0685 0x0a8c  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:27:31.0685 0x0a8c  pciide - ok
14:27:31.0685 0x0a8c  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:27:31.0701 0x0a8c  pcmcia - ok
14:27:31.0701 0x0a8c  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:27:31.0701 0x0a8c  pcw - ok
14:27:31.0701 0x0a8c  [ 6144634D5219A9EEF02024BE6B5871A4, 12A8AC2B844AB2BBB6BDAF0B6EBDF6A2AA0C05FBC7C3CDFB6E639E017A95FB9F ] pdc             C:\Windows\system32\drivers\pdc.sys
14:27:31.0701 0x0a8c  pdc - ok
14:27:31.0717 0x0a8c  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:27:31.0732 0x0a8c  PEAUTH - ok
14:27:31.0748 0x0a8c  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:27:31.0748 0x0a8c  PerfHost - ok
14:27:31.0779 0x0a8c  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\Windows\system32\pla.dll
14:27:31.0795 0x0a8c  pla - ok
14:27:31.0810 0x0a8c  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:27:31.0810 0x0a8c  PlugPlay - ok
14:27:31.0810 0x0a8c  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:27:31.0810 0x0a8c  PNRPAutoReg - ok
14:27:31.0810 0x0a8c  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:27:31.0826 0x0a8c  PNRPsvc - ok
14:27:31.0826 0x0a8c  [ 0FF8507A8B901B904E98EB36B9E347EE, FE4A9A6159A8490F3155D166656748722EFDEDCDC447C09155A5AD6D9F5D294D ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:27:31.0842 0x0a8c  PolicyAgent - ok
14:27:31.0842 0x0a8c  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\Windows\system32\umpo.dll
14:27:31.0842 0x0a8c  Power - ok
14:27:31.0903 0x0a8c  [ F6EA63145C20A23732AD2CA1EBA65FA1, 0DD1164D37C1500258E9CCCE458778A3DA196D9A65919B2672E3C88383068F52 ] PrintNotify     C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
14:27:31.0934 0x0a8c  PrintNotify - ok
14:27:31.0950 0x0a8c  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\Windows\System32\drivers\processr.sys
14:27:31.0950 0x0a8c  Processor - ok
14:27:31.0950 0x0a8c  [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc         C:\Windows\system32\profsvc.dll
14:27:31.0965 0x0a8c  ProfSvc - ok
14:27:31.0965 0x0a8c  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:27:31.0965 0x0a8c  Psched - ok
14:27:31.0965 0x0a8c  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\Windows\system32\qwave.dll
14:27:31.0981 0x0a8c  QWAVE - ok
14:27:31.0981 0x0a8c  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:27:31.0981 0x0a8c  QWAVEdrv - ok
14:27:31.0981 0x0a8c  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:27:31.0981 0x0a8c  RasAcd - ok
14:27:31.0981 0x0a8c  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\Windows\System32\rasauto.dll
14:27:31.0997 0x0a8c  RasAuto - ok
14:27:31.0997 0x0a8c  [ 15C0034561FE5B03FA376F1A6232478B, 0F9B5C2BD7D8803FF3C5ED957D3F0859F2A59B74510E4659FBF05EDCBF230208 ] RasMan          C:\Windows\System32\rasmans.dll
14:27:32.0012 0x0a8c  RasMan - ok
14:27:32.0012 0x0a8c  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:27:32.0012 0x0a8c  RasPppoe - ok
14:27:32.0028 0x0a8c  [ D67ED4AB59D1EF66B05AD1A81AC28B26, 72E750A9A6B484D8BEDE52FA6DABEF4D95765DE491152E1F6C856D0590B50C28 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:27:32.0028 0x0a8c  rdbss - ok
14:27:32.0028 0x0a8c  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
14:27:32.0028 0x0a8c  rdpbus - ok
14:27:32.0044 0x0a8c  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
14:27:32.0044 0x0a8c  RDPDR - ok
14:27:32.0044 0x0a8c  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:27:32.0044 0x0a8c  RdpVideoMiniport - ok
14:27:32.0059 0x0a8c  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:27:32.0059 0x0a8c  rdyboost - ok
14:27:32.0075 0x0a8c  [ 2D39BCFA4DD1081B8F282B623456B858, DD8C433B66B6661F4DBD1784CBD334441B508BE84932DD443F7AD51CEA192BA9 ] ReFS            C:\Windows\system32\drivers\ReFS.sys
14:27:32.0090 0x0a8c  ReFS - ok
14:27:32.0090 0x0a8c  [ DF78648AC3C8DC9D70E6714AF785382F, 56E104939ED0AB5B26AE07BAB1BBB7D15828DBD3A2AD35361423D7ADDA4BA551 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:27:32.0106 0x0a8c  RemoteAccess - ok
14:27:32.0106 0x0a8c  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:27:32.0106 0x0a8c  RemoteRegistry - ok
14:27:32.0106 0x0a8c  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:27:32.0106 0x0a8c  RpcEptMapper - ok
14:27:32.0122 0x0a8c  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\Windows\system32\locator.exe
14:27:32.0122 0x0a8c  RpcLocator - ok
14:27:32.0137 0x0a8c  [ 20CC6E9FE25ACD34BE4FCDDB7B08364D, 295B2BBDC860A4CD65CD09C975D08CA1B8E4FE60AD0CA084CAB149A3E9D64B40 ] RpcSs           C:\Windows\system32\rpcss.dll
14:27:32.0137 0x0a8c  RpcSs - ok
14:27:32.0153 0x0a8c  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:27:32.0153 0x0a8c  rspndr - ok
14:27:32.0153 0x0a8c  [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
14:27:32.0169 0x0a8c  RTL8168 - ok
14:27:32.0169 0x0a8c  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
14:27:32.0169 0x0a8c  s3cap - ok
14:27:32.0169 0x0a8c  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\Windows\system32\lsass.exe
14:27:32.0169 0x0a8c  SamSs - ok
14:27:32.0184 0x0a8c  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:27:32.0184 0x0a8c  sbp2port - ok
14:27:32.0184 0x0a8c  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:27:32.0184 0x0a8c  SCardSvr - ok
14:27:32.0200 0x0a8c  [ 92D2FA1870F4EB4A9BA767DB6E0DEF6F, AB019E17D5F330CBB7F7CAF8CEB01F3F3DBBB181CDE19E4C2354AF51E66C8291 ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
14:27:32.0200 0x0a8c  ScDeviceEnum - ok
14:27:32.0200 0x0a8c  [ FA7ABD857DEB0FE3C94CC39A4C845E66, ACD551F75E00C4EB9CFDA73B04051D0BF5FF0BA67C716E1989A21683D8777A41 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:27:32.0200 0x0a8c  scfilter - ok
14:27:32.0231 0x0a8c  [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule        C:\Windows\system32\schedsvc.dll
14:27:32.0247 0x0a8c  Schedule - ok
14:27:32.0247 0x0a8c  [ ACFDC4EE40EC6E4A0AB91D923B8288C8, D31555AB31F504C247049219BE0ECDF26BB18E210BE7C45E8575FD166FD7EE23 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:27:32.0247 0x0a8c  SCPolicySvc - ok
14:27:32.0262 0x0a8c  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\Windows\System32\drivers\sdbus.sys
14:27:32.0262 0x0a8c  sdbus - ok
14:27:32.0262 0x0a8c  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
14:27:32.0262 0x0a8c  sdstor - ok
14:27:32.0278 0x0a8c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:27:32.0278 0x0a8c  secdrv - ok
14:27:32.0278 0x0a8c  [ 6627154693B6C2B8A59727F5B38728E8, F08251EE3436400295F120D48F3763E6F11BBF4132D674AD3E8112B6B3538455 ] seclogon        C:\Windows\system32\seclogon.dll
14:27:32.0278 0x0a8c  seclogon - ok
14:27:32.0278 0x0a8c  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\Windows\System32\sens.dll
14:27:32.0278 0x0a8c  SENS - ok
14:27:32.0294 0x0a8c  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:27:32.0294 0x0a8c  SensrSvc - ok
14:27:32.0294 0x0a8c  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
14:27:32.0294 0x0a8c  SerCx - ok
14:27:32.0294 0x0a8c  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
14:27:32.0309 0x0a8c  SerCx2 - ok
14:27:32.0309 0x0a8c  [ 1F0135949A6AD6025F363F80FE268251, DB2D503863143F2251E589F7B0B3E9FBF997D7333D54C55856590B5080B5513D ] Serenum         C:\Windows\System32\drivers\serenum.sys
14:27:32.0309 0x0a8c  Serenum - ok
14:27:32.0309 0x0a8c  [ 81633C87B42B63BA484A6177179AC750, A22BA40E9EC74E88D8098CBDC954E1D63B832FCB789E3C7B731DE5DA39BEE2CA ] Serial          C:\Windows\System32\drivers\serial.sys
14:27:32.0309 0x0a8c  Serial - ok
14:27:32.0309 0x0a8c  [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse        C:\Windows\System32\drivers\sermouse.sys
14:27:32.0309 0x0a8c  sermouse - ok
14:27:32.0325 0x0a8c  [ C42D93E4211D16EE0315D38C6618659E, CA280B8B42C4F7C47669DF3129E4FD56F861D94D8840C26EFFC669757B4EC495 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:27:32.0340 0x0a8c  SessionEnv - ok
14:27:32.0340 0x0a8c  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
14:27:32.0340 0x0a8c  sfloppy - ok
14:27:32.0340 0x0a8c  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:27:32.0356 0x0a8c  SharedAccess - ok
14:27:32.0372 0x0a8c  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:27:32.0372 0x0a8c  ShellHWDetection - ok
14:27:32.0387 0x0a8c  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:27:32.0387 0x0a8c  SiSRaid2 - ok
14:27:32.0387 0x0a8c  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:27:32.0387 0x0a8c  SiSRaid4 - ok
14:27:32.0387 0x0a8c  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\Windows\System32\smphost.dll
14:27:32.0387 0x0a8c  smphost - ok
14:27:32.0403 0x0a8c  [ 961507DB02D7AC0B7A7828D457143B8E, F423BE6287C65960A955EBB3BFBAC047313BEB2F54920A6E57E51FCCE855F5E0 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:27:32.0403 0x0a8c  SNMPTRAP - ok
14:27:32.0403 0x0a8c  [ F6AF6499C3788105EA7AF1DA27769A77, F847789B0AD498CC9C985F334F7BA0906ACB41FB356CC2EF2A00C62C75D94A79 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
14:27:32.0419 0x0a8c  spaceport - ok
14:27:32.0419 0x0a8c  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
14:27:32.0419 0x0a8c  SpbCx - ok
14:27:32.0434 0x0a8c  [ 2E3976C857D7230EC8D2B2276E688255, C0A6A84369CB3E709A6FFEBED2B38AB62D731B79D052D6D6FA8EF855BC428778 ] Spooler         C:\Windows\System32\spoolsv.exe
14:27:32.0450 0x0a8c  Spooler - ok
14:27:32.0544 0x0a8c  [ F264662C057A54AA2DE41B3C7551712F, 2C123C6ACD967CDF1AD2855187CF3D8357B16A4FD9C2F18AE54CFA384165FA11 ] sppsvc          C:\Windows\system32\sppsvc.exe
14:27:32.0622 0x0a8c  sppsvc - ok
14:27:32.0637 0x0a8c  [ 6A697F8A01C0E7C22D45091E6E8BC5A9, 3F9665219FECF0D8C6BD92ED287CEA243D17F30ABF69F484893DF0FA02B14E8A ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:27:32.0653 0x0a8c  srv - ok
14:27:32.0669 0x0a8c  [ 2BDC8B9E7AA11C5C1D77E4CFA27219E0, B3B186B18E0788050FB3552A7261AD5134762C4F6906C302674827954BD958C9 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:27:32.0669 0x0a8c  srv2 - ok
14:27:32.0684 0x0a8c  [ BB53DBB28A7A0E64F3560FE08A8AFBB1, 10057498C452AC63F707B6FD02983C73D471AB9E937619164787EE14A70AE5E7 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:27:32.0684 0x0a8c  srvnet - ok
14:27:32.0684 0x0a8c  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:27:32.0700 0x0a8c  SSDPSRV - ok
14:27:32.0700 0x0a8c  [ 983F9033F93B6600FB6360C36BDAF65D, CA4A9031BF4280F253F36DD45B630604B4FE61CC4687CB0826C9F9F65B7AAEB0 ] sshid           C:\Windows\System32\drivers\sshid.sys
14:27:32.0700 0x0a8c  sshid - ok
14:27:32.0700 0x0a8c  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:27:32.0700 0x0a8c  SstpSvc - ok
14:27:32.0731 0x0a8c  [ 03404CCE10E4A207953E954C2AF8D41E, 380841C60C7730E14F81C2E2D011E944BE45CA082997B82A4859C2E49F812D01 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
14:27:32.0747 0x0a8c  Steam Client Service - ok
14:27:32.0762 0x0a8c  [ 283B9D7A9A27D0FD724E563CCEC08998, 7CCDEB7D0D362D64D5406B3D83E74246EC312DD0FEFED8C2C84262C5815FAE8F ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:27:32.0762 0x0a8c  Stereo Service - ok
14:27:32.0778 0x0a8c  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:27:32.0778 0x0a8c  stexstor - ok
14:27:32.0794 0x0a8c  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\Windows\System32\wiaservc.dll
14:27:32.0794 0x0a8c  stisvc - ok
14:27:32.0809 0x0a8c  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\Windows\system32\drivers\storahci.sys
14:27:32.0809 0x0a8c  storahci - ok
14:27:32.0809 0x0a8c  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
14:27:32.0809 0x0a8c  storflt - ok
14:27:32.0809 0x0a8c  [ 1D5A045F59D216448FCDE3A8D69970E2, CEDEB0843D93339D10FE4BC209CCFCB6E12C6064FD62694DA7675082E8B8C915 ] stornvme        C:\Windows\system32\drivers\stornvme.sys
14:27:32.0809 0x0a8c  stornvme - ok
14:27:32.0809 0x0a8c  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\Windows\system32\storsvc.dll
14:27:32.0825 0x0a8c  StorSvc - ok
14:27:32.0825 0x0a8c  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\Windows\system32\drivers\storvsc.sys
14:27:32.0825 0x0a8c  storvsc - ok
14:27:32.0825 0x0a8c  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\Windows\system32\svsvc.dll
14:27:32.0825 0x0a8c  svsvc - ok
14:27:32.0825 0x0a8c  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\Windows\System32\drivers\swenum.sys
14:27:32.0825 0x0a8c  swenum - ok
14:27:32.0840 0x0a8c  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\Windows\System32\swprv.dll
14:27:32.0856 0x0a8c  swprv - ok
14:27:32.0872 0x0a8c  [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain         C:\Windows\system32\sysmain.dll
14:27:32.0887 0x0a8c  SysMain - ok
14:27:32.0903 0x0a8c  [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
14:27:32.0903 0x0a8c  SystemEventsBroker - ok
14:27:32.0919 0x0a8c  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:27:32.0919 0x0a8c  TabletInputService - ok
14:27:32.0919 0x0a8c  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:27:32.0934 0x0a8c  TapiSrv - ok
14:27:32.0965 0x0a8c  [ 2F10C145F517419E17203632FCDA0A13, 143F5837AE79E3EDB98F17A4661ECD5BCBFEB317077286B51E765560339B53A8 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:27:32.0997 0x0a8c  Tcpip - ok
14:27:33.0044 0x0a8c  [ 2F10C145F517419E17203632FCDA0A13, 143F5837AE79E3EDB98F17A4661ECD5BCBFEB317077286B51E765560339B53A8 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:27:33.0075 0x0a8c  TCPIP6 - ok
14:27:33.0075 0x0a8c  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:27:33.0075 0x0a8c  tcpipreg - ok
14:27:33.0090 0x0a8c  [ 23DF7EBD9B782E1436CEC700565A4366, 70B89AA230BDD9BA73625EAF93FA21560A3D0FAFE6B015D84F910EECDCF90A70 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:27:33.0090 0x0a8c  tdx - ok
14:27:33.0090 0x0a8c  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
14:27:33.0090 0x0a8c  terminpt - ok
14:27:33.0106 0x0a8c  [ 83FC6290C38166BF86026BEA21A139B0, FDFBCB3D4F7F0D97811F0D308DF515C087A8C85EAEC86BC6BE5DFE7D4F3B3524 ] TermService     C:\Windows\System32\termsrv.dll
14:27:33.0137 0x0a8c  TermService - ok
14:27:33.0137 0x0a8c  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\Windows\system32\themeservice.dll
14:27:33.0137 0x0a8c  Themes - ok
14:27:33.0137 0x0a8c  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\Windows\system32\mmcss.dll
14:27:33.0137 0x0a8c  THREADORDER - ok
14:27:33.0153 0x0a8c  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
14:27:33.0153 0x0a8c  TimeBroker - ok
14:27:33.0153 0x0a8c  [ 80A2FC1A089A71F2DBE5D8394FFB009F, DEA30E751F6EA42E43E16869713FC7E37832B15DAFA0062B1798DFA476981385 ] TPM             C:\Windows\system32\drivers\tpm.sys
14:27:33.0153 0x0a8c  TPM - ok
14:27:33.0169 0x0a8c  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\Windows\System32\trkwks.dll
14:27:33.0169 0x0a8c  TrkWks - ok
14:27:33.0169 0x0a8c  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:27:33.0169 0x0a8c  TrustedInstaller - ok
14:27:33.0184 0x0a8c  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:27:33.0184 0x0a8c  TsUsbFlt - ok
14:27:33.0184 0x0a8c  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
14:27:33.0184 0x0a8c  TsUsbGD - ok
14:27:33.0184 0x0a8c  [ E85916632CD3B9E9B546968DB950BF42, DECE3852C763CC6293C7D1B772296C43A0AE1E47BBCC4979C96B3B2AD70413F3 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:27:33.0184 0x0a8c  tunnel - ok
14:27:33.0200 0x0a8c  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:27:33.0200 0x0a8c  uagp35 - ok
14:27:33.0200 0x0a8c  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
14:27:33.0200 0x0a8c  UASPStor - ok
14:27:33.0200 0x0a8c  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
14:27:33.0215 0x0a8c  UCX01000 - ok
14:27:33.0215 0x0a8c  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:27:33.0215 0x0a8c  udfs - ok
14:27:33.0231 0x0a8c  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\Windows\System32\drivers\UEFI.sys
14:27:33.0231 0x0a8c  UEFI - ok
14:27:33.0231 0x0a8c  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:27:33.0231 0x0a8c  UI0Detect - ok
14:27:33.0231 0x0a8c  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:27:33.0231 0x0a8c  uliagpkx - ok
14:27:33.0247 0x0a8c  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\Windows\System32\drivers\umbus.sys
14:27:33.0247 0x0a8c  umbus - ok
14:27:33.0247 0x0a8c  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\Windows\System32\drivers\umpass.sys
14:27:33.0247 0x0a8c  UmPass - ok
14:27:33.0247 0x0a8c  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\Windows\System32\umrdp.dll
14:27:33.0262 0x0a8c  UmRdpService - ok
14:27:33.0262 0x0a8c  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\Windows\System32\upnphost.dll
14:27:33.0278 0x0a8c  upnphost - ok
14:27:33.0278 0x0a8c  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
14:27:33.0278 0x0a8c  usbccgp - ok
14:27:33.0278 0x0a8c  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
14:27:33.0294 0x0a8c  usbcir - ok
14:27:33.0294 0x0a8c  [ C996CBEF922B5653A01E3F50DDCE2F86, 231EB5A36E7EE242197E796D3B4AB12F945D2C8570587BC8D57D45530A0C59B4 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
14:27:33.0294 0x0a8c  usbehci - ok
14:27:33.0309 0x0a8c  [ CD81683F4553677B9BF5163A922153EB, 6B304B0D68B9BFF0245EC755CDAAF9DF59DF3A081727E32CB66672929F0DBC50 ] usbhub          C:\Windows\System32\drivers\usbhub.sys
14:27:33.0309 0x0a8c  usbhub - ok
14:27:33.0325 0x0a8c  [ 5C90D5379B53590FBB24BBAD4FA682EE, DC036340510C1C0999AB1CB845F8E6EB8B7696BAC9BBE6E936454C0000D1E9D4 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
14:27:33.0325 0x0a8c  USBHUB3 - ok
14:27:33.0325 0x0a8c  [ A0F0484C97D6441ED6A75D7426ECCC9E, FF928ADE1C5464E581BF929F7383D5762D110EA6C7E31A6F0887EA7357ADBEFE ] usbohci         C:\Windows\System32\drivers\usbohci.sys
14:27:33.0325 0x0a8c  usbohci - ok
14:27:33.0340 0x0a8c  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
14:27:33.0340 0x0a8c  usbprint - ok
14:27:33.0340 0x0a8c  [ 9D168BFA334D47BE404367EB58D4E130, 23279CBE6ACBD074E7B268BA2EDA14E2255C41F8117173B2BBE653D8259ECFA2 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
14:27:33.0340 0x0a8c  USBSTOR - ok
14:27:33.0340 0x0a8c  [ FC974B03C8B87455F44F734C8F31A3C8, D69F6EE8030F7DF96FF151D9EAA6AE65417ACAC5A267C7DB96E9611D5BC42D2C ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
14:27:33.0340 0x0a8c  usbuhci - ok
14:27:33.0356 0x0a8c  [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
14:27:33.0356 0x0a8c  USBXHCI - ok
14:27:33.0356 0x0a8c  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\Windows\system32\lsass.exe
14:27:33.0356 0x0a8c  VaultSvc - ok
14:27:33.0372 0x0a8c  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:27:33.0372 0x0a8c  vdrvroot - ok
14:27:33.0387 0x0a8c  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\Windows\System32\vds.exe
14:27:33.0403 0x0a8c  vds - ok
14:27:33.0419 0x0a8c  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
14:27:33.0419 0x0a8c  VerifierExt - ok
14:27:33.0434 0x0a8c  [ 8ABB4BABF59F092DF0B43778D8FD1884, 94C2100CE86448543A8DD586AD4A128AB9EB37959238D70F33EF59202270AC6C ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
14:27:33.0434 0x0a8c  vhdmp - ok
14:27:33.0450 0x0d28  Object required for P2P: [ F264662C057A54AA2DE41B3C7551712F ] sppsvc
14:27:33.0450 0x0a8c  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:27:33.0450 0x0a8c  viaide - ok
14:27:33.0450 0x0a8c  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
14:27:33.0450 0x0a8c  vmbus - ok
14:27:33.0450 0x0a8c  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
14:27:33.0450 0x0a8c  VMBusHID - ok
14:27:33.0465 0x0a8c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
14:27:33.0481 0x0a8c  vmicguestinterface - ok
14:27:33.0481 0x0a8c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
14:27:33.0497 0x0a8c  vmicheartbeat - ok
14:27:33.0497 0x0a8c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
14:27:33.0512 0x0a8c  vmickvpexchange - ok
14:27:33.0528 0x0a8c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\Windows\System32\ICSvc.dll
14:27:33.0528 0x0a8c  vmicrdv - ok
14:27:33.0544 0x0a8c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
14:27:33.0544 0x0a8c  vmicshutdown - ok
14:27:33.0559 0x0a8c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\Windows\System32\ICSvc.dll
14:27:33.0559 0x0a8c  vmictimesync - ok
14:27:33.0575 0x0a8c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\Windows\System32\ICSvc.dll
14:27:33.0590 0x0a8c  vmicvss - ok
14:27:33.0590 0x0a8c  [ 436E1A724E7E683F6B612D3D58F04241, 939B5EF0090DF3759295F88402FD0EA33F499DDA9F89E5D0E90D1F9AED65D491 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:27:33.0590 0x0a8c  volmgr - ok
14:27:33.0590 0x0a8c  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:27:33.0606 0x0a8c  volmgrx - ok
14:27:33.0606 0x0a8c  [ 17F7B0F2298D97F4B6C7A69511033D3D, 5BDFC225F31553786726808FB7952940FC05CA72B3977D684056F42AFAA59565 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:27:33.0622 0x0a8c  volsnap - ok
14:27:33.0622 0x0a8c  [ DAC438FB5FF85A9E72806E2341D5D732, B1D1EFCA8C588A6BF53CEC941CC59702C366F15C7D5943431736EC857E57C0A2 ] vpci            C:\Windows\System32\drivers\vpci.sys
14:27:33.0622 0x0a8c  vpci - ok
14:27:33.0622 0x0a8c  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:27:33.0622 0x0a8c  vsmraid - ok
14:27:33.0653 0x0a8c  [ D0CBA7B3531CCF2ADB985856D5F92434, 7FCBBCAF1AA85DCE8D75FB38DC4848AE12E8DD913CEBBC37BCD3D0123F0A3CAB ] VSS             C:\Windows\system32\vssvc.exe
14:27:33.0684 0x0a8c  VSS - ok
14:27:33.0684 0x0a8c  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
14:27:33.0700 0x0a8c  VSTXRAID - ok
14:27:33.0700 0x0a8c  [ 71066FF95C487327E44C8AF1B72EBE8B, EA2729126B452CAE0C80D07501779D804B08E47F1217B61D53277B40869FEC25 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
14:27:33.0700 0x0a8c  vwifibus - ok
14:27:33.0700 0x0a8c  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\Windows\system32\w32time.dll
14:27:33.0715 0x0a8c  W32Time - ok
14:27:33.0715 0x0a8c  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
14:27:33.0715 0x0a8c  WacomPen - ok
14:27:33.0747 0x0a8c  [ 841345442390953CBC8801B95D3D0540, FD4F9FD2C4C60A1A580177FFF2E9035009AC6A38E78D4236B0ED4773E3B263EE ] wbengine        C:\Windows\system32\wbengine.exe
14:27:33.0762 0x0a8c  wbengine - ok
14:27:33.0778 0x0a8c  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:27:33.0778 0x0a8c  WbioSrvc - ok
14:27:33.0794 0x0a8c  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
14:27:33.0794 0x0a8c  Wcmsvc - ok
14:27:33.0809 0x0a8c  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:27:33.0809 0x0a8c  wcncsvc - ok
14:27:33.0825 0x0a8c  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:27:33.0825 0x0a8c  WcsPlugInService - ok
14:27:33.0825 0x0a8c  [ F2E08D1C067FEFC3A42D21FD4810F1D3, A8AD114094D9AE3BC6F76940EF873FD21CCF130DE7F8712950F1962DCE25F1B3 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
14:27:33.0825 0x0a8c  WdBoot - ok
14:27:33.0840 0x0a8c  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:27:33.0856 0x0a8c  Wdf01000 - ok
14:27:33.0856 0x0a8c  [ E234820E6B84ABA5E84E00227F505AE8, 645B809B883D8F678F2535B575AA1D595F27EBFCE0A16433E9A54CC266BD74F2 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
14:27:33.0856 0x0a8c  WdFilter - ok
14:27:33.0872 0x0a8c  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:27:33.0872 0x0a8c  WdiServiceHost - ok
14:27:33.0872 0x0a8c  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:27:33.0872 0x0a8c  WdiSystemHost - ok
14:27:33.0887 0x0a8c  [ A74AD6D80AC26E1B5DD276FC927F2BAC, F73F090D46BB2AAA6A8D148C658B2EA8C07B16201BB800A9283F4017DC249809 ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
14:27:33.0887 0x0a8c  WdNisDrv - ok
14:27:33.0887 0x0a8c  WdNisSvc - ok
14:27:33.0887 0x0a8c  [ A70CAF5EA36CBA5FCA24244306D4D5C6, 76C3E20B62B89D9699A1E817377FAD70B144B877BCC5C850A5B64CC68184D8DA ] WebClient       C:\Windows\System32\webclnt.dll
14:27:33.0887 0x0a8c  WebClient - ok
14:27:33.0905 0x0a8c  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:27:33.0909 0x0a8c  Wecsvc - ok
14:27:33.0914 0x0a8c  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
14:27:33.0914 0x0a8c  WEPHOSTSVC - ok
14:27:33.0914 0x0a8c  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:27:33.0914 0x0a8c  wercplsupport - ok
14:27:33.0914 0x0a8c  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\Windows\System32\WerSvc.dll
14:27:33.0930 0x0a8c  WerSvc - ok
14:27:33.0930 0x0a8c  [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
14:27:33.0930 0x0a8c  WFPLWFS - ok
14:27:33.0930 0x0a8c  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\Windows\System32\wiarpc.dll
14:27:33.0930 0x0a8c  WiaRpc - ok
14:27:33.0945 0x0a8c  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:27:33.0945 0x0a8c  WIMMount - ok
14:27:33.0945 0x0a8c  WinDefend - ok
14:27:33.0945 0x0d28  Object send P2P result: true
14:27:33.0961 0x0a8c  [ 0E70990EC2E5D2331AA5E88DB0CFB826, 79DFF565C3FCBC691E8FEB669CEC00E340FD2A2AFA4488D23A7CC63A2A98A5C1 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
14:27:33.0976 0x0a8c  WinHttpAutoProxySvc - ok
14:27:33.0976 0x0a8c  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:27:33.0992 0x0a8c  Winmgmt - ok
14:27:34.0023 0x0a8c  [ B56BFFFB740D76E634DB7B4802E36E4E, 2AA84756DE882463AE4C7BA0DCDEE3E5501DDF673ADD3F37B2B814FB0342E61F ] WinRM           C:\Windows\system32\WsmSvc.dll
14:27:34.0070 0x0a8c  WinRM - ok
14:27:34.0070 0x0a8c  [ 3AF1FA17F1C4ACBDB660D8F98B1A9C13, 99B0851410B462685F6705EBF832D10943FB9634030B02D15BF5D0C66F26F2C2 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:27:34.0070 0x0a8c  WinUsb - ok
14:27:34.0101 0x0a8c  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\Windows\System32\wlansvc.dll
14:27:34.0117 0x0a8c  WlanSvc - ok
14:27:34.0148 0x0a8c  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
14:27:34.0180 0x0a8c  wlidsvc - ok
14:27:34.0180 0x0a8c  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
14:27:34.0180 0x0a8c  WmiAcpi - ok
14:27:34.0180 0x0a8c  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:27:34.0195 0x0a8c  wmiApSrv - ok
14:27:34.0195 0x0a8c  WMPNetworkSvc - ok
14:27:34.0195 0x0a8c  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\Windows\system32\drivers\Wof.sys
14:27:34.0195 0x0a8c  Wof - ok
14:27:34.0226 0x0a8c  [ EDFA5CEDBE174FAAA4A09A6B297AEA42, 5998FE15462E4AD9C7B1444E5E2C17BD470DA3A5D474A0A118E02E47DADC678A ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
14:27:34.0258 0x0a8c  workfolderssvc - ok
14:27:34.0258 0x0a8c  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
14:27:34.0258 0x0a8c  wpcfltr - ok
14:27:34.0258 0x0a8c  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:27:34.0258 0x0a8c  WPCSvc - ok
14:27:34.0258 0x0a8c  [ 25BE82B325AC22FE563A58A1AC29F4C1, 4247BAA9A44C964446F81ED44F18B28F1F730F46851EC2B756BAC57FB9D86700 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:27:34.0273 0x0a8c  WPDBusEnum - ok
14:27:34.0273 0x0a8c  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
14:27:34.0273 0x0a8c  WpdUpFltr - ok
14:27:34.0273 0x0a8c  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:27:34.0273 0x0a8c  ws2ifsl - ok
14:27:34.0273 0x0a8c  [ 501D5EFAB9711039479AE48401386D2B, C8C1184DE93E9D2C4E8A60E4E9980745C4E5470E5DA9B59165D18705330ADEFE ] wscsvc          C:\Windows\System32\wscsvc.dll
14:27:34.0289 0x0a8c  wscsvc - ok
14:27:34.0289 0x0a8c  WSearch - ok
14:27:34.0351 0x0a8c  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\Windows\System32\WSService.dll
14:27:34.0383 0x0a8c  WSService - ok
14:27:34.0461 0x0a8c  [ F8AAE8C41092D195C470EE7EF2D0BB01, D02B608244D084669632F60CC977BA10A9A5F7CEA73F15A8ADE6BF9EFE8C4052 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:27:34.0508 0x0a8c  wuauserv - ok
14:27:34.0508 0x0a8c  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:27:34.0508 0x0a8c  WudfPf - ok
14:27:34.0523 0x0a8c  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
14:27:34.0523 0x0a8c  WUDFRd - ok
14:27:34.0523 0x0a8c  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:27:34.0523 0x0a8c  wudfsvc - ok
14:27:34.0539 0x0a8c  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
14:27:34.0539 0x0a8c  WUDFWpdFs - ok
14:27:34.0539 0x0a8c  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp      C:\Windows\system32\DRIVERS\WUDFRd.sys
14:27:34.0539 0x0a8c  WUDFWpdMtp - ok
14:27:34.0555 0x0a8c  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:27:34.0555 0x0a8c  WwanSvc - ok
14:27:34.0570 0x0a8c  [ 16B6B5B4CAFEA003B4ADA9FF16A6299A, 413A47C745CC1C98D16F403767EAA5E2F4DA587CFE3B0D8F20CA3D69C9E6731B ] XtuAcpiDriver   C:\Windows\System32\drivers\XtuAcpiDriver.sys
14:27:34.0570 0x0a8c  XtuAcpiDriver - ok
14:27:34.0570 0x0a8c  ================ Scan global ===============================
14:27:34.0570 0x0a8c  [ 3500AF0BA2EF095BF313EEB75D2366C6, C755E57B02BFA82151A182DF964349859575570EA5C3FBA81F747B8D2134A4D0 ] C:\Windows\system32\basesrv.dll
14:27:34.0586 0x0a8c  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\Windows\system32\winsrv.dll
14:27:34.0586 0x0a8c  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\Windows\system32\sxssrv.dll
14:27:34.0601 0x0a8c  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\Windows\system32\services.exe
14:27:34.0601 0x0a8c  [ Global ] - ok
14:27:34.0601 0x0a8c  ================ Scan MBR ==================================
14:27:34.0601 0x0a8c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
14:27:34.0601 0x0a8c  \Device\Harddisk0\DR0 - ok
14:27:34.0889 0x0a8c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
14:27:34.0905 0x0a8c  \Device\Harddisk1\DR1 - ok
14:27:34.0905 0x0a8c  ================ Scan VBR ==================================
14:27:34.0907 0x0a8c  [ E837EA3750B0E7EF3D3E4E432343C197 ] \Device\Harddisk0\DR0\Partition1
14:27:34.0908 0x0a8c  \Device\Harddisk0\DR0\Partition1 - ok
14:27:34.0910 0x0a8c  [ 5E8FC2A095A0BA2AC380B198051349D8 ] \Device\Harddisk0\DR0\Partition2
14:27:34.0910 0x0a8c  \Device\Harddisk0\DR0\Partition2 - ok
14:27:34.0912 0x0a8c  [ D05ED8AA2F79CD81952BD8A0D2012F12 ] \Device\Harddisk0\DR0\Partition3
14:27:34.0912 0x0a8c  \Device\Harddisk0\DR0\Partition3 - ok
14:27:34.0914 0x0a8c  [ 4EE17DC7D6E0341DF8137320BC525D0D ] \Device\Harddisk0\DR0\Partition4
14:27:34.0915 0x0a8c  \Device\Harddisk0\DR0\Partition4 - ok
14:27:34.0915 0x0a8c  ================ Scan generic autorun ======================
14:27:34.0946 0x0a8c  [ 06839BA12204F109E9C5F9A79178D5EB, 3CA2E6E875D3EA8E25031C793E24BA4F78A8F4F100BE7147AC18606C63913640 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
14:27:34.0968 0x0a8c  NvBackend - ok
14:27:35.0029 0x0a8c  [ 5602FF42444B4991E69C62E493BDAEC4, 7AE46CA0CD1E1C091B31EE4A691C26823E0F1AB1CA6B1C29E6C662BF7E28A996 ] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
14:27:35.0066 0x0a8c  Malwarebytes TrayApp - ok
14:27:35.0130 0x0a8c  [ 5614A72C29D1BBEAD78FE507013B2488, 725BB9E65C18C83A7FD560242E72931358F4B7950F22DEC5FA434845B3221BD7 ] C:\Program Files (x86)\Steam\steam.exe
14:27:35.0166 0x0a8c  Steam - ok
14:27:35.0273 0x0a8c  [ E3C6014EF521F736FB0AEE4C9F4DBDC0, 322A9A9C3C594AEFD540A875610C7ADD16DBE369945BE6D62507DEA8FB43F590 ] C:\Program Files (x86)\GlassWire\glasswire.exe
14:27:35.0340 0x0a8c  GlassWire - ok
14:27:35.0344 0x0a8c  Waiting for KSN requests completion. In queue: 97
14:27:36.0356 0x0a8c  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.209.0 ), 0x60100 ( disabled : updated )
14:27:36.0356 0x0a8c  AV detected via SS2: Malwarebytes, C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe ( 3.0.0.143 ), 0x61000 ( enabled : updated )
14:27:36.0358 0x0a8c  Win FW state via NFP2: enabled ( trusted )
14:27:36.0742 0x0a8c  ============================================================
14:27:36.0742 0x0a8c  Scan finished
14:27:36.0742 0x0a8c  ============================================================
14:27:36.0747 0x17b0  Detected object count: 0
14:27:36.0747 0x17b0  Actual detected object count: 0

 

 

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

This is the log from aswMBR:

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2017-07-20 14:32:44
-----------------------------
14:32:44.034    OS Version: Windows x64 6.2.9200
14:32:44.034    Number of processors: 8 586 0x3C03
14:32:44.035    ComputerName: PC8  UserName: PC
14:32:44.225    Initialize success
14:32:44.250    VM: initialized successfully
14:32:44.251    VM: Intel CPU supported
14:32:51.355    VM: supported disk I/O storport.sys
14:32:57.162    AVAST engine download error: 0
14:35:22.738    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000036
14:35:22.739    Disk 0 Vendor: SAMSUNG_MZHPU256HCGL-00004 UXM6601Q Size: 244198MB BusType: 11
14:35:22.741    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000038
14:35:22.743    Disk 1 Vendor: HGST_HTS721010A9E630 JB0OA3J0 Size: 953869MB BusType: 11
14:35:22.750    VM: Disk 0 MBR read successfully
14:35:22.752    Disk 0 MBR scan
14:35:22.753    Disk 0 unknown MBR code
14:35:22.755    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
14:35:22.762    Disk 0 scanning C:\Windows\system32\drivers
14:35:23.533    Service scanning
14:35:25.464    Modules scanning
14:35:25.480    Disk 0 trace - called modules:
14:35:25.497    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys storahci.sys hal.dll
14:35:25.506    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe0015ccf8060]
14:35:25.513    3 CLASSPNP.SYS[fffff800ead95170] -> nt!IofCallDriver -> \Device\00000036[0xffffe0015ca8a060]
14:35:25.516    Disk 0 statistics 104848/0/5 @ 93.77 MB/s
14:35:25.520    Scan finished successfully
14:35:37.854    Disk 0 MBR has been saved successfully to "C:\Users\PC\Desktop\MALEWARE\MBR.dat"
14:35:37.858    The log file has been saved successfully to "C:\Users\PC\Desktop\MALEWARE\aswMBR.txt"

 

I also attached mbr.dat

Thank you.
 

Attached Files

  • Attached File  MBR.zip   143bytes   0 downloads


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 PM

Posted 21 July 2017 - 07:24 AM

Hi,

Your logs are clean.

Lets check further.

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.
  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • If any threats are found click Details, then View Log file (bottom left-hand corner).
  • Copy and paste its contents in your next reply and note any errors encountered.
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.
  • Click Exit to close the program.
  • If no threats were found, please confirm that result.
Note: Whenever necessary, the log will be in the following location:

Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Windows XP:
C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Please post the contents of the log in your next reply and note any errors encountered.
===

#7 user122132

user122132
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 21 July 2017 - 08:31 AM

please find attached roguekiller report.

 

No threats were found by Sophos virus removal.

 

Thank you.

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 PM

Posted 21 July 2017 - 10:03 AM



Hi,

Delete these items.

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E0C248F9-89D0-4871-9C71-12CDAF518AF3} : v2.22|Action=Allow|Active=TRUE|Dir=In|App=c:\users\pc\appdata\local\temp\{ff0f62dc-1e5d-4292-a4e8-e85aeb9144bf}\{eb7bc26a-e9cf-4b9d-97f3-081f4c404522}.exe|Name=@{Glasswire.application_12156620787993383697}|Desc=GlassWire|EmbedCtxt=GlassWire| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {55CB13CC-3AB2-4BBA-BD8C-4001B7591C9D} : v2.22|Action=Allow|Active=TRUE|Dir=Out|App=c:\users\pc\appdata\local\temp\{ff0f62dc-1e5d-4292-a4e8-e85aeb9144bf}\{eb7bc26a-e9cf-4b9d-97f3-081f4c404522}.exe|Name=@{Glasswire.application_12156620787993383697}|Desc=GlassWire|EmbedCtxt=GlassWire| [x] -> Found


Your computer is clean.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#9 user122132

user122132
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 21 July 2017 - 03:40 PM

Thank you.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users