Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Confirmed rootkit on my lenovo x61 thinkpad


  • Please log in to reply
7 replies to this topic

#1 UNDEADSPART4N

UNDEADSPART4N

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 21 July 2017 - 11:00 PM

I installed a logger on my lenovo via metasploit as an expirement, but now i want it off (so I can play msdos games on it) , and its making my laptop slower than it should be. 

 

 

Here is the log I made with evidence of infection with GMER.

 

GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2017-07-21 21:37:12
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0084 111.79GB
Running: 983u783k.exe; Driver: C:\Users\GRAHAM\AppData\Local\Temp\kxriapog.sys


---- User IAT/EAT - GMER 2.2 ----

IAT             C:\Windows\Explorer.EXE[3808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [74BD8864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [74C19855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [74BDB984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [74BCFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [74BD7A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [74BCEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [74C0B12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [74BDBC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [74BD0756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [74BD06BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [74BC71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [74C5D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [74BF7329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [74BCE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [74BC697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [74BC69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [74BD2475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll

---- Devices - GMER 2.2 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                               tvtumon.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                             fltmgr.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                             tvtumon.sys

---- Processes - GMER 2.2 ----

Process          (*** hidden *** )                                                                                   [4] 84B40A90                                                                                                                  

---- Registry - GMER 2.2 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26ff6986                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26ff6986@001dbe3dacca             0x2E 0xC3 0xBF 0x89 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26ff6986@001a1b10b166             0x84 0xA1 0xF1 0xA6 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26ff6986@0017841148f8             0xB1 0x92 0x0F 0x80 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26ff6986@00249ff0fab0             0x96 0x61 0x54 0x54 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001c26ff6986 (not active ControlSet)      
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001c26ff6986@001dbe3dacca                 0x2E 0xC3 0xBF 0x89 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001c26ff6986@001a1b10b166                 0x84 0xA1 0xF1 0xA6 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001c26ff6986@0017841148f8                 0xB1 0x92 0x0F 0x80 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001c26ff6986@00249ff0fab0                 0x96 0x61 0x54 0x54 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogName                            C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy26567.gthr

---- Disk sectors - GMER 2.2 ----

Disk            \Device\Harddisk0\DR0                                                                                unknown MBR code

---- EOF - GMER 2.2 ----


Edited by UNDEADSPART4N, 21 July 2017 - 11:06 PM.


BC AdBot (Login to Remove)

 


#2 Pimptech

Pimptech

  • Malware Study Hall Senior
  • 253 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sao Paulo, Brazil
  • Local time:05:35 PM

Posted 22 July 2017 - 12:02 AM

Your log looks ok. But We should see these hidden process there.

 

Download the TDSSKiller:

 

Download the RootRepeal:

Let's see if is something wrong.

Regards.



#3 UNDEADSPART4N

UNDEADSPART4N
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 22 July 2017 - 03:49 PM

Hey, thanks for the response, ill have the logs out soon, i ran rootrepeal once and it froze so ill have to run it again, and i saved the logs and ill give them to you from TDSSKiller but it didnt find anything.



#4 UNDEADSPART4N

UNDEADSPART4N
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 22 July 2017 - 03:51 PM

also i got the escapists running on the computer at ok'ish frames, but as I opened TaskManager while the game was running the computer BSOD'D giving me an error ive also gotten before on my gaming desktop. DRIVER_IRQL_NOT_LESS_OR_EQUAL (that font though)


Edited by UNDEADSPART4N, 22 July 2017 - 03:51 PM.


#5 UNDEADSPART4N

UNDEADSPART4N
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 22 July 2017 - 04:09 PM

TDSSKiller log with no finds...

 

 

15:25:22.0651 0x1114  TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02
15:25:27.0237 0x1114  ============================================================
15:25:27.0237 0x1114  Current date / time: 2017/07/22 15:25:27.0237
15:25:27.0237 0x1114  SystemInfo:
15:25:27.0237 0x1114  
15:25:27.0237 0x1114  OS Version: 6.0.6001 ServicePack: 1.0
15:25:27.0237 0x1114  Product type: Workstation
15:25:27.0237 0x1114  ComputerName: GRAHAM-PC
15:25:27.0237 0x1114  UserName: GRAHAM
15:25:27.0237 0x1114  Windows directory: C:\Windows
15:25:27.0237 0x1114  System windows directory: C:\Windows
15:25:27.0237 0x1114  Processor architecture: Intel x86
15:25:27.0237 0x1114  Number of processors: 2
15:25:27.0237 0x1114  Page size: 0x1000
15:25:27.0237 0x1114  Boot type: Normal boot
15:25:27.0237 0x1114  CodeIntegrityOptions = 0x00000000
15:25:27.0237 0x1114  ============================================================
15:25:33.0524 0x1114  KLMD registered as C:\Windows\system32\drivers\91923362.sys
15:25:33.0524 0x1114  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 6001.18538, osProperties = 0x0
15:25:33.0727 0x1114  System UUID: {4A933E36-AB5B-4BE4-433F-F60C5DF99BE2}
15:25:34.0460 0x1114  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3C91, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
15:25:34.0460 0x1114  Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1115E00 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:25:34.0678 0x1114  ============================================================
15:25:34.0678 0x1114  \Device\Harddisk0\DR0:
15:25:34.0678 0x1114  MBR partitions:
15:25:34.0678 0x1114  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xA6F800, BlocksNum 0xD524800
15:25:34.0678 0x1114  \Device\Harddisk2\DR2:
15:25:34.0678 0x1114  MBR partitions:
15:25:34.0678 0x1114  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E080AF
15:25:34.0678 0x1114  ============================================================
15:25:34.0709 0x1114  C: <-> \Device\Harddisk0\DR0\Partition1
15:25:34.0709 0x1114  F: <-> \Device\Harddisk2\DR2\Partition1
15:25:34.0709 0x1114  ============================================================
15:25:34.0709 0x1114  Initialize success
15:25:34.0709 0x1114  ============================================================
15:25:47.0486 0x15c0  ============================================================
15:25:47.0486 0x15c0  Scan started
15:25:47.0486 0x15c0  Mode: Manual; 
15:25:47.0486 0x15c0  ============================================================
15:25:47.0486 0x15c0  KSN ping started
15:25:50.0746 0x15c0  KSN ping finished: true
15:26:12.0929 0x15c0  ================ Scan system memory ========================
15:26:12.0929 0x15c0  System memory - ok
15:26:12.0929 0x15c0  ================ Scan services =============================
15:26:13.0429 0x15c0  [ FCB8C7210F0135E24C6580F7F649C73C, 7E5E3D0B4F4BD418E6CC551850C672E1AF347CBB2E665B6F72638786CE5079C5 ] ACPI            C:\Windows\system32\drivers\acpi.sys
15:26:13.0444 0x15c0  ACPI - ok
15:26:13.0694 0x15c0  [ E982DFE165FF0F0EA572091BF0962DA9, 25BAA87C70120D94AA7E7FD0E8F517356095A934DC3791CA6BB10B95D4AE7BA8 ] AcPrfMgrSvc     C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
15:26:13.0694 0x15c0  AcPrfMgrSvc - ok
15:26:13.0912 0x15c0  [ 399C1EF5BE6EFD12C4D101379D9F278D, 955244828F8AA577F211B065214E76560E8C67C21A71349AC532CD4E7DC9EFC7 ] AcSvc           C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
15:26:13.0928 0x15c0  AcSvc - ok
15:26:13.0990 0x15c0  [ A51EA92451897824C5C7474A160AF773, 47DA408EF4E9E785C4DB2D72FE7A8B3ED8B193CC6D7E52A6F64D58C463467120 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
15:26:13.0990 0x15c0  ADIHdAudAddService - ok
15:26:14.0177 0x15c0  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB, 0342700760874683A6DF4F149DACACEF0569D40C45FC5958C67100B3C5D9BBBC ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:26:14.0224 0x15c0  adp94xx - ok
15:26:14.0240 0x15c0  [ B84088CA3CDCA97DA44A984C6CE1CCAD, 87009809FB101BF51483FA32318CBCD209386582880C82417BE4FFAD1B04C8C1 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:26:14.0271 0x15c0  adpahci - ok
15:26:14.0287 0x15c0  [ 7880C67BCCC27C86FD05AA2AFB5EA469, C8B06E203EEA6EAD19651F212432005ABADFF21E2AA5699E34040527394F2677 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
15:26:14.0287 0x15c0  adpu160m - ok
15:26:14.0318 0x15c0  [ 9AE713F8E30EFC2ABCCD84904333DF4D, B0C7801AC6E0811C38F0474703F34283914C8873D851F59EE232834F7C0D8087 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:26:14.0333 0x15c0  adpu320 - ok
15:26:14.0411 0x15c0  [ 12D23758621B00B8D3134095EC3325FD, 30DC1C40539FF6E14D9D692870FD6D511455F2D86DB1BF505B2500F953A611C4 ] AEADIFilters    C:\Windows\system32\AEADISRV.EXE
15:26:14.0411 0x15c0  AEADIFilters - ok
15:26:14.0474 0x15c0  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:26:14.0474 0x15c0  AeLookupSvc - ok
15:26:14.0583 0x15c0  [ 48EB99503533C27AC6135648E5474457, 344A83008F41AAC3CDFC52EFC4F2EFF441971C58182597D2FBED315B3FC62137 ] AFD             C:\Windows\system32\drivers\afd.sys
15:26:14.0599 0x15c0  AFD - ok
15:26:14.0911 0x15c0  [ EF23439CDD587F64C2C1B8825CEAD7D8, 762665CFC202B3E16CA2338887896FDF996331A363DC709F1EC088BF927133A3 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:26:14.0926 0x15c0  agp440 - ok
15:26:14.0973 0x15c0  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
15:26:14.0989 0x15c0  aic78xx - ok
15:26:15.0051 0x15c0  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
15:26:15.0067 0x15c0  ALG - ok
15:26:15.0098 0x15c0  [ 90395B64600EBB4552E26E178C94B2E4, 73095893964DC7915983B58A567184FC51949C99341E7E0D04D70CC4C4F95E37 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:26:15.0098 0x15c0  aliide - ok
15:26:15.0129 0x15c0  [ 2B13E304C9DFDFA5EB582F6A149FA2C7, 196CCE13E0376526B79D9C43D4071990576C4DD210A48E9E922B438AA11C95E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
15:26:15.0129 0x15c0  amdagp - ok
15:26:15.0145 0x15c0  [ 0577DF1D323FE75A739C787893D300EA, 079EF3CA18FB847DB7E62929071BFF007FAF390E1DBF4C59F28DAAC6B9C2DE51 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:26:15.0145 0x15c0  amdide - ok
15:26:15.0191 0x15c0  [ DC487885BCEF9F28EECE6FAC0E5DDFC5, 24A62F6E628AD46273BC226F7BC3453A9C7B76F81ABB9FB801EBEFADB2AB7C9B ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
15:26:15.0191 0x15c0  AmdK7 - ok
15:26:15.0207 0x15c0  [ 0CA0071DA4315B00FC1328CA86B425DA, 4F816FA2197166A83A266084F9D5ED68876D0521D378F90F1314DD53C6FB8814 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:26:15.0207 0x15c0  AmdK8 - ok
15:26:15.0285 0x15c0  [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
15:26:15.0285 0x15c0  Appinfo - ok
15:26:15.0379 0x15c0  [ C56DED3FE618C8BAE1AAAF4E801CCB3E, 342E9A6E07E7A14C72097A612E6968E8C0CFBBF8FA310DCA7C6CC1711061AE9D ] AppMgmt         C:\Windows\System32\appmgmts.dll
15:26:15.0394 0x15c0  AppMgmt - ok
15:26:15.0425 0x15c0  [ 5F673180268BB1FDB69C99B6619FE379, C4307A861163F96648109046A6C7D53AB1C9B10D0B841DD1A7D147D22F462649 ] arc             C:\Windows\system32\drivers\arc.sys
15:26:15.0425 0x15c0  arc - ok
15:26:15.0488 0x15c0  [ 957F7540B5E7F602E44648C7DE5A1C05, F03C7708A6C9D2579ECE5A7413AFA068E1067D7191EC653A78BA4FEDE76CFBD8 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:26:15.0503 0x15c0  arcsas - ok
15:26:15.0753 0x15c0  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:26:15.0987 0x15c0  aspnet_state - ok
15:26:16.0127 0x15c0  [ 65746E35187124FC1CD3AD0D96271658, B99C1B42E2B11CACDB7FF48B4B821661E1C7391FB899BF54B98DEB462BF1714C ] ASRSVC          C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
15:26:16.0127 0x15c0  ASRSVC - ok
15:26:16.0283 0x15c0  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:26:16.0283 0x15c0  AsyncMac - ok
15:26:16.0393 0x15c0  [ 2D9C903DC76A66813D350A562DE40ED9, 82609F01A08C6842E4C17C077BB641C1429C0E6657964B7F2D114035E1BDCBF3 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:26:16.0393 0x15c0  atapi - ok
15:26:16.0642 0x15c0  [ 42076E29AAFA0830A2C5D4E310F58DD1, 13BB794C09BB602AECF53DB8147677159DC154E994FFEAE89C0298BD65FA9C7B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:26:16.0689 0x15c0  AudioEndpointBuilder - ok
15:26:16.0783 0x15c0  [ 42076E29AAFA0830A2C5D4E310F58DD1, 13BB794C09BB602AECF53DB8147677159DC154E994FFEAE89C0298BD65FA9C7B ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:26:16.0783 0x15c0  Audiosrv - ok
15:26:16.0923 0x15c0  [ 8E287EB3A52FD30C999482C576F4A61B, 26CF96E0655497A5FB14CB5EAEBF7E08DD9087E35A654766365F156E5ACBCD3D ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
15:26:16.0970 0x15c0  b57nd60x - ok
15:26:17.0063 0x15c0  [ 6163664C7E9CD110AF70180C126C3FDC, 9A801295CDE2BDE4EE0E96C610E4C01F6915DBDA2104D0E8873AFF1BC34A0FA1 ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
15:26:17.0079 0x15c0  BcmSqlStartupSvc - ok
15:26:17.0126 0x15c0  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:26:17.0126 0x15c0  Beep - ok
15:26:17.0204 0x15c0  [ 8582E233C346AEFE759833E8A30DD697, 2B0A4FB7F0C3256A5003821634DFA04BA8C3FBB46E942E8BC5D114AF8D1E5354 ] BFE             C:\Windows\System32\bfe.dll
15:26:17.0219 0x15c0  BFE - ok
15:26:17.0329 0x15c0  [ 02ED7B4DBC2A3232A389106DA7515C3D, 0DFCD03CB967D1A980D56124603F353DC1D800E3A5E436EEE95C65FDE17398CF ] BITS            C:\Windows\System32\qmgr.dll
15:26:17.0360 0x15c0  BITS - ok
15:26:17.0375 0x15c0  blbdrive - ok
15:26:17.0625 0x15c0  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:26:17.0672 0x15c0  Bonjour Service - ok
15:26:17.0859 0x15c0  [ 8153396D5551276227FA146900F734E6, 0AE06774162D542D9E95246B7112A40D7C463EF331B4F56C9CF8AD99A0341E38 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:26:17.0859 0x15c0  bowser - ok
15:26:17.0953 0x15c0  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
15:26:17.0999 0x15c0  BrFiltLo - ok
15:26:18.0015 0x15c0  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
15:26:18.0015 0x15c0  BrFiltUp - ok
15:26:18.0031 0x15c0  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
15:26:18.0031 0x15c0  Browser - ok
15:26:18.0093 0x15c0  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
15:26:18.0093 0x15c0  Brserid - ok
15:26:18.0124 0x15c0  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
15:26:18.0124 0x15c0  BrSerWdm - ok
15:26:18.0140 0x15c0  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
15:26:18.0140 0x15c0  BrUsbMdm - ok
15:26:18.0155 0x15c0  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
15:26:18.0155 0x15c0  BrUsbSer - ok
15:26:18.0202 0x15c0  [ DA7B195275BDA7F8FCF79B40E0F45DDE, 1346E9221FD6A1DA27F0BC4F3CF5AFA60B3419931B32468107028BCD4232A708 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
15:26:18.0218 0x15c0  BthEnum - ok
15:26:18.0218 0x15c0  [ 5FFA6988FF9597986FF2ADA736CC90C0, 50F57047CC5CC241DDF9BB8E39E03F91074AC4C7B4CDE6C44FF279A8741384C5 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:26:18.0233 0x15c0  BTHMODEM - ok
15:26:18.0249 0x15c0  [ 5904EFA25F829BF84EA6FB045134A1D8, 66E4160CC404744576BA6E9DD606B533F42B3D4A3E2FDD457DAA016CC72A81CC ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
15:26:18.0249 0x15c0  BthPan - ok
15:26:18.0296 0x15c0  [ 73D53F8E90550BA81E2CF44A0873B410, 2E73A2FCF668F1F18928A293A74370BF3D6DC0208D010D10FD5335DFA3706906 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
15:26:18.0296 0x15c0  BTHPORT - ok
15:26:18.0343 0x15c0  [ 58EE7F5E68310BC8D4E7CEBD8358C12E, 2EBA4A861E2C2AA56016DD8F5AE7C969BF515EF1B3E153F97F1E48E0983F17BB ] BthServ         C:\Windows\System32\bthserv.dll
15:26:18.0343 0x15c0  BthServ - ok
15:26:18.0343 0x15c0  [ 32045A4BB143BBC5BAB1298C4E9E309A, 4009AE2D186746E076CF254FD3653AA4B07182521B772CF2825A3BBDEF4288FB ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
15:26:18.0358 0x15c0  BTHUSB - ok
15:26:18.0467 0x15c0  [ 636F45A8500C1438CFA7DEE15FC5C184, 5AC0FD976751615589AA052562C610F3ED2B84D9AF8D954E3FEC13EB156483D3 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
15:26:18.0467 0x15c0  btwaudio - ok
15:26:18.0499 0x15c0  [ BF9256FF01B093A5D90BB7A35EC90410, D334C1D46EEC1FBC7206D9AE561D046D73E9DA75DE4434D308605A155958B9D6 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
15:26:18.0499 0x15c0  btwavdt - ok
15:26:18.0514 0x15c0  [ 0AB8C1AC177AFB27309E1072FAF34A37, 54318740132895A3D9230D82CC7B0765ED2DEF4DA3F4B0D256FD3B44137A1E21 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
15:26:18.0514 0x15c0  btwrchid - ok
15:26:18.0561 0x15c0  [ 18E0F9C1E7EC4AAE40B3F67EAB0AEE99, B3CE0031E257A576390797FBCBE633E1E2DE04A6F30D13856822EAFE9E6F81D0 ] BVRPMPR5        C:\Windows\system32\drivers\BVRPMPR5.SYS
15:26:18.0561 0x15c0  BVRPMPR5 - ok
15:26:18.0655 0x15c0  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:26:18.0655 0x15c0  cdfs - ok
15:26:18.0717 0x15c0  [ 1EC25CEA0DE6AC4718BF89F9E1778B57, 019E12C30E7A395259F3906EC55AFF86949CFDBB443060208C8B91B9EB7F9FB7 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:26:18.0717 0x15c0  cdrom - ok
15:26:18.0795 0x15c0  [ 87C2D0377B23E2D8A41093C2F5FB1A5B, 94725CD764318461A1163FCD1B507B92490C5F52CB5089E6C7245FD91F2D1D05 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:26:18.0811 0x15c0  CertPropSvc - ok
15:26:18.0842 0x15c0  [ DA8E0AFC7BAA226C538EF53AC2F90897, 2BBB9966671A3B8325D215DBC29FBD7D912C13ADC562A0D4521D1FF9A6F445C0 ] circlass        C:\Windows\system32\drivers\circlass.sys
15:26:18.0842 0x15c0  circlass - ok
15:26:18.0904 0x15c0  [ 465745561C832B29F7C48B488AAB3842, B631C61FBF6E2641FED7C4CFC1B179D19143B04CF76DCF48A9C7582E756FFD8C ] CLFS            C:\Windows\system32\CLFS.sys
15:26:18.0920 0x15c0  CLFS - ok
15:26:19.0123 0x15c0  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:26:19.0154 0x15c0  clr_optimization_v2.0.50727_32 - ok
15:26:19.0294 0x15c0  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:26:19.0341 0x15c0  clr_optimization_v4.0.30319_32 - ok
15:26:19.0435 0x15c0  CLTNetCnService - ok
15:26:19.0466 0x15c0  [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:26:19.0466 0x15c0  CmBatt - ok
15:26:19.0809 0x15c0  [ 45201046C776FFDAF3FC8A0029C581C8, 68A68CF2B76598BC8610EB5B2D3FD5BDC9D51CFC6F51FB7A0B0C92A2BE910FC6 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:26:19.0856 0x15c0  cmdide - ok
15:26:19.0903 0x15c0  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:26:19.0903 0x15c0  Compbatt - ok
15:26:19.0903 0x15c0  COMSysApp - ok
15:26:19.0949 0x15c0  [ 2A213AE086BBEC5E937553C7D9A2B22C, 1F91ACC0426E0ED1717555B282F65629EF15021375B24A63C29C89ADE916EE2A ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:26:19.0965 0x15c0  crcdisk - ok
15:26:19.0981 0x15c0  [ 22A7F883508176489F559EE745B5BF5D, D6341E3FBC8A46D2D1F0477FA60EC4828B585D35B14609CD02868FD04ECD14DB ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
15:26:19.0981 0x15c0  Crusoe - ok
15:26:20.0074 0x15c0  [ 6DE363F9F99334514C46AEC02D3E3678, FF403B8A4D7D6B3D2F23E2711D1353CFB0C748AD7D7927CF5DFBD99CD169D826 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:26:20.0074 0x15c0  CryptSvc - ok
15:26:20.0137 0x15c0  [ 9A5434125C3DFE42393DE4BBB791BD19, 29BEE511299FD95B41489721E73677A71AB264E537A16A287253A8FEFC9CB4C8 ] CSC             C:\Windows\system32\drivers\csc.sys
15:26:20.0152 0x15c0  CSC - ok
15:26:20.0215 0x15c0  [ CB1D480676229A09EEF1DD4D23C5EDF3, BD11777709F67294D79AE644C5572BC34DA364C306FECA9352FCB8539E121D8E ] CscService      C:\Windows\System32\cscsvc.dll
15:26:20.0246 0x15c0  CscService - ok
15:26:20.0339 0x15c0  [ 301AE00E12408650BADDC04DBC832830, 405A392B83942A17F1EB78943C3A3046B5451EA8CB0082A53571CCC0609275A2 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:26:20.0371 0x15c0  DcomLaunch - ok
15:26:20.0449 0x15c0  [ A3E9FA213F443AC77C7746119D13FEEC, 479B349BFC811D20572C09C4A2228C3880F8F3B4B4BA5F4E56600C7EF583DE7B ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:26:20.0464 0x15c0  DfsC - ok
15:26:20.0901 0x15c0  [ FA3463F25F9CC9C3BCF1E7912FEFF099, 8CFA0F1DFD975ED877B303EB55BE52B0B1EC2B20FEC36820121A0F5E046E0032 ] DFSR            C:\Windows\system32\DFSR.exe
15:26:21.0041 0x15c0  DFSR - ok
15:26:21.0119 0x15c0  [ 43A988A9C10333476CB5FB667CBD629D, 7E0DD57E75A50E3671673876631A1E66A4AC16810418BEC1AC2143DFD331F389 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
15:26:21.0135 0x15c0  Dhcp - ok
15:26:21.0213 0x15c0  [ 64109E623ABD6955C8FB110B592E68B7, 964F456EF44F9AE836B8CAB438FEB18303B2548A2B7D85FEBD72F4F80127B0EE ] disk            C:\Windows\system32\drivers\disk.sys
15:26:21.0229 0x15c0  disk - ok
15:26:21.0275 0x15c0  [ 475024F44E0B0FF2E89B0B7450C51E9A, 2764F7649910EFBA0917093EFDA1CBB4AADED5BD7D2E6FC553AFC3345A936FD4 ] DLABMFSM        C:\Windows\system32\DLA\DLABMFSM.SYS
15:26:21.0275 0x15c0  DLABMFSM - ok
15:26:21.0291 0x15c0  [ D418A2C037F0367AF8CEB955F8162219, 5110DEC020CF9C4986FC09B76ADA6E1F520C8E67A479768FE1929AB8F39C0898 ] DLABOIOM        C:\Windows\system32\DLA\DLABOIOM.SYS
15:26:21.0291 0x15c0  DLABOIOM - ok
15:26:21.0307 0x15c0  [ 5230CDB7E715F3A3B4A882E254CDD35D, 0D6A88DE30A75FAD5FF535468DF56A33E4695C619BFDD7E142AC4516A7878E52 ] DLACDBHM        C:\Windows\system32\Drivers\DLACDBHM.SYS
15:26:21.0307 0x15c0  DLACDBHM - ok
15:26:21.0307 0x15c0  [ C696B47B36C278A349B433B206E4B105, 13C70B7F45C98249758E86E4C702D7C7CA6F76322941AA4BBC89DB08EBF98A33 ] DLADResM        C:\Windows\system32\DLA\DLADResM.SYS
15:26:21.0307 0x15c0  DLADResM - ok
15:26:21.0322 0x15c0  [ 97E1CC730F1F931C5232013432584334, CB2131ED394D5E6E33496EA3595E896E198EF2AF3E55B4A615F6AF7ABB6E2842 ] DLAIFS_M        C:\Windows\system32\DLA\DLAIFS_M.SYS
15:26:21.0338 0x15c0  DLAIFS_M - ok
15:26:21.0338 0x15c0  [ D98BE003D85C0251A3DB5851A29C6BA8, 92AE068991B6D4EF17B3D38684E8D4A05D9DAB93586A8DE3FC582E4D68587652 ] DLAOPIOM        C:\Windows\system32\DLA\DLAOPIOM.SYS
15:26:21.0338 0x15c0  DLAOPIOM - ok
15:26:21.0353 0x15c0  [ 3821AD5AA0AC0F05625923CFCC0C0FBB, E30AC3DE0AF8E20E7C88BCC9DB5F0F1AD5F628342F6AA4368E3112808CCFFAAC ] DLAPoolM        C:\Windows\system32\DLA\DLAPoolM.SYS
15:26:21.0353 0x15c0  DLAPoolM - ok
15:26:21.0369 0x15c0  [ 77FE51F0F8D86804CB81F6EF6BFB86DD, 030F70D5703A95964087C3E9EB1E9BAC1ECE8224FFF3E131A5C1D20215C9BB43 ] DLARTL_M        C:\Windows\system32\Drivers\DLARTL_M.SYS
15:26:21.0369 0x15c0  DLARTL_M - ok
15:26:21.0385 0x15c0  [ 0FDD55D09DA1657FC28EBC015F5F45D6, 015E32AC03B99A78E6A2AAB1EBD46BB1AD820F7864774A24FB62C8FEB41312AE ] DLAUDFAM        C:\Windows\system32\DLA\DLAUDFAM.SYS
15:26:21.0385 0x15c0  DLAUDFAM - ok
15:26:21.0400 0x15c0  [ 147BC35EBA264118988F5C5580860336, 15A42034FEE47088B01B58EE695432757EA804EB1875675F33680F94F0E1D2D1 ] DLAUDF_M        C:\Windows\system32\DLA\DLAUDF_M.SYS
15:26:21.0400 0x15c0  DLAUDF_M - ok
15:26:21.0447 0x15c0  [ 4805D9A6D281C7A7DEFD9094DEC6AF7D, 473A5F1C4E795BD6B6DDB32ECB04BA8BF238AA5FBC67FC5D8D8F749464ED0AE9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:26:21.0447 0x15c0  Dnscache - ok
15:26:21.0509 0x15c0  [ 5AF620A08C614E24206B79E8153CF1A8, 5BB32FF3C9A5C51C2773F0ECF9647749667F4678EF3C75FEB4420EC6C805913E ] dot3svc         C:\Windows\System32\dot3svc.dll
15:26:21.0681 0x15c0  dot3svc - ok
15:26:21.0806 0x15c0  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
15:26:21.0821 0x15c0  DPS - ok
15:26:21.0868 0x15c0  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:26:21.0868 0x15c0  drmkaud - ok
15:26:21.0899 0x15c0  [ 83106585494D5EB96F59187200C144BD, 9D0B85643AA379E3CDB11C61DE4838164834231A1F4BF62173C8AA4BCF090063 ] DRVMCDB         C:\Windows\system32\Drivers\DRVMCDB.SYS
15:26:21.0915 0x15c0  DRVMCDB - ok
15:26:21.0915 0x15c0  [ FFC371525AA55D1BAE18715EBCB8797C, 4894F67772CEB0143B5DAFE10B42D90727E36A58B02F6221E83CE4CFD26E32B6 ] DRVNDDM         C:\Windows\system32\Drivers\DRVNDDM.SYS
15:26:21.0931 0x15c0  DRVNDDM - ok
15:26:21.0993 0x15c0  [ 85F33880B8CFB554BD3D9CCDB486845A, 2D120F94800AEB886D4BA2A45FE2454EBB1FAC3E57BDE552737EBDE7EF8899CF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:26:22.0024 0x15c0  DXGKrnl - ok
15:26:22.0087 0x15c0  [ E4563BE48EF4E8D8AD3EDD92BB01AD9A, 419D22AED7695367AC8CBF2CC050F6C12BD494E5A35A9AECFCB5C14543C93649 ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
15:26:22.0102 0x15c0  e1express - ok
15:26:22.0149 0x15c0  [ F88FB26547FD2CE6D0A5AF2985892C48, F02E06E16830F5D3FAF61991F5A91E54BB3461F58AFE3BFB7A9066CD302B879F ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
15:26:22.0165 0x15c0  E1G60 - ok
15:26:22.0211 0x15c0  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
15:26:22.0227 0x15c0  EapHost - ok
15:26:22.0321 0x15c0  [ DD2CD259D83D8B72C02C5F2331FF9D68, 07E758A414442FEAFE55FB28842D960971553DB16C31D5791FDD0843CBF5E2B4 ] Ecache          C:\Windows\system32\drivers\ecache.sys
15:26:22.0367 0x15c0  Ecache - ok
15:26:22.0461 0x15c0  [ E8F3F21A71720C84BCF423B80028359F, 63114E6120F634224A0E83A5047B37C7D6F26CF99FE3C01CFC0AB8B1763BB084 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:26:22.0477 0x15c0  elxstor - ok
15:26:22.0679 0x15c0  [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C, 80385AC32CE8388F06341AA4A880F68E0EB5815CCCA5CF8E799846F472DCE360 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
15:26:22.0929 0x15c0  EMDMgmt - ok
15:26:23.0007 0x15c0  [ 3CB3343D720168B575133A0A20DC2465, B356938AC3D9CE833A2C0EBFAA548CDB6B68BEDDB2CCA80222E508BD978FB26B ] EventSystem     C:\Windows\system32\es.dll
15:26:23.0023 0x15c0  EventSystem - ok
15:26:23.0116 0x15c0  [ 0D858EB20589A34EFB25695ACAA6AA2D, E5C891D8971173D78194176CB38C0D62C1245C71E04DD94EC742A69C2925F843 ] exfat           C:\Windows\system32\drivers\exfat.sys
15:26:23.0132 0x15c0  exfat - ok
15:26:23.0179 0x15c0  [ 3C489390C2E2064563727752AF8EAB9E, BF528F6D4718AC160C103FD89496C6B7BABED7A17A6BD4222D684AF22FE21A49 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:26:23.0179 0x15c0  fastfat - ok
15:26:23.0335 0x15c0  [ DFBA0F60FA301E5B1BFB1403A93EE23E, 727A01AA77BFD6B6FEB394A4C4CCBDB785987A1904F8EED3739A5F6D03C15965 ] Fax             C:\Windows\system32\fxssvc.exe
15:26:23.0397 0x15c0  Fax - ok
15:26:23.0537 0x15c0  [ 63BDADA84951B9C03E641800E176898A, AD3EA20CAD0E0C438422D5D39AEA9E0AAD9E1DC866A696AE503C76F5FAC4BE6E ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:26:23.0537 0x15c0  fdc - ok
15:26:23.0569 0x15c0  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
15:26:23.0569 0x15c0  fdPHost - ok
15:26:23.0600 0x15c0  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:26:23.0600 0x15c0  FDResPub - ok
15:26:23.0631 0x15c0  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:26:23.0647 0x15c0  FileInfo - ok
15:26:23.0693 0x15c0  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:26:23.0709 0x15c0  Filetrace - ok
15:26:23.0725 0x15c0  [ 6603957EFF5EC62D25075EA8AC27DE68, B52D112301A6BFBD60959D7D2502AB2E1EB6BB7F5DCED46899F1F006C7F1E887 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:26:23.0725 0x15c0  flpydisk - ok
15:26:23.0787 0x15c0  [ 05EA53AFE985443011E36DAB07343B46, E033C1C218E9B0D22B63E1B927D7BBE331B59814F26952B68BEDC914EF881E55 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:26:23.0787 0x15c0  FltMgr - ok
15:26:23.0881 0x15c0  [ C9BE08664611DDAF98E2331E9288B00B, C645DDAB5FD588486553DF2DD5750AF5A967FEE988F4EB29E05362E3362DF4A2 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:26:23.0912 0x15c0  FontCache3.0.0.0 - ok
15:26:23.0912 0x15c0  [ 65EA8B77B5851854F0C55C43FA51A198, 150BE6C195094DBEAC4FD73CC1C31FF59B77A73944574E244D280EE2DE69DC2F ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:26:23.0927 0x15c0  Fs_Rec - ok
15:26:24.0146 0x15c0  [ 4E1CD0A45C50A8882616CAE5BF82F3C5, 1B909AF150F7119A5685999451A85012F4A92F15F38390A281EA507E2D247BAE ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:26:24.0177 0x15c0  gagp30kx - ok
15:26:24.0255 0x15c0  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\Drivers\GEARAspiWDM.sys
15:26:24.0271 0x15c0  GEARAspiWDM - ok
15:26:24.0364 0x15c0  [ D9F1113D9401185245573350712F92FC, 7D8E96B61D7FC1FCC7D70A19DB725BCEA78FE94F3D7AFBB1202771D530A628B7 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:26:24.0380 0x15c0  gpsvc - ok
15:26:24.0536 0x15c0  [ 05C11D2DA6B396F6AD8C590D32CF81D7, A62E03868A4EEBF3796D36DE8BA472F08091FDC1306E35214429D250CB56175C ] GUBootStartup   C:\Windows\System32\drivers\GUBootStartup.sys
15:26:24.0567 0x15c0  GUBootStartup - ok
15:26:24.0598 0x15c0  [ 5F90A1611029B7ABC2DB01ADB534D047, E96C263927C3BDAE56696A47731C3BCA349219AF6FCA3D8371A3F90A964BD51F ] HBtnKey         C:\Windows\system32\DRIVERS\tkbtnpn.sys
15:26:24.0598 0x15c0  HBtnKey - ok
15:26:24.0661 0x15c0  [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:26:24.0676 0x15c0  HdAudAddService - ok
15:26:24.0707 0x15c0  [ C87B1EE051C0464491C1A7B03FA0BC99, 0EF498A7D37A454E8B6DB1BE3C0EADA648B51B34A2BB553171E766463E54EE90 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:26:24.0707 0x15c0  HDAudBus - ok
15:26:24.0707 0x15c0  [ 204C3B1846E9CBAAEF88B8E1F86782F8, CB3A304350B6FD3E614D5899423F34E503E2FA6333CECE0182EB029E4E0A1513 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:26:24.0707 0x15c0  HidBth - ok
15:26:24.0754 0x15c0  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:26:24.0770 0x15c0  HidIr - ok
15:26:24.0817 0x15c0  [ 8FA640195279ACE21BEA91396A0054FC, 20541E5FA29B3FBD8824F3DF93C7D63AFEE56948F82FFDE20E9E87F5C0A3A789 ] hidserv         C:\Windows\system32\hidserv.dll
15:26:24.0817 0x15c0  hidserv - ok
15:26:24.0863 0x15c0  [ 854CA287AB7FAF949617A788306D967E, 8C0BC3727C07634FAD35C7184C72B6D48D428F35E612257A833F00CACF4AAB5D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:26:24.0863 0x15c0  HidUsb - ok
15:26:24.0910 0x15c0  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:26:24.0910 0x15c0  hkmsvc - ok
15:26:24.0957 0x15c0  [ DF353B401001246853763C4B7AAA6F50, 05C043493BDD99DEFBB0F5C3D8C475B06C2BF5629565ACF6F3B754002519B836 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
15:26:24.0973 0x15c0  HpCISSs - ok
15:26:25.0051 0x15c0  [ 46D67209550973257601A533E2AC5785, 3C0D97781947BA8532344AA5D9F3B684761B5B3263A0A294F4593E76EE41DB0C ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:26:25.0051 0x15c0  HSFHWAZL - ok
15:26:25.0144 0x15c0  [ CC267848CB3508E72762BE65734E764D, E7E39607A48E77544EE286EA678FC2ED8A6C20C9DCB8C901BC70140ECB2E7C2F ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:26:25.0191 0x15c0  HSF_DPV - ok
15:26:25.0269 0x15c0  [ A2882945CC4B6E3E4E9E825590438888, C0B7E695BBFFB927A3A7122BCA41B454B27F285A0A380E82CEDF87CE573A5C60 ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:26:25.0269 0x15c0  HSXHWAZL - ok
15:26:25.0472 0x15c0  [ 96E241624C71211A79C84F50A8E71CAB, EB6E679218B781F67FBFF4EB12DDE44769ACA7EA3F83A4404A073EA89C902C25 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:26:25.0487 0x15c0  HTTP - ok
15:26:25.0565 0x15c0  [ 324C2152FF2C61ABAE92D09F3CCA4D63, 2D09964C8003277F7DB1FFAA0DAEF15B205F3C4100FF601950BC9E544DC0B91F ] i2omp           C:\Windows\system32\drivers\i2omp.sys
15:26:25.0581 0x15c0  i2omp - ok
15:26:25.0643 0x15c0  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:26:25.0643 0x15c0  i8042prt - ok
15:26:25.0815 0x15c0  [ 9378D57E2B96C0A185D844770AD49948, AED244DDF125C867091D0A926B275EC1C60C89844C69595B1D1FC586F60F118A ] ialm            C:\Windows\system32\DRIVERS\igdkmd32.sys
15:26:25.0940 0x15c0  ialm - ok
15:26:26.0049 0x15c0  [ 23C172D6D817D0791361F7693C8EC7CF, 9049902943587DBDD6747CEB5E4C200A9CD7EF033BFF50E7D935E8D8DEB0EE95 ] iaNvStor        C:\Windows\system32\DRIVERS\iaNvStor.sys
15:26:26.0065 0x15c0  iaNvStor - ok
15:26:26.0111 0x15c0  [ E5A0034847537EAEE3C00349D5C34C5F, 3E0F99512CDFF0B628E2FF5B91BB371CDEF65201B03C53182C97DDE34E26E04C ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
15:26:26.0111 0x15c0  iaStor - ok
15:26:26.0174 0x15c0  [ C957BF4B5D80B46C5017BF0101E6C906, 6B9186335E50E7E0DBAF574A224E524EC526B57AA02F509E4A8D0F905C9CE880 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
15:26:26.0174 0x15c0  iaStorV - ok
15:26:26.0205 0x15c0  [ 931AF21653DD91CD85270A2B31F87EEB, 87F20735C7F2FADA2460CEA9636CCFBF035D175A303735C7FDD1C29B039F6445 ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
15:26:26.0221 0x15c0  IBMPMDRV - ok
15:26:26.0221 0x15c0  [ 35D08DE36EB85F66731B7808768D512C, 27110174E858430B900BCDA6FF86A8B17D4253AE0446EC5EA8F10A2FD32AD70D ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
15:26:26.0236 0x15c0  IBMPMSVC - ok
15:26:26.0517 0x15c0  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:26:26.0517 0x15c0  IDriverT - ok
15:26:26.0704 0x15c0  [ 7B630ACAED64FEF0C3E1CF255CB56686, 9DCC6953BC6EF77C3916F8AA226CEC0662513A23AB60E9F714D53746E82FB372 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:26:27.0203 0x15c0  idsvc - ok
15:26:27.0422 0x15c0  [ 9378D57E2B96C0A185D844770AD49948, AED244DDF125C867091D0A926B275EC1C60C89844C69595B1D1FC586F60F118A ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
15:26:27.0484 0x15c0  igfx - ok
15:26:27.0609 0x15c0  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:26:27.0609 0x15c0  iirsp - ok
15:26:27.0703 0x15c0  [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC, ED795B07B38EDBB2850384EDFA04C85539D4D22A7AAB8981C83C84E2EAB5976F ] IKEEXT          C:\Windows\System32\ikeext.dll
15:26:27.0718 0x15c0  IKEEXT - ok
15:26:27.0781 0x15c0  [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\drivers\intelide.sys
15:26:27.0781 0x15c0  intelide - ok
15:26:27.0796 0x15c0  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:26:27.0796 0x15c0  intelppm - ok
15:26:27.0874 0x15c0  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:26:27.0890 0x15c0  IPBusEnum - ok
15:26:27.0921 0x15c0  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:26:27.0921 0x15c0  IpFilterDriver - ok
15:26:27.0952 0x15c0  [ 6A35D233693EDC29A12742049BC5E37F, 77275407105492A11CDC232E72C8183F0DFD28F8B9AD2A24AAABDB246F14D38F ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:26:27.0968 0x15c0  iphlpsvc - ok
15:26:27.0983 0x15c0  IpInIp - ok
15:26:28.0015 0x15c0  [ 40F34F8ABA2A015D780E4B09138B6C17, 22F86888C6B4F76836E863A90730D8F0DBD518305D87A399A159387E79E9D2F7 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
15:26:28.0015 0x15c0  IPMIDRV - ok
15:26:28.0077 0x15c0  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
15:26:28.0093 0x15c0  IPNAT - ok
15:26:28.0171 0x15c0  [ 00D8E9DAEBE72A5DF3986FD418A995EB, 6E26C04F2E0FBFFC9D18F72519AF4AE0369134395CBB2DB5420E65CF19BCBB4A ] IPSSVC          C:\Windows\system32\IPSSVC.EXE
15:26:28.0171 0x15c0  IPSSVC - ok
15:26:28.0233 0x15c0  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:26:28.0249 0x15c0  IRENUM - ok
15:26:28.0280 0x15c0  [ 350FCA7E73CF65BCEF43FAE1E4E91293, 68403FE3F4DC40919CD26A2CC42BE4386AE6874F47DD382348FFD79080721A13 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:26:28.0280 0x15c0  isapnp - ok
15:26:28.0327 0x15c0  [ F247EEC28317F6C739C16DE420097301, 0F4BE16BB0630DFE2256F70C94D4363B7B71F02F7F6597E7CAE28A3EFEA7BCAD ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
15:26:28.0342 0x15c0  iScsiPrt - ok
15:26:28.0373 0x15c0  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
15:26:28.0373 0x15c0  iteatapi - ok
15:26:28.0389 0x15c0  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
15:26:28.0389 0x15c0  iteraid - ok
15:26:28.0436 0x15c0  [ 6CC0445B21295F16116CF787F8028444, BFA164E1BC4A1C7FE6B9B2E61212DDCE89A369C728BCEA64FDAF4EBFD6F86E16 ] Iviaspi         C:\Windows\system32\drivers\iviaspi.sys
15:26:28.0436 0x15c0  Iviaspi - ok
15:26:28.0529 0x15c0  [ 213822072085B5BBAD9AF30AB577D817, 2C373B804D840933EC3A5F3ABFC43E47C2636CDB2431AB51846C565077B7C468 ] IviRegMgr       C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
15:26:28.0529 0x15c0  IviRegMgr - ok
15:26:28.0639 0x15c0  [ 2071443F12B5823CF8DAD4F28A1DAE17, 1461E03D24D10A790F6D4F54AF63498948E480A5E09E2007195D6F835C9962D3 ] iviVD           C:\Windows\system32\DRIVERS\iviVD.sys
15:26:28.0639 0x15c0  iviVD - ok
15:26:28.0654 0x15c0  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:26:28.0670 0x15c0  kbdclass - ok
15:26:28.0685 0x15c0  [ 18247836959BA67E3511B62846B9C2E0, 9623FF990A1C11A707C358CC9FDD4306C2992A8C766A50DAFC9534A283AA011D ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:26:28.0685 0x15c0  kbdhid - ok
15:26:28.0701 0x15c0  [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] KeyIso          C:\Windows\system32\lsass.exe
15:26:28.0701 0x15c0  KeyIso - ok
15:26:28.0966 0x15c0  [ 7A0CF7908B6824D6A2A1D313E5AE3DCA, 903CF1169D984BBDAE114827D82D5CCC88C2BC7CAEE6BB3A299E2572B0751BB6 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:26:29.0029 0x15c0  KSecDD - ok
15:26:29.0138 0x15c0  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:26:29.0185 0x15c0  KtmRm - ok
15:26:29.0216 0x15c0  [ 1925E63C91CF1610AE41BFD539062079, C25438D19D51B76A8E4C5F3A5D41C76197321166CB37E224217993A4466EBEF9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:26:29.0231 0x15c0  LanmanServer - ok
15:26:29.0294 0x15c0  [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15, 7B1FAC42B9EA73A8C4E812F8F729EB882BDFD04D2E68FE354CFD6B8379A46D14 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:26:29.0294 0x15c0  LanmanWorkstation - ok
15:26:29.0372 0x15c0  [ 63DE2C8974F5D528FBC3D6978FD8AD6A, EA3BD757215CC2CB6005FF368B54AD0252125453E5696CB3F37B65296D4F31DE ] lenovo.smi      C:\Windows\system32\DRIVERS\smiif32.sys
15:26:29.0372 0x15c0  lenovo.smi - ok
15:26:29.0403 0x15c0  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:26:29.0403 0x15c0  lltdio - ok
15:26:29.0481 0x15c0  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:26:29.0497 0x15c0  lltdsvc - ok
15:26:29.0528 0x15c0  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:26:29.0528 0x15c0  lmhosts - ok
15:26:29.0559 0x15c0  [ A2262FB9F28935E862B4DB46438C80D2, 792684A68726BC007ACABB584682FDF4F059AE60888FB5B47ED68A97EA0BB5E6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:26:29.0590 0x15c0  LSI_FC - ok
15:26:29.0637 0x15c0  [ 30D73327D390F72A62F32C103DAF1D6D, 7BB5BFB0DCF33AF9907539B52DF7BA1943C1E75A17715B58DBC702ACA6D406EA ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:26:29.0668 0x15c0  LSI_SAS - ok
15:26:29.0699 0x15c0  [ E1E36FEFD45849A95F1AB81DE0159FE3, DA02B23A881D156A02D3874B41E6D042F84AD558B434280A6A6AC6B619668647 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:26:29.0715 0x15c0  LSI_SCSI - ok
15:26:29.0746 0x15c0  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:26:29.0762 0x15c0  luafv - ok
15:26:29.0793 0x15c0  [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:26:29.0793 0x15c0  mdmxsdk - ok
15:26:29.0855 0x15c0  [ D153B14FC6598EAE8422A2037553ADCE, D5408B07B6EBA0146A605F11106497DC3DF8EC72E0DCC44BE1366A2A58ABE478 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:26:29.0855 0x15c0  megasas - ok
15:26:29.0996 0x15c0  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:26:30.0011 0x15c0  Microsoft Office Groove Audit Service - ok
15:26:30.0027 0x15c0  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
15:26:30.0027 0x15c0  MMCSS - ok
15:26:30.0058 0x15c0  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
15:26:30.0058 0x15c0  Modem - ok
15:26:30.0089 0x15c0  [ EC839BA91E45CCE6EADAFC418FFF8206, 62BD439C9C1646E013310FC1A79318ACCD0556D68616CB1DE9C88C9406CAE29B ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:26:30.0089 0x15c0  monitor - ok
15:26:30.0183 0x15c0  [ 201BFC4EF8B33D02D133FBF6535E515B, 7CADD2F00C8C6F569EB7767FEE46AC62A22A072E61C4C0D9E66E04D59D211F26 ] motccgp         C:\Windows\system32\DRIVERS\motccgp.sys
15:26:30.0199 0x15c0  motccgp - ok
15:26:30.0245 0x15c0  [ D0242A3832EB7C97801BB25889561E23, C325EBB32875B2CBC9C063DA121454D0E56F34CC09653DDEAE8A78606276A933 ] motccgpfl       C:\Windows\system32\DRIVERS\motccgpfl.sys
15:26:30.0261 0x15c0  motccgpfl - ok
15:26:30.0292 0x15c0  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:26:30.0292 0x15c0  mouclass - ok
15:26:30.0308 0x15c0  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:26:30.0323 0x15c0  mouhid - ok
15:26:30.0355 0x15c0  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
15:26:30.0355 0x15c0  MountMgr - ok
15:26:30.0479 0x15c0  [ 6691DD9CC7DBC2BEEEDEEC01145099A9, 39887C6A88F6E044EC60E7649D00C77F7A4F64094EFDBB7B3B36DEA40DC5BB80 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:26:30.0495 0x15c0  MozillaMaintenance - ok
15:26:30.0573 0x15c0  [ 583A41F26278D9E0EA548163D6139397, 1F09D2FEEE1A8D4F1D9E53596158154099FD436A408F7E72E40F50778A3838A1 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:26:30.0573 0x15c0  mpio - ok
15:26:30.0604 0x15c0  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:26:30.0604 0x15c0  mpsdrv - ok
15:26:30.0713 0x15c0  [ D1639BA315B0D79DEC49A4B0E1FB929B, 96420572029217FDD78CD286A022EB5F8BAB76EE30F75E48CD69AEE1A4846B53 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:26:30.0807 0x15c0  MpsSvc - ok
15:26:30.0916 0x15c0  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
15:26:30.0963 0x15c0  Mraid35x - ok
15:26:30.0994 0x15c0  [ AE3DE84536B6799D2267443CEC8EDBB9, 787AF9D5BC6D1A1E4A55A66D62F0DF93F45C2FB7EA5BE0BF63F1270604600B40 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:26:30.0994 0x15c0  MRxDAV - ok
15:26:31.0041 0x15c0  [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1, 2C5F0554D5A763D6B3F1402C9BF36C6091CBBDFFD5139AEE85D69D5B210D2047 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:26:31.0041 0x15c0  mrxsmb - ok
15:26:31.0088 0x15c0  [ 6B5FA5ADFACAC9DBBE0991F4566D7D55, 9BAD029A6AAF4C2292C682B9F07C57051C84F7FA4F3EBEA52C25CAEF1A41121F ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:26:31.0103 0x15c0  mrxsmb10 - ok
15:26:31.0135 0x15c0  [ 5C80D8159181C7ABF1B14BA703B01E0B, 414085AD3C36B8E95D1D49E2958671332DECE38739544CCB70FAB30C408E89A2 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:26:31.0135 0x15c0  mrxsmb20 - ok
15:26:31.0181 0x15c0  [ 742AED7939E734C36B7E8D6228CE26B7, 6F727144BBD42C9C5555087CA51DE8D501B5CBEFB9967866CC578733E3C5E681 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:26:31.0181 0x15c0  msahci - ok
15:26:31.0213 0x15c0  [ 3FC82A2AE4CC149165A94699183D3028, 8575BE62A209672A5D8C68D75BBBB4FF06220CA73A939B0793442DAD2272598C ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:26:31.0228 0x15c0  msdsm - ok
15:26:31.0259 0x15c0  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
15:26:31.0275 0x15c0  MSDTC - ok
15:26:31.0291 0x15c0  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:26:31.0291 0x15c0  Msfs - ok
15:26:31.0306 0x15c0  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:26:31.0306 0x15c0  msisadrv - ok
15:26:31.0353 0x15c0  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:26:31.0369 0x15c0  MSiSCSI - ok
15:26:31.0369 0x15c0  msiserver - ok
15:26:31.0447 0x15c0  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:26:31.0447 0x15c0  MSKSSRV - ok
15:26:31.0493 0x15c0  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:26:31.0493 0x15c0  MSPCLOCK - ok
15:26:31.0540 0x15c0  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:26:31.0556 0x15c0  MSPQM - ok
15:26:31.0603 0x15c0  [ B5614AECB05A9340AA0FB55BF561CC63, 8D1B5E958A0F721F5A81AD649CC5759B4DECB771FC4654F4EDEB29AC7DF1BD40 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:26:31.0603 0x15c0  MsRPC - ok
15:26:31.0634 0x15c0  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:26:31.0634 0x15c0  mssmbios - ok
15:26:31.0946 0x15c0  MSSQL$MSSMLBIZ - ok
15:26:32.0164 0x15c0  [ 1D89EB4E2A99CABD4E81225F4F4C4B25, B9C4D956E3F74CB463A1A14287F4B550381FBB3E4B2DF9418E041E02A159E31E ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
15:26:32.0164 0x15c0  MSSQLServerADHelper - ok
15:26:32.0242 0x15c0  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:26:32.0242 0x15c0  MSTEE - ok
15:26:32.0305 0x15c0  [ 6DFD1D322DE55B0B7DB7D21B90BEC49C, 95149C41CC9F269C299541A97A9E2E2CCAEE34FE2362EEECD1F813EBC6D4CDC5 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:26:32.0305 0x15c0  Mup - ok
15:26:32.0476 0x15c0  [ C43B25863FBD65B6D2A142AF3AE320CA, 88E147751CBECFF31CD65954BC978B86CEA74485EB60DBB25AABAB4601797A4E ] napagent        C:\Windows\system32\qagentRT.dll
15:26:32.0539 0x15c0  napagent - ok
15:26:32.0851 0x15c0  [ 3C21CE48FF529BB73DADB98770B54025, B8541E3D2B120B97947AE51B28A99E2623ACAD3790BC282B1251ACBEC7684F8D ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:26:32.0851 0x15c0  NativeWifiP - ok
15:26:32.0960 0x15c0  [ 9BDC71790FA08F0A0B5F10462B1BD0B1, 67605C7A0CB4D9F2C4D0A876651DEB92270B54D0231C35A994F9A739C6075BC0 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:26:33.0100 0x15c0  NDIS - ok
15:26:33.0131 0x15c0  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:26:33.0147 0x15c0  NdisTapi - ok
15:26:33.0163 0x15c0  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:26:33.0163 0x15c0  Ndisuio - ok
15:26:33.0178 0x15c0  [ 3D14C3B3496F88890D431E8AA022A411, 9B31451756A35314586F93996172E1039B2CD21132CCBE772B3E61A8D9454A30 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:26:33.0194 0x15c0  NdisWan - ok
15:26:33.0209 0x15c0  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:26:33.0209 0x15c0  NDProxy - ok
15:26:33.0225 0x15c0  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:26:33.0225 0x15c0  NetBIOS - ok
15:26:33.0241 0x15c0  [ 7C5FEE5B1C5728507CD96FB4A13E7A02, EDBA08442AD6AF20463A0610FF24D5929574E5EC012495A2C219F6BA84C97F57 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
15:26:33.0256 0x15c0  netbt - ok
15:26:33.0272 0x15c0  [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] Netlogon        C:\Windows\system32\lsass.exe
15:26:33.0272 0x15c0  Netlogon - ok
15:26:33.0303 0x15c0  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
15:26:33.0350 0x15c0  Netman - ok
15:26:33.0397 0x15c0  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:26:33.0412 0x15c0  NetMsmqActivator - ok
15:26:33.0412 0x15c0  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:26:33.0428 0x15c0  NetPipeActivator - ok
15:26:33.0537 0x15c0  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
15:26:33.0584 0x15c0  netprofm - ok
15:26:33.0599 0x15c0  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:26:33.0599 0x15c0  NetTcpActivator - ok
15:26:33.0615 0x15c0  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:26:33.0615 0x15c0  NetTcpPortSharing - ok
15:26:33.0755 0x15c0  [ 0F366D06511A76A0428B418C91CA0E31, 50D55DDDF31C68571FF699A0A0F0BFC379D496008C3EC976E0A0A03A2D4548FA ] NETw4v32        C:\Windows\system32\DRIVERS\NETw4v32.sys
15:26:33.0880 0x15c0  NETw4v32 - ok
15:26:33.0927 0x15c0  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:26:33.0943 0x15c0  nfrd960 - ok
15:26:33.0974 0x15c0  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:26:33.0989 0x15c0  NlaSvc - ok
15:26:34.0005 0x15c0  [ ECB5003F484F9ED6C608D6D6C7886CBB, 45496B84B2FD156499E9F07FC82BC6F032B8F4D9DC194098CF9F5474D5642F9E ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:26:34.0005 0x15c0  Npfs - ok
15:26:34.0021 0x15c0  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
15:26:34.0021 0x15c0  nsi - ok
15:26:34.0036 0x15c0  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:26:34.0036 0x15c0  nsiproxy - ok
15:26:34.0145 0x15c0  [ B4EFFE29EB4F15538FD8A9681108492D, 12AF3C19DD2DE7D92EE4C03AD07BAFD77EB8BFF2333E6FBD9CAAA0F654A35F46 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:26:34.0333 0x15c0  Ntfs - ok
15:26:34.0364 0x15c0  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
15:26:34.0364 0x15c0  ntrigdigi - ok
15:26:34.0379 0x15c0  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
15:26:34.0395 0x15c0  Null - ok
15:26:34.0426 0x15c0  [ E69E946F80C1C31C53003BFBF50CBB7C, A0A4BC57822B2CBC75602A969E28DCEDE04B41CC084E1EF1532B1BCDAEAA43BB ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:26:34.0442 0x15c0  nvraid - ok
15:26:34.0457 0x15c0  [ 9E0BA19A28C498A6D323D065DB76DFFC, EA9E33ED2820ED39932FAE114A9CF1D87780ED6605D0260A6F22F920B48F34E9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:26:34.0457 0x15c0  nvstor - ok
15:26:34.0520 0x15c0  [ 07C186427EB8FCC3D8D7927187F260F7, 9AFDE1CB7B7232BD019804BFC691580B9CC2E51A5BC0E5584B23907D532600D8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:26:34.0535 0x15c0  nv_agp - ok
15:26:34.0535 0x15c0  NwlnkFlt - ok
15:26:34.0551 0x15c0  NwlnkFwd - ok
15:26:34.0676 0x15c0  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:26:34.0754 0x15c0  odserv - ok
15:26:34.0816 0x15c0  [ 790E27C3DB53410B40FF9EF2FD10A1D9, FD06F2702B8F7E04ECF1B6E88602F14301E7AE7FC44AD114282E580FAD530A9C ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
15:26:34.0816 0x15c0  ohci1394 - ok
15:26:34.0972 0x15c0  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:26:34.0988 0x15c0  ose - ok
15:26:35.0159 0x15c0  [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
15:26:35.0237 0x15c0  p2pimsvc - ok
15:26:35.0315 0x15c0  [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:26:35.0331 0x15c0  p2psvc - ok
15:26:35.0362 0x15c0  [ 8A79FDF04A73428597E2CAF9D0D67850, DB438FDE5510AB2F350ED1AC4CF0E99D3CC665FE46533A438A8FDA4DAF950F93 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:26:35.0362 0x15c0  Parport - ok
15:26:35.0409 0x15c0  [ 3B38467E7C3DAED009DFE359E17F139F, 419BD726E511B3FEFBD8204C9E2BF6131EC05C71D15406070F834688EAFB694F ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:26:35.0409 0x15c0  partmgr - ok
15:26:35.0425 0x15c0  [ 6C580025C81CAF3AE9E3617C22CAD00E, 64F9061196462085E5DCD3ACB97A0D8FC67CA9A96DDD6E2103AFFF1593AE236A ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
15:26:35.0425 0x15c0  Parvdm - ok
15:26:35.0456 0x15c0  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:26:35.0456 0x15c0  PcaSvc - ok
15:26:35.0487 0x15c0  PcdrNdisuio - ok
15:26:35.0534 0x15c0  [ 01B94418DEB235DFF777CC80076354B4, 091C4D5954C5CA1F783748C4D7287DD160C5F3357F2CC448DC5C2935B79AC1E9 ] pci             C:\Windows\system32\drivers\pci.sys
15:26:35.0549 0x15c0  pci - ok
15:26:35.0596 0x15c0  [ 3B1901E401473E03EB8C874271E50C26, 3C7931F419E29FDD0155D8D05D97289430A2852FCB3DBAD1B338FE2241458E72 ] pciide          C:\Windows\system32\drivers\pciide.sys
15:26:35.0596 0x15c0  pciide - ok
15:26:35.0643 0x15c0  [ B7C5A8769541900F6DFA6FE0C5E4D513, 1885FE8AE9D6929E8B43D674B43B7B3FEAA25AF6E45973A0B49CBA7B9CBA34C4 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:26:35.0659 0x15c0  pcmcia - ok
15:26:35.0924 0x15c0  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:26:36.0002 0x15c0  PEAUTH - ok
15:26:36.0423 0x15c0  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
15:26:36.0610 0x15c0  pla - ok
15:26:36.0688 0x15c0  [ 78F975CB6D18265BE6F492EDB2D7BC7B, 112C6FB0A84E605B1EA87F98C8A4C210C9DB84C811029109444AB174011A158C ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:26:36.0704 0x15c0  PlugPlay - ok
15:26:36.0844 0x15c0  [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
15:26:36.0860 0x15c0  PNRPAutoReg - ok
15:26:36.0922 0x15c0  [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
15:26:36.0938 0x15c0  PNRPsvc - ok
15:26:37.0063 0x15c0  [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A, FAE64867CE80439735F88A9988243667BDE84486B5A768B650E55E1519C85C03 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:26:37.0094 0x15c0  PolicyAgent - ok
15:26:37.0125 0x15c0  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:26:37.0141 0x15c0  PptpMiniport - ok
15:26:37.0187 0x15c0  [ 1D80309FED4BABF8EA9E7B84A394348B, 069670F83D9F7E14B620B37B95C1EE29A0061A438670E6B9A08C04367503AB59 ] PROCDD          C:\Windows\system32\DRIVERS\PROCDD.SYS
15:26:37.0187 0x15c0  PROCDD - ok
15:26:37.0312 0x15c0  [ 0E3CEF5D28B40CF273281D620C50700A, 8ADA99B4563AE2129B95136295EE92A94102B035EBBC83D4C8587ECE8B0DEE60 ] Processor       C:\Windows\system32\drivers\processr.sys
15:26:37.0328 0x15c0  Processor - ok
15:26:37.0359 0x15c0  [ B627E4FC8585E8843C5905D4D3587A90, 07D7BC1BF8CDD5E34155B260B914D4A9892D3CEAEACDE334D1AF2A608E1FA2D8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:26:37.0375 0x15c0  ProfSvc - ok
15:26:37.0375 0x15c0  [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:26:37.0375 0x15c0  ProtectedStorage - ok
15:26:37.0421 0x15c0  [ F8A25F1DD8B2C332CBC663E3579566E7, 85413753DBEDCDD367DC655B4A8FCEF8A5F7919DA1D5EE6773DC4677A95C829F ] psadd           C:\Windows\system32\DRIVERS\psadd.sys
15:26:37.0437 0x15c0  psadd - ok
15:26:37.0453 0x15c0  [ BFEF604508A0ED1EAE2A73E872555FFB, AC817FB5A6126475B4A3CA191AD49651B919FB55429B939D036BC564632E426D ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
15:26:37.0453 0x15c0  PSched - ok
15:26:37.0484 0x15c0  [ 49452BFCEC22F36A7A9B9C2181BC3042, C01A2005E9897B142FF9BC6155770F70C19725C425E48D14239195E81E2E42D0 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
15:26:37.0515 0x15c0  PxHelp20 - ok
15:26:37.0640 0x15c0  [ CCDAC889326317792480C0A67156A1EC, 3D3B561B6D4E12DE442C98993C929765F002AF5CFB5A00EFACE6ABE957F7E8AF ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:26:37.0687 0x15c0  ql2300 - ok
15:26:37.0733 0x15c0  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:26:37.0749 0x15c0  ql40xx - ok
15:26:37.0811 0x15c0  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
15:26:37.0827 0x15c0  QWAVE - ok
15:26:37.0874 0x15c0  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:26:37.0874 0x15c0  QWAVEdrv - ok
15:26:37.0905 0x15c0  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:26:37.0905 0x15c0  RasAcd - ok
15:26:37.0967 0x15c0  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
15:26:37.0983 0x15c0  RasAuto - ok
15:26:38.0014 0x15c0  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:26:38.0030 0x15c0  Rasl2tp - ok
15:26:38.0123 0x15c0  [ 6E7C284FC5C4EC07AD164D93810385A6, FDBF80C8DE53E56A3515353129C6912E8CAEC2B2DA9AB3A4B027CB73BDF1EC60 ] RasMan          C:\Windows\System32\rasmans.dll
15:26:38.0373 0x15c0  RasMan - ok
15:26:38.0420 0x15c0  [ 3E9D9B048107B40D87B97DF2E48E0744, F7B8DAE57B9372CEB21A912379FC7670B099A9642CF2E7EA8D335ADBD4CF86A2 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:26:38.0420 0x15c0  RasPppoe - ok
15:26:38.0435 0x15c0  [ A7D141684E9500AC928A772ED8E6B671, C9329ECA4190EE1F4A6F186D45EA42ACF60C04CDBAFEB19973F3C2DF04A1BCEE ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:26:38.0435 0x15c0  RasSstp - ok
15:26:38.0467 0x15c0  [ 6E1C5D0457622F9EE35F683110E93D14, 9C6BE049FDA5E6CBA486EE33F01AADDD6085CC5F1F08409EC439ADE9137D3F5F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:26:38.0482 0x15c0  rdbss - ok
15:26:38.0498 0x15c0  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:26:38.0498 0x15c0  RDPCDD - ok
15:26:38.0560 0x15c0  [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr           C:\Windows\system32\DRIVERS\rdpdr.sys
15:26:38.0576 0x15c0  rdpdr - ok
15:26:38.0576 0x15c0  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:26:38.0576 0x15c0  RDPENCDD - ok
15:26:38.0654 0x15c0  [ E1C18F4097A5ABCEC941DC4B2F99DB7E, B38AC355042F18A41F83BF088FE7EB867184C7FE37820365314419BD3810BB68 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:26:38.0685 0x15c0  RDPWD - ok
15:26:38.0747 0x15c0  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:26:38.0763 0x15c0  RemoteAccess - ok
15:26:38.0794 0x15c0  [ CC4E32400F3C7253400CF8F3F3A0B676, D2A874BE3D365260AD7C10C30F2DE22F818CBFC12D65AADE2203B9ED02C9BEB5 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:26:38.0825 0x15c0  RemoteRegistry - ok
15:26:38.0857 0x15c0  [ 34CC78C06587718C2AD6D3AA83B1F072, 35973BBFF7C6119287B4C3C47A54C626A8623C9F18062597AD7D3ADDF0094ED8 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
15:26:38.0857 0x15c0  RFCOMM - ok
15:26:39.0059 0x15c0  rootrepeal - ok
15:26:39.0122 0x15c0  [ 20118450ED6782BEF435B37803B3E43D, C910CE52441077A9A322F80DBA9263A1D51837B6D9ED7513745F5DD996C7F0BD ] Roxio UPnP Renderer 9 C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
15:26:39.0122 0x15c0  Roxio UPnP Renderer 9 - ok
15:26:39.0169 0x15c0  [ F6B15F87CA084944FD9471F2BD0FE3B4, 41A70A2D56AE7AE4ED71DD4DB47828DC545038F31F3EB69916DBA7D9C6AD380D ] Roxio Upnp Server 9 C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
15:26:39.0200 0x15c0  Roxio Upnp Server 9 - ok
15:26:39.0371 0x15c0  [ EEFEA86E93C6740885C7E019D9050387, 1EF836B59941BF46181A7D91ADBE9581D354BBD37D18C7694E1F454BAE3A5647 ] RoxMediaDB9     C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
15:26:39.0559 0x15c0  RoxMediaDB9 - ok
15:26:39.0574 0x15c0  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
15:26:39.0574 0x15c0  RpcLocator - ok
15:26:39.0715 0x15c0  [ 301AE00E12408650BADDC04DBC832830, 405A392B83942A17F1EB78943C3A3046B5451EA8CB0082A53571CCC0609275A2 ] RpcSs           C:\Windows\system32\rpcss.dll
15:26:39.0730 0x15c0  RpcSs - ok
15:26:39.0761 0x15c0  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:26:39.0761 0x15c0  rspndr - ok
15:26:39.0777 0x15c0  [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] SamSs           C:\Windows\system32\lsass.exe
15:26:39.0777 0x15c0  SamSs - ok
15:26:39.0855 0x15c0  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:26:39.0871 0x15c0  sbp2port - ok
15:26:39.0917 0x15c0  [ 11387E32642269C7E62E8B52C060B3C6, 6225FA14CBDC1D30F2E4CDC2059773DA49C67BE2C00A1DE582E8E07717F20425 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:26:39.0949 0x15c0  SCardSvr - ok
15:26:40.0073 0x15c0  [ 7B587B8A6D4A99F79D2902D0385F29BD, C29F2EE25F7B11E1821832CB7F4F8506C2AB20804D6702CC5EAF5BA1F3FCA972 ] Schedule        C:\Windows\system32\schedsvc.dll
15:26:40.0151 0x15c0  Schedule - ok
15:26:40.0198 0x15c0  [ 87C2D0377B23E2D8A41093C2F5FB1A5B, 94725CD764318461A1163FCD1B507B92490C5F52CB5089E6C7245FD91F2D1D05 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:26:40.0214 0x15c0  SCPolicySvc - ok
15:26:40.0276 0x15c0  [ 126EA89BCC413EE45E3004FB0764888F, 367BE2B56113177AE867E00D019C707C6449E0FC4A642101B11036A0534D6901 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
15:26:40.0276 0x15c0  sdbus - ok
15:26:40.0307 0x15c0  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:26:40.0323 0x15c0  SDRSVC - ok
15:26:40.0339 0x15c0  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:26:40.0339 0x15c0  secdrv - ok
15:26:40.0354 0x15c0  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
15:26:40.0370 0x15c0  seclogon - ok
15:26:40.0370 0x15c0  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
15:26:40.0385 0x15c0  SENS - ok
15:26:40.0417 0x15c0  [ CE9EC966638EF0B10B864DDEDF62A099, 2DEC5A8C947D87C12B342F15B8A552A0D49B979A2AC32D2C97FC7A3A76C34524 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:26:40.0432 0x15c0  Serenum - ok
15:26:40.0495 0x15c0  [ 6D663022DB3E7058907784AE14B69898, 54263888C64A7F010D3B5E399369B0F3FF3AF0A0DE8ADB502B98277533E4D45F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:26:40.0495 0x15c0  Serial - ok
15:26:40.0526 0x15c0  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:26:40.0526 0x15c0  sermouse - ok
15:26:40.0588 0x15c0  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:26:40.0619 0x15c0  SessionEnv - ok
15:26:40.0682 0x15c0  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
15:26:40.0697 0x15c0  sffdisk - ok
15:26:40.0744 0x15c0  [ 96DED8B20C734AC41641CE275250E55D, E88317D0B31A98917AD30AD9F8CF6B59C1141FFBF7A150D8675A29B95FF150F3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:26:40.0775 0x15c0  sffp_mmc - ok
15:26:40.0838 0x15c0  [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
15:26:40.0853 0x15c0  sffp_sd - ok
15:26:40.0916 0x15c0  [ C33BFBD6E9E41FCD9FFEF9729E9FAED6, 490C29DC9E9FE8D5010E6DB18DE7DA808BCE84F014CFDEE0530735CBED788073 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:26:40.0947 0x15c0  sfloppy - ok
15:26:41.0009 0x15c0  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:26:41.0041 0x15c0  SharedAccess - ok
15:26:41.0103 0x15c0  [ 1E3FDB80E40A3CE645F229DFBDFB7694, C58D04CB86E314FC768F2729AC77A7097AFA9C80A35D8AB72690B7005E83D1D6 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:26:41.0134 0x15c0  ShellHWDetection - ok
15:26:41.0212 0x15c0  [ A3AEE791DB8C73882F4503BFAACD8C9E, 218949A5733787DB683AF7E38EC4AB7B096104CF7F81672DBFCA0CE6F56F7B39 ] Shockprf        C:\Windows\system32\DRIVERS\Apsx86.sys
15:26:41.0228 0x15c0  Shockprf - ok
15:26:41.0275 0x15c0  [ D2A595D6EEBEEAF4334F8E50EFBC9931, 851B8205C657BF806C4D815DC75356E99B4246016B6E1C1F51BAF8AD1E6D5299 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
15:26:41.0290 0x15c0  sisagp - ok
15:26:41.0306 0x15c0  [ CEDD6F4E7D84E9F98B34B3FE988373AA, E102977E6FAC30B5ABEEC0B412A9F2A10C5C42F4D9C3AD69296BF9E1E88B6141 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
15:26:41.0306 0x15c0  SiSRaid2 - ok
15:26:41.0321 0x15c0  [ DF843C528C4F69D12CE41CE462E973A7, A2BEC74FCB8D8B6B9D8DD4746C013DFDF1DD662AEFE9B88CA495E5B83B4A76F9 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:26:41.0321 0x15c0  SiSRaid4 - ok
15:26:41.0883 0x15c0  [ 0BA91E1358AD25236863039BB2609A2E, ECB3C8E3D9C6FA77C0CF5A898FB90BB9474C6EFBE3698B56C93ECE44535EDACE ] slsvc           C:\Windows\system32\SLsvc.exe
15:26:42.0039 0x15c0  slsvc - ok
15:26:42.0101 0x15c0  [ 7C6DC44CA0BFA6291629AB764200D1D4, 747CDA89C6F94F8314E5E5C425387ABDF9FF8528D82422F8FF66D96307B47B13 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
15:26:42.0101 0x15c0  SLUINotify - ok
15:26:42.0117 0x15c0  [ 031E6BCD53C9B2B9ACE111EAFEC347B6, B934129BD77CA6A1434C59EA82B5E93FD4089608E0E41242B6E68070A0F33FB8 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:26:42.0133 0x15c0  Smb - ok
15:26:42.0179 0x15c0  [ 8B098D7113F39AB9C51D071BF0FF11F6, 738691FA9F95198269707FDD0E29404D1B6DCD322DCC666A8ED1CC017046D361 ] smihlp          C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys
15:26:42.0195 0x15c0  smihlp - ok
15:26:42.0226 0x15c0  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:26:42.0226 0x15c0  SNMPTRAP - ok
15:26:42.0226 0x15c0  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:26:42.0242 0x15c0  spldr - ok
15:26:42.0257 0x15c0  [ 3665F79026A3F91FBCA63F2C65A09B19, A9AAE9B4006B5BC6EF4A7AB4CAB131687E4055E7C56900BBD24F78BA155C458A ] Spooler         C:\Windows\System32\spoolsv.exe
15:26:42.0273 0x15c0  Spooler - ok
15:26:42.0335 0x15c0  [ 86EBD8B1F23E743AAD21F4D5B4D40985, 8FA4DFDAE15712266B878C364FEFDB63CB30A3DCC25F83CDFE8C8AB3AE864BE6 ] SQLBrowser      c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:26:42.0367 0x15c0  SQLBrowser - ok
15:26:42.0413 0x15c0  [ D89083C4EB02DACA8F944B0E05E57F9D, F96416B5877C280B4EE088A83956E0202F82DC5EACDEEFF06D5979FFFAA9FA74 ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:26:42.0429 0x15c0  SQLWriter - ok
15:26:42.0460 0x15c0  [ 2252AEF839B1093D16761189F45AF885, D7B79E1B9CD73EDEA855DBE120ED470CC0F67D1AA44038E6051A4C5BCE361DE3 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:26:42.0476 0x15c0  srv - ok
15:26:42.0538 0x15c0  [ B7FF59408034119476B00A81BB53D5D1, 365D8E719D729D56082F5A6EEB65B31EB5DB5D15A5346D05E7130F41F2F97D46 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:26:42.0538 0x15c0  srv2 - ok
15:26:42.0554 0x15c0  [ 2ACCC9B12AF02030F531E6CCA6F8B76E, D1BA17C7BFE02347824DEEB1B7362FD251769ECB92B14EB3C600C85AB7E04D1B ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:26:42.0569 0x15c0  srvnet - ok
15:26:42.0585 0x15c0  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:26:42.0585 0x15c0  SSDPSRV - ok
15:26:42.0725 0x15c0  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:26:42.0741 0x15c0  SstpSvc - ok
15:26:43.0365 0x15c0  [ 03404CCE10E4A207953E954C2AF8D41E, 380841C60C7730E14F81C2E2D011E944BE45CA082997B82A4859C2E49F812D01 ] Steam Client Service C:\Program Files\Common Files\Steam\SteamService.exe
15:26:43.0490 0x15c0  Steam Client Service - ok
15:26:43.0552 0x15c0  [ EF70B3D22B4BFFDA6EA851ECB063EFAA, 1666572F8F988805C3A2E949FA6B060B35B72DBB115B86F4CFC710FB6A86C3E3 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
15:26:43.0568 0x15c0  StillCam - ok
15:26:43.0724 0x15c0  [ 7DD08A597BC56051F320DA0BAF69E389, ACC59CF80765248705FFCE65DC9B5D072DC054F08C02FB4D16BA0E84D8BED0A4 ] stisvc          C:\Windows\System32\wiaservc.dll
15:26:43.0755 0x15c0  stisvc - ok
15:26:44.0192 0x15c0  [ 4173A9CD59F15A64F54B3242C3232731, 6D670D1F8C2F7827837153D0E21B4EBD98856E2DCE4F253ADA8D537F0C9B572D ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
15:26:44.0223 0x15c0  stllssvr - ok
15:26:44.0426 0x15c0  [ B384A999C5326BA7BC940347A26FC0B9, 1D8A5299A1F7EB2185949C2B32B39CBAD5A464ED846C38D89EC33B56D0AB0B53 ] SUService       c:\program files\lenovo\system update\suservice.exe
15:26:44.0426 0x15c0  SUService - ok
15:26:44.0426 0x15c0  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:26:44.0441 0x15c0  swenum - ok
15:26:44.0551 0x15c0  [ B36C7CDB86F7F7A8E884479219766950, F3EA381A84CD6950BF71A56E9ABAD5010F226C5254CB936699A38BA4C85F7367 ] swprv           C:\Windows\System32\swprv.dll
15:26:45.0362 0x15c0  swprv - ok
15:26:45.0549 0x15c0  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
15:26:45.0565 0x15c0  Symc8xx - ok
15:26:45.0783 0x15c0  [ 74E2521E96176A4449570E50BE91954D, 731EACC486C77DE9006094B45F3C778095E8F31B183E09D6DBD32F89229474AB ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
15:26:45.0814 0x15c0  SymEvent - ok
15:26:45.0861 0x15c0  [ 79BCE70BDC348519C167B0DFA886E444, FFF61AB829006B6D37A2AE4B2D7ABF0FBCDBDBEF6679505EEFB6FD8910236161 ] SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} C:\Windows\System32\Drivers\NSM\0203000.01B\SymRdr.SYS
15:26:45.0877 0x15c0  SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} - ok
15:26:45.0939 0x15c0  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
15:26:45.0970 0x15c0  Sym_hi - ok
15:26:46.0017 0x15c0  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
15:26:46.0017 0x15c0  Sym_u3 - ok
15:26:46.0095 0x15c0  [ 8710A92D0024B03B5FB9540DF1F71F1D, B72A968A7966DC16A1D69A8D53012A4307EEBDC4CB8E1D9C93BFB88D996E490F ] SysMain         C:\Windows\system32\sysmain.dll
15:26:46.0235 0x15c0  SysMain - ok
15:26:46.0267 0x15c0  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:26:46.0267 0x15c0  TabletInputService - ok
15:26:46.0345 0x15c0  [ 92D688A89C85EF90DEA9C38850740FA5, 2976986A700A2A86639015B823789B5FC81ACC18EB49F97FFC44B8D7D70E7B5A ] TabletSVC       C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
15:26:46.0345 0x15c0  TabletSVC - ok
15:26:46.0391 0x15c0  [ 680916BB09EE0F3A6ACA7C274B0D633F, 008B6EE41FA4D371258F0A656AE96B3E3F487BE5B9E0654B920013B4F1C0DFD8 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:26:46.0407 0x15c0  TapiSrv - ok
15:26:46.0454 0x15c0  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
15:26:46.0454 0x15c0  TBS - ok
15:26:46.0750 0x15c0  [ 782568AB6A43160A159B6215B70BCCE9, 11FDD484743985D2F41098C191926BFE8010D4E432CA20CCEB6219B514F9838A ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:26:47.0281 0x15c0  Tcpip - ok
15:26:47.0515 0x15c0  [ 782568AB6A43160A159B6215B70BCCE9, 11FDD484743985D2F41098C191926BFE8010D4E432CA20CCEB6219B514F9838A ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
15:26:47.0546 0x15c0  Tcpip6 - ok
15:26:47.0577 0x15c0  [ D4A2E4A4B011F3A883AF77315A5AE76B, 29E18087236A592638570F76691BC5C64CCA383F43EE22DF122413860E2D882C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:26:47.0577 0x15c0  tcpipreg - ok
15:26:47.0655 0x15c0  [ 07D174A992AB0EA6001F390DE1AFA27B, CFD1B9EF28D70D5CE0B51384D19EC0B0533B6BEF4A654307664C78D693839804 ] TcUsb           C:\Windows\system32\Drivers\tcusb.sys
15:26:47.0655 0x15c0  TcUsb - ok
15:26:47.0702 0x15c0  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:26:47.0717 0x15c0  TDPIPE - ok
15:26:47.0749 0x15c0  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:26:47.0780 0x15c0  TDTCP - ok
15:26:47.0811 0x15c0  [ D09276B1FAB033CE1D40DCBDF303D10F, 2CB47CB522B4E1C091DE30AF0EB4E21D321C42D2A5BA9647CBD078652680D8FF ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:26:47.0811 0x15c0  tdx - ok
15:26:47.0827 0x15c0  [ A048056F5E1A96A9BF3071B91741A5AA, CFDE51D106A6CC4A5638BCD458505F5831636D2203F7C949273BDA446AC7C5F3 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:26:47.0827 0x15c0  TermDD - ok
15:26:47.0889 0x15c0  [ D605031E225AACCBCEB5B76A4F1603A6, 27D78644CADBC11C3AB5E0C10F854FD43BCD43B6E91C1ED1F6D35BC501147701 ] TermService     C:\Windows\System32\termsrv.dll
15:26:47.0936 0x15c0  TermService - ok
15:26:47.0967 0x15c0  [ 1E3FDB80E40A3CE645F229DFBDFB7694, C58D04CB86E314FC768F2729AC77A7097AFA9C80A35D8AB72690B7005E83D1D6 ] Themes          C:\Windows\system32\shsvcs.dll
15:26:47.0967 0x15c0  Themes - ok
15:26:48.0279 0x15c0  [ 6A31E2966354E4DED9533875899CA708, C569C2B70F6E2CAED8E2BF2FEEBBA85B0DF16EFCFFCC5CBEA2155DD87D840181 ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
15:26:48.0310 0x15c0  ThinkVantage Registry Monitor Service - ok
15:26:48.0310 0x15c0  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
15:26:48.0326 0x15c0  THREADORDER - ok
15:26:48.0497 0x15c0  [ 2E27C86379445812CDA2637C44A9F65B, 17F00CA0746BC8EA8218BFB2711CDFFB6864E3057FB1242FE4288F9FFE256F27 ] tp4serv         C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
15:26:48.0497 0x15c0  tp4serv - ok
15:26:48.0544 0x15c0  [ 5C7396B8F083DC4637C584DECCD50504, A2C1AA009FF420CD28201F154183065E23D4185D014798E104581D5A2404A972 ] Tp4Track        C:\Windows\system32\DRIVERS\tp4track.sys
15:26:48.0560 0x15c0  Tp4Track - ok
15:26:48.0560 0x15c0  [ 639BA7B37F25054CF5E82604E736D250, A804EE919F00B79FAC5545F20CDFC49D2F8C86948954AEAD16DF9ED3AAD4C1FA ] TPDIGIMN        C:\Windows\system32\DRIVERS\ApsHM86.sys
15:26:48.0560 0x15c0  TPDIGIMN - ok
15:26:48.0981 0x15c0  [ 5A6826F25699856DD057BE527D23146F, 4696B99C23D57B77A78A8AA086681C9003C8F3C1EEC69EC83241093AD27227B5 ] tpflhlp         c:\Program Files\Lenovo\System Update\session\7suj04us\tpflhlp.sys
15:26:49.0012 0x15c0  tpflhlp - ok
15:26:49.0059 0x15c0  [ 3663C0F611711DAC453636AF562F0831, D5DD416BBF6C98EBB9B87773E9C0B6DDB65CF1301443CC59420F29D34518E6E8 ] TPHDEXLGSVC     C:\Windows\system32\TPHDEXLG.exe
15:26:49.0059 0x15c0  TPHDEXLGSVC - ok
15:26:49.0090 0x15c0  [ CA4A110735DE1CB9ECCE3336E44A29FB, CF5CA770CE57CAE9821F03D6278ABA95E8883EDECEF9BE451D438A23B831A8D4 ] TPHKSVC         C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
15:26:49.0090 0x15c0  TPHKSVC - ok
15:26:49.0137 0x15c0  [ CB258C2F726F1BE73C507022BE33EBB3, 096A6027D3C0D4D09DC4038505FAEA41E5DD9F62782CED648DC14314F138D666 ] TPM             C:\Windows\system32\drivers\tpm.sys
15:26:49.0137 0x15c0  TPM - ok
15:26:49.0184 0x15c0  [ 1BD5719EF160E0AB739CD0FF3BA5E298, 7AE87307F58D3AF23649DA2BB90DD9FADD0E3AF60D10F6270889D40DAAC778F3 ] TPPWRIF         C:\Windows\system32\drivers\Tppwr32v.sys
15:26:49.0199 0x15c0  TPPWRIF - ok
15:26:49.0215 0x15c0  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
15:26:49.0215 0x15c0  TrkWks - ok
15:26:49.0309 0x15c0  [ 16613A1BAD034D4ECF957AF18B7C2FF5, 75499618187ED4385984F608D134BB298A4CCB339F70B31E4A8B2CF3E3558396 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:26:49.0324 0x15c0  TrustedInstaller - ok
15:26:49.0683 0x15c0  [ 384383E999450EA1F0117B55461E3A55, 2E5DC4D7068A38F31442556FB89CFEA209F89E387C283EA5DECFD5876F9BB5ED ] TSSCoreService  C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
15:26:49.0714 0x15c0  TSSCoreService - ok
15:26:49.0777 0x15c0  [ DCF0F056A2E4F52287264F5AB29CF206, D9F770BD65AE4320A8C130DEA1D093AA4E37FCA573BBE6A59D6D045452EA711D ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:26:49.0823 0x15c0  tssecsrv - ok
15:26:49.0870 0x15c0  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
15:26:49.0870 0x15c0  tunmp - ok
15:26:49.0901 0x15c0  [ 6042505FF6FA9AC1EF7684D0E03B6940, D09CF14A6C0C760238792DDA4ECB6FBB6CA645BB91BD62585EBD050226BDB5A7 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:26:49.0917 0x15c0  tunnel - ok
15:26:50.0089 0x15c0  [ 65F6E645CB8973F8D955E242EC4E8FF1, 4D8263FD2E821F34BB293862F7959C492907391FDEB90D0A423E6DACB3181CD5 ] TVT Backup Protection Service C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
15:26:50.0120 0x15c0  TVT Backup Protection Service - ok
15:26:50.0276 0x15c0  [ 601F216990613DCB8A46BBAFC4AB4F66, 4F8C92B3AB4BC2DA0953DF1D3952E8B05A4B58BF2A19F4BA57D4CF9703773C2B ] TVT Backup Service C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
15:26:50.0323 0x15c0  TVT Backup Service - ok
15:26:50.0650 0x15c0  [ E9EA448F1174BE4052416B62263EA4EE, 9D582B58D52CE61804A528E60902A4979A1C9B424C8022EC1AFF5E8FCB94E823 ] TVT Scheduler   c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
15:26:50.0900 0x15c0  TVT Scheduler - ok
15:26:50.0931 0x15c0  [ 49258A02A1E8D304ED88B0F1C56B1738, 4BB23E4C37BB2A0DAF465FE93C0AF6E0D3E6AE85605382E08FFE80403CBC2DAF ] tvtfilter       C:\Windows\system32\DRIVERS\tvtfilter.sys
15:26:50.0931 0x15c0  tvtfilter - ok
15:26:51.0009 0x15c0  [ 8AB24D4B7DA715C2C80455137910E792, B4CF1FE6A4C2838BAAF661F6DF77916AD2B563F2B380C98567FF7713758F67CC ] TVTI2C          C:\Windows\system32\DRIVERS\Tvti2c.sys
15:26:51.0009 0x15c0  TVTI2C - ok
15:26:51.0056 0x15c0  [ 2E72C66682E9274C97AE3F5A57C2FA33, 49F9FA662A0290D03A287485371BA2EA38389AC2E9F72990395E691D579EA7C0 ] tvtnetwk        C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
15:26:51.0056 0x15c0  tvtnetwk - ok
15:26:51.0056 0x15c0  [ 8AE72DA1E4ABC2575FCD40420E2D9013, 5AF108E55DCA2347DA4DE6E8148EAD72E14567ED3BB4C3D4D42220EE7E4C91EC ] tvtumon         C:\Windows\system32\DRIVERS\tvtumon.sys
15:26:51.0071 0x15c0  tvtumon - ok
15:26:51.0118 0x15c0  [ 78486D108D5C49A017FE998A7E0C103C, 9FEE5BFBCE6DCE06BA6C66D593F90EB87D2E09DC1B4258AEB7E69F279C96EB5B ] TVT_UpdateMonitor C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
15:26:51.0118 0x15c0  TVT_UpdateMonitor - ok
15:26:51.0165 0x15c0  [ C3ADE15414120033A36C0F293D4A4121, 74A002C4B5EBD94E33EDEACB6639AF44ED72A8DDE3083C6DE71C1EE937EF1A9C ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:26:51.0212 0x15c0  uagp35 - ok
15:26:51.0274 0x15c0  [ 8B5088058FA1D1CD897A2113CCFF6C58, 1616EDB66C3E2DA7B09EA4FE46A3FC7087D6201F2195D76118A93B0B065D1623 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:26:51.0290 0x15c0  udfs - ok
15:26:51.0337 0x15c0  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:26:51.0352 0x15c0  UI0Detect - ok
15:26:51.0368 0x15c0  UIUSys - ok
15:26:51.0399 0x15c0  [ 75E6890EBFCE0841D3291B02E7A8BDB0, FDF9CDCCCCC0AA2A52623C5A67AC5F5224557EE4C8F6487CB13CAEB012575E2A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:26:51.0399 0x15c0  uliagpkx - ok
15:26:51.0430 0x15c0  [ 3CD4EA35A6221B85DCC25DAA46313F8D, 100A7E12B8EA395F70A00874328E87B930CE88FF442F3576FE88B105A22E04C5 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
15:26:51.0446 0x15c0  uliahci - ok
15:26:51.0477 0x15c0  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
15:26:51.0493 0x15c0  UlSata - ok
15:26:51.0555 0x15c0  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
15:26:51.0586 0x15c0  ulsata2 - ok
15:26:51.0602 0x15c0  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:26:51.0602 0x15c0  umbus - ok
15:26:51.0664 0x15c0  [ 909795B5B15047D9331F3D6B276B3993, BFB985FC69B0A3C2EDAA0D2FC260790D8AEFAC741A0FC42D425C22F6DF1EDCA9 ] UmRdpService    C:\Windows\System32\umrdp.dll
15:26:51.0727 0x15c0  UmRdpService - ok
15:26:51.0789 0x15c0  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
15:26:51.0789 0x15c0  upnphost - ok
15:26:51.0867 0x15c0  [ A176718F0DF45F60F545CF3E14F4D108, 5E767CB0B51B3BA05B6F99A7E46BEC275489DCFE874343C9B992843AA1F2334E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
15:26:51.0883 0x15c0  USBAAPL - ok
15:26:51.0914 0x15c0  [ CAF811AE4C147FFCD5B51750C7F09142, BD670CF88D8F932AD1C6BA91FB68A7204BC473657C6A057C92AFB84D164D393C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:26:51.0929 0x15c0  usbccgp - ok
15:26:51.0961 0x15c0  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:26:51.0976 0x15c0  usbcir - ok
15:26:52.0054 0x15c0  [ CEBE90821810E76320155BEBA722FCF9, AD27B032520BE2A45690DD1AFDDA632B934AB7F815CD313B19CD692790C761D8 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:26:52.0054 0x15c0  usbehci - ok
15:26:52.0085 0x15c0  [ CC6B28E4CE39951357963119CE47B143, 0BC653B51A33709AADD8B5A2B8102DBCB3C1EE14BDDF4C58813FDCA43FF7C1B2 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:26:52.0101 0x15c0  usbhub - ok
15:26:52.0117 0x15c0  [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:26:52.0117 0x15c0  usbohci - ok
15:26:52.0163 0x15c0  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:26:52.0195 0x15c0  usbprint - ok
15:26:52.0241 0x15c0  [ A508C9BD8724980512136B039BBA65E9, B39B72471C468AC997AEC528599EDC98A031F5A7EB91C4F9471402D48D2D4E3E ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:26:52.0241 0x15c0  usbscan - ok
15:26:52.0304 0x15c0  [ 87BA6B83C5D19B69160968D07D6E2982, 9E039DF4BBE53CA22A0ACE486B9867F99FFFE086CCAF6A83BD78770E4631F3F8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:26:52.0304 0x15c0  USBSTOR - ok
15:26:52.0319 0x15c0  [ 814D653EFC4D48BE3B04A307ECEFF56F, D73D62F51AEFE2F8F2B938B20107C246F2AC2F62ED49112DBD092A5D2E4024B3 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:26:52.0319 0x15c0  usbuhci - ok
15:26:52.0351 0x15c0  [ 032A0ACC3909AE7215D524E29D536797, 51E36ED5953C0880BE508837181925A0F677842E8A5BA98099700E6ED691A783 ] UxSms           C:\Windows\System32\uxsms.dll
15:26:52.0351 0x15c0  UxSms - ok
15:26:52.0491 0x15c0  [ B13BC395B9D6116628F5AF47E0802AC4, 36E023A07E56588A8C26EF95E4F99303659E4783E0D9E8AEF193CA77A7AF91BA ] vds             C:\Windows\System32\vds.exe
15:26:52.0569 0x15c0  vds - ok
15:26:52.0600 0x15c0  [ 7D92BE0028ECDEDEC74617009084B5EF, D0749CE6FA3415BA4364299F8D6D53F133E8D2F44C6F1057996243415A540A53 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:26:52.0600 0x15c0  vga - ok
15:26:52.0631 0x15c0  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:26:52.0631 0x15c0  VgaSave - ok
15:26:52.0663 0x15c0  [ 045D9961E591CF0674A920B6BA3BA5CB, EBF498A0424CEA0F7ECBAAE144A8669CE6B5DD67115DE22CEC5A46AED26CD90B ] viaagp          C:\Windows\system32\drivers\viaagp.sys
15:26:52.0663 0x15c0  viaagp - ok
15:26:52.0694 0x15c0  [ 56A4DE5F02F2E88182B0981119B4DD98, 36FC94BCFD41907838DBCB02E6EA24065FDED4224239CD19E90D14433BE9108B ] ViaC7           C:\Windows\system32\drivers\viac7.sys
15:26:52.0694 0x15c0  ViaC7 - ok
15:26:52.0709 0x15c0  [ FD2E3175FCADA350C7AB4521DCA187EC, 1C914B184478611A27E0141F90EBC34FC63DFB2A83441DD36DFA43D945FB1C52 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:26:52.0725 0x15c0  viaide - ok
15:26:52.0756 0x15c0  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:26:52.0772 0x15c0  volmgr - ok
15:26:52.0819 0x15c0  [ 98F5FFE6316BD74E9E2C97206C190196, CA9FA0EE5515D26F9406FF95F728E7F2CC29A8B7C97BC69FC2E95BBC60A2D261 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:26:53.0053 0x15c0  volmgrx - ok
15:26:53.0099 0x15c0  [ D8B4A53DD2769F226B3EB374374987C9, 49314B3E53FBF40A60E272C5B3B79FD1EFABFE1215DA5B030571B4DDF5592896 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:26:53.0115 0x15c0  volsnap - ok
15:26:53.0162 0x15c0  [ D984439746D42B30FC65A4C3546C6829, B134A9890638C2B4964A9C30812A2828A3E0CC641690CBF22D9FCE65EE3C2385 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:26:53.0209 0x15c0  vsmraid - ok
15:26:53.0536 0x15c0  [ D5FB73D19C46ADE183F968E13F186B23, D35432BE4FF462FCEA958CF646D5572B6D78058BC2F1F324C9F50A0B14B02259 ] VSS             C:\Windows\system32\vssvc.exe
15:26:53.0630 0x15c0  VSS - ok
15:26:53.0692 0x15c0  [ 1CF9206966A8458CDA9A8B20DF8AB7D3, 405D5FE96DA7ED03D4124EF6C692F80E88E5982B90DF46E353E94FFF576A5570 ] W32Time         C:\Windows\system32\w32time.dll
15:26:53.0708 0x15c0  W32Time - ok
15:26:53.0833 0x15c0  [ D35E6095AD0EE3B3393E6F3F1ECF168A, 4373FA67281654E6BEF76F7C6AE74013C6EEF862465659CB4F9A91FB7B8130E0 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:26:53.0833 0x15c0  WacomPen - ok
15:26:53.0942 0x15c0  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
15:26:53.0942 0x15c0  Wanarp - ok
15:26:53.0942 0x15c0  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:26:53.0957 0x15c0  Wanarpv6 - ok
15:26:54.0051 0x15c0  [ F0E594DD07B2163DF9F5D5B6B471DDFA, 1F23B34B1B8A081EC3D99E16B036C32B18B9F4D615725BBF474A3B5131F92BCD ] wbengine        C:\Windows\system32\wbengine.exe
15:26:54.0113 0x15c0  wbengine - ok
15:26:54.0238 0x15c0  [ F3A5C2E1A6533192B070D06ECF6BE796, CBA11D9E60A04A0B82C6934A53EA859513CD476FF047DD3D59727B10CE7DB2DA ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:26:54.0332 0x15c0  wcncsvc - ok
15:26:54.0347 0x15c0  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:26:54.0363 0x15c0  WcsPlugInService - ok
15:26:54.0379 0x15c0  [ AFC5AD65B991C1E205CF25CFDBF7A6F4, 544173AE85A11B99B9221DB30B6803DAEB3EB7FCA57FE62F0D13EF70B9C69A89 ] Wd              C:\Windows\system32\drivers\wd.sys
15:26:54.0379 0x15c0  Wd - ok
15:26:54.0441 0x15c0  [ D6EFAF429FD30C5DF613D220E344CCE7, 807D4563E8AD4073688691078EB13AF240E14BA5E0C8506A48B3060A20B90082 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam.sys
15:26:54.0441 0x15c0  WDC_SAM - ok
15:26:54.0488 0x15c0  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96, 6A6EFFDB538DE1E201058A00F3E056F1256E92EED943FBFBCE28E54BE751E33D ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:26:54.0519 0x15c0  Wdf01000 - ok
15:26:54.0550 0x15c0  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:26:54.0550 0x15c0  WdiServiceHost - ok
15:26:54.0566 0x15c0  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:26:54.0566 0x15c0  WdiSystemHost - ok
15:26:54.0628 0x15c0  [ CF9A5F41789B642DB967021DE06A2713, A541F9D87CBDE2A4E48C5D5363736EF603B2701741D3044232474F179884AD7B ] WebClient       C:\Windows\System32\webclnt.dll
15:26:54.0691 0x15c0  WebClient - ok
15:26:54.0737 0x15c0  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:26:54.0769 0x15c0  Wecsvc - ok
15:26:54.0878 0x15c0  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:26:54.0893 0x15c0  wercplsupport - ok
15:26:54.0940 0x15c0  [ FD1965AAA112C6818A30AB02742D0461, 6779D836934412907390DC85FA2A8C3BB1CC31FD4151830275B773FD13CFFBC2 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:26:54.0940 0x15c0  WerSvc - ok
15:26:54.0987 0x15c0  [ 0ACD399F5DB3DF1B58903CF4949AB5A8, F8FA0A8F631AA8F34A0506F1E5E09DFB6CDA1E9E92207A73A74F1A0E7768C49A ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:26:55.0018 0x15c0  winachsf - ok
15:26:55.0237 0x15c0  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
15:26:55.0252 0x15c0  WinDefend - ok
15:26:55.0252 0x15c0  WinHttpAutoProxySvc - ok
15:26:55.0486 0x15c0  [ 00B79A7C984678F24CF052E5BEB3A2F5, 4D8E4394C926D2B1C71613D309F2D62A663B0ADB73A036F5E9E7D1AFF605CA2A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:26:55.0486 0x15c0  Winmgmt - ok
15:26:55.0783 0x15c0  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:26:55.0876 0x15c0  WinRM - ok
15:26:55.0939 0x15c0  [ 275F4346E569DF56CFB95243BD6F6FF0, 9C85246BF99119DBD6E0B5D38F96B8BC00F3C87618D17BC0E0A063A0D9A03440 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:26:55.0970 0x15c0  Wlansvc - ok
15:26:56.0017 0x15c0  [ 701A9F884A294327E9141D73746EE279, C8A46B8C32F9EAC7848D385473F6B5C4B6DA719A941A75AD5F081757FC07A09D ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:26:56.0017 0x15c0  WmiAcpi - ok
15:26:56.0063 0x15c0  [ ABA4CF9F856D9A3A25F4DDD7690A6E9D, 07C1DAF3DA3CDA84FBE4C7576372115FCAAAAFC332F252C03625E53C7F3C6EE5 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:26:56.0079 0x15c0  wmiApSrv - ok
15:26:56.0266 0x15c0  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
15:26:56.0329 0x15c0  WMPNetworkSvc - ok
15:26:56.0375 0x15c0  [ 396D406292B0CD26E3504FFE82784702, 5F9015BB515AC13D4DFE8F4B532352CF2C5B61DEFD3D0D61BCD82C781D36E7AF ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:26:56.0375 0x15c0  WPDBusEnum - ok
15:26:56.0625 0x15c0  [ 0CEC23084B51B8288099EB710224E955, E1AAB1E08E1745313D0A149A645AA878148D2DBE5CCC23C4ECCFC5003945C22B ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
15:26:56.0656 0x15c0  WpdUsb - ok
15:26:56.0953 0x15c0  [ DCF3E3EDF5109EE8BC02FE6E1F045795, 4B8E14B1CFB095982D34DAEC336114F5039D7793080FB787DC95A63B6B945DD0 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:26:57.0031 0x15c0  WPFFontCache_v0400 - ok
15:26:57.0093 0x15c0  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:26:57.0093 0x15c0  ws2ifsl - ok
15:26:57.0140 0x15c0  [ 683DD16B590372F2C9661D277F35E49C, 29D86389D95256EEF37BA01D403494385015D926E851A39EC7948FF6EF4E8481 ] wscsvc          C:\Windows\System32\wscsvc.dll
15:26:57.0140 0x15c0  wscsvc - ok
15:26:57.0155 0x15c0  WSearch - ok
15:26:57.0467 0x15c0  [ 6298277B73C77FA99106B271A7525163, 9E076697F025167B57D8D66ED0862B184D70324E058BFA36E42D0C6728720B31 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:26:57.0623 0x15c0  wuauserv - ok
15:26:57.0733 0x15c0  [ AC13CB789D93412106B0FB6C7EB2BCB6, 8F5B0BD0CBBAB182A400F8994D4727BC0C978D749B6429A2D41B412AE97428B6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:26:57.0764 0x15c0  WUDFRd - ok
15:26:57.0795 0x15c0  [ 575A4190D989F64732119E4114045A4F, 373C344B106AFDB1E6125A21DFE28CA6CFC77FA87FE904656A4F209DB2ED69C7 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:26:57.0795 0x15c0  wudfsvc - ok
15:26:57.0811 0x15c0  [ DAB33CFA9DD24251AAA389FF36B64D4B, 1C5D7C3D6C3552BDD52EB7E76031746D7DAAF64CA2432CC23329DA72BE7252D0 ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
15:26:57.0826 0x15c0  XAudio - ok
15:26:57.0873 0x15c0  [ CD5F291A1161F15896D1A4D63DAFF5DF, 4F30DC454F255249431FCD14DE17858A79A088A4084F2CEDD0CF25382D427285 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
15:26:57.0889 0x15c0  XAudioService - ok
15:26:57.0889 0x15c0  ================ Scan global ===============================
15:26:57.0920 0x15c0  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
15:26:57.0982 0x15c0  [ F42F8855CB5C22E203C6672B124F17FD, 3A1BBCC916A02CFB5621FD32B336DDACCFBFB4E418B7FA48653DF2FA1CF563A5 ] C:\Windows\system32\winsrv.dll
15:26:58.0029 0x15c0  [ F42F8855CB5C22E203C6672B124F17FD, 3A1BBCC916A02CFB5621FD32B336DDACCFBFB4E418B7FA48653DF2FA1CF563A5 ] C:\Windows\system32\winsrv.dll
15:26:58.0091 0x15c0  [ 2B336AB6286D6C81FA02CBAB914E3C6C, C5ADF6D5BFC00375BA6D0E5D96F36D36ADFBF66325A48358C6317E387FB220EC ] C:\Windows\system32\services.exe
15:26:58.0091 0x15c0  [ Global ] - ok
15:26:58.0091 0x15c0  ================ Scan MBR ==================================
15:26:58.0107 0x15c0  [ 964366090B3A8D1B8DD669A35EBC69B2 ] \Device\Harddisk0\DR0
15:26:59.0495 0x15c0  \Device\Harddisk0\DR0 - ok
15:26:59.0495 0x15c0  [ 23B571400A29918F5392F6E85EEB756E ] \Device\Harddisk2\DR2
15:26:59.0776 0x15c0  \Device\Harddisk2\DR2 - ok
15:26:59.0776 0x15c0  ================ Scan VBR ==================================
15:26:59.0792 0x15c0  [ 81005C3CAA2CB940751C44CE38B873A8 ] \Device\Harddisk0\DR0\Partition1
15:26:59.0807 0x15c0  \Device\Harddisk0\DR0\Partition1 - ok
15:26:59.0823 0x15c0  [ 51D08AA369A8A42CA12A090957EFEB15 ] \Device\Harddisk2\DR2\Partition1
15:26:59.0823 0x15c0  \Device\Harddisk2\DR2\Partition1 - ok
15:26:59.0823 0x15c0  ================ Scan generic autorun ======================
15:26:59.0901 0x15c0  [ 58C27EBBBEB67A26484A1C50909C002C, 712B9B799A2117BBFA751BFF97199D2999AD04A51C2615D4B497D5749EE1827F ] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
15:26:59.0948 0x15c0  TVT Scheduler Proxy - ok
15:27:00.0119 0x15c0  [ 7F24B0B99BE574BE1E457A4192A2EF0D, 1E4E0A3CB1DC3AEFD557D597706637A4934ACF65218FA63D5CCB33216FFCA23C ] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
15:27:00.0197 0x15c0  ACTray - ok
15:27:00.0229 0x15c0  [ 50BCB142760F7D4D51FD3CD0D7A94CA5, 8D6095ACE8B03373956E2704E1C27FCA5203713F5A3365479ECC322F699D850B ] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
15:27:00.0229 0x15c0  ACWLIcon - ok
15:27:00.0275 0x15c0  [ 78374C795B65347220250F15186B5C67, 983DC9BDBDD09714A18CAC0157278F3A861BFA62B1943BFABD353684D9A8CC5A ] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
15:27:00.0275 0x15c0  AwaySch - ok
15:27:00.0369 0x15c0  [ 7146DF9479DC9F98770DD5BA69E3E679, 3FCD51303868FDACC1DB99FED26C2425FB5DED93CF5386C3964158C52A4275EA ] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
15:27:00.0400 0x15c0  LPManager - ok
15:27:00.0431 0x15c0  [ 33D95EDEEF56EC73ABD6A8BF76426F04, CA18F72D1F09636B90A26790F1DD6E58FF8C38E6ED69486106535AB434A763E6 ] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
15:27:00.0431 0x15c0  LPMailChecker - ok
15:27:00.0509 0x15c0  [ 2F5732D196E54083A21198AD97BD7ECC, E75974D6E83C1AA2E68F7F74E4BD5DF5BAB575806942FD1EF1F1412920B976E5 ] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
15:27:00.0525 0x15c0  IaNvSrv - ok
15:27:00.0556 0x15c0  [ 0F23FF7F84B8B94AEADF45B89933ADCC, 43B17FDAD36CB78462DFC1046AFA22CE543AD25104D93786F9655FA852B91A21 ] C:\Windows\system32\igfxtray.exe
15:27:00.0572 0x15c0  IgfxTray - ok
15:27:00.0587 0x15c0  [ BD650D7F2309F7979C6B6BFA1533B804, 9CAC25D93EC673599E4FA97FD7B39F713F972A8EBD0C4252B17320F30D3DA476 ] C:\Windows\system32\hkcmd.exe
15:27:00.0603 0x15c0  HotKeysCmds - ok
15:27:00.0790 0x15c0  [ 4D6D2426AED5328FDEF93B259CD6C890, 393E18D41E313F37311AA55F52EF68CBB09467E6ACDD9E8444BBB8B24983EEA2 ] C:\Windows\system32\igfxpers.exe
15:27:00.0806 0x15c0  Persistence - ok
15:27:01.0009 0x15c0  [ FD278E51A7D6F52D22FCE6C67E037AD6, F0FF20E00AD3EE17A2E46B1B6D099E87330BBE57941F6DB1D8159D70EFD2CFEB ] C:\Program Files\Windows Sidebar\Sidebar.exe
15:27:01.0071 0x15c0  Sidebar - ok
15:27:01.0087 0x15c0  WindowsWelcomeCenter - ok
15:27:01.0243 0x15c0  [ FD278E51A7D6F52D22FCE6C67E037AD6, F0FF20E00AD3EE17A2E46B1B6D099E87330BBE57941F6DB1D8159D70EFD2CFEB ] C:\Program Files\Windows Sidebar\Sidebar.exe
15:27:01.0274 0x15c0  Sidebar - ok
15:27:01.0274 0x15c0  WindowsWelcomeCenter - ok
15:27:01.0414 0x15c0  [ 35937EAD711207544E219C2A19A78A7D, EE6E5EAE00F577D7C3FFB8C0D8EE484552A337CEAA27FCB107174A9879FE7362 ] C:\Program Files\Windows Media Player\WMPNSCFG.exe
15:27:01.0414 0x15c0  WMPNSCFG - ok
15:27:01.0555 0x15c0  [ 43D083268A0919F3527A2837390BAF63, 58B62697B01B8C9396271A64424178691FA85D4625DAF2AC8DE7F06A64F64C2A ] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
15:27:01.0570 0x15c0  ISUSPM - ok
15:27:01.0991 0x15c0  [ 5614A72C29D1BBEAD78FE507013B2488, 725BB9E65C18C83A7FD560242E72931358F4B7950F22DEC5FA434845B3221BD7 ] F:\Steam\steam.exe
15:27:02.0069 0x15c0  Steam - ok
15:27:02.0085 0x15c0  Waiting for KSN requests completion. In queue: 397
15:27:03.0099 0x15c0  Waiting for KSN requests completion. In queue: 397
15:27:04.0113 0x15c0  Waiting for KSN requests completion. In queue: 397
15:27:05.0127 0x15c0  Waiting for KSN requests completion. In queue: 397
15:27:06.0141 0x15c0  Waiting for KSN requests completion. In queue: 397
15:27:07.0155 0x15c0  Waiting for KSN requests completion. In queue: 397
15:27:08.0169 0x15c0  Waiting for KSN requests completion. In queue: 397
15:27:09.0183 0x15c0  Waiting for KSN requests completion. In queue: 397
15:27:10.0197 0x15c0  Waiting for KSN requests completion. In queue: 397
15:27:11.0211 0x15c0  Waiting for KSN requests completion. In queue: 397
15:27:12.0225 0x15c0  Waiting for KSN requests completion. In queue: 84
15:27:13.0239 0x15c0  Waiting for KSN requests completion. In queue: 84
15:27:14.0253 0x15c0  Waiting for KSN requests completion. In queue: 84
15:27:15.0267 0x15c0  Waiting for KSN requests completion. In queue: 84
15:27:16.0281 0x15c0  Waiting for KSN requests completion. In queue: 84
15:27:17.0295 0x15c0  Waiting for KSN requests completion. In queue: 84
15:27:18.0309 0x15c0  Waiting for KSN requests completion. In queue: 84
15:27:19.0323 0x15c0  Waiting for KSN requests completion. In queue: 84
15:27:20.0337 0x15c0  Waiting for KSN requests completion. In queue: 84
15:27:21.0351 0x15c0  Waiting for KSN requests completion. In queue: 84
15:27:22.0365 0x15c0  Waiting for KSN requests completion. In queue: 84
15:27:23.0379 0x15c0  Waiting for KSN requests completion. In queue: 84
15:27:24.0409 0x15c0  Win FW state via NFP2: enabled ( trusted )
15:27:37.0544 0x15c0  ============================================================
15:27:37.0544 0x15c0  Scan finished
15:27:37.0544 0x15c0  ============================================================
15:27:37.0544 0x1564  Detected object count: 0
15:27:37.0544 0x1564  Actual detected object count: 0


#6 UNDEADSPART4N

UNDEADSPART4N
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 22 July 2017 - 04:10 PM

RootRepeal Log, that pulled various things...

 

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2017/07/22 15:34
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================
 
Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x8A710000 Size: 819200 File Visible: No Signed: -
Status: -
 
Name: kxriapog.sys
Image Path: C:\Users\GRAHAM\AppData\Local\Temp\kxriapog.sys
Address: 0xC1A0A000 Size: 104960 File Visible: No Signed: -
Status: -
 
Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xC1A79000 Size: 49152 File Visible: No Signed: -
Status: -
 
Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!
 
Path: C:\RRbackups
Status: Locked to the Windows API!
 
Path: C:\System Volume Information\{0011a11c-2820-11e7-9585-001c26ff6986}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
 
Path: C:\System Volume Information\{004a6ea2-2db7-11e7-a852-001c26ff6986}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
 
Path: C:\System Volume Information\{004a6ed3-2db7-11e7-a852-001c26ff6986}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
 
Path: C:\System Volume Information\{27770f9a-24a8-11e7-acd5-001c26ff6986}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
 
Path: C:\System Volume Information\{3392231e-6f1a-11e7-95d8-001c26ff6986}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
 
Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
 
Path: C:\System Volume Information\{4e0f05fe-6eaa-11e7-a182-001c26ff6986}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
 
Path: C:\System Volume Information\{573d888a-2e0d-11e7-abb5-001c26ff6986}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
 
Path: C:\System Volume Information\{af28d082-32a5-11e7-a8a8-001c26ff6986}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
 
Path: C:\System Volume Information\{bc48368f-2d43-11e7-b335-001c26ff6986}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
 
Path: C:\System Volume Information\{bc4836d2-2d43-11e7-b335-001c26ff6986}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
 
Path: C:\System Volume Information\{bc4836d8-2d43-11e7-b335-001c26ff6986}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
 
Path: C:\System Volume Information\{febbd245-2481-11e7-9be0-001c26ff6986}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
 
Path: C:\System Volume Information\{febbd24b-2481-11e7-9be0-001c26ff6986}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
 
Path: C:\System Volume Information\{febbd251-2481-11e7-9be0-001c26ff6986}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
 
Path: C:\System Volume Information\{febbd287-2481-11e7-9be0-001c26ff6986}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
 
Path: C:\System Volume Information\{febbd293-2481-11e7-9be0-001c26ff6986}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
 
Path: C:\System Volume Information\{bc4836de-2d43-11e7-b335-001c26ff6986}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
 
Path: C:\System Volume Information\{febbd239-2481-11e7-9be0-001c26ff6986}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
 
Path: C:\System Volume Information\{bc4836e5-2d43-11e7-b335-001c26ff6986}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
 
Path: C:\System Volume Information\{bc4836f4-2d43-11e7-b335-001c26ff6986}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
 
Path: C:\System Volume Information\{f35631ef-2cf1-11e7-91fe-001c26ff6986}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!
 
Path: \\?\C:\RRbackups\*
Status: Could not enumerate files with the Windows API (0x00000005)!
 
 
Path: C:\RRbackups\C
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\common
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\Documents and Settings
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\FR
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\ProgramData
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\SIS
Status: Invisible to the Windows API!
 
Path: C:\Windows\System32\GATHER~1.VBS
Status: Locked to the Windows API!
 
Path: \\?\C:\RRbackups\C\*
Status: Could not enumerate files with the Windows API (0x00000005)!
 
 
Path: C:\RRbackups\C\0
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\C\1
Status: Invisible to the Windows API!
 
Path: \\?\C:\RRbackups\common\*
Status: Could not enumerate files with the Windows API (0x00000005)!
 
 
Path: C:\RRbackups\common\backups.dat
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\common\bmgrmode.dat
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\common\bt0.dat
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\common\bt1.dat
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\common\css.dat
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\common\hints.dat
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\common\mnd.dat
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\common\regcerts.dat
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\common\restore.log
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\common\rr.log
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\common\rr_bcdenum.dat
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\common\SAM
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\common\seccache.dat
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\common\secpolicy.dat
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\common\settings.dat
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\common\system.dat
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\common\tvtcmn.dat
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\common\tvtns.bin
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\common\usersids.dat
Status: Invisible to the Windows API!
 
Path: \\?\C:\RRbackups\Documents and Settings\*
Status: Could not enumerate files with the Windows API (0x00000005)!
 
 
Path: C:\RRbackups\Documents and Settings\Administrator
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\Documents and Settings\Default
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\Documents and Settings\Default User
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\Documents and Settings\GRAHAM
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\Documents and Settings\REDACTED
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\Documents and Settings\REDACTED
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\Documents and Settings\REDACTED
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\Documents and Settings\TEMP
Status: Invisible to the Windows API!
 
Path: \\?\C:\RRbackups\FR\*
Status: Could not enumerate files with the Windows API (0x00000005)!
 
 
Path: C:\RRbackups\FR\KernelFileDigest.dat
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\FR\UF
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\FR\UpdatingFiles.dat
Status: Invisible to the Windows API!
 
Path: \\?\C:\RRbackups\ProgramData\*
Status: Could not enumerate files with the Windows API (0x00000005)!
 
 
Path: C:\RRbackups\ProgramData\Lenovo
Status: Invisible to the Windows API!
 
Path: C:\RRbackups\ProgramData\Microsoft
Status: Invisible to the Windows API!
 
Path: \\?\C:\RRbackups\SIS\*
Status: Could not enumerate files with the Windows API (0x00000005)!
 
 
Path: C:\RRbackups\SIS\C
Status: Invisible to the Windows API!
 
Path: c:\users\public\documents\accconnadvanced.html
Status: Size mismatch (API: 8149688, Raw: 8138130)
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_4de39e0d118f2d3f.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_ed01d9e4fb230e88.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_f0f2581af89e6e01.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_f0bf52b884e4a7f2.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7658964504b9f3b6.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_a6e7a8e20e9863b4.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e507087.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949b06671d08ae.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_49f31fd71413cdc6.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f47e1bd6f6571810.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_4db63e267dcf142c.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.6161_none_0e93acbbb72b8e69.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.debugmfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_f455012451df8b23.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_f480bfaef65491a5.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.debugcrt_1fc8b3b9a1e18e3b_8.0.50727.42_none_ef74ff32550b5bf0.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_6b8a9829b015faa3.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_a6e6a8980e994a5d.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.debugmfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_3389d53e5a2d10c0.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_517205a10f4550e3.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.debugcrt_1fc8b3b9a1e18e3b_8.0.50727.42_none_3825408a574a21cb.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_b7e811287b298060.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.6161_none_80ba6c811e9b4aff.cat
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6002.18005_none_8f8f0d20ba53c683\MICROS~1.XRM
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_microsoft-windows-dot3svc_31bf3856ad364e35_6.0.6000.20557_none_69e05b8b8f9d9d9b\REPORT~1.XML
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_microsoft-windows-dot3svc_31bf3856ad364e35_6.0.6000.20557_none_69e05b8b8f9d9d9b\RULESS~1.XML
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_microsoft-windows-dot3svc_31bf3856ad364e35_6.0.6001.18000_none_6b6c0ec873844bfa\REPORT~1.XML
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_microsoft-windows-dot3svc_31bf3856ad364e35_6.0.6001.18000_none_6b6c0ec873844bfa\RULESS~1.XML
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_microsoft-windows-dot3svc_31bf3856ad364e35_6.0.6002.18005_none_6d5787d470a61746\REPORT~1.XML
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_microsoft-windows-dot3svc_31bf3856ad364e35_6.0.6002.18005_none_6d5787d470a61746\RULESS~1.XML
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\WGXINS~1.MOF
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16721_none_400572c0c425beea\WGXINS~1.MOF
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16772_none_3fd0636ec44d63f6\WGXINS~1.MOF
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_40164834c4183551\WGXINS~1.MOF
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\WGXINS~1.MOF
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18165_none_41c472dec16924fb\WGXINS~1.MOF
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\FX_SCH~1.XML
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\FX_SCH~1.XML
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIFF44~1.MAN
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI7A16~1.MAN
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI2DAF~1.MAN
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MICROS~2.MAN
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MICROS~4.MAN
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\TERMIN~4.MAN
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MICROS~1.MAN
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI3779~1.MAN
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MICROS~3.MAN
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_microsoft-windows-slc-component-sku-ocur_31bf3856ad364e35_6.0.6002.18005_none_1a3913896b7e0bf6\SECURI~3.XRM
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_microsoft-windows-slc-component-sku-ocur_31bf3856ad364e35_6.0.6002.18005_none_1a3913896b7e0bf6\SECURI~1.XRM
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_microsoft-windows-slc-component-sku-ocur_31bf3856ad364e35_6.0.6002.18005_none_1a3913896b7e0bf6\SECURI~2.XRM
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_microsoft-windows-winsrv_31bf3856ad364e35_6.0.6001.18000_none_b67e96a29c5535ab\$$DeleteMe.winsrv.dll.01cc73eb09796040.0002
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6000.16720_none_7c654fdc62654993\ASPNET~1.CON
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6000.20883_none_659d66807c078e86\ASPNET~1.CON
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6001.18111_none_7c40349262b75634\ASPNET~1.CON
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6001.22230_none_6574a52e7c5ccf47\ASPNET~1.CON
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\CREATE~1.RES
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\DEBUGA~1.RES
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\SMTPSE~1.RES
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\CREATE~1.RES
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\DEBUGA~1.RES
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\SMTPSE~1.RES
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\CREATE~1.RES
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\DEBUGA~1.RES
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\SMTPSE~1.RES
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\CREATE~1.RES
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\DEBUGA~1.RES
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\SMTPSE~1.RES
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\CREATE~1.ASP
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\DEFINE~1.ASP
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\MANAGE~1.ASP
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\CREATE~1.ASP
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\DEFINE~1.ASP
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\MANAGE~1.ASP
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\CREATE~1.ASP
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\DEFINE~1.ASP
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\MANAGE~1.ASP
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\CREATE~1.ASP
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\DEFINE~1.ASP
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\MANAGE~1.ASP
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.16720_none_e000b84a44323b9f\WEBADM~3.MAS
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.16720_none_e000b84a44323b9f\WE5915~1.MAS
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.16720_none_e000b84a44323b9f\WEBE69~1.MAS
Status: Locked to the Windows API!
 
Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.20883_none_c938ceee5dd48092\WEBADM~3.MAS
StaProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!
 
Path: C:\Windows\System32\audiodg.exe
PID: 1364 Status: Locked to the Windows API!
 
==EOF==


#7 UNDEADSPART4N

UNDEADSPART4N
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 22 July 2017 - 07:42 PM

someone plz help ;(



#8 Pimptech

Pimptech

  • Malware Study Hall Senior
  • 253 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sao Paulo, Brazil
  • Local time:05:35 PM

Posted 24 July 2017 - 02:17 PM

Hello!

 

Sorry the delayed answer.

 

This "C:\RRbackups\" is your folder, right ?

 

Install and run the Malwarebytes Anti-Malware

Install and run the scan of Malware Anti-Rootkit.

Run the scan Rkill.

 

Send this file to the VirusTotal:

  • C:\Users\GRAHAM\AppData\Local\Temp\kxriapog.sys

 

Regards.


Edited by Pimptech, 24 July 2017 - 02:18 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users