TechSpot

Iexplore.exe virus

By Mark Chen 1234
Sep 15, 2014
  1. The other day I noticed that my internet was very slow and had high pings. I went into task manager and found lots of iexplore.exe open I tried closing them but they just keep coming back.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Mark Chen 1234

    Mark Chen 1234 TS Rookie Topic Starter Posts: 25

    I'm not sure if I did it right
     

    Attached Files:

  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please re-read forum rules.
    All logs have to be pasted not attached.
     
  5. Mark Chen 1234

    Mark Chen 1234 TS Rookie Topic Starter Posts: 25

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 16/09/2014
    Scan Time: 12:30:45 PM
    Logfile: Mark Chen 1234 Malware scan log.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.09.16.02
    Rootkit Database: v2014.09.15.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Lance

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 295053
    Time Elapsed: 5 min, 21 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)






    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 20/01/2014 3:32:37 PM
    System Uptime: 16/09/2014 12:41:47 PM (0 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | H87M-HD3
    Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz | SOCKET 0 | 3201/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 738.511 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP130: 14/09/2014 7:00:01 PM - Windows Backup
    RP131: 14/09/2014 7:39:06 PM - Windows Backup
    RP132: 14/09/2014 8:15:18 PM - Windows Modules Installer
    RP133: 14/09/2014 9:04:38 PM - Windows Modules Installer
    .
    ==== Image File Execution Options =============
    .
    .
    ==== Installed Programs ======================
    .
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    DDS produces two logs.
    You posted only one.
     
  7. Mark Chen 1234

    Mark Chen 1234 TS Rookie Topic Starter Posts: 25

    For some reason dds only comes up with this, there is only one file created called attach.text

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 20/01/2014 3:32:37 PM
    System Uptime: 17/09/2014 10:19:29 AM (4 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | H87M-HD3
    Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz | SOCKET 0 | 1792/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 736.108 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP130: 14/09/2014 7:00:01 PM - Windows Backup
    RP131: 14/09/2014 7:39:06 PM - Windows Backup
    RP132: 14/09/2014 8:15:18 PM - Windows Modules Installer
    RP133: 14/09/2014 9:04:38 PM - Windows Modules Installer
    .
    ==== Image File Execution Options =============
    .
    .
    ==== Installed Programs ======================
    .
    .
    ==== End Of File ===========================
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    OK...

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  9. Mark Chen 1234

    Mark Chen 1234 TS Rookie Topic Starter Posts: 25

    19:46:43.0062 0x10c4 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
    19:46:45.0069 0x10c4 ============================================================
    19:46:45.0069 0x10c4 Current date / time: 2014/09/17 19:46:45.0069
    19:46:45.0069 0x10c4 SystemInfo:
    19:46:45.0069 0x10c4
    19:46:45.0069 0x10c4 OS Version: 6.1.7601 ServicePack: 1.0
    19:46:45.0069 0x10c4 Product type: Workstation
    19:46:45.0069 0x10c4 ComputerName: LANCE-PC
    19:46:45.0069 0x10c4 UserName: Lance
    19:46:45.0069 0x10c4 Windows directory: C:\Windows
    19:46:45.0069 0x10c4 System windows directory: C:\Windows
    19:46:45.0069 0x10c4 Running under WOW64
    19:46:45.0069 0x10c4 Processor architecture: Intel x64
    19:46:45.0069 0x10c4 Number of processors: 4
    19:46:45.0069 0x10c4 Page size: 0x1000
    19:46:45.0069 0x10c4 Boot type: Normal boot
    19:46:45.0069 0x10c4 ============================================================
    19:46:45.0069 0x10c4 BG loaded
    19:46:45.0419 0x10c4 System UUID: {EB3BB17E-DD1B-5D4E-6400-FA140AA6D2DB}
    19:46:45.0829 0x10c4 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    19:46:45.0839 0x10c4 ============================================================
    19:46:45.0839 0x10c4 \Device\Harddisk0\DR0:
    19:46:45.0849 0x10c4 MBR partitions:
    19:46:45.0849 0x10c4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    19:46:45.0849 0x10c4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
    19:46:45.0849 0x10c4 ============================================================
    19:46:45.0869 0x10c4 C: <-> \Device\Harddisk0\DR0\Partition2
    19:46:45.0869 0x10c4 ============================================================
    19:46:45.0869 0x10c4 Initialize success
    19:46:45.0869 0x10c4 ============================================================
    19:46:58.0056 0x10b4 ============================================================
    19:46:58.0056 0x10b4 Scan started
    19:46:58.0056 0x10b4 Mode: Manual;
    19:46:58.0056 0x10b4 ============================================================
    19:46:58.0056 0x10b4 KSN ping started
    19:47:00.0879 0x10b4 KSN ping finished: true
    19:47:04.0945 0x10b4 ================ Scan system memory ========================
    19:47:04.0945 0x10b4 System memory - ok
    19:47:04.0945 0x10b4 ================ Scan services =============================
    19:47:05.0035 0x10b4 [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    19:47:05.0038 0x10b4 !SASCORE - ok
    19:47:05.0247 0x10b4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    19:47:05.0252 0x10b4 1394ohci - ok
    19:47:05.0281 0x10b4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    19:47:05.0287 0x10b4 ACPI - ok
    19:47:05.0301 0x10b4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    19:47:05.0302 0x10b4 AcpiPmi - ok
    19:47:05.0498 0x10b4 [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    19:47:05.0503 0x10b4 AdobeFlashPlayerUpdateSvc - ok
    19:47:05.0563 0x10b4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    19:47:05.0587 0x10b4 adp94xx - ok
    19:47:05.0601 0x10b4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
    19:47:05.0607 0x10b4 adpahci - ok
    19:47:05.0649 0x10b4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    19:47:05.0665 0x10b4 adpu320 - ok
    19:47:05.0759 0x10b4 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    19:47:05.0759 0x10b4 AeLookupSvc - ok
    19:47:05.0805 0x10b4 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
    19:47:05.0821 0x10b4 AFD - ok
    19:47:05.0837 0x10b4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
    19:47:05.0837 0x10b4 agp440 - ok
    19:47:05.0852 0x10b4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
    19:47:05.0852 0x10b4 ALG - ok
    19:47:05.0899 0x10b4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
    19:47:05.0899 0x10b4 aliide - ok
    19:47:05.0915 0x10b4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
    19:47:05.0915 0x10b4 amdide - ok
    19:47:05.0915 0x10b4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    19:47:05.0915 0x10b4 AmdK8 - ok
    19:47:05.0930 0x10b4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
    19:47:05.0930 0x10b4 AmdPPM - ok
    19:47:05.0993 0x10b4 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    19:47:06.0320 0x10b4 amdsata - ok
    19:47:06.0367 0x10b4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    19:47:06.0367 0x10b4 amdsbs - ok
    19:47:06.0383 0x10b4 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
    19:47:06.0383 0x10b4 amdxata - ok
    19:47:06.0429 0x10b4 [ 4542CC17440E85D2D2D73A7D40FAED0A, F157F9A137DEACFC5A1A982265F5CE05A79C0CF8F13291773E2351BEFCB94E08 ] Apowersoft_AudioDevice C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys
    19:47:06.0429 0x10b4 Apowersoft_AudioDevice - ok
    19:47:06.0445 0x10b4 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
    19:47:06.0445 0x10b4 AppID - ok
    19:47:06.0476 0x10b4 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    19:47:06.0476 0x10b4 AppIDSvc - ok
    19:47:06.0507 0x10b4 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
    19:47:06.0507 0x10b4 Appinfo - ok
    19:47:06.0523 0x10b4 [ 1C726705935E89FD59E652E4F09148D0, 5D72DB5C493ED48ACBD1A520283C7B16E656FB1E8B00885696C79A09FC37487D ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
    19:47:06.0523 0x10b4 AppleCharger - ok
    19:47:06.0539 0x10b4 [ 95EF7247C50C7241FDAE39A9B3AFF4AE, 6E08FB095C04B2E217B139D6431336C0F24C128A2A83082A3085DC8C44AA247D ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
    19:47:06.0539 0x10b4 AppleChargerSrv - ok
    19:47:06.0570 0x10b4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
    19:47:06.0570 0x10b4 arc - ok
    19:47:06.0585 0x10b4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
    19:47:06.0585 0x10b4 arcsas - ok
    19:47:06.0757 0x10b4 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    19:47:06.0804 0x10b4 aspnet_state - ok
    19:47:06.0835 0x10b4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    19:47:06.0835 0x10b4 AsyncMac - ok
    19:47:06.0851 0x10b4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
    19:47:06.0851 0x10b4 atapi - ok
    19:47:06.0866 0x10b4 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    19:47:06.0882 0x10b4 AudioEndpointBuilder - ok
    19:47:06.0882 0x10b4 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    19:47:06.0897 0x10b4 AudioSrv - ok
    19:47:06.0960 0x10b4 [ AAE1DAE483DD57D0E267FCA42FCB5133, CB0A2DE350E975015C4601F66294B54DEFA9708082272DCB57E1BBB288ACE280 ] avc3 C:\Windows\system32\DRIVERS\avc3.sys
    19:47:06.0960 0x10b4 avc3 - ok
    19:47:06.0991 0x10b4 [ 8183B715BD56561C27BEBB68B1192B7A, 19C65D0684D24956CDB3A3369AFFF4ECAC3FB7D2AA38ED41AD75AF3DDDFE882B ] avckf C:\Windows\system32\DRIVERS\avckf.sys
    19:47:07.0007 0x10b4 avckf - ok
    19:47:07.0038 0x10b4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
    19:47:07.0038 0x10b4 AxInstSV - ok
    19:47:07.0069 0x10b4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    19:47:07.0085 0x10b4 b06bdrv - ok
    19:47:07.0085 0x10b4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    19:47:07.0225 0x10b4 b57nd60a - ok
    19:47:07.0256 0x10b4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
    19:47:07.0272 0x10b4 BDESVC - ok
    19:47:07.0334 0x10b4 [ C0247341C1BCD7FF2742821D0AD7AFBC, EC2B246F3233302DB540394AC0F11F294CA16FB9E44110126CC9807BAC20EA35 ] bdfwfpf C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys
    19:47:07.0334 0x10b4 bdfwfpf - ok
    19:47:07.0381 0x10b4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
    19:47:07.0381 0x10b4 Beep - ok
    19:47:07.0412 0x10b4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
    19:47:07.0428 0x10b4 BFE - ok
    19:47:07.0459 0x10b4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
    19:47:07.0473 0x10b4 BITS - ok
    19:47:07.0483 0x10b4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    19:47:07.0484 0x10b4 blbdrive - ok
    19:47:07.0520 0x10b4 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    19:47:07.0521 0x10b4 bowser - ok
    19:47:07.0649 0x10b4 [ D4F84730BE7FEB435D119792F84EA934, AE66026CEF3E3F71A210C903E55C327955872B22F01E80FC3410B0AA1355062C ] BRDriver64 C:\ProgramData\BitRaider\BRDriver64.sys
    19:47:07.0747 0x10b4 BRDriver64 - ok
    19:47:07.0755 0x10b4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    19:47:07.0756 0x10b4 BrFiltLo - ok
    19:47:07.0764 0x10b4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    19:47:07.0766 0x10b4 BrFiltUp - ok
    19:47:07.0790 0x10b4 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    19:47:07.0792 0x10b4 BridgeMP - ok
    19:47:07.0849 0x10b4 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
    19:47:07.0851 0x10b4 Browser - ok
    19:47:07.0882 0x10b4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    19:47:07.0887 0x10b4 Brserid - ok
    19:47:07.0897 0x10b4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    19:47:07.0898 0x10b4 BrSerWdm - ok
    19:47:07.0930 0x10b4 [ 78561B78811A147B99CB47EBBD2D2847, 4EF1ED64CAF0549B43A660FF70D5035DFD59CCD22E7353150E8A13944C936520 ] BRSptSvc C:\ProgramData\BitRaider\BRSptSvc.exe
    19:47:07.0937 0x10b4 BRSptSvc - ok
    19:47:07.0953 0x10b4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    19:47:07.0955 0x10b4 BrUsbMdm - ok
    19:47:07.0961 0x10b4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    19:47:07.0962 0x10b4 BrUsbSer - ok
    19:47:07.0971 0x10b4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    19:47:07.0974 0x10b4 BTHMODEM - ok
    19:47:08.0015 0x10b4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
    19:47:08.0018 0x10b4 bthserv - ok
    z- ok
    19:47:09.0342 0x10b4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
    19:47:09.0345 0x10b4 ehSched - ok
    19:47:09.0366 0x10b4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    19:47:09.0376 0x10b4 elxstor - ok
    19:47:09.0383 0x10b4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    19:47:09.0384 0x10b4 ErrDev - ok
    19:47:09.0405 0x10b4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
    19:47:09.0410 0x10b4 EventSystem - ok
    19:47:09.0427 0x10b4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
    19:47:09.0431 0x10b4 exfat - ok
    19:47:09.0437 0x10b4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    19:47:09.0441 0x10b4 fastfat - ok
    19:47:09.0470 0x10b4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
    19:47:09.0479 0x10b4 Fax - ok
    19:47:09.0491 0x10b4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
    19:47:09.0493 0x10b4 fdc - ok
    19:47:09.0511 0x10b4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
    19:47:09.0512 0x10b4 fdPHost - ok
    19:47:09.0521 0x10b4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
    19:47:09.0522 0x10b4 FDResPub - ok
    19:47:09.0534 0x10b4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    19:47:09.0536 0x10b4 FileInfo - ok
    19:47:09.0547 0x10b4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    19:47:09.0548 0x10b4 Filetrace - ok
    19:47:09.0557 0x10b4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    19:47:09.0558 0x10b4 flpydisk - ok
    19:47:09.0576 0x10b4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    19:47:09.0580 0x10b4 FltMgr - ok
    19:47:09.0635 0x10b4 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
    19:47:09.0649 0x10b4 FontCache - ok
    19:47:09.0692 0x10b4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    19:47:09.0694 0x10b4 FontCache3.0.0.0 - ok
    19:47:09.0708 0x10b4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    19:47:09.0710 0x10b4 FsDepends - ok
    19:47:09.0735 0x10b4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    19:47:09.0737 0x10b4 Fs_Rec - ok
    19:47:09.0767 0x10b4 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    19:47:09.0771 0x10b4 fvevol - ok
    19:47:09.0786 0x10b4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    19:47:09.0788 0x10b4 gagp30kx - ok
    19:47:09.0813 0x10b4 [ 7907E14F9BCF3A4689C9A74A1A873CB6, 17927B93B2D6AB4271C158F039CAE2D60591D6A14458F5A5690AEC86F5D54229 ] gdrv C:\Windows\gdrv.sys
    19:47:09.0815 0x10b4 gdrv - ok
    19:47:09.0833 0x10b4 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
    19:47:09.0842 0x10b4 gpsvc - ok
    19:47:09.0879 0x10b4 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    19:47:09.0881 0x10b4 gupdate - ok
    19:47:09.0896 0x10b4 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    19:47:09.0897 0x10b4 gupdatem - ok
    19:47:09.0932 0x10b4 [ 408B664926675C270D911160F1631D6B, 6BF7E613B708E2E81916DE6C83256F969797B9D039C16A20003541D698055BC7 ] gzflt C:\Windows\system32\DRIVERS\gzflt.sys
    19:47:09.0934 0x10b4 gzflt - ok
    19:47:10.0009 0x10b4 [ B5CBEB9EB25A8230463037A647BC1469, 03643B05F9309ED4EF415CB6455D8B1FC39707745982C31AF0A42398C5A30B52 ] gzserv C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
    19:47:10.0010 0x10b4 gzserv - ok
    19:47:10.0022 0x10b4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    19:47:10.0024 0x10b4 hcw85cir - ok
    19:47:10.0051 0x10b4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    19:47:10.0057 0x10b4 HdAudAddService - ok
    19:47:10.0069 0x10b4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    19:47:10.0070 0x10b4 HDAudBus - ok
    19:47:10.0080 0x10b4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    19:47:10.0082 0x10b4 HidBatt - ok
    19:47:10.0096 0x10b4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    19:47:10.0098 0x10b4 HidBth - ok
    19:47:10.0115 0x10b4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
    19:47:10.0117 0x10b4 HidIr - ok
    19:47:10.0129 0x10b4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
    19:47:10.0130 0x10b4 hidserv - ok
    19:47:10.0159 0x10b4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    19:47:10.0160 0x10b4 HidUsb - ok
    19:47:10.0183 0x10b4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
    19:47:10.0186 0x10b4 hkmsvc - ok
    19:47:10.0199 0x10b4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    19:47:10.0203 0x10b4 HomeGroupListener - ok
    19:47:10.0219 0x10b4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    19:47:10.0222 0x10b4 HomeGroupProvider - ok
    19:47:10.0231 0x10b4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    19:47:10.0233 0x10b4 HpSAMD - ok
    19:47:10.0256 0x10b4 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    19:47:10.0266 0x10b4 HTTP - ok
    19:47:10.0270 0x10b4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    19:47:10.0271 0x10b4 hwpolicy - ok
    19:47:10.0285 0x10b4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    19:47:10.0287 0x10b4 i8042prt - ok
    19:47:10.0327 0x10b4 [ 0A34D806EF2767E62CAFEA1A150A8830, 2C5C9C0924C6AE379E3CD071E6687885006843A17742B083CE14719F666F7FE6 ] iaStorA C:\Windows\system32\DRIVERS\iaStorA.sys
    19:47:10.0335 0x10b4 iaStorA - ok
    19:47:10.0392 0x10b4 [ 7281AED93FB30FDD1CBAF07591FA453A, BD912798D8E28AF27C5FE01455D97224013D30066E35230888E64D0AC346893F ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    19:47:10.0395 0x10b4 IAStorDataMgrSvc - ok
    19:47:10.0401 0x10b4 [ 6EE3E8FB6C5B1DCC42464BF95F32AC7A, 1D2C3F474B200946F190C2ACD6BF2B2ABDBA16374675920E78280131EDB4ED8C ] iaStorF C:\Windows\system32\DRIVERS\iaStorF.sys
    19:47:10.0402 0x10b4 iaStorF - ok
    19:47:10.0434 0x10b4 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    19:47:10.0440 0x10b4 iaStorV - ok
    19:47:10.0498 0x10b4 [ D9A9FFC89F61CAD4AD9EF31FBB17E634, F81184889B30DA8947F22A9C9ED5C542295ED70F0A1C27D1C91BAC21F4BCD987 ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    19:47:10.0502 0x10b4 ICCS - ok
    19:47:10.0552 0x10b4 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    19:47:10.0565 0x10b4 idsvc - ok
    19:47:10.0580 0x10b4 IEEtwCollectorService - ok
    19:47:10.0675 0x10b4 [ 5268F385C889BB942E0F9596DE83373F, 011280191EEF8053CD413734A0B08F5DF88CD8408CD8354AABF2216F4C59F921 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    19:47:10.0730 0x10b4 igfx - ok
    19:47:10.0749 0x10b4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    19:47:10.0751 0x10b4 iirsp - ok
    19:47:10.0787 0x10b4 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
    19:47:10.0798 0x10b4 IKEEXT - ok
    19:47:10.0874 0x10b4 [ 6CB00AE4D2CEF52995D420656E02C30A, EDE13D7A650022CB75318159C57161F5FF9A128DB80D055555E6CB4F5F469EA4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    19:47:10.0913 0x10b4 IntcAzAudAddService - ok
    19:47:10.0953 0x10b4 [ 0E0B99617ED3FDB6C5F0E2D62709B5DF, A656CA3A60E62BE16A015150B23136CE150F9876B4035E9E8D8E73D1707B37A4 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    19:47:10.0958 0x10b4 IntcDAud - ok
    19:47:10.0987 0x10b4 [ DDA8E5AD97231AB50B81FED04C28F64C, 5C9E8F7CC45A9AE7FF12A02641562E271D84894DFA7C50218AC2AAA298251B60 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
    19:47:10.0998 0x10b4 Intel(R) Capability Licensing Service Interface - ok
    19:47:11.0023 0x10b4 [ 86FE509640D77FB0998FC8B1FF5523C6, 13E895DEB9B84379251699D7E52C5E3FD888994425DE01B6C4634F9E959D5584 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    19:47:11.0036 0x10b4 Intel(R) Capability Licensing Service TCP IP Interface - ok
    19:47:11.0049 0x10b4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
    19:47:11.0050 0x10b4 intelide - ok
    19:47:11.0063 0x10b4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    19:47:11.0064 0x10b4 intelppm - ok
    19:47:11.0081 0x10b4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    19:47:11.0093 0x10b4 IPBusEnum - ok
    19:47:11.0110 0x10b4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    19:47:11.0113 0x10b4 IpFilterDriver - ok
    19:47:11.0160 0x10b4 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    19:47:11.0168 0x10b4 iphlpsvc - ok
    19:47:11.0181 0x10b4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    19:47:11.0182 0x10b4 IPMIDRV - ok
    19:47:11.0212 0x10b4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    19:47:11.0215 0x10b4 IPNAT - ok
    19:47:11.0224 0x10b4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
    19:47:11.0225 0x10b4 IRENUM - ok
    19:47:11.0242 0x10b4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    19:47:11.0243 0x10b4 isapnp - ok
    19:47:11.0274 0x10b4 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    19:47:11.0279 0x10b4 iScsiPrt - ok
    19:47:11.0304 0x10b4 [ 78D369F8A81A341109FBA1DB64B4C512, E584F693255CCBF7006E7D35984149CF599BB0849A8F02EFDD6223DF0D606049 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
    19:47:11.0306 0x10b4 iusb3hcs - ok
    19:47:11.0323 0x10b4 [ 5B632ABA038CE2E2D5D2D1115C6B26D1, 605A8FFA704E4369CF9D17DF8630DC9E196B8920D47F1CC5151759E60B234C1F ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
    19:47:11.0327 0x10b4 iusb3hub - ok
    19:47:11.0346 0x10b4 [ EA841584EF59528D11F20355770E427E, 515737761BB2A0A233F4AD141E28D93E3B9789320A15B7D5FB3DB5AC3CD8E249 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
    19:47:11.0356 0x10b4 iusb3xhc - ok
    19:47:11.0412 0x10b4 [ BF5D3A2624177C413680DEF19A465AF8, B9909D3E6CB6F9971293116387865AD15CB9D47513C7FAA9C36BE4D2847A41EB ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    19:47:11.0415 0x10b4 jhi_service - ok
    19:47:11.0434 0x10b4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    19:47:11.0436 0x10b4 kbdclass - ok
    19:47:11.0443 0x10b4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    19:47:11.0453 0x10b4 kbdhid - ok
    19:47:11.0475 0x10b4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
    19:47:11.0476 0x10b4 KeyIso - ok
    19:47:11.0511 0x10b4 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    19:47:11.0528 0x10b4 KSecDD - ok
    19:47:11.0547 0x10b4 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    19:47:11.0551 0x10b4 KSecPkg - ok
    19:47:11.0565 0x10b4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    19:47:11.0580 0x10b4 ksthunk - ok
    19:47:11.0617 0x10b4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
    19:47:11.0623 0x10b4 KtmRm - ok
    19:47:11.0656 0x10b4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
    19:47:11.0660 0x10b4 LanmanServer - ok
    19:47:11.0684 0x10b4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    19:47:11.0687 0x10b4 LanmanWorkstation - ok
    19:47:11.0710 0x10b4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    19:47:11.0712 0x10b4 lltdio - ok
    19:47:11.0726 0x10b4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    19:47:11.0731 0x10b4 lltdsvc - ok
    19:47:11.0761 0x10b4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
    19:47:11.0762 0x10b4 lmhosts - ok
    19:47:11.0821 0x10b4 [ 44160F45139B4F12CDAF9B2BAF675F4D, 01C01CCA372581300524EB2BB7C0DC9857810004A130216FFD6924E9C05F99CB ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    19:47:11.0829 0x10b4 LMS - ok
    19:47:11.0846 0x10b4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    19:47:11.0849 0x10b4 LSI_FC - ok
    19:47:11.0854 0x10b4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    19:47:11.0856 0x10b4 LSI_SAS - ok
    19:47:11.0864 0x10b4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    19:47:11.0866 0x10b4 LSI_SAS2 - ok
    19:47:11.0874 0x10b4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    19:47:11.0877 0x10b4 LSI_SCSI - ok
    19:47:11.0888 0x10b4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
    19:47:11.0890 0x10b4 luafv - ok
    19:47:11.0946 0x10b4 [ F92B0E478C0FAA6D6661E6E977247E60, 8B26B57C2C60C98CD6273ACA126B2CD0356ADB13A59FEC12882357A6B973123C ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    19:47:11.0947 0x10b4 MBAMProtector - ok
    19:47:12.0023 0x10b4 [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    19:47:12.0044 0x10b4 MBAMScheduler - ok
    19:47:12.0076 0x10b4 [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    19:47:12.0087 0x10b4 MBAMService - ok
    19:47:12.0125 0x10b4 [ 8A50D5304E6AE48664CF5838EC32F647, C76943FABEE1B5E1B641AA610668CCD4227E2C4B191DD30B79D3AB31A9E8B5BE ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
    19:47:12.0127 0x10b4 MBAMSwissArmy - ok
    19:47:12.0137 0x10b4 [ 15E8ABC06843672955CE26A009533BAD, E7221B7DE9DB45447C68E79C6BFD064713C5974F7E79925BD7DEEF71F73F3E83 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
    19:47:12.0138 0x10b4 MBAMWebAccessControl - ok
    19:47:12.0161 0x10b4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    19:47:12.0164 0x10b4 Mcx2Svc - ok
    19:47:12.0173 0x10b4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
    19:47:12.0175 0x10b4 megasas - ok
    19:47:12.0198 0x10b4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    19:47:12.0202 0x10b4 MegaSR - ok
    19:47:12.0212 0x10b4 [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    19:47:12.0213 0x10b4 MEIx64 - ok
    19:47:12.0234 0x10b4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
    19:47:12.0235 0x10b4 MMCSS - ok
    19:47:12.0244 0x10b4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
    19:47:12.0245 0x10b4 Modem - ok
    19:47:12.0261 0x10b4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    19:47:12.0262 0x10b4 monitor - ok
    19:47:12.0289 0x10b4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    19:47:12.0290 0x10b4 mouclass - ok
    19:47:12.0295 0x10b4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    19:47:12.0296 0x10b4 mouhid - ok
    19:47:12.0301 0x10b4 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    19:47:12.0303 0x10b4 mountmgr - ok
    19:47:12.0319 0x10b4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
    19:47:12.0322 0x10b4 mpio - ok
    19:47:12.0338 0x10b4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    19:47:12.0340 0x10b4 mpsdrv - ok
    19:47:12.0367 0x10b4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
    19:47:12.0378 0x10b4 MpsSvc - ok
    19:47:12.0403 0x10b4 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    19:47:12.0407 0x10b4 MRxDAV - ok
    19:47:12.0436 0x10b4 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    19:47:12.0438 0x10b4 mrxsmb - ok
    19:47:12.0450 0x10b4 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    19:47:12.0453 0x10b4 mrxsmb10 - ok
    19:47:12.0490 0x10b4 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    19:47:12.0492 0x10b4 mrxsmb20 - ok
    19:47:12.0533 0x10b4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
    19:47:12.0535 0x10b4 msahci - ok
    19:47:12.0539 0x10b4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    19:47:12.0542 0x10b4 msdsm - ok
    19:47:12.0556 0x10b4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
    19:47:12.0559 0x10b4 MSDTC - ok
    19:47:12.0582 0x10b4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    19:47:12.0583 0x10b4 Msfs - ok
    19:47:12.0597 0x10b4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    19:47:12.0600 0x10b4 mshidkmdf - ok
    19:47:12.0615 0x10b4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    19:47:12.0616 0x10b4 msisadrv - ok
    19:47:12.0642 0x10b4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    19:47:12.0645 0x10b4 MSiSCSI - ok
    19:47:12.0647 0x10b4 msiserver - ok
    19:47:12.0673 0x10b4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    19:47:12.0675 0x10b4 MSKSSRV - ok
    19:47:12.0704 0x10b4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    19:47:12.0707 0x10b4 MSPCLOCK - ok
    19:47:12.0736 0x10b4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    19:47:12.0737 0x10b4 MSPQM - ok
    19:47:12.0755 0x10b4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    19:47:12.0765 0x10b4 MsRPC - ok
    19:47:12.0783 0x10b4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    19:47:12.0784 0x10b4 mssmbios - ok
    19:47:12.0793 0x10b4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    19:47:12.0796 0x10b4 MSTEE - ok
    19:47:12.0949 0x10b4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    19:47:12.0951 0x10b4 MTConfig - ok
    19:47:12.0978 0x10b4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
    19:47:12.0981 0x10b4 Mup - ok
    19:47:13.0030 0x10b4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
    19:47:13.0036 0x10b4 napagent - ok
    19:47:13.0083 0x10b4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    19:47:13.0099 0x10b4 NativeWifiP - ok
    19:47:13.0226 0x10b4 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
    19:47:13.0249 0x10b4 NDIS - ok
    19:47:13.0326 0x10b4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    19:47:13.0328 0x10b4 NdisCap - ok
    19:47:13.0416 0x10b4 [ 8DC4CF52E4BA1C85EDEF32A8F9444EDA, 5E6D01591211DF13ED035707125668DB91F2E6A2BA5FDC9B03B71413F00AE279 ] ndisrd C:\Windows\system32\DRIVERS\ndisrd.sys
    19:47:13.0416 0x10b4 ndisrd - ok
    19:47:13.0458 0x10b4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    19:47:13.0459 0x10b4 NdisTapi - ok
    19:47:13.0518 0x10b4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    19:47:13.0546 0x10b4 Ndisuio - ok
    19:47:13.0593 0x10b4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    19:47:13.0595 0x10b4 NdisWan - ok
    19:47:13.0618 0x10b4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    19:47:13.0619 0x10b4 NDProxy - ok
    19:47:13.0672 0x10b4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    19:47:13.0673 0x10b4 NetBIOS - ok
    19:47:13.0718 0x10b4 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    19:47:13.0721 0x10b4 NetBT - ok
    19:47:13.0776 0x10b4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
    19:47:13.0777 0x10b4 Netlogon - ok
    19:47:13.0871 0x10b4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
    19:47:13.0876 0x10b4 Netman - ok
    19:47:14.0059 0x10b4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:47:14.0116 0x10b4 NetMsmqActivator - ok
    19:47:14.0131 0x10b4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:47:14.0133 0x10b4 NetPipeActivator - ok
    19:47:14.0145 0x10b4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
    19:47:14.0151 0x10b4 netprofm - ok
    19:47:14.0164 0x10b4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:47:14.0166 0x10b4 NetTcpActivator - ok
    19:47:14.0171 0x10b4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:47:14.0173 0x10b4 NetTcpPortSharing - ok
    19:47:14.0202 0x10b4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    19:47:14.0204 0x10b4 nfrd960 - ok
    19:47:14.0242 0x10b4 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
    19:47:14.0247 0x10b4 NlaSvc - ok
    19:47:14.0250 0x10b4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
    19:47:14.0251 0x10b4 Npfs - ok
    19:47:14.0261 0x10b4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
    19:47:14.0262 0x10b4 nsi - ok
    19:47:14.0270 0x10b4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    19:47:14.0270 0x10b4 nsiproxy - ok
    19:47:14.0314 0x10b4 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    19:47:14.0337 0x10b4 Ntfs - ok
    19:47:14.0351 0x10b4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
    19:47:14.0351 0x10b4 Null - ok
    19:47:14.0400 0x10b4 [ E366A5681C50785D4ED04FCFD65C3415, 7FF7B4B8F09E773401AE879897E60BF494B57B9ACEE990204A4C98A3FB183A33 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
    19:47:14.0403 0x10b4 NVHDA - ok
    19:47:14.0824 0x10b4 [ 2232AE1BB51A96A7381A2CA17DF12E24, 4813E27BC14EB3CBD55AF89B098EA5C8DA4C7FF0B6CCB7AACFC43BC0E578C988 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    19:47:14.0989 0x10b4 nvlddmkm - ok
    19:47:15.0160 0x10b4 [ D3791C720DDEE697C0933B14DC135D9C, BE10585887F3C48464A856AC3510AF30D14849EEC1556D9E356A506784CB02A5 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    19:47:15.0180 0x10b4 NvNetworkService - ok
    19:47:15.0225 0x10b4 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    19:47:15.0228 0x10b4 nvraid - ok
    19:47:15.0259 0x10b4 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    19:47:15.0263 0x10b4 nvstor - ok
     
  10. Mark Chen 1234

    Mark Chen 1234 TS Rookie Topic Starter Posts: 25

    19:47:15.0353 0x10b4 [ 89C5BFA394D65CD305A35D3C4884265E, AA7C2007C7668817408CC56A593700FAA1D618607F71445C2D039A0BE5DE1DD1 ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
    19:47:15.0354 0x10b4 NvStreamKms - ok
    19:47:16.0026 0x10b4 [ 5E7DD556394FA56B3C2AAB6B4C624DAC, 11364E6F5B98B21DBAAC3567687C49254CBBDEED666CEF830C4BC7F294FDB245 ] NvStreamSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    19:47:16.0250 0x10b4 NvStreamSvc - ok
    19:47:16.0326 0x10b4 [ 2C8DD5A34A81715865D66D7AF39362A6, 62F9D873127921EE2EAA80B73E8994C4BF6DA7EEDACAEA030B8D58E086FD3850 ] nvsvc C:\Windows\system32\nvvsvc.exe
    19:47:16.0338 0x10b4 nvsvc - ok
    19:47:16.0376 0x10b4 [ 75034A4D7C02327D150B617571D4196A, 8E7DAFEC4307E883D52BD0B5F0732E26E019C953770B52ACBBAD3074A66393CB ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
    19:47:16.0377 0x10b4 nvvad_WaveExtensible - ok
    19:47:16.0397 0x10b4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    19:47:16.0400 0x10b4 nv_agp - ok
    19:47:16.0425 0x10b4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    19:47:16.0427 0x10b4 ohci1394 - ok
    19:47:16.0445 0x10b4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    19:47:16.0450 0x10b4 p2pimsvc - ok
    19:47:16.0485 0x10b4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
    19:47:16.0491 0x10b4 p2psvc - ok
    19:47:16.0517 0x10b4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    19:47:16.0518 0x10b4 Parport - ok
    19:47:16.0541 0x10b4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    19:47:16.0543 0x10b4 partmgr - ok
    19:47:16.0554 0x10b4 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
    19:47:16.0557 0x10b4 PcaSvc - ok
    19:47:16.0571 0x10b4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
    19:47:16.0575 0x10b4 pci - ok
    19:47:16.0627 0x10b4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
    19:47:16.0628 0x10b4 pciide - ok
    19:47:16.0645 0x10b4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    19:47:16.0649 0x10b4 pcmcia - ok
    19:47:16.0662 0x10b4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
    19:47:16.0664 0x10b4 pcw - ok
    19:47:16.0682 0x10b4 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    19:47:16.0691 0x10b4 PEAUTH - ok
    19:47:16.0746 0x10b4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
    19:47:16.0748 0x10b4 PerfHost - ok
    19:47:16.0785 0x10b4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
    19:47:16.0836 0x10b4 pla - ok
    19:47:16.0890 0x10b4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    19:47:16.0896 0x10b4 PlugPlay - ok
    19:47:16.0941 0x10b4 [ CD421DDB5C6E5458CE52EDC36DE7DC5B, 7B9C0A8B2B86BBF5D7E02F2620B0015A2530CBBC99724BE20313DE53EB31D62E ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
    19:47:16.0945 0x10b4 PnkBstrA - ok
    19:47:16.0956 0x10b4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    19:47:16.0959 0x10b4 PNRPAutoReg - ok
    19:47:16.0977 0x10b4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    19:47:16.0982 0x10b4 PNRPsvc - ok
    19:47:17.0056 0x10b4 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    19:47:17.0078 0x10b4 PolicyAgent - ok
    19:47:17.0098 0x10b4 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
    19:47:17.0101 0x10b4 Power - ok
    19:47:17.0135 0x10b4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    19:47:17.0137 0x10b4 PptpMiniport - ok
    19:47:17.0153 0x10b4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
    19:47:17.0155 0x10b4 Processor - ok
    19:47:17.0173 0x10b4 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
    19:47:17.0177 0x10b4 ProfSvc - ok
    19:47:17.0185 0x10b4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
    19:47:17.0187 0x10b4 ProtectedStorage - ok
    19:47:17.0194 0x10b4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    19:47:17.0196 0x10b4 Psched - ok
    19:47:17.0241 0x10b4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    19:47:17.0265 0x10b4 ql2300 - ok
    19:47:17.0281 0x10b4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    19:47:17.0284 0x10b4 ql40xx - ok
    19:47:17.0301 0x10b4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
    19:47:17.0305 0x10b4 QWAVE - ok
    19:47:17.0319 0x10b4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    19:47:17.0321 0x10b4 QWAVEdrv - ok
    19:47:17.0339 0x10b4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    19:47:17.0341 0x10b4 RasAcd - ok
    19:47:17.0365 0x10b4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    19:47:17.0366 0x10b4 RasAgileVpn - ok
    19:47:17.0380 0x10b4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
    19:47:17.0388 0x10b4 RasAuto - ok
    19:47:17.0397 0x10b4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    19:47:17.0399 0x10b4 Rasl2tp - ok
    19:47:17.0410 0x10b4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
    19:47:17.0415 0x10b4 RasMan - ok
    19:47:17.0428 0x10b4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    19:47:17.0430 0x10b4 RasPppoe - ok
    19:47:17.0442 0x10b4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    19:47:17.0443 0x10b4 RasSstp - ok
    19:47:17.0456 0x10b4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    19:47:17.0460 0x10b4 rdbss - ok
    19:47:17.0473 0x10b4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
    19:47:17.0476 0x10b4 rdpbus - ok
    19:47:17.0496 0x10b4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    19:47:17.0497 0x10b4 RDPCDD - ok
    19:47:17.0508 0x10b4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    19:47:17.0508 0x10b4 RDPENCDD - ok
    19:47:17.0520 0x10b4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    19:47:17.0521 0x10b4 RDPREFMP - ok
    19:47:17.0556 0x10b4 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    19:47:17.0560 0x10b4 RDPWD - ok
    19:47:17.0576 0x10b4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    19:47:17.0579 0x10b4 rdyboost - ok
    19:47:17.0603 0x10b4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
    19:47:17.0606 0x10b4 RemoteAccess - ok
    19:47:17.0617 0x10b4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    19:47:17.0621 0x10b4 RemoteRegistry - ok
    19:47:17.0631 0x10b4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    19:47:17.0632 0x10b4 RpcEptMapper - ok
    19:47:17.0646 0x10b4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
    19:47:17.0648 0x10b4 RpcLocator - ok
    19:47:17.0667 0x10b4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\System32\rpcss.dll
    19:47:17.0674 0x10b4 RpcSs - ok
    19:47:17.0685 0x10b4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    19:47:17.0687 0x10b4 rspndr - ok
    19:47:17.0717 0x10b4 [ B358C047E081AC70035017BD1D7ED818, D52455156F2913C5A88B18EC76C4C10B3589FE95F9735DD687A0307FA00FF500 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    19:47:17.0726 0x10b4 RTL8167 - ok
    19:47:17.0758 0x10b4 [ E16B7C030A05EF649B18FAB0A93D871F, 0F532D534A93D71650E2F7AF677419A6B38CE3142C98983565F1D759E544A4ED ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
    19:47:17.0758 0x10b4 RtNdPt60 - ok
    19:47:17.0772 0x10b4 [ 66B7587714BC9BD850D0A49041B90CA0, 48FCA14E6D4851BFA7C84536771F409CAD2EE7F5DE5F9EC01901B5A12E27BBA9 ] RTTEAMPT C:\Windows\system32\DRIVERS\RtTeam620.sys
    19:47:17.0777 0x10b4 RTTEAMPT - ok
    19:47:17.0795 0x10b4 [ C74798D1A2743C102154BD7871D92833, 521A4C9D8E614F2C12E4435FFC8703F7AFA98B0A0DC64F6615ECB4FE62F422EC ] RTVLANPT C:\Windows\system32\DRIVERS\RtVlan620.sys
    19:47:17.0797 0x10b4 RTVLANPT - ok
    19:47:17.0810 0x10b4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
    19:47:17.0811 0x10b4 SamSs - ok
    19:47:17.0847 0x10b4 [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    19:47:17.0848 0x10b4 SASDIFSV - ok
    19:47:17.0874 0x10b4 [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    19:47:17.0874 0x10b4 SASKUTIL - ok
    19:47:17.0890 0x10b4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    19:47:17.0893 0x10b4 sbp2port - ok
    19:47:17.0905 0x10b4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    19:47:17.0908 0x10b4 SCardSvr - ok
    19:47:17.0917 0x10b4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    19:47:17.0918 0x10b4 scfilter - ok
    19:47:17.0950 0x10b4 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
    19:47:17.0964 0x10b4 Schedule - ok
    19:47:17.0985 0x10b4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
    19:47:17.0987 0x10b4 SCPolicySvc - ok
    19:47:17.0999 0x10b4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    19:47:18.0003 0x10b4 SDRSVC - ok
    19:47:18.0025 0x10b4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
    19:47:18.0026 0x10b4 secdrv - ok
    19:47:18.0038 0x10b4 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
    19:47:18.0039 0x10b4 seclogon - ok
    19:47:18.0048 0x10b4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
    19:47:18.0050 0x10b4 SENS - ok
    19:47:18.0072 0x10b4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
    19:47:18.0074 0x10b4 SensrSvc - ok
    19:47:18.0084 0x10b4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    19:47:18.0084 0x10b4 Serenum - ok
    19:47:18.0097 0x10b4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
    19:47:18.0098 0x10b4 Serial - ok
    19:47:18.0109 0x10b4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
    19:47:18.0111 0x10b4 sermouse - ok
    19:47:18.0130 0x10b4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
    19:47:18.0134 0x10b4 SessionEnv - ok
    19:47:18.0146 0x10b4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    19:47:18.0148 0x10b4 sffdisk - ok
    19:47:18.0157 0x10b4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    19:47:18.0158 0x10b4 sffp_mmc - ok
    19:47:18.0167 0x10b4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    19:47:18.0169 0x10b4 sffp_sd - ok
    19:47:18.0174 0x10b4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    19:47:18.0175 0x10b4 sfloppy - ok
    19:47:18.0202 0x10b4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    19:47:18.0207 0x10b4 SharedAccess - ok
    19:47:18.0224 0x10b4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    19:47:18.0276 0x10b4 ShellHWDetection - ok
    19:47:18.0290 0x10b4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    19:47:18.0292 0x10b4 SiSRaid2 - ok
    19:47:18.0300 0x10b4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    19:47:18.0303 0x10b4 SiSRaid4 - ok
    19:47:18.0330 0x10b4 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    19:47:18.0332 0x10b4 SkypeUpdate - ok
    19:47:18.0400 0x10b4 [ 45A7392B0A3CE065D997F20D59345A3A, 995EE373ADC826F4239BF51BDA877D0C4615B5128C4E52B9B0B2ACD67F071CC4 ] Smart TimeLock C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe
    19:47:18.0402 0x10b4 Smart TimeLock - ok
    19:47:18.0429 0x10b4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    19:47:18.0431 0x10b4 Smb - ok
    19:47:18.0456 0x10b4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    19:47:18.0457 0x10b4 SNMPTRAP - ok
    19:47:18.0459 0x10b4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
    19:47:18.0460 0x10b4 spldr - ok
    19:47:18.0501 0x10b4 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
    19:47:18.0509 0x10b4 Spooler - ok
    19:47:18.0692 0x10b4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
    19:47:18.0834 0x10b4 sppsvc - ok
    19:47:18.0845 0x10b4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    19:47:18.0847 0x10b4 sppuinotify - ok
    19:47:18.0876 0x10b4 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
    19:47:18.0882 0x10b4 srv - ok
    19:47:18.0894 0x10b4 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    19:47:18.0899 0x10b4 srv2 - ok
    19:47:18.0913 0x10b4 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    19:47:18.0915 0x10b4 srvnet - ok
    19:47:18.0957 0x10b4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    19:47:18.0966 0x10b4 SSDPSRV - ok
    19:47:18.0979 0x10b4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
    19:47:18.0985 0x10b4 SstpSvc - ok
    19:47:19.0095 0x10b4 [ 7E815DDD79CC73A02A33DF11FABE4E1E, A05A85CDB0CB0AA1AAC93AA801C39242BFE59082E2BC580F04EBFA71B5B61F07 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    19:47:19.0156 0x10b4 Steam Client Service - ok
    19:47:19.0222 0x10b4 [ D2230317777033CD0456990BFC4994E5, 0F2F559593EAD7AB4596E67E9AE56E5ABF5C945201366CFC972357C22A4F776A ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    19:47:19.0235 0x10b4 Stereo Service - ok
    19:47:19.0260 0x10b4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
    19:47:19.0262 0x10b4 stexstor - ok
    19:47:19.0311 0x10b4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
    19:47:19.0333 0x10b4 stisvc - ok
    19:47:19.0342 0x10b4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    19:47:19.0342 0x10b4 swenum - ok
    19:47:19.0356 0x10b4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
    19:47:19.0364 0x10b4 swprv - ok
    19:47:19.0400 0x10b4 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
    19:47:19.0425 0x10b4 SysMain - ok
    19:47:19.0446 0x10b4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
    19:47:19.0448 0x10b4 TabletInputService - ok
    19:47:19.0466 0x10b4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
    19:47:19.0470 0x10b4 TapiSrv - ok
    19:47:19.0477 0x10b4 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
    19:47:19.0479 0x10b4 TBS - ok
    19:47:19.0634 0x10b4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    19:47:19.0691 0x10b4 Tcpip - ok
    19:47:19.0728 0x10b4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    19:47:19.0751 0x10b4 TCPIP6 - ok
    19:47:19.0801 0x10b4 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    19:47:19.0805 0x10b4 tcpipreg - ok
    19:47:19.0829 0x10b4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    19:47:19.0831 0x10b4 TDPIPE - ok
    19:47:19.0859 0x10b4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    19:47:19.0863 0x10b4 TDTCP - ok
    19:47:19.0888 0x10b4 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    19:47:19.0894 0x10b4 tdx - ok
    19:47:20.0049 0x10b4 [ C32E6295D7D024B2302EFF1A7FEFD720, A9E5C78FD8765367863FFCA4954E52EEC77BE4956A6910CD09BBBF9D5BC96D4E ] TeamViewer9 C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    19:47:20.0107 0x10b4 TeamViewer9 - ok
    19:47:20.0146 0x10b4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    19:47:20.0150 0x10b4 TermDD - ok
    19:47:20.0212 0x10b4 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
    19:47:20.0236 0x10b4 TermService - ok
    19:47:20.0276 0x10b4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
    19:47:20.0278 0x10b4 Themes - ok
    19:47:20.0356 0x10b4 [ EB4D572D47B069C18BDA1BCB5E7F2204, 82225469DD04B630D6BDF718846EBBE2D96DC65A00F400327D953CA1CE9FE430 ] Thermnaltake MS2 Filter C:\Windows\system32\Drivers\MS2Filter.sys
    19:47:20.0360 0x10b4 Thermnaltake MS2 Filter - ok
    19:47:20.0387 0x10b4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
    19:47:20.0392 0x10b4 THREADORDER - ok
    19:47:20.0413 0x10b4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
    19:47:20.0418 0x10b4 TrkWks - ok
    19:47:20.0436 0x10b4 TrueSight - ok
    19:47:20.0556 0x10b4 [ 132C0E39AF0312E6B9611E2E1B344D41, 8B26EB55C5E0721498FF28A2865697FF761D237626A920608B5A80360BBD1285 ] trufos C:\Windows\system32\DRIVERS\trufos.sys
    19:47:20.0584 0x10b4 trufos - ok
    19:47:20.0740 0x10b4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    19:47:20.0752 0x10b4 TrustedInstaller - ok
    19:47:20.0815 0x10b4 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    19:47:20.0818 0x10b4 tssecsrv - ok
    19:47:20.0840 0x10b4 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    19:47:20.0842 0x10b4 TsUsbFlt - ok
    19:47:20.0865 0x10b4 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    19:47:20.0866 0x10b4 TsUsbGD - ok
    19:47:20.0893 0x10b4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    19:47:20.0895 0x10b4 tunnel - ok
    19:47:20.0908 0x10b4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    19:47:20.0910 0x10b4 uagp35 - ok
    19:47:20.0922 0x10b4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    19:47:20.0927 0x10b4 udfs - ok
    19:47:20.0950 0x10b4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
    19:47:20.0952 0x10b4 UI0Detect - ok
    19:47:20.0975 0x10b4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    19:47:20.0977 0x10b4 uliagpkx - ok
    19:47:20.0992 0x10b4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    19:47:20.0993 0x10b4 umbus - ok
    19:47:21.0010 0x10b4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
    19:47:21.0011 0x10b4 UmPass - ok
    19:47:21.0027 0x10b4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
    19:47:21.0032 0x10b4 upnphost - ok
    19:47:21.0072 0x10b4 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    19:47:21.0074 0x10b4 usbaudio - ok
    19:47:21.0091 0x10b4 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    19:47:21.0092 0x10b4 usbccgp - ok
    19:47:21.0114 0x10b4 [ C02500A0EE2A47804077060DEEA26F92, 516187FE7060E8DA4DE4EB031649FAF47B155F6A00AB424DA663B4F0FEC266F3 ] UsbCharger C:\Windows\system32\DRIVERS\UsbCharger.sys
    19:47:21.0115 0x10b4 UsbCharger - ok
    19:47:21.0129 0x10b4 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
    19:47:21.0132 0x10b4 usbcir - ok
    19:47:21.0159 0x10b4 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
    19:47:21.0160 0x10b4 usbehci - ok
    19:47:21.0179 0x10b4 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    19:47:21.0184 0x10b4 usbhub - ok
    19:47:21.0196 0x10b4 [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    19:47:21.0198 0x10b4 usbohci - ok
    19:47:21.0204 0x10b4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
    19:47:21.0206 0x10b4 usbprint - ok
    19:47:21.0234 0x10b4 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    19:47:21.0237 0x10b4 USBSTOR - ok
    19:47:21.0255 0x10b4 [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    19:47:21.0256 0x10b4 usbuhci - ok
    19:47:21.0266 0x10b4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
    19:47:21.0267 0x10b4 UxSms - ok
    19:47:21.0294 0x10b4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
    19:47:21.0295 0x10b4 VaultSvc - ok
    19:47:21.0322 0x10b4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    19:47:21.0323 0x10b4 vdrvroot - ok
    19:47:21.0379 0x10b4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
    19:47:21.0392 0x10b4 vds - ok
    19:47:21.0404 0x10b4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    19:47:21.0407 0x10b4 vga - ok
    19:47:21.0418 0x10b4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
    19:47:21.0418 0x10b4 VgaSave - ok
    19:47:21.0448 0x10b4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    19:47:21.0453 0x10b4 vhdmp - ok
    19:47:21.0485 0x10b4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
    19:47:21.0488 0x10b4 viaide - ok
    19:47:21.0502 0x10b4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    19:47:21.0505 0x10b4 volmgr - ok
    19:47:21.0566 0x10b4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    19:47:21.0584 0x10b4 volmgrx - ok
    19:47:21.0625 0x10b4 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
    19:47:21.0650 0x10b4 volsnap - ok
    19:47:21.0662 0x10b4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    19:47:21.0667 0x10b4 vsmraid - ok
    19:47:21.0799 0x10b4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
    19:47:21.0843 0x10b4 VSS - ok
    19:47:21.0902 0x10b4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    19:47:21.0956 0x10b4 vwifibus - ok
    19:47:22.0280 0x10b4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
    19:47:22.0369 0x10b4 W32Time - ok
    19:47:22.0486 0x10b4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    19:47:22.0490 0x10b4 WacomPen - ok
    19:47:22.0742 0x10b4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    19:47:22.0744 0x10b4 WANARP - ok
    19:47:22.0802 0x10b4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    19:47:22.0804 0x10b4 Wanarpv6 - ok
    19:47:23.0123 0x10b4 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    19:47:23.0187 0x10b4 WatAdminSvc - ok
    19:47:23.0316 0x10b4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
    19:47:23.0341 0x10b4 wbengine - ok
    19:47:23.0416 0x10b4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    19:47:23.0421 0x10b4 WbioSrvc - ok
    19:47:23.0531 0x10b4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    19:47:23.0543 0x10b4 wcncsvc - ok
    19:47:23.0670 0x10b4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    19:47:23.0673 0x10b4 WcsPlugInService - ok
    19:47:23.0788 0x10b4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
    19:47:23.0886 0x10b4 Wd - ok
    19:47:24.0314 0x10b4 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    19:47:24.0392 0x10b4 Wdf01000 - ok
    19:47:24.0472 0x10b4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
    19:47:24.0475 0x10b4 WdiServiceHost - ok
    19:47:24.0517 0x10b4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
    19:47:24.0523 0x10b4 WdiSystemHost - ok
    19:47:24.0600 0x10b4 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
    19:47:24.0634 0x10b4 WebClient - ok
    19:47:24.0714 0x10b4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
    19:47:24.0747 0x10b4 Wecsvc - ok
    19:47:24.0798 0x10b4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    19:47:24.0807 0x10b4 wercplsupport - ok
    19:47:24.0881 0x10b4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
    19:47:24.0886 0x10b4 WerSvc - ok
    19:47:24.0918 0x10b4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    19:47:24.0920 0x10b4 WfpLwf - ok
    19:47:24.0956 0x10b4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    19:47:24.0960 0x10b4 WIMMount - ok
    19:47:25.0038 0x10b4 WinDefend - ok
    19:47:25.0052 0x10b4 WinHttpAutoProxySvc - ok
    19:47:25.0174 0x10b4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    19:47:25.0182 0x10b4 Winmgmt - ok
    19:47:25.0535 0x10b4 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
    19:47:25.0603 0x10b4 WinRM - ok
    19:47:25.0696 0x10b4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
    19:47:25.0756 0x10b4 Wlansvc - ok
    19:47:25.0772 0x10b4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    19:47:25.0773 0x10b4 WmiAcpi - ok
    19:47:25.0830 0x10b4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    19:47:25.0842 0x10b4 wmiApSrv - ok
    19:47:25.0865 0x10b4 WMPNetworkSvc - ok
    19:47:25.0902 0x10b4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
    19:47:25.0906 0x10b4 WPCSvc - ok
    19:47:25.0916 0x10b4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    19:47:25.0919 0x10b4 WPDBusEnum - ok
    19:47:25.0937 0x10b4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    19:47:25.0938 0x10b4 ws2ifsl - ok
    19:47:25.0956 0x10b4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
    19:47:25.0960 0x10b4 wscsvc - ok
    19:47:25.0962 0x10b4 WSearch - ok
    19:47:26.0126 0x10b4 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
    19:47:26.0162 0x10b4 wuauserv - ok
    19:47:26.0199 0x10b4 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    19:47:26.0212 0x10b4 WudfPf - ok
    19:47:26.0263 0x10b4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    19:47:26.0271 0x10b4 WUDFRd - ok
    19:47:26.0313 0x10b4 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    19:47:26.0328 0x10b4 wudfsvc - ok
    19:47:26.0366 0x10b4 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
    19:47:26.0376 0x10b4 WwanSvc - ok
    19:47:26.0382 0x10b4 ================ Scan global ===============================
    19:47:26.0411 0x10b4 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
    19:47:26.0454 0x10b4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
    19:47:26.0483 0x10b4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
    19:47:26.0510 0x10b4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
    19:47:26.0558 0x10b4 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
    19:47:26.0568 0x10b4 [ Global ] - ok
    19:47:26.0568 0x10b4 ================ Scan MBR ==================================
    19:47:26.0587 0x10b4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    19:47:27.0910 0x10b4 \Device\Harddisk0\DR0 - ok
    19:47:27.0911 0x10b4 ================ Scan VBR ==================================
    19:47:27.0917 0x10b4 [ 137D29E20DC72B54D7C66B9E5E30BA05 ] \Device\Harddisk0\DR0\Partition1
    19:47:28.0056 0x10b4 \Device\Harddisk0\DR0\Partition1 - ok
    19:47:28.0063 0x10b4 [ 89464EFBBECF42B7FC26946CB98F24CE ] \Device\Harddisk0\DR0\Partition2
    19:47:28.0191 0x10b4 \Device\Harddisk0\DR0\Partition2 - ok
    19:47:28.0191 0x10b4 ================ Scan generic autorun ======================
    19:47:28.0356 0x10b4 [ E56CEA8FF92A5488A72A7AFBE6C36888, 5BC33DDE45AC1E8DAA79FDE1CE43F56405AA6D90051C9100972E601F6DB5F2F7 ] C:\Users\Lance\AppData\Roaming\uTorrent\uTorrent.exe
    19:47:28.0375 0x10b4 uTorrent - ok
    19:47:28.0377 0x10b4 Waiting for KSN requests completion. In queue: 37
    19:47:29.0377 0x10b4 Waiting for KSN requests completion. In queue: 37
    19:47:30.0377 0x10b4 Waiting for KSN requests completion. In queue: 37
    19:47:31.0427 0x10b4 AV detected via SS2: Bitdefender Antivirus Free Edition, C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe ( 1.0.21.1099 ), 0x40000 ( disabled : updated )
    19:47:31.0431 0x10b4 Win FW state via NFP2: enabled
    19:47:34.0411 0x10b4 ============================================================
    19:47:34.0411 0x10b4 Scan finished
    19:47:34.0411 0x10b4 ============================================================
    19:47:34.0422 0x119c Detected object count: 0
    19:47:34.0422 0x119c Actual detected object count: 0
    19:47:38.0065 0x0640 Deinitialize success
     
  11. Mark Chen 1234

    Mark Chen 1234 TS Rookie Topic Starter Posts: 25

    19:43:49.0156 0x1a50 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
    19:43:52.0749 0x1a50 ============================================================
    19:43:52.0749 0x1a50 Current date / time: 2014/09/17 19:43:52.0749
    19:43:52.0749 0x1a50 SystemInfo:
    19:43:52.0749 0x1a50
    19:43:52.0749 0x1a50 OS Version: 6.1.7601 ServicePack: 1.0
    19:43:52.0749 0x1a50 Product type: Workstation
    19:43:52.0749 0x1a50 ComputerName: LANCE-PC
    19:43:52.0750 0x1a50 UserName: Lance
    19:43:52.0750 0x1a50 Windows directory: C:\Windows
    19:43:52.0750 0x1a50 System windows directory: C:\Windows
    19:43:52.0750 0x1a50 Running under WOW64
    19:43:52.0750 0x1a50 Processor architecture: Intel x64
    19:43:52.0750 0x1a50 Number of processors: 4
    19:43:52.0750 0x1a50 Page size: 0x1000
    19:43:52.0750 0x1a50 Boot type: Normal boot
    19:43:52.0750 0x1a50 ============================================================
    19:43:54.0906 0x1a50 KLMD registered as C:\Windows\system32\drivers\99695671.sys
    19:43:55.0202 0x1a50 System UUID: {EB3BB17E-DD1B-5D4E-6400-FA140AA6D2DB}
    19:43:55.0664 0x1a50 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    19:43:55.0679 0x1a50 ============================================================
    19:43:55.0679 0x1a50 \Device\Harddisk0\DR0:
    19:43:55.0680 0x1a50 MBR partitions:
    19:43:55.0680 0x1a50 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    19:43:55.0680 0x1a50 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
    19:43:55.0680 0x1a50 ============================================================
    19:43:55.0699 0x1a50 C: <-> \Device\Harddisk0\DR0\Partition2
    19:43:55.0699 0x1a50 ============================================================
    19:43:55.0699 0x1a50 Initialize success
    19:43:55.0699 0x1a50 ============================================================
    19:43:57.0250 0x1b5c ============================================================
    19:43:57.0250 0x1b5c Scan started
    19:43:57.0250 0x1b5c Mode: Manual;
    19:43:57.0250 0x1b5c ============================================================
    19:43:57.0250 0x1b5c KSN ping started
    19:44:00.0113 0x1b5c KSN ping finished: true
    19:44:00.0814 0x1b5c ================ Scan system memory ========================
    19:44:00.0814 0x1b5c System memory - ok
    19:44:00.0815 0x1b5c ================ Scan services =============================
    19:44:00.0868 0x1b5c [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    19:44:00.0874 0x1b5c !SASCORE - ok
    19:44:01.0004 0x1b5c [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    19:44:01.0008 0x1b5c 1394ohci - ok
    19:44:01.0027 0x1b5c [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    19:44:01.0032 0x1b5c ACPI - ok
    19:44:01.0049 0x1b5c [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    19:44:01.0049 0x1b5c AcpiPmi - ok
    19:44:01.0162 0x1b5c [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    19:44:01.0166 0x1b5c AdobeFlashPlayerUpdateSvc - ok
    19:44:01.0186 0x1b5c [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    19:44:01.0192 0x1b5c adp94xx - ok
    19:44:01.0207 0x1b5c [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
    19:44:01.0212 0x1b5c adpahci - ok
    19:44:01.0222 0x1b5c [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    19:44:01.0225 0x1b5c adpu320 - ok
    19:44:01.0246 0x1b5c [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    19:44:01.0247 0x1b5c AeLookupSvc - ok
    19:44:01.0292 0x1b5c [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
    19:44:01.0299 0x1b5c AFD - ok
    19:44:01.0308 0x1b5c [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
    19:44:01.0309 0x1b5c agp440 - ok
    19:44:01.0325 0x1b5c [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
    19:44:01.0326 0x1b5c ALG - ok
    19:44:01.0356 0x1b5c [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
    19:44:01.0357 0x1b5c aliide - ok
    19:44:01.0364 0x1b5c [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
    19:44:01.0364 0x1b5c amdide - ok
    19:44:01.0368 0x1b5c [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    19:44:01.0369 0x1b5c AmdK8 - ok
    19:44:01.0378 0x1b5c [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
    19:44:01.0379 0x1b5c AmdPPM - ok
    19:44:01.0402 0x1b5c [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    19:44:01.0404 0x1b5c amdsata - ok
    19:44:01.0409 0x1b5c [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    19:44:01.0412 0x1b5c amdsbs - ok
    19:44:01.0426 0x1b5c [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
    19:44:01.0427 0x1b5c amdxata - ok
    19:44:01.0462 0x1b5c [ 4542CC17440E85D2D2D73A7D40FAED0A, F157F9A137DEACFC5A1A982265F5CE05A79C0CF8F13291773E2351BEFCB94E08 ] Apowersoft_AudioDevice C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys
    19:44:01.0462 0x1b5c Apowersoft_AudioDevice - ok
    19:44:01.0477 0x1b5c [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
    19:44:01.0478 0x1b5c AppID - ok
    19:44:01.0494 0x1b5c [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    19:44:01.0495 0x1b5c AppIDSvc - ok
    19:44:01.0534 0x1b5c [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
    19:44:01.0536 0x1b5c Appinfo - ok
    19:44:01.0557 0x1b5c [ 1C726705935E89FD59E652E4F09148D0, 5D72DB5C493ED48ACBD1A520283C7B16E656FB1E8B00885696C79A09FC37487D ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
    19:44:01.0558 0x1b5c AppleCharger - ok
    19:44:01.0570 0x1b5c [ 95EF7247C50C7241FDAE39A9B3AFF4AE, 6E08FB095C04B2E217B139D6431336C0F24C128A2A83082A3085DC8C44AA247D ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
    19:44:01.0571 0x1b5c AppleChargerSrv - ok
    19:44:01.0597 0x1b5c [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
    19:44:01.0598 0x1b5c arc - ok
    19:44:01.0609 0x1b5c [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
    19:44:01.0610 0x1b5c arcsas - ok
    19:44:01.0701 0x1b5c [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    19:44:01.0702 0x1b5c aspnet_state - ok
    19:44:01.0725 0x1b5c [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    19:44:01.0726 0x1b5c AsyncMac - ok
    19:44:01.0742 0x1b5c [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
    19:44:01.0742 0x1b5c atapi - ok
    19:44:01.0762 0x1b5c [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    19:44:01.0771 0x1b5c AudioEndpointBuilder - ok
    19:44:01.0782 0x1b5c [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    19:44:01.0791 0x1b5c AudioSrv - ok
    19:44:01.0841 0x1b5c [ AAE1DAE483DD57D0E267FCA42FCB5133, CB0A2DE350E975015C4601F66294B54DEFA9708082272DCB57E1BBB288ACE280 ] avc3 C:\Windows\system32\DRIVERS\avc3.sys
    19:44:01.0850 0x1b5c avc3 - ok
    19:44:01.0882 0x1b5c [ 8183B715BD56561C27BEBB68B1192B7A, 19C65D0684D24956CDB3A3369AFFF4ECAC3FB7D2AA38ED41AD75AF3DDDFE882B ] avckf C:\Windows\system32\DRIVERS\avckf.sys
    19:44:01.0890 0x1b5c avckf - ok
    19:44:01.0913 0x1b5c [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
    19:44:01.0914 0x1b5c AxInstSV - ok
    19:44:01.0940 0x1b5c [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    19:44:01.0945 0x1b5c b06bdrv - ok
    19:44:01.0958 0x1b5c [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    19:44:01.0961 0x1b5c b57nd60a - ok
    19:44:01.0965 0x1b5c [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
    19:44:01.0967 0x1b5c BDESVC - ok
    19:44:01.0996 0x1b5c [ C0247341C1BCD7FF2742821D0AD7AFBC, EC2B246F3233302DB540394AC0F11F294CA16FB9E44110126CC9807BAC20EA35 ] bdfwfpf C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys
    19:44:02.0000 0x1b5c bdfwfpf - ok
    19:44:02.0024 0x1b5c [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
    19:44:02.0025 0x1b5c Beep - ok
    19:44:02.0066 0x1b5c [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
    19:44:02.0085 0x1b5c BFE - ok
    19:44:02.0132 0x1b5c [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
    19:44:02.0154 0x1b5c BITS - ok
    19:44:02.0165 0x1b5c [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    19:44:02.0167 0x1b5c blbdrive - ok
    19:44:02.0193 0x1b5c [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    19:44:02.0195 0x1b5c bowser - ok
    19:44:02.0291 0x1b5c [ D4F84730BE7FEB435D119792F84EA934, AE66026CEF3E3F71A210C903E55C327955872B22F01E80FC3410B0AA1355062C ] BRDriver64 C:\ProgramData\BitRaider\BRDriver64.sys
    19:44:02.0296 0x1b5c BRDriver64 - ok
    19:44:02.0312 0x1b5c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    19:44:02.0314 0x1b5c BrFiltLo - ok
    19:44:02.0329 0x1b5c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    19:44:02.0330 0x1b5c BrFiltUp - ok
    19:44:02.0356 0x1b5c [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    19:44:02.0360 0x1b5c BridgeMP - ok
    19:44:02.0391 0x1b5c [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
    19:44:02.0396 0x1b5c Browser - ok
    19:44:02.0417 0x1b5c [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    19:44:02.0426 0x1b5c Brserid - ok
    19:44:02.0437 0x1b5c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    19:44:02.0439 0x1b5c BrSerWdm - ok
    19:44:02.0470 0x1b5c [ 78561B78811A147B99CB47EBBD2D2847, 4EF1ED64CAF0549B43A660FF70D5035DFD59CCD22E7353150E8A13944C936520 ] BRSptSvc C:\ProgramData\BitRaider\BRSptSvc.exe
    19:44:02.0479 0x1b5c BRSptSvc - ok
    19:44:02.0493 0x1b5c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    19:44:02.0494 0x1b5c BrUsbMdm - ok
    19:44:02.0500 0x1b5c [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    19:44:02.0501 0x1b5c BrUsbSer - ok
    19:44:02.0511 0x1b5c [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    19:44:02.0513 0x1b5c BTHMODEM - ok
    19:44:02.0547 0x1b5c [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
    19:44:02.0549 0x1b5c bthserv - ok
    19:44:02.0551 0x1b5c catchme - ok
    19:44:02.0566 0x1b5c [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    19:44:02.0568 0x1b5c cdfs - ok
    19:44:02.0582 0x1b5c [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    19:44:02.0585 0x1b5c cdrom - ok
    19:44:02.0594 0x1b5c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
    19:44:02.0596 0x1b5c CertPropSvc - ok
    19:44:02.0611 0x1b5c [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
    19:44:02.0613 0x1b5c circlass - ok
    19:44:02.0632 0x1b5c [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
    19:44:02.0640 0x1b5c CLFS - ok
    19:44:02.0702 0x1b5c [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    19:44:02.0707 0x1b5c clr_optimization_v2.0.50727_32 - ok
    19:44:02.0728 0x1b5c [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    19:44:02.0731 0x1b5c clr_optimization_v2.0.50727_64 - ok
    19:44:02.0795 0x1b5c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    19:44:02.0802 0x1b5c clr_optimization_v4.0.30319_32 - ok
    19:44:02.0817 0x1b5c [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    19:44:02.0821 0x1b5c clr_optimization_v4.0.30319_64 - ok
    19:44:02.0835 0x1b5c [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
    19:44:02.0836 0x1b5c CmBatt - ok
    19:44:02.0862 0x1b5c [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
    19:44:02.0863 0x1b5c cmdide - ok
    19:44:02.0899 0x1b5c [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
    19:44:02.0906 0x1b5c CNG - ok
    19:44:02.0918 0x1b5c [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    19:44:02.0919 0x1b5c Compbatt - ok
    19:44:02.0940 0x1b5c [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    19:44:02.0941 0x1b5c CompositeBus - ok
    19:44:02.0946 0x1b5c COMSysApp - ok
    19:44:03.0007 0x1b5c [ 3A92DDB2F7B7FE2E71AA1418804EBC3C, 1B84033A6DDB9D371AC34F8D65AB0F729E8A77B0D26C8DCA0965CE265474BD64 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
    19:44:03.0011 0x1b5c cphs - ok
    19:44:03.0018 0x1b5c [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    19:44:03.0019 0x1b5c crcdisk - ok
    19:44:03.0055 0x1b5c [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
    19:44:03.0058 0x1b5c CryptSvc - ok
    19:44:03.0240 0x1b5c [ 914A7156B0C0F10BE645A02E13F576B2, C8686CE4DD9C457D56D5535307FD210AE057BFF94AC59665681DA6CF46DBE2E8 ] DAUpdaterSvc C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
    19:44:03.0240 0x1b5c DAUpdaterSvc - ok
    19:44:03.0273 0x1b5c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
    19:44:03.0288 0x1b5c DcomLaunch - ok
    19:44:03.0320 0x1b5c [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
    19:44:03.0326 0x1b5c defragsvc - ok
    19:44:03.0341 0x1b5c [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    19:44:03.0345 0x1b5c DfsC - ok
    19:44:03.0372 0x1b5c [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
    19:44:03.0379 0x1b5c Dhcp - ok
    19:44:03.0388 0x1b5c [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
    19:44:03.0391 0x1b5c discache - ok
    19:44:03.0417 0x1b5c [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
    19:44:03.0419 0x1b5c Disk - ok
    19:44:03.0451 0x1b5c [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    19:44:03.0455 0x1b5c Dnscache - ok
    19:44:03.0473 0x1b5c [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
    19:44:03.0479 0x1b5c dot3svc - ok
    19:44:03.0509 0x1b5c [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
    19:44:03.0513 0x1b5c DPS - ok
    19:44:03.0565 0x1b5c [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    19:44:03.0567 0x1b5c drmkaud - ok
    19:44:03.0651 0x1b5c [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    19:44:03.0679 0x1b5c DXGKrnl - ok
    19:44:03.0703 0x1b5c [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
    19:44:03.0706 0x1b5c EapHost - ok
    19:44:03.0795 0x1b5c [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
    19:44:03.0870 0x1b5c ebdrv - ok
    19:44:03.0907 0x1b5c [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
    19:44:03.0908 0x1b5c EFS - ok
    19:44:03.0984 0x1b5c [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    19:44:04.0007 0x1b5c ehRecvr - ok
    19:44:04.0017 0x1b5c [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
    19:44:04.0019 0x1b5c ehSched - ok
    19:44:04.0043 0x1b5c [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    19:44:04.0053 0x1b5c elxstor - ok
    19:44:04.0065 0x1b5c [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    19:44:04.0065 0x1b5c ErrDev - ok
    19:44:04.0090 0x1b5c [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
    19:44:04.0098 0x1b5c EventSystem - ok
    19:44:04.0119 0x1b5c [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
    19:44:04.0122 0x1b5c exfat - ok
    19:44:04.0129 0x1b5c [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    19:44:04.0134 0x1b5c fastfat - ok
    19:44:04.0170 0x1b5c [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
    19:44:04.0183 0x1b5c Fax - ok
    19:44:04.0198 0x1b5c [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
    19:44:04.0199 0x1b5c fdc - ok
    19:44:04.0227 0x1b5c [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
    19:44:04.0229 0x1b5c fdPHost - ok
    19:44:04.0245 0x1b5c [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
    19:44:04.0248 0x1b5c FDResPub - ok
    19:44:04.0268 0x1b5c [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    19:44:04.0271 0x1b5c FileInfo - ok
    19:44:04.0288 0x1b5c [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    19:44:04.0289 0x1b5c Filetrace - ok
    19:44:04.0306 0x1b5c [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    19:44:04.0307 0x1b5c flpydisk - ok
    19:44:04.0328 0x1b5c [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    19:44:04.0335 0x1b5c FltMgr - ok
    19:44:04.0393 0x1b5c [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
    19:44:04.0418 0x1b5c FontCache - ok
    19:44:04.0449 0x1b5c [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    19:44:04.0451 0x1b5c FontCache3.0.0.0 - ok
    19:44:04.0469 0x1b5c [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    19:44:04.0472 0x1b5c FsDepends - ok
    19:44:04.0501 0x1b5c [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    19:44:04.0503 0x1b5c Fs_Rec - ok
    19:44:04.0545 0x1b5c [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    19:44:04.0552 0x1b5c fvevol - ok
    19:44:04.0569 0x1b5c [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    19:44:04.0572 0x1b5c gagp30kx - ok
    19:44:04.0596 0x1b5c [ 7907E14F9BCF3A4689C9A74A1A873CB6, 17927B93B2D6AB4271C158F039CAE2D60591D6A14458F5A5690AEC86F5D54229 ] gdrv C:\Windows\gdrv.sys
    19:44:04.0598 0x1b5c gdrv - ok
    19:44:04.0646 0x1b5c [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
    19:44:04.0671 0x1b5c gpsvc - ok
    19:44:04.0713 0x1b5c [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    19:44:04.0718 0x1b5c gupdate - ok
    19:44:04.0730 0x1b5c [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    19:44:04.0735 0x1b5c gupdatem - ok
    19:44:04.0775 0x1b5c [ 408B664926675C270D911160F1631D6B, 6BF7E613B708E2E81916DE6C83256F969797B9D039C16A20003541D698055BC7 ] gzflt C:\Windows\system32\DRIVERS\gzflt.sys
    19:44:04.0780 0x1b5c gzflt - ok
    19:44:04.0852 0x1b5c [ B5CBEB9EB25A8230463037A647BC1469, 03643B05F9309ED4EF415CB6455D8B1FC39707745982C31AF0A42398C5A30B52 ] gzserv C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
    19:44:04.0856 0x1b5c gzserv - ok
    19:44:04.0872 0x1b5c [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    19:44:04.0874 0x1b5c hcw85cir - ok
    19:44:04.0918 0x1b5c [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    19:44:04.0933 0x1b5c HdAudAddService - ok
    19:44:04.0954 0x1b5c [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    19:44:04.0961 0x1b5c HDAudBus - ok
    19:44:04.0980 0x1b5c [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    19:44:04.0982 0x1b5c HidBatt - ok
    19:44:04.0998 0x1b5c [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    19:44:05.0002 0x1b5c HidBth - ok
    19:44:05.0016 0x1b5c [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
    19:44:05.0018 0x1b5c HidIr - ok
    19:44:05.0046 0x1b5c [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
    19:44:05.0049 0x1b5c hidserv - ok
    19:44:05.0076 0x1b5c [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    19:44:05.0078 0x1b5c HidUsb - ok
    19:44:05.0093 0x1b5c [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
    19:44:05.0098 0x1b5c hkmsvc - ok
    19:44:05.0121 0x1b5c [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    19:44:05.0132 0x1b5c HomeGroupListener - ok
    19:44:05.0153 0x1b5c [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    19:44:05.0160 0x1b5c HomeGroupProvider - ok
    19:44:05.0173 0x1b5c [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    19:44:05.0175 0x1b5c HpSAMD - ok
    19:44:05.0213 0x1b5c [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    19:44:05.0233 0x1b5c HTTP - ok
    19:44:05.0244 0x1b5c [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    19:44:05.0245 0x1b5c hwpolicy - ok
    19:44:05.0251 0x1b5c [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    19:44:05.0254 0x1b5c i8042prt - ok
    19:44:05.0300 0x1b5c [ 0A34D806EF2767E62CAFEA1A150A8830, 2C5C9C0924C6AE379E3CD071E6687885006843A17742B083CE14719F666F7FE6 ] iaStorA C:\Windows\system32\DRIVERS\iaStorA.sys
    19:44:05.0316 0x1b5c iaStorA - ok
    19:44:05.0375 0x1b5c [ 7281AED93FB30FDD1CBAF07591FA453A, BD912798D8E28AF27C5FE01455D97224013D30066E35230888E64D0AC346893F ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    19:44:05.0377 0x1b5c IAStorDataMgrSvc - ok
    19:44:05.0392 0x1b5c [ 6EE3E8FB6C5B1DCC42464BF95F32AC7A, 1D2C3F474B200946F190C2ACD6BF2B2ABDBA16374675920E78280131EDB4ED8C ] iaStorF C:\Windows\system32\DRIVERS\iaStorF.sys
    19:44:05.0393 0x1b5c iaStorF - ok
    19:44:05.0430 0x1b5c [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    19:44:05.0441 0x1b5c iaStorV - ok
    19:44:05.0504 0x1b5c [ D9A9FFC89F61CAD4AD9EF31FBB17E634, F81184889B30DA8947F22A9C9ED5C542295ED70F0A1C27D1C91BAC21F4BCD987 ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    19:44:05.0511 0x1b5c ICCS - ok
    19:44:05.0582 0x1b5c [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    19:44:05.0607 0x1b5c idsvc - ok
    19:44:05.0627 0x1b5c IEEtwCollectorService - ok
    19:44:05.0741 0x1b5c [ 5268F385C889BB942E0F9596DE83373F, 011280191EEF8053CD413734A0B08F5DF88CD8408CD8354AABF2216F4C59F921 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    19:44:05.0868 0x1b5c igfx - ok
    19:44:05.0890 0x1b5c [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    19:44:05.0891 0x1b5c iirsp - ok
    19:44:05.0928 0x1b5c [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
    19:44:05.0939 0x1b5c IKEEXT - ok
    19:44:06.0015 0x1b5c [ 6CB00AE4D2CEF52995D420656E02C30A, EDE13D7A650022CB75318159C57161F5FF9A128DB80D055555E6CB4F5F469EA4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    19:44:06.0075 0x1b5c IntcAzAudAddService - ok
    19:44:06.0118 0x1b5c [ 0E0B99617ED3FDB6C5F0E2D62709B5DF, A656CA3A60E62BE16A015150B23136CE150F9876B4035E9E8D8E73D1707B37A4 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    19:44:06.0125 0x1b5c IntcDAud - ok
    19:44:06.0152 0x1b5c [ DDA8E5AD97231AB50B81FED04C28F64C, 5C9E8F7CC45A9AE7FF12A02641562E271D84894DFA7C50218AC2AAA298251B60 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
    19:44:06.0161 0x1b5c Intel(R) Capability Licensing Service Interface - ok
    19:44:06.0181 0x1b5c [ 86FE509640D77FB0998FC8B1FF5523C6, 13E895DEB9B84379251699D7E52C5E3FD888994425DE01B6C4634F9E959D5584 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    19:44:06.0191 0x1b5c Intel(R) Capability Licensing Service TCP IP Interface - ok
    19:44:06.0206 0x1b5c [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
    19:44:06.0206 0x1b5c intelide - ok
    19:44:06.0220 0x1b5c [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    19:44:06.0221 0x1b5c intelppm - ok
    19:44:06.0246 0x1b5c [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    19:44:06.0248 0x1b5c IPBusEnum - ok
    19:44:06.0268 0x1b5c [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    19:44:06.0269 0x1b5c IpFilterDriver - ok
    19:44:06.0309 0x1b5c [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    19:44:06.0317 0x1b5c iphlpsvc - ok
    19:44:06.0330 0x1b5c [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    19:44:06.0331 0x1b5c IPMIDRV - ok
    19:44:06.0336 0x1b5c [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    19:44:06.0338 0x1b5c IPNAT - ok
    19:44:06.0348 0x1b5c [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
    19:44:06.0348 0x1b5c IRENUM - ok
    19:44:06.0357 0x1b5c [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    19:44:06.0358 0x1b5c isapnp - ok
    19:44:06.0390 0x1b5c [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    19:44:06.0393 0x1b5c iScsiPrt - ok
    19:44:06.0421 0x1b5c [ 78D369F8A81A341109FBA1DB64B4C512, E584F693255CCBF7006E7D35984149CF599BB0849A8F02EFDD6223DF0D606049 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
    19:44:06.0421 0x1b5c iusb3hcs - ok
    19:44:06.0444 0x1b5c [ 5B632ABA038CE2E2D5D2D1115C6B26D1, 605A8FFA704E4369CF9D17DF8630DC9E196B8920D47F1CC5151759E60B234C1F ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
    19:44:06.0455 0x1b5c iusb3hub - ok
    19:44:06.0481 0x1b5c [ EA841584EF59528D11F20355770E427E, 515737761BB2A0A233F4AD141E28D93E3B9789320A15B7D5FB3DB5AC3CD8E249 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
    19:44:06.0494 0x1b5c iusb3xhc - ok
    19:44:06.0546 0x1b5c [ BF5D3A2624177C413680DEF19A465AF8, B9909D3E6CB6F9971293116387865AD15CB9D47513C7FAA9C36BE4D2847A41EB ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    19:44:06.0553 0x1b5c jhi_service - ok
    19:44:06.0585 0x1b5c [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    19:44:06.0588 0x1b5c kbdclass - ok
    19:44:06.0601 0x1b5c [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    19:44:06.0604 0x1b5c kbdhid - ok
    19:44:06.0617 0x1b5c [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
    19:44:06.0620 0x1b5c KeyIso - ok
    19:44:06.0654 0x1b5c [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    19:44:06.0659 0x1b5c KSecDD - ok
    19:44:06.0674 0x1b5c [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    19:44:06.0680 0x1b5c KSecPkg - ok
     
  12. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    It looks incomplete to me.

    Can you attach entire file?
     
  13. Mark Chen 1234

    Mark Chen 1234 TS Rookie Topic Starter Posts: 25

    19:44:06.0689 0x1b5c [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    19:44:06.0692 0x1b5c ksthunk - ok
    19:44:06.0732 0x1b5c [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
    19:44:06.0747 0x1b5c KtmRm - ok
    19:44:06.0785 0x1b5c [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
    19:44:06.0796 0x1b5c LanmanServer - ok
    19:44:06.0819 0x1b5c [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    19:44:06.0825 0x1b5c LanmanWorkstation - ok
    19:44:06.0852 0x1b5c [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    19:44:06.0854 0x1b5c lltdio - ok
    19:44:06.0876 0x1b5c [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    19:44:06.0882 0x1b5c lltdsvc - ok
    19:44:06.0910 0x1b5c [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
    19:44:06.0912 0x1b5c lmhosts - ok
    19:44:06.0978 0x1b5c [ 44160F45139B4F12CDAF9B2BAF675F4D, 01C01CCA372581300524EB2BB7C0DC9857810004A130216FFD6924E9C05F99CB ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    19:44:06.0989 0x1b5c LMS - ok
    19:44:07.0004 0x1b5c [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    19:44:07.0006 0x1b5c LSI_FC - ok
    19:44:07.0020 0x1b5c [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    19:44:07.0022 0x1b5c LSI_SAS - ok
    19:44:07.0030 0x1b5c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    19:44:07.0031 0x1b5c LSI_SAS2 - ok
    19:44:07.0040 0x1b5c [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    19:44:07.0042 0x1b5c LSI_SCSI - ok
    19:44:07.0062 0x1b5c [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
    19:44:07.0065 0x1b5c luafv - ok
    19:44:07.0121 0x1b5c [ F92B0E478C0FAA6D6661E6E977247E60, 8B26B57C2C60C98CD6273ACA126B2CD0356ADB13A59FEC12882357A6B973123C ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    19:44:07.0124 0x1b5c MBAMProtector - ok
    19:44:07.0208 0x1b5c [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    19:44:07.0240 0x1b5c MBAMScheduler - ok
    19:44:07.0276 0x1b5c [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    19:44:07.0286 0x1b5c MBAMService - ok
    19:44:07.0312 0x1b5c [ 8A50D5304E6AE48664CF5838EC32F647, C76943FABEE1B5E1B641AA610668CCD4227E2C4B191DD30B79D3AB31A9E8B5BE ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
    19:44:07.0314 0x1b5c MBAMSwissArmy - ok
    19:44:07.0328 0x1b5c [ 15E8ABC06843672955CE26A009533BAD, E7221B7DE9DB45447C68E79C6BFD064713C5974F7E79925BD7DEEF71F73F3E83 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
    19:44:07.0330 0x1b5c MBAMWebAccessControl - ok
    19:44:07.0352 0x1b5c [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    19:44:07.0354 0x1b5c Mcx2Svc - ok
    19:44:07.0364 0x1b5c [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
    19:44:07.0364 0x1b5c megasas - ok
    19:44:07.0380 0x1b5c [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    19:44:07.0384 0x1b5c MegaSR - ok
    19:44:07.0410 0x1b5c [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    19:44:07.0412 0x1b5c MEIx64 - ok
    19:44:07.0442 0x1b5c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
    19:44:07.0446 0x1b5c MMCSS - ok
    19:44:07.0460 0x1b5c [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
    19:44:07.0462 0x1b5c Modem - ok
    19:44:07.0477 0x1b5c [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    19:44:07.0479 0x1b5c monitor - ok
    19:44:07.0488 0x1b5c [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    19:44:07.0491 0x1b5c mouclass - ok
    19:44:07.0503 0x1b5c [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    19:44:07.0505 0x1b5c mouhid - ok
    19:44:07.0526 0x1b5c [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    19:44:07.0529 0x1b5c mountmgr - ok
    19:44:07.0545 0x1b5c [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
    19:44:07.0549 0x1b5c mpio - ok
    19:44:07.0571 0x1b5c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    19:44:07.0575 0x1b5c mpsdrv - ok
    19:44:07.0607 0x1b5c [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
    19:44:07.0622 0x1b5c MpsSvc - ok
    19:44:07.0653 0x1b5c [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    19:44:07.0656 0x1b5c MRxDAV - ok
    19:44:07.0685 0x1b5c [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    19:44:07.0689 0x1b5c mrxsmb - ok
    19:44:07.0700 0x1b5c [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    19:44:07.0706 0x1b5c mrxsmb10 - ok
    19:44:07.0715 0x1b5c [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    19:44:07.0719 0x1b5c mrxsmb20 - ok
    19:44:07.0749 0x1b5c [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
    19:44:07.0750 0x1b5c msahci - ok
    19:44:07.0760 0x1b5c [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    19:44:07.0767 0x1b5c msdsm - ok
    19:44:07.0784 0x1b5c [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
    19:44:07.0788 0x1b5c MSDTC - ok
    19:44:07.0798 0x1b5c [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    19:44:07.0800 0x1b5c Msfs - ok
    19:44:07.0814 0x1b5c [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    19:44:07.0815 0x1b5c mshidkmdf - ok
    19:44:07.0831 0x1b5c [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    19:44:07.0832 0x1b5c msisadrv - ok
    19:44:07.0859 0x1b5c [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    19:44:07.0864 0x1b5c MSiSCSI - ok
    19:44:07.0867 0x1b5c msiserver - ok
    19:44:07.0889 0x1b5c [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    19:44:07.0890 0x1b5c MSKSSRV - ok
    19:44:07.0903 0x1b5c [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    19:44:07.0904 0x1b5c MSPCLOCK - ok
    19:44:07.0919 0x1b5c [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    19:44:07.0919 0x1b5c MSPQM - ok
    19:44:07.0941 0x1b5c [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    19:44:07.0950 0x1b5c MsRPC - ok
    19:44:07.0956 0x1b5c [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    19:44:07.0958 0x1b5c mssmbios - ok
    19:44:07.0967 0x1b5c [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    19:44:07.0968 0x1b5c MSTEE - ok
    19:44:07.0982 0x1b5c [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    19:44:07.0983 0x1b5c MTConfig - ok
    19:44:07.0994 0x1b5c [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
    19:44:07.0996 0x1b5c Mup - ok
    19:44:08.0034 0x1b5c [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
    19:44:08.0046 0x1b5c napagent - ok
    19:44:08.0073 0x1b5c [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    19:44:08.0077 0x1b5c NativeWifiP - ok
    19:44:08.0150 0x1b5c [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
    19:44:08.0171 0x1b5c NDIS - ok
    19:44:08.0200 0x1b5c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    19:44:08.0202 0x1b5c NdisCap - ok
    19:44:08.0240 0x1b5c [ 8DC4CF52E4BA1C85EDEF32A8F9444EDA, 5E6D01591211DF13ED035707125668DB91F2E6A2BA5FDC9B03B71413F00AE279 ] ndisrd C:\Windows\system32\DRIVERS\ndisrd.sys
    19:44:08.0242 0x1b5c ndisrd - ok
    19:44:08.0257 0x1b5c [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    19:44:08.0259 0x1b5c NdisTapi - ok
    19:44:08.0293 0x1b5c [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    19:44:08.0295 0x1b5c Ndisuio - ok
    19:44:08.0318 0x1b5c [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    19:44:08.0324 0x1b5c NdisWan - ok
    19:44:08.0351 0x1b5c [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    19:44:08.0354 0x1b5c NDProxy - ok
    19:44:08.0372 0x1b5c [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    19:44:08.0375 0x1b5c NetBIOS - ok
    19:44:08.0395 0x1b5c [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    19:44:08.0403 0x1b5c NetBT - ok
    19:44:08.0416 0x1b5c [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
    19:44:08.0417 0x1b5c Netlogon - ok
    19:44:08.0446 0x1b5c [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
    19:44:08.0452 0x1b5c Netman - ok
    19:44:08.0508 0x1b5c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:44:08.0510 0x1b5c NetMsmqActivator - ok
    19:44:08.0516 0x1b5c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:44:08.0519 0x1b5c NetPipeActivator - ok
    19:44:08.0537 0x1b5c [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
    19:44:08.0544 0x1b5c netprofm - ok
    19:44:08.0560 0x1b5c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:44:08.0563 0x1b5c NetTcpActivator - ok
    19:44:08.0572 0x1b5c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:44:08.0574 0x1b5c NetTcpPortSharing - ok
    19:44:08.0592 0x1b5c [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    19:44:08.0594 0x1b5c nfrd960 - ok
    19:44:08.0633 0x1b5c [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
    19:44:08.0639 0x1b5c NlaSvc - ok
    19:44:08.0644 0x1b5c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
    19:44:08.0646 0x1b5c Npfs - ok
    19:44:08.0660 0x1b5c [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
    19:44:08.0661 0x1b5c nsi - ok
    19:44:08.0668 0x1b5c [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    19:44:08.0670 0x1b5c nsiproxy - ok
    19:44:08.0722 0x1b5c [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    19:44:08.0744 0x1b5c Ntfs - ok
    19:44:08.0759 0x1b5c [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
    19:44:08.0759 0x1b5c Null - ok
    19:44:08.0791 0x1b5c [ E366A5681C50785D4ED04FCFD65C3415, 7FF7B4B8F09E773401AE879897E60BF494B57B9ACEE990204A4C98A3FB183A33 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
    19:44:08.0794 0x1b5c NVHDA - ok
    19:44:09.0061 0x1b5c [ 2232AE1BB51A96A7381A2CA17DF12E24, 4813E27BC14EB3CBD55AF89B098EA5C8DA4C7FF0B6CCB7AACFC43BC0E578C988 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    19:44:09.0296 0x1b5c nvlddmkm - ok
    19:44:09.0443 0x1b5c [ D3791C720DDEE697C0933B14DC135D9C, BE10585887F3C48464A856AC3510AF30D14849EEC1556D9E356A506784CB02A5 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    19:44:09.0468 0x1b5c NvNetworkService - ok
    19:44:09.0506 0x1b5c [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    19:44:09.0508 0x1b5c nvraid - ok
    19:44:09.0518 0x1b5c [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    19:44:09.0520 0x1b5c nvstor - ok
    19:44:09.0594 0x1b5c [ 89C5BFA394D65CD305A35D3C4884265E, AA7C2007C7668817408CC56A593700FAA1D618607F71445C2D039A0BE5DE1DD1 ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
    19:44:09.0596 0x1b5c NvStreamKms - ok
    19:44:09.0980 0x1b5c [ 5E7DD556394FA56B3C2AAB6B4C624DAC, 11364E6F5B98B21DBAAC3567687C49254CBBDEED666CEF830C4BC7F294FDB245 ] NvStreamSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    19:44:10.0343 0x1b5c NvStreamSvc - ok
    19:44:10.0433 0x1b5c [ 2C8DD5A34A81715865D66D7AF39362A6, 62F9D873127921EE2EAA80B73E8994C4BF6DA7EEDACAEA030B8D58E086FD3850 ] nvsvc C:\Windows\system32\nvvsvc.exe
    19:44:10.0463 0x1b5c nvsvc - ok
    19:44:10.0499 0x1b5c [ 75034A4D7C02327D150B617571D4196A, 8E7DAFEC4307E883D52BD0B5F0732E26E019C953770B52ACBBAD3074A66393CB ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
    19:44:10.0502 0x1b5c nvvad_WaveExtensible - ok
    19:44:10.0522 0x1b5c [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    19:44:10.0526 0x1b5c nv_agp - ok
    19:44:10.0558 0x1b5c [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    19:44:10.0561 0x1b5c ohci1394 - ok
    19:44:10.0599 0x1b5c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    19:44:10.0611 0x1b5c p2pimsvc - ok
    19:44:10.0638 0x1b5c [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
    19:44:10.0650 0x1b5c p2psvc - ok
    19:44:10.0674 0x1b5c [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    19:44:10.0678 0x1b5c Parport - ok
    19:44:10.0706 0x1b5c [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    19:44:10.0709 0x1b5c partmgr - ok
    19:44:10.0721 0x1b5c [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
    19:44:10.0727 0x1b5c PcaSvc - ok
    19:44:10.0738 0x1b5c [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
    19:44:10.0742 0x1b5c pci - ok
    19:44:10.0784 0x1b5c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
    19:44:10.0786 0x1b5c pciide - ok
    19:44:10.0811 0x1b5c [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    19:44:10.0817 0x1b5c pcmcia - ok
    19:44:10.0835 0x1b5c [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
    19:44:10.0837 0x1b5c pcw - ok
    19:44:10.0873 0x1b5c [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    19:44:10.0892 0x1b5c PEAUTH - ok
    19:44:10.0952 0x1b5c [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
    19:44:10.0954 0x1b5c PerfHost - ok
    19:44:10.0995 0x1b5c [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
    19:44:11.0017 0x1b5c pla - ok
    19:44:11.0083 0x1b5c [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    19:44:11.0094 0x1b5c PlugPlay - ok
    19:44:11.0140 0x1b5c [ CD421DDB5C6E5458CE52EDC36DE7DC5B, 7B9C0A8B2B86BBF5D7E02F2620B0015A2530CBBC99724BE20313DE53EB31D62E ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
    19:44:11.0145 0x1b5c PnkBstrA - ok
    19:44:11.0163 0x1b5c [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    19:44:11.0168 0x1b5c PNRPAutoReg - ok
    19:44:11.0189 0x1b5c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    19:44:11.0199 0x1b5c PNRPsvc - ok
    19:44:11.0236 0x1b5c [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    19:44:11.0245 0x1b5c PolicyAgent - ok
    19:44:11.0262 0x1b5c [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
    19:44:11.0265 0x1b5c Power - ok
    19:44:11.0291 0x1b5c [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    19:44:11.0294 0x1b5c PptpMiniport - ok
    19:44:11.0309 0x1b5c [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
    19:44:11.0310 0x1b5c Processor - ok
    19:44:11.0338 0x1b5c [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
    19:44:11.0341 0x1b5c ProfSvc - ok
    19:44:11.0350 0x1b5c [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
    19:44:11.0351 0x1b5c ProtectedStorage - ok
    19:44:11.0375 0x1b5c [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    19:44:11.0377 0x1b5c Psched - ok
    19:44:11.0444 0x1b5c [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    19:44:11.0464 0x1b5c ql2300 - ok
    19:44:11.0479 0x1b5c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    19:44:11.0480 0x1b5c ql40xx - ok
    19:44:11.0507 0x1b5c [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
    19:44:11.0511 0x1b5c QWAVE - ok
    19:44:11.0516 0x1b5c [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    19:44:11.0517 0x1b5c QWAVEdrv - ok
    19:44:11.0528 0x1b5c [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    19:44:11.0529 0x1b5c RasAcd - ok
    19:44:11.0565 0x1b5c [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    19:44:11.0570 0x1b5c RasAgileVpn - ok
    19:44:11.0589 0x1b5c [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
    19:44:11.0594 0x1b5c RasAuto - ok
    19:44:11.0604 0x1b5c [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    19:44:11.0608 0x1b5c Rasl2tp - ok
    19:44:11.0626 0x1b5c [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
    19:44:11.0635 0x1b5c RasMan - ok
    19:44:11.0643 0x1b5c [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    19:44:11.0646 0x1b5c RasPppoe - ok
    19:44:11.0657 0x1b5c [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    19:44:11.0660 0x1b5c RasSstp - ok
    19:44:11.0672 0x1b5c [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    19:44:11.0679 0x1b5c rdbss - ok
    19:44:11.0688 0x1b5c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
    19:44:11.0689 0x1b5c rdpbus - ok
    19:44:11.0703 0x1b5c [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    19:44:11.0704 0x1b5c RDPCDD - ok
    19:44:11.0722 0x1b5c [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    19:44:11.0723 0x1b5c RDPENCDD - ok
    19:44:11.0735 0x1b5c [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    19:44:11.0737 0x1b5c RDPREFMP - ok
    19:44:11.0773 0x1b5c [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    19:44:11.0784 0x1b5c RDPWD - ok
    19:44:11.0809 0x1b5c [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    19:44:11.0813 0x1b5c rdyboost - ok
    19:44:11.0835 0x1b5c [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
    19:44:11.0838 0x1b5c RemoteAccess - ok
    19:44:11.0850 0x1b5c [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    19:44:11.0854 0x1b5c RemoteRegistry - ok
    19:44:11.0870 0x1b5c [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    19:44:11.0873 0x1b5c RpcEptMapper - ok
    19:44:11.0894 0x1b5c [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
    19:44:11.0896 0x1b5c RpcLocator - ok
    19:44:11.0919 0x1b5c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\System32\rpcss.dll
    19:44:11.0931 0x1b5c RpcSs - ok
    19:44:11.0942 0x1b5c [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    19:44:11.0945 0x1b5c rspndr - ok
    19:44:11.0979 0x1b5c [ B358C047E081AC70035017BD1D7ED818, D52455156F2913C5A88B18EC76C4C10B3589FE95F9735DD687A0307FA00FF500 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    19:44:11.0996 0x1b5c RTL8167 - ok
    19:44:12.0031 0x1b5c [ E16B7C030A05EF649B18FAB0A93D871F, 0F532D534A93D71650E2F7AF677419A6B38CE3142C98983565F1D759E544A4ED ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
    19:44:12.0032 0x1b5c RtNdPt60 - ok
    19:44:12.0045 0x1b5c [ 66B7587714BC9BD850D0A49041B90CA0, 48FCA14E6D4851BFA7C84536771F409CAD2EE7F5DE5F9EC01901B5A12E27BBA9 ] RTTEAMPT C:\Windows\system32\DRIVERS\RtTeam620.sys
    19:44:12.0046 0x1b5c RTTEAMPT - ok
    19:44:12.0068 0x1b5c [ C74798D1A2743C102154BD7871D92833, 521A4C9D8E614F2C12E4435FFC8703F7AFA98B0A0DC64F6615ECB4FE62F422EC ] RTVLANPT C:\Windows\system32\DRIVERS\RtVlan620.sys
    19:44:12.0069 0x1b5c RTVLANPT - ok
    19:44:12.0083 0x1b5c [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
    19:44:12.0085 0x1b5c SamSs - ok
    19:44:12.0162 0x1b5c [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    19:44:12.0163 0x1b5c SASDIFSV - ok
    19:44:12.0188 0x1b5c [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    19:44:12.0189 0x1b5c SASKUTIL - ok
    19:44:12.0206 0x1b5c [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    19:44:12.0209 0x1b5c sbp2port - ok
    19:44:12.0230 0x1b5c [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    19:44:12.0236 0x1b5c SCardSvr - ok
    19:44:12.0248 0x1b5c [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    19:44:12.0250 0x1b5c scfilter - ok
    19:44:12.0294 0x1b5c [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
    19:44:12.0324 0x1b5c Schedule - ok
    19:44:12.0342 0x1b5c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
    19:44:12.0345 0x1b5c SCPolicySvc - ok
    19:44:12.0366 0x1b5c [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    19:44:12.0371 0x1b5c SDRSVC - ok
    19:44:12.0390 0x1b5c [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
    19:44:12.0392 0x1b5c secdrv - ok
    19:44:12.0403 0x1b5c [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
    19:44:12.0406 0x1b5c seclogon - ok
    19:44:12.0413 0x1b5c [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
    19:44:12.0417 0x1b5c SENS - ok
    19:44:12.0428 0x1b5c [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
    19:44:12.0431 0x1b5c SensrSvc - ok
    19:44:12.0440 0x1b5c [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    19:44:12.0442 0x1b5c Serenum - ok
    19:44:12.0462 0x1b5c [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
    19:44:12.0466 0x1b5c Serial - ok
    19:44:12.0482 0x1b5c [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
    19:44:12.0483 0x1b5c sermouse - ok
    19:44:12.0504 0x1b5c [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
    19:44:12.0509 0x1b5c SessionEnv - ok
    19:44:12.0519 0x1b5c [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    19:44:12.0520 0x1b5c sffdisk - ok
    19:44:12.0524 0x1b5c [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    19:44:12.0525 0x1b5c sffp_mmc - ok
    19:44:12.0528 0x1b5c [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    19:44:12.0529 0x1b5c sffp_sd - ok
    19:44:12.0539 0x1b5c [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    19:44:12.0540 0x1b5c sfloppy - ok
    19:44:12.0571 0x1b5c [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    19:44:12.0580 0x1b5c SharedAccess - ok
    19:44:12.0601 0x1b5c [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    19:44:12.0611 0x1b5c ShellHWDetection - ok
    19:44:12.0630 0x1b5c [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    19:44:12.0632 0x1b5c SiSRaid2 - ok
    19:44:12.0641 0x1b5c [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    19:44:12.0643 0x1b5c SiSRaid4 - ok
    19:44:12.0671 0x1b5c [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    19:44:12.0676 0x1b5c SkypeUpdate - ok
    19:44:12.0734 0x1b5c [ 45A7392B0A3CE065D997F20D59345A3A, 995EE373ADC826F4239BF51BDA877D0C4615B5128C4E52B9B0B2ACD67F071CC4 ] Smart TimeLock C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe
    19:44:12.0740 0x1b5c Smart TimeLock - ok
    19:44:12.0770 0x1b5c [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    19:44:12.0774 0x1b5c Smb - ok
    19:44:12.0804 0x1b5c [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    19:44:12.0808 0x1b5c SNMPTRAP - ok
    19:44:12.0817 0x1b5c [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
    19:44:12.0819 0x1b5c spldr - ok
    19:44:12.0879 0x1b5c [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
    19:44:12.0904 0x1b5c Spooler - ok
    19:44:13.0000 0x1b5c [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
    19:44:13.0043 0x1b5c sppsvc - ok
    19:44:13.0060 0x1b5c [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    19:44:13.0062 0x1b5c sppuinotify - ok
    19:44:13.0091 0x1b5c [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
    19:44:13.0098 0x1b5c srv - ok
    19:44:13.0109 0x1b5c [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    19:44:13.0114 0x1b5c srv2 - ok
    19:44:13.0146 0x1b5c [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    19:44:13.0149 0x1b5c srvnet - ok
    19:44:13.0175 0x1b5c [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    19:44:13.0178 0x1b5c SSDPSRV - ok
    19:44:13.0184 0x1b5c [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
    19:44:13.0187 0x1b5c SstpSvc - ok
    19:44:13.0276 0x1b5c [ 7E815DDD79CC73A02A33DF11FABE4E1E, A05A85CDB0CB0AA1AAC93AA801C39242BFE59082E2BC580F04EBFA71B5B61F07 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    19:44:13.0289 0x1b5c Steam Client Service - ok
    19:44:13.0359 0x1b5c [ D2230317777033CD0456990BFC4994E5, 0F2F559593EAD7AB4596E67E9AE56E5ABF5C945201366CFC972357C22A4F776A ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    19:44:13.0376 0x1b5c Stereo Service - ok
    19:44:13.0400 0x1b5c [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
    19:44:13.0402 0x1b5c stexstor - ok
    19:44:13.0450 0x1b5c [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
    19:44:13.0466 0x1b5c stisvc - ok
    19:44:13.0481 0x1b5c [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    19:44:13.0483 0x1b5c swenum - ok
    19:44:13.0499 0x1b5c [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
    19:44:13.0512 0x1b5c swprv - ok
    19:44:13.0548 0x1b5c [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
    19:44:13.0571 0x1b5c SysMain - ok
    19:44:13.0585 0x1b5c [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
    19:44:13.0587 0x1b5c TabletInputService - ok
    19:44:13.0607 0x1b5c [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
    19:44:13.0612 0x1b5c TapiSrv - ok
    19:44:13.0624 0x1b5c [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
    19:44:13.0626 0x1b5c TBS - ok
     
  14. Mark Chen 1234

    Mark Chen 1234 TS Rookie Topic Starter Posts: 25

    19:44:13.0719 0x1b5c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    19:44:13.0751 0x1b5c Tcpip - ok
    19:44:13.0798 0x1b5c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    19:44:13.0829 0x1b5c TCPIP6 - ok
    19:44:13.0856 0x1b5c [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    19:44:13.0857 0x1b5c tcpipreg - ok
    19:44:13.0877 0x1b5c [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    19:44:13.0878 0x1b5c TDPIPE - ok
    19:44:13.0907 0x1b5c [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    19:44:13.0909 0x1b5c TDTCP - ok
    19:44:13.0936 0x1b5c [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    19:44:13.0942 0x1b5c tdx - ok
    19:44:14.0090 0x1b5c [ C32E6295D7D024B2302EFF1A7FEFD720, A9E5C78FD8765367863FFCA4954E52EEC77BE4956A6910CD09BBBF9D5BC96D4E ] TeamViewer9 C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    19:44:14.0158 0x1b5c TeamViewer9 - ok
    19:44:14.0175 0x1b5c [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    19:44:14.0176 0x1b5c TermDD - ok
    19:44:14.0211 0x1b5c [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
    19:44:14.0221 0x1b5c TermService - ok
    19:44:14.0233 0x1b5c [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
    19:44:14.0235 0x1b5c Themes - ok
    19:44:14.0286 0x1b5c [ EB4D572D47B069C18BDA1BCB5E7F2204, 82225469DD04B630D6BDF718846EBBE2D96DC65A00F400327D953CA1CE9FE430 ] Thermnaltake MS2 Filter C:\Windows\system32\Drivers\MS2Filter.sys
    19:44:14.0288 0x1b5c Thermnaltake MS2 Filter - ok
    19:44:14.0308 0x1b5c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
    19:44:14.0310 0x1b5c THREADORDER - ok
    19:44:14.0316 0x1b5c [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
    19:44:14.0319 0x1b5c TrkWks - ok
    19:44:14.0342 0x1b5c TrueSight - ok
    19:44:14.0375 0x1b5c [ 132C0E39AF0312E6B9611E2E1B344D41, 8B26EB55C5E0721498FF28A2865697FF761D237626A920608B5A80360BBD1285 ] trufos C:\Windows\system32\DRIVERS\trufos.sys
    19:44:14.0380 0x1b5c trufos - ok
    19:44:14.0416 0x1b5c [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    19:44:14.0418 0x1b5c TrustedInstaller - ok
    19:44:14.0447 0x1b5c [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    19:44:14.0448 0x1b5c tssecsrv - ok
    19:44:14.0471 0x1b5c [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    19:44:14.0472 0x1b5c TsUsbFlt - ok
    19:44:14.0479 0x1b5c [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    19:44:14.0480 0x1b5c TsUsbGD - ok
    19:44:14.0508 0x1b5c [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    19:44:14.0511 0x1b5c tunnel - ok
    19:44:14.0523 0x1b5c [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    19:44:14.0524 0x1b5c uagp35 - ok
    19:44:14.0537 0x1b5c [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    19:44:14.0542 0x1b5c udfs - ok
    19:44:14.0556 0x1b5c [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
    19:44:14.0558 0x1b5c UI0Detect - ok
    19:44:14.0573 0x1b5c [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    19:44:14.0574 0x1b5c uliagpkx - ok
    19:44:14.0598 0x1b5c [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    19:44:14.0600 0x1b5c umbus - ok
    19:44:14.0616 0x1b5c [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
    19:44:14.0616 0x1b5c UmPass - ok
    19:44:14.0633 0x1b5c [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
    19:44:14.0638 0x1b5c upnphost - ok
    19:44:14.0670 0x1b5c [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    19:44:14.0672 0x1b5c usbaudio - ok
    19:44:14.0691 0x1b5c [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    19:44:14.0695 0x1b5c usbccgp - ok
    19:44:14.0720 0x1b5c [ C02500A0EE2A47804077060DEEA26F92, 516187FE7060E8DA4DE4EB031649FAF47B155F6A00AB424DA663B4F0FEC266F3 ] UsbCharger C:\Windows\system32\DRIVERS\UsbCharger.sys
    19:44:14.0723 0x1b5c UsbCharger - ok
    19:44:14.0737 0x1b5c [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
    19:44:14.0742 0x1b5c usbcir - ok
    19:44:14.0758 0x1b5c [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
    19:44:14.0761 0x1b5c usbehci - ok
    19:44:14.0783 0x1b5c [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    19:44:14.0795 0x1b5c usbhub - ok
    19:44:14.0811 0x1b5c [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    19:44:14.0812 0x1b5c usbohci - ok
    19:44:14.0818 0x1b5c [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
    19:44:14.0819 0x1b5c usbprint - ok
    19:44:14.0849 0x1b5c [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    19:44:14.0851 0x1b5c USBSTOR - ok
    19:44:14.0861 0x1b5c [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    19:44:14.0862 0x1b5c usbuhci - ok
    19:44:14.0872 0x1b5c [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
    19:44:14.0874 0x1b5c UxSms - ok
    19:44:14.0884 0x1b5c [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
    19:44:14.0885 0x1b5c VaultSvc - ok
    19:44:14.0894 0x1b5c [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    19:44:14.0895 0x1b5c vdrvroot - ok
    19:44:14.0914 0x1b5c [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
    19:44:14.0924 0x1b5c vds - ok
    19:44:14.0935 0x1b5c [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    19:44:14.0936 0x1b5c vga - ok
    19:44:14.0949 0x1b5c [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
    19:44:14.0950 0x1b5c VgaSave - ok
    19:44:14.0971 0x1b5c [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    19:44:14.0975 0x1b5c vhdmp - ok
    19:44:15.0008 0x1b5c [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
    19:44:15.0009 0x1b5c viaide - ok
    19:44:15.0025 0x1b5c [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    19:44:15.0027 0x1b5c volmgr - ok
    19:44:15.0045 0x1b5c [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    19:44:15.0052 0x1b5c volmgrx - ok
    19:44:15.0060 0x1b5c [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
    19:44:15.0065 0x1b5c volsnap - ok
    19:44:15.0072 0x1b5c [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    19:44:15.0075 0x1b5c vsmraid - ok
    19:44:15.0114 0x1b5c [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
    19:44:15.0134 0x1b5c VSS - ok
    19:44:15.0148 0x1b5c [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    19:44:15.0149 0x1b5c vwifibus - ok
    19:44:15.0177 0x1b5c [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
    19:44:15.0182 0x1b5c W32Time - ok
    19:44:15.0192 0x1b5c [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    19:44:15.0193 0x1b5c WacomPen - ok
    19:44:15.0206 0x1b5c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    19:44:15.0209 0x1b5c WANARP - ok
    19:44:15.0211 0x1b5c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    19:44:15.0212 0x1b5c Wanarpv6 - ok
    19:44:15.0289 0x1b5c [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    19:44:15.0306 0x1b5c WatAdminSvc - ok
    19:44:15.0335 0x1b5c [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
    19:44:15.0357 0x1b5c wbengine - ok
    19:44:15.0371 0x1b5c [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    19:44:15.0375 0x1b5c WbioSrvc - ok
    19:44:15.0390 0x1b5c [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    19:44:15.0395 0x1b5c wcncsvc - ok
    19:44:15.0401 0x1b5c [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    19:44:15.0403 0x1b5c WcsPlugInService - ok
    19:44:15.0419 0x1b5c [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
    19:44:15.0419 0x1b5c Wd - ok
    19:44:15.0457 0x1b5c [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    19:44:15.0468 0x1b5c Wdf01000 - ok
    19:44:15.0493 0x1b5c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
    19:44:15.0495 0x1b5c WdiServiceHost - ok
    19:44:15.0499 0x1b5c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
    19:44:15.0502 0x1b5c WdiSystemHost - ok
    19:44:15.0532 0x1b5c [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
    19:44:15.0536 0x1b5c WebClient - ok
    19:44:15.0556 0x1b5c [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
    19:44:15.0560 0x1b5c Wecsvc - ok
    19:44:15.0575 0x1b5c [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    19:44:15.0578 0x1b5c wercplsupport - ok
    19:44:15.0595 0x1b5c [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
    19:44:15.0597 0x1b5c WerSvc - ok
    19:44:15.0615 0x1b5c [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    19:44:15.0616 0x1b5c WfpLwf - ok
    19:44:15.0628 0x1b5c [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    19:44:15.0628 0x1b5c WIMMount - ok
    19:44:15.0644 0x1b5c WinDefend - ok
    19:44:15.0657 0x1b5c WinHttpAutoProxySvc - ok
    19:44:15.0702 0x1b5c [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    19:44:15.0706 0x1b5c Winmgmt - ok
    19:44:15.0762 0x1b5c [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
    19:44:15.0791 0x1b5c WinRM - ok
    19:44:15.0840 0x1b5c [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
    19:44:15.0852 0x1b5c Wlansvc - ok
    19:44:15.0861 0x1b5c [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    19:44:15.0861 0x1b5c WmiAcpi - ok
    19:44:15.0878 0x1b5c [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    19:44:15.0881 0x1b5c wmiApSrv - ok
    19:44:15.0888 0x1b5c WMPNetworkSvc - ok
    19:44:15.0916 0x1b5c [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
    19:44:15.0917 0x1b5c WPCSvc - ok
    19:44:15.0929 0x1b5c [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    19:44:15.0933 0x1b5c WPDBusEnum - ok
    19:44:15.0942 0x1b5c [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    19:44:15.0944 0x1b5c ws2ifsl - ok
    19:44:15.0953 0x1b5c [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
    19:44:15.0956 0x1b5c wscsvc - ok
    19:44:15.0958 0x1b5c WSearch - ok
    19:44:16.0067 0x1b5c [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
    19:44:16.0101 0x1b5c wuauserv - ok
    19:44:16.0146 0x1b5c [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    19:44:16.0148 0x1b5c WudfPf - ok
    19:44:16.0177 0x1b5c [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    19:44:16.0184 0x1b5c WUDFRd - ok
    19:44:16.0219 0x1b5c [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    19:44:16.0224 0x1b5c wudfsvc - ok
    19:44:16.0264 0x1b5c [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
    19:44:16.0273 0x1b5c WwanSvc - ok
    19:44:16.0278 0x1b5c ================ Scan global ===============================
    19:44:16.0300 0x1b5c [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
    19:44:16.0342 0x1b5c [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
    19:44:16.0356 0x1b5c [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
    19:44:16.0382 0x1b5c [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
    19:44:16.0412 0x1b5c [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
    19:44:16.0421 0x1b5c [ Global ] - ok
    19:44:16.0421 0x1b5c ================ Scan MBR ==================================
    19:44:16.0426 0x1b5c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    19:44:16.0579 0x1b5c \Device\Harddisk0\DR0 - ok
    19:44:16.0579 0x1b5c ================ Scan VBR ==================================
    19:44:16.0581 0x1b5c [ 7B055740A07C46478EA2A3C962D15F0F ] \Device\Harddisk0\DR0\Partition1
    19:44:16.0630 0x1b5c \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
    19:44:16.0630 0x1b5c \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
    19:44:19.0600 0x1b5c [ 89464EFBBECF42B7FC26946CB98F24CE ] \Device\Harddisk0\DR0\Partition2
    19:44:19.0647 0x1b5c \Device\Harddisk0\DR0\Partition2 - ok
    19:44:19.0648 0x1b5c ================ Scan generic autorun ======================
    19:44:19.0773 0x1b5c [ E56CEA8FF92A5488A72A7AFBE6C36888, 5BC33DDE45AC1E8DAA79FDE1CE43F56405AA6D90051C9100972E601F6DB5F2F7 ] C:\Users\Lance\AppData\Roaming\uTorrent\uTorrent.exe
    19:44:19.0809 0x1b5c uTorrent - ok
    19:44:19.0811 0x1b5c Waiting for KSN requests completion. In queue: 8
    19:44:20.0812 0x1b5c Waiting for KSN requests completion. In queue: 8
    19:44:21.0812 0x1b5c Waiting for KSN requests completion. In queue: 8
    19:44:22.0851 0x1b5c AV detected via SS2: Bitdefender Antivirus Free Edition, C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe ( 1.0.21.1099 ), 0x40000 ( disabled : updated )
    19:44:22.0861 0x1b5c Win FW state via NFP2: enabled
    19:44:25.0831 0x1b5c ============================================================
    19:44:25.0831 0x1b5c Scan finished
    19:44:25.0831 0x1b5c ============================================================
    19:44:25.0846 0x1b44 Detected object count: 1
    19:44:25.0846 0x1b44 Actual detected object count: 1
    19:44:50.0781 0x1b44 \Device\Harddisk0\DR0\Partition1 - copied to quarantine
    19:44:50.0786 0x1b44 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
    19:44:50.0844 0x1b44 \Device\Harddisk0\DR0\Partition1 - ok
    19:44:50.0844 0x1b44 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure
    19:44:51.0585 0x1b44 KLMD registered as C:\Windows\system32\drivers\99338478.sys
    19:45:10.0097 0x183c Deinitialize success
     
  15. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Very well :)

    See if DDS will produce both logs now.
     
  16. Mark Chen 1234

    Mark Chen 1234 TS Rookie Topic Starter Posts: 25

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 20/01/2014 3:32:37 PM
    System Uptime: 18/09/2014 10:20:43 AM (2 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | H87M-HD3
    Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz | SOCKET 0 | 2496/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 730.807 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP130: 14/09/2014 7:00:01 PM - Windows Backup
    RP131: 14/09/2014 7:39:06 PM - Windows Backup
    RP132: 14/09/2014 8:15:18 PM - Windows Modules Installer
    RP133: 14/09/2014 9:04:38 PM - Windows Modules Installer
    RP134: 17/09/2014 3:17:38 PM - ComboFix created restore point
    RP135: 17/09/2014 8:30:48 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    "Assassin's Creed IV - Black Flag"
    @Bios B13.0703.1
    Adobe Flash Player 15 ActiveX
    Adobe Reader 9.3
    App Center
    Battle.net
    Battlefield 4™
    Battlelog Web Plugins
    Bitdefender Antivirus Free Edition
    BitRaider Web Client
    Blacklight: Retribution
    BUSB B13.0508.1
    CCleaner
    Counter-Strike: Global Offensive
    Counter-Strike: Source
    Dota 2
    Dragon Age: Origins - Ultimate Edition
    EasyTune
    EZSetupN B13.0628.1
    FileASSASSIN
    Google Chrome
    Google Update Helper
    Happy Cloud Client
    Hearthstone
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Intel(R) SDK for OpenCL - CPU Only Runtime Package
    Intel(R) USB 3.0 eXtensible Host Controller Driver
    Intel® Trusted Connect Service Client
    Java 7 Update 67
    Java Auto Updater
    LanOptimizer
    Magicka
    Malwarebytes Anti-Malware version 2.0.2.1012
    Microsoft .NET Framework 4.5.1
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
    Microsoft XNA Framework Redistributable 3.1
    Nexus Mod Manager
    NVIDIA 3D Vision Controller Driver 340.50
    NVIDIA 3D Vision Driver 340.52
    NVIDIA Control Panel 340.52
    NVIDIA GeForce Experience 2.1.1.1
    NVIDIA Graphics Driver 340.52
    NVIDIA HD Audio Driver 1.3.30.1
    NVIDIA Install Application
    NVIDIA LED Visualizer 1.0
    NVIDIA Network Service
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.13.1220
    NVIDIA ShadowPlay 15.3.36
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 15.3.36
    NVIDIA Update Core
    NVIDIA Virtual Audio 1.2.23
    ON_OFF Charge 2 B13.0506.1
    Origin
    Realtek Ethernet Controller Driver
    Realtek Ethernet Diagnostic Utility
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    SHIELD Streaming
    Skype™ 6.13
    Smart Recovery 2 B13.0627.1 (x64)
    Smart TimeLock B13.0508.1
    Star Wars The Old Republic
    Steam
    SUPERAntiSpyware
    TeamSpeak 3 Client
    TeamViewer 9
    The Elder Scrolls V: Skyrim
    Tt eSPORTS BLACK Element
    VLC media player 2.1.3
    WinRAR 5.01 (64-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    18/09/2014 10:21:18 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: UsbCharger
    17/09/2014 7:59:24 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    17/09/2014 7:59:23 PM, Error: Service Control Manager [7000] - The bdfwfpf service failed to start due to the following error: The system cannot find the file specified.
    17/09/2014 7:59:17 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.
    17/09/2014 7:17:33 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    17/09/2014 7:17:33 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    .
    ==== End Of File ===========================
     
  17. Mark Chen 1234

    Mark Chen 1234 TS Rookie Topic Starter Posts: 25

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.67.2
    Run by Lance at 12:41:59 on 2014-09-18
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8071.5841 [GMT 10:00]
    .
    AV: Bitdefender Antivirus Free Edition *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Bitdefender Antivirus Free Edition *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe
    C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\rundll32.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\GIGABYTE\Smart TimeLock\AlarmClock.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Origin\Origin.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    TCP: NameServer = 192.168.137.1
    TCP: Interfaces\{0BC63E54-05E0-4356-9E4C-EB2277C192EE} : DHCPNameServer = 192.168.137.1
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: GBHO.BHO: {45d30484-7ded-43d9-957a-d2fd1f046511} -
    x64-TB: Smart Recovery 2: {1d09c093-f71e-43c3-b948-19316cbd695e} -
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2014-1-25 718840]
    R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-4-30 677360]
    R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-4-30 28656]
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-1-20 20464]
    R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2014-1-20 21584]
    R1 bdfwfpf;bdfwfpf;C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [2014-1-25 121928]
    R1 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2014-1-25 148696]
    R1 ndisrd;WinpkFilter LightWeight Filter;C:\Windows\System32\drivers\ndisrd.sys [2014-1-23 32360]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-23 172344]
    R2 gzserv;Bitdefender Antivirus Free Edition;C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [2014-1-25 69368]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-4-30 15344]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2014-1-20 169432]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-9-14 1809720]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-14 860472]
    R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-4-10 1720792]
    R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-4-10 18973144]
    R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2014-1-23 32544]
    R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe [2013-2-22 102400]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-8-1 411936]
    R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-2-14 4915040]
    R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2014-1-25 593144]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-1-20 442368]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-1-20 368112]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-1-20 786416]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-9-14 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-9-14 122584]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-9-14 63704]
    R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-30 20440]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-30 40392]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-1-20 769168]
    R3 Thermnaltake MS2 Filter;Thermnaltake MS2 Filter;C:\Windows\System32\drivers\MS2Filter.sys [2014-3-5 57072]
    S1 UsbCharger;UsbCharger;C:\Windows\System32\drivers\UsbCharger.sys [2014-1-20 21584]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [2014-9-11 31920]
    S3 BRDriver64;BRDriver64;C:\ProgramData\BitRaider\BRDriver64.sys [2014-9-6 75048]
    S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\BitRaider\BRSptSvc.exe [2014-9-5 477960]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Steam\SteamApps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [2014-6-30 25832]
    S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2014-1-22 171632]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-12 111616]
    S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.20);C:\Windows\System32\drivers\RtTeam620.sys [2014-1-23 58512]
    S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan620.sys [2014-1-23 32400]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-30 1255736]
    S4 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
    S4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
    S4 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
    .
    =============== Created Last 30 ================
    .
    2014-09-17 10:31:13 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F247125E-BEA0-471F-A9CE-0AA52381B765}\mpengine.dll
    2014-09-17 10:00:29 261056 ----a-w- C:\Windows\System32\drivers\avchv.sys
    2014-09-17 09:59:24 176361 ----a-w- C:\ProgramData\1410947951.bdinstall.bin
    2014-09-17 09:59:11 37822 ----a-w- C:\ProgramData\1410947949.bdinstall.bin
    2014-09-17 09:44:50 -------- d-----w- C:\TDSSKiller_Quarantine
    2014-09-17 05:28:04 -------- d-sh--w- C:\$RECYCLE.BIN
    2014-09-16 10:00:20 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-09-16 09:49:47 98816 ----a-w- C:\Windows\sed.exe
    2014-09-16 09:49:47 256000 ----a-w- C:\Windows\PEV.exe
    2014-09-16 09:49:47 208896 ----a-w- C:\Windows\MBR.exe
    2014-09-16 09:45:26 -------- d-----w- C:\Windows\ERUNT
    2014-09-16 09:42:55 -------- d-----w- C:\AdwCleaner
    2014-09-16 09:37:09 33512 ----a-w- C:\Windows\SysWow64\drivers\TrueSight.sys
    2014-09-16 09:37:06 -------- d-----w- C:\ProgramData\RogueKiller
    2014-09-16 09:03:48 -------- d-----w- C:\FRST
    2014-09-15 09:47:38 -------- d-----w- C:\Program Files (x86)\FileASSASSIN
    2014-09-15 04:38:23 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2014-09-15 04:38:18 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-09-15 04:37:08 -------- d-----w- C:\Users\Lance\AppData\Roaming\SUPERAntiSpyware.com
    2014-09-15 04:36:46 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2014-09-15 04:36:46 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2014-09-14 11:09:59 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-09-14 11:09:42 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-09-14 11:09:42 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-09-14 11:09:42 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-09-14 11:09:42 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-09-14 11:09:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-09-14 10:16:19 -------- d-----w- C:\inetpub
    2014-09-13 07:32:49 -------- d-----w- C:\Users\Lance\AppData\Roaming\JxvgVXPQ
    2014-09-12 11:32:25 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
    2014-09-12 11:32:25 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
    2014-09-12 07:11:10 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
    2014-09-12 07:11:10 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
    2014-09-12 07:05:47 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2014-09-12 07:05:47 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2014-09-12 07:04:05 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2014-09-12 07:04:05 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2014-09-12 07:04:05 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-09-12 07:04:05 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-09-12 07:04:04 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2014-09-11 08:01:43 -------- d-----w- C:\Minecraft is awsome
    2014-09-11 07:16:38 31920 ----a-w- C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys
    2014-09-11 07:16:38 -------- d-----w- C:\Users\Lance\AppData\Roaming\Apowersoft
    2014-09-05 09:15:14 -------- d-----w- C:\ProgramData\BitRaider
    2014-09-05 09:05:12 -------- d-----w- C:\Users\Lance\AppData\Local\SWTORPerf
    2014-09-05 09:04:27 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
    2014-08-31 07:21:00 -------- d-----w- C:\Users\Lance\AppData\Roaming\.minecraft
    2014-08-31 07:20:37 -------- d-----w- C:\ProgramData\Oracle
    2014-08-31 07:20:20 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-08-29 05:59:46 404480 ----a-w- C:\Windows\System32\gdi32.dll
    2014-08-29 05:59:46 3163648 ----a-w- C:\Windows\System32\win32k.sys
    2014-08-29 05:59:46 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
    .
    ==================== Find3M ====================
    .
    2014-09-16 02:57:36 215416 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2014-09-13 11:18:08 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2014-09-13 08:22:26 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-09-13 08:22:26 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-08-24 20:53:42 270496 ------w- C:\Windows\System32\MpSigStub.exe
    2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
    2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
    2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
    2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-08-09 00:22:16 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
    2014-08-09 00:22:16 1126480 ----a-w- C:\Windows\SysWow64\nvspcap.dll
    2014-08-09 00:22:05 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
    2014-08-09 00:22:05 1283136 ----a-w- C:\Windows\System32\nvspcap64.dll
    2014-07-24 16:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
    2014-07-24 13:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
    2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
    2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
    2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
    2014-07-07 11:47:46 76152 ----a-w- C:\Windows\System32\PnkBstrA.exe
    2014-07-02 18:55:43 6783776 ----a-w- C:\Windows\System32\nvcpl.dll
    2014-07-02 18:55:43 3522392 ----a-w- C:\Windows\System32\nvsvc64.dll
    2014-07-02 18:55:41 935368 ----a-w- C:\Windows\System32\nvvsvc.exe
    2014-07-02 18:55:41 62808 ----a-w- C:\Windows\System32\nvshext.dll
    2014-07-02 18:55:41 386520 ----a-w- C:\Windows\System32\nvmctray.dll
    2014-07-02 17:44:45 609240 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2014-07-02 10:14:12 3826628 ----a-w- C:\Windows\System32\nvcoproc.bin
    2014-06-30 22:24:50 8856 ----a-w- C:\Windows\System32\icardres.dll
    2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
    .
    ============= FINISH: 12:42:19.56 ===============
     
  18. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Good :)

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [img=[url]http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png][/url]Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
     
  19. Mark Chen 1234

    Mark Chen 1234 TS Rookie Topic Starter Posts: 25

    RogueKiller V9.2.10.0 [Jul 11 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Lance [Admin rights]
    Mode : Remove -- Date : 09/18/2014 20:55:48

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 25 ¤¤¤
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BRDriver64 (\??\C:\ProgramData\BitRaider\BRDriver64.sys) -> NOT SELECTED
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BRSptSvc ("C:\ProgramData\BitRaider\BRSptSvc.exe") -> NOT SELECTED
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gdrv (\??\C:\Windows\gdrv.sys) -> NOT SELECTED
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BRDriver64 (\??\C:\ProgramData\BitRaider\BRDriver64.sys) -> NOT SELECTED
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BRSptSvc ("C:\ProgramData\BitRaider\BRSptSvc.exe") -> NOT SELECTED
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gdrv (\??\C:\Windows\gdrv.sys) -> NOT SELECTED
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BRDriver64 (\??\C:\ProgramData\BitRaider\BRDriver64.sys) -> NOT SELECTED
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BRSptSvc ("C:\ProgramData\BitRaider\BRSptSvc.exe") -> NOT SELECTED
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gdrv (\??\C:\Windows\gdrv.sys) -> NOT SELECTED
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
    [PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> NOT SELECTED
    [PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> NOT SELECTED
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> NOT SELECTED
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> NOT SELECTED
    [PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> NOT SELECTED
    [PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> NOT SELECTED
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3650181791-1853301177-715609049-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> NOT SELECTED
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3650181791-1853301177-715609049-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> NOT SELECTED
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> NOT SELECTED
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> NOT SELECTED

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ HOSTS File : 1 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

    ¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST1000DM ST1000DM003-1CH1 SCSI Disk Device +++++
    --- User ---
    [MBR] 32b47445b4a038aaec2243629d0012aa
    [BSP] 0a4aa7c845c349e30643773a56200c46 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([18] The program issued a command but the command length is incorrect. )


    ============================================
    RKreport_DEL_09162014_200732.log - RKreport_DEL_09162014_201026.log - RKreport_DEL_09172014_154626.log - RKreport_SCN_09162014_200721.log
    RKreport_SCN_09162014_200939.log - RKreport_SCN_09172014_154519.log - RKreport_SCN_09182014_205536.log
     
  20. Mark Chen 1234

    Mark Chen 1234 TS Rookie Topic Starter Posts: 25

    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    www.malwarebytes.org

    Database version: v2014.09.18.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17280
    Lance :: LANCE-PC [administrator]

    18/09/2014 8:59:20 PM
    mbar-log-2014-09-18 (20-59-20).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 308411
    Time elapsed: 5 minute(s), 9 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
     
  21. Mark Chen 1234

    Mark Chen 1234 TS Rookie Topic Starter Posts: 25

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17280

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 3.192000 GHz
    Memory total: 8463060992, free: 6043332608

    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    System is currently in a safe mode

    Account is Administrative

    Internet Explorer version: 11.0.9600.17280

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 3.192000 GHz
    Memory total: 8463060992, free: 7355609088

    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    System is currently in a safe mode

    Account is Administrative

    Internet Explorer version: 11.0.9600.17280

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 3.192000 GHz
    Memory total: 8463060992, free: 7377461248

    DNS error
    =======================================
    Initializing...
    ------------ Kernel report ------------
    09/16/2014 20:00:20
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\system32\DRIVERS\iusb3hcs.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\FLTMGR.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\DRIVERS\iaStorA.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\system32\DRIVERS\iaStorF.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\iusb3xhc.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\iusb3hub.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_iaStorA.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\System32\Drivers\MS2Filter.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\framebuf.dll
    \SystemRoot\System32\ATMFD.DLL
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8009aad060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000067\
    Lower Device Object: 0xfffffa80078882f0
    Lower Device Driver Name: \Driver\iaStorA\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8009aad060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8009aadb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8009aad060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80098e5c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
    DevicePointer: 0xfffffa80078882f0, DeviceName: \Device\00000067\, DriverName: \Driver\iaStorA\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A6C377D9

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 1953314816

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17280

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 3.192000 GHz
    Memory total: 8463060992, free: 6346919936

    =======================================
    Initializing...
    Done!
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A6C377D9

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 1953314816

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17280

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 3.192000 GHz
    Memory total: 8463060992, free: 5442768896

    Downloaded database version: v2014.09.18.03
    Downloaded database version: v2014.09.15.01
    =======================================
    Initializing...
    Done!
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A6C377D9

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 1953314816

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
     
  22. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  23. Mark Chen 1234

    Mark Chen 1234 TS Rookie Topic Starter Posts: 25

    ComboFix 14-09-18.01 - Lance 19/09/2014 14:00:28.3.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8071.6422 [GMT 10:00]
    Running from: c:\users\Lance\Desktop\ComboFix.exe
    AV: Bitdefender Antivirus Free Edition *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
    SP: Bitdefender Antivirus Free Edition *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\1410947949.bdinstall.bin
    c:\programdata\1410947951.bdinstall.bin
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-08-19 to 2014-09-19 )))))))))))))))))))))))))))))))
    .
    .
    2014-09-19 04:06 . 2014-09-19 04:06 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-09-17 10:31 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F247125E-BEA0-471F-A9CE-0AA52381B765}\mpengine.dll
    2014-09-17 10:00 . 2014-09-17 10:00 261056 ----a-w- c:\windows\system32\drivers\avchv.sys
    2014-09-17 09:44 . 2014-09-17 09:44 -------- d-----w- C:\TDSSKiller_Quarantine
    2014-09-16 10:00 . 2014-09-18 11:06 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-09-16 09:45 . 2014-09-16 09:45 -------- d-----w- c:\windows\ERUNT
    2014-09-16 09:42 . 2014-09-17 05:14 -------- d-----w- C:\AdwCleaner
    2014-09-16 09:37 . 2014-09-18 10:52 33512 ----a-w- c:\windows\SysWow64\drivers\TrueSight.sys
    2014-09-16 09:37 . 2014-09-16 09:37 -------- d-----w- c:\programdata\RogueKiller
    2014-09-16 09:03 . 2014-09-17 05:11 -------- d-----w- C:\FRST
    2014-09-15 09:47 . 2014-09-15 09:47 -------- d-----w- c:\program files (x86)\FileASSASSIN
    2014-09-15 04:38 . 2014-09-16 09:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2014-09-15 04:38 . 2014-09-16 09:47 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
    2014-09-15 04:37 . 2014-09-15 04:37 -------- d-----w- c:\users\Lance\AppData\Roaming\SUPERAntiSpyware.com
    2014-09-15 04:36 . 2014-09-17 04:37 -------- d-----w- c:\program files\SUPERAntiSpyware
    2014-09-15 04:36 . 2014-09-15 04:36 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2014-09-14 11:09 . 2014-09-19 01:26 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-09-14 11:09 . 2014-09-18 10:57 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-09-14 11:09 . 2014-09-15 08:33 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-09-14 11:09 . 2014-09-14 11:09 -------- d-----w- c:\programdata\Malwarebytes
    2014-09-14 11:09 . 2014-05-11 21:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-09-14 11:09 . 2014-05-11 21:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-09-14 10:16 . 2014-09-14 11:06 -------- d-----w- C:\inetpub
    2014-09-13 07:32 . 2014-09-13 07:32 -------- d-----w- c:\users\Lance\AppData\Roaming\JxvgVXPQ
    2014-09-12 11:32 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
    2014-09-12 11:32 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
    2014-09-12 07:11 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
    2014-09-12 07:11 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
    2014-09-12 07:05 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
    2014-09-12 07:05 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2014-09-12 07:04 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
    2014-09-12 07:04 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
    2014-09-12 07:04 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2014-09-12 07:04 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
    2014-09-12 07:04 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2014-09-11 08:01 . 2014-09-11 08:01 -------- d-----w- C:\Minecraft is awsome
    2014-09-11 07:16 . 2014-09-11 07:16 -------- d-----w- c:\users\Lance\AppData\Roaming\Apowersoft
    2014-09-11 07:16 . 2014-04-09 11:05 31920 ----a-w- c:\windows\system32\drivers\Apowersoft_AudioDevice.sys
    2014-09-05 09:15 . 2014-09-12 06:44 -------- d-----w- c:\programdata\BitRaider
    2014-09-05 09:05 . 2014-09-05 09:05 -------- d-----w- c:\users\Lance\AppData\Local\SWTORPerf
    2014-09-05 09:04 . 2014-09-13 10:00 -------- d-----w- c:\program files (x86)\Common Files\BioWare
    2014-09-05 09:04 . 2014-09-05 09:04 -------- d-----w- c:\program files (x86)\Electronic Arts
    2014-08-31 07:21 . 2014-09-06 10:55 -------- d-----w- c:\users\Lance\AppData\Roaming\.minecraft
    2014-08-31 07:20 . 2014-08-31 07:20 -------- d-----w- c:\programdata\Oracle
    2014-08-31 07:20 . 2014-08-31 07:20 -------- d-----w- c:\program files (x86)\Common Files\Java
    2014-08-31 07:20 . 2014-08-31 07:20 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-08-31 07:20 . 2014-08-31 07:20 -------- d-----w- c:\program files (x86)\Java
    2014-08-29 05:59 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
    2014-08-29 05:59 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
    2014-08-29 05:59 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-09-16 02:57 . 2014-02-07 08:19 215416 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2014-09-13 11:18 . 2014-02-07 08:24 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2014-09-13 08:22 . 2014-04-25 10:11 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-09-13 08:22 . 2014-04-25 10:11 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-09-12 11:33 . 2014-01-27 10:29 101694776 ----a-w- c:\windows\system32\MRT.exe
    2014-08-24 20:53 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
    2014-08-09 00:22 . 2014-08-01 09:05 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
    2014-08-09 00:22 . 2014-04-10 06:54 1126480 ----a-w- c:\windows\SysWow64\nvspcap.dll
    2014-08-09 00:22 . 2014-08-01 09:05 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
    2014-08-09 00:22 . 2014-04-10 06:54 1283136 ----a-w- c:\windows\system32\nvspcap64.dll
    2014-07-24 16:35 . 2014-07-24 16:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
    2014-07-24 13:47 . 2014-07-24 13:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
    2014-07-16 03:23 . 2014-08-16 08:12 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-07-16 02:46 . 2014-08-16 08:12 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2014-07-14 02:02 . 2014-08-15 11:24 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
    2014-07-14 01:40 . 2014-08-15 11:24 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
    2014-07-07 11:47 . 2014-04-11 11:10 76152 ----a-w- c:\windows\system32\PnkBstrA.exe
    2014-07-02 20:48 . 2014-08-01 09:17 846832 ----a-w- c:\windows\SysWow64\nvumdshim.dll
    2014-07-02 20:48 . 2014-08-01 09:17 354016 ----a-w- c:\windows\system32\nvoglshim64.dll
    2014-07-02 20:48 . 2014-08-01 09:17 31512520 ----a-w- c:\windows\system32\nvoglv64.dll
    2014-07-02 20:48 . 2014-08-01 09:17 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
    2014-07-02 20:48 . 2014-08-01 09:17 24196896 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2014-07-02 20:48 . 2014-08-01 09:17 13922752 ----a-w- c:\windows\system32\nvopencl.dll
    2014-07-02 20:48 . 2014-08-01 09:17 11283344 ----a-w- c:\windows\SysWow64\nvopencl.dll
    2014-07-02 20:48 . 2014-08-01 09:17 944928 ----a-w- c:\windows\system32\NvIFR64.dll
    2014-07-02 20:48 . 2014-08-01 09:17 907096 ----a-w- c:\windows\SysWow64\NvIFR.dll
    2014-07-02 20:48 . 2014-08-01 09:17 903624 ----a-w- c:\windows\system32\NvFBC64.dll
    2014-07-02 20:48 . 2014-08-01 09:17 869152 ----a-w- c:\windows\SysWow64\NvFBC.dll
    2014-07-02 20:48 . 2014-08-01 09:17 502232 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
    2014-07-02 20:48 . 2014-08-01 09:17 4247000 ----a-w- c:\windows\system32\nvcuvid.dll
    2014-07-02 20:48 . 2014-08-01 09:17 418760 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
    2014-07-02 20:48 . 2014-08-01 09:17 3989960 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2014-07-02 20:48 . 2014-08-01 09:17 391640 ----a-w- c:\windows\system32\NvIFROpenGL.dll
    2014-07-02 20:48 . 2014-08-01 09:17 348120 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
    2014-07-02 20:48 . 2014-08-01 09:17 22994208 ----a-w- c:\windows\system32\nvcompiler.dll
    2014-07-02 20:48 . 2014-08-01 09:17 1890080 ----a-w- c:\windows\system32\nvdispco6434052.dll
    2014-07-02 20:48 . 2014-08-01 09:17 166568 ----a-w- c:\windows\system32\nvinitx.dll
    2014-07-02 20:48 . 2014-08-01 09:17 1539928 ----a-w- c:\windows\system32\nvdispgenco6434052.dll
    2014-07-02 20:48 . 2014-08-01 09:17 15294296 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2014-07-02 20:48 . 2014-08-01 09:17 146480 ----a-w- c:\windows\SysWow64\nvinit.dll
    2014-07-02 20:48 . 2014-08-01 09:17 13835208 ----a-w- c:\windows\system32\nvcuda.dll
    2014-07-02 20:48 . 2014-08-01 09:17 12866008 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2014-07-02 20:48 . 2014-08-01 09:17 11222048 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2014-07-02 20:48 . 2014-06-30 10:53 16122344 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2014-07-02 20:48 . 2014-04-10 06:51 17555104 ----a-w- c:\windows\system32\nvd3dumx.dll
    2014-07-02 20:48 . 2014-01-25 06:10 965312 ----a-w- c:\windows\system32\nvumdshimx.dll
    2014-07-02 20:48 . 2014-01-25 06:10 3196816 ----a-w- c:\windows\system32\nvapi64.dll
    2014-07-02 20:48 . 2014-01-25 06:10 2814656 ----a-w- c:\windows\SysWow64\nvapi.dll
    2014-07-02 20:48 . 2014-01-25 06:10 18626304 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2014-07-02 20:48 . 2014-01-25 06:10 14498552 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2014-07-02 18:55 . 2014-01-25 06:11 6783776 ----a-w- c:\windows\system32\nvcpl.dll
    2014-07-02 18:55 . 2014-01-25 06:11 3522392 ----a-w- c:\windows\system32\nvsvc64.dll
    2014-07-02 18:55 . 2014-01-25 06:11 935368 ----a-w- c:\windows\system32\nvvsvc.exe
    2014-07-02 18:55 . 2014-01-25 06:11 62808 ----a-w- c:\windows\system32\nvshext.dll
    2014-07-02 18:55 . 2014-01-25 06:11 386520 ----a-w- c:\windows\system32\nvmctray.dll
    2014-07-02 17:44 . 2014-08-01 09:19 609240 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2014-07-02 10:14 . 2014-01-25 06:11 3826628 ----a-w- c:\windows\system32\nvcoproc.bin
    2014-06-30 22:24 . 2014-08-16 08:11 8856 ----a-w- c:\windows\system32\icardres.dll
    2014-06-30 22:14 . 2014-08-16 08:11 8856 ----a-w- c:\windows\SysWow64\icardres.dll
    2014-06-25 02:05 . 2014-08-15 11:29 14175744 ----a-w- c:\windows\system32\shell32.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R1 UsbCharger;UsbCharger;c:\windows\system32\DRIVERS\UsbCharger.sys;c:\windows\SYSNATIVE\DRIVERS\UsbCharger.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
    R3 BRDriver64;BRDriver64;c:\programdata\BitRaider\BRDriver64.sys;c:\programdata\BitRaider\BRDriver64.sys [x]
    R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [x]
    R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.20);c:\windows\system32\DRIVERS\RtTeam620.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam620.sys [x]
    R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan620.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan620.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
    R4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    R4 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
    S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
    S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
    S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
    S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
    S1 bdfwfpf;bdfwfpf;c:\program files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys;c:\program files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [x]
    S1 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
    S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
    S2 gzserv;Bitdefender Antivirus Free Edition;c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe;c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
    S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
    S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe;c:\program files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
    S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 Thermnaltake MS2 Filter;Thermnaltake MS2 Filter;c:\windows\system32\Drivers\MS2Filter.sys;c:\windows\SYSNATIVE\Drivers\MS2Filter.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-09-11 06:23 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-25 08:22]
    .
    2014-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22 09:38]
    .
    2014-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22 09:38]
    .
    2014-09-18 c:\windows\Tasks\RtlLanOptimizerVistaStart.job
    - c:\program files (x86)\Realtek\LanOptimizer\LanOptimizer.exe [2014-01-23 06:29]
    .
    2014-09-15 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1d3e30a1-f090-4e96-8250-279fd036507e.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
    .
    2014-09-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c0e61698-9f91-470a-8f9f-d1a233e4f817.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
    2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SYSTEM32\blank.htm
    TCP: DhcpNameServer = 192.168.137.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-39281814.sys
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.15"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-09-19 14:07:35
    ComboFix-quarantined-files.txt 2014-09-19 04:07
    ComboFix2.txt 2014-09-17 05:27
    ComboFix3.txt 2014-09-16 09:55
    .
    Pre-Run: 782,181,040,128 bytes free
    Post-Run: 781,790,601,216 bytes free
    .
    - - End Of File - - 80DEC0417B7418353B30E2A13633691B
    A36C5E4F47E84449FF07ED3517B43A31
     
  24. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  25. Mark Chen 1234

    Mark Chen 1234 TS Rookie Topic Starter Posts: 25

    Wait here is the Rkill.txt
    Rkill 2.6.8 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2014 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 09/19/2014 02:29:58 PM in x64 mode. (Safe Mode)
    Windows Version: Windows 7 Home Premium Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * No issues found.

    Checking Windows Service Integrity:

    * Base Filtering Engine (BFE) is not Running.
    Startup Type set to: Automatic

    * DHCP Client (Dhcp) is not Running.
    Startup Type set to: Automatic

    * DNS Client (Dnscache) is not Running.
    Startup Type set to: Automatic

    * COM+ Event System (EventSystem) is not Running.
    Startup Type set to: Automatic

    * Windows Firewall (MpsSvc) is not Running.
    Startup Type set to: Automatic

    * Network Connections (Netman) is not Running.
    Startup Type set to: Manual

    * Network Store Interface Service (nsi) is not Running.
    Startup Type set to: Automatic

    * Security Center (wscsvc) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    * Windows Update (wuauserv) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    * Ancillary Function Driver for Winsock (AFD) is not Running.
    Startup Type set to: System

    * Windows Firewall Authorization Driver (mpsdrv) is not Running.
    Startup Type set to: Manual

    * NetBT (NetBT) is not Running.
    Startup Type set to: System

    * NSI proxy service driver. (nsiproxy) is not Running.
    Startup Type set to: System

    * NetIO Legacy TDI Support Driver (tdx) is not Running.
    Startup Type set to: System

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * HOSTS file entries found:

    127.0.0.1 localhost

    Program finished at: 09/19/2014 02:31:13 PM
    Execution time: 0 hours(s), 1 minute(s), and 15 seconds(s)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...