TechSpot

Multiple csrs process, com surroget process & fluxuating cpu usage superfetch running very high

By Orcus
Mar 24, 2015
  1. A while back I got an e-mail that in the subject said evicition notice and since it is something my landlord would do not notify me by phone and have attourneys contact me I imediately opened it at the time I lwas only running avast anti virus and it detected nothing in the message or attached rar file so I figured it was legit and stupidly downloaded and attempted to open the attachment shortly after I started experiencing all sorts of issues most of which I have managed to clear up using malwarebytes eset and adw cleaner the only lingering issues I seem to have now are multiple instances of the csrss process multiple instances of the com surroget process I sometimes get a false host process for windows services process and the process connected to the superfetch service runs very high in the memory column I have read a few of the threads where u have helped other ppl with similar problems so I hope u are able to help me in the same way malwarebytes has removed alot of stuff including 2 rootkits just last night I didnt have the root kit setting turned on origionally and only found it by chance last night when looking at the program interface eset found nothing and I do have the reports as I just ran it today any help u could give would b much appreciated
     
  2. Orcus

    Orcus TS Rookie Topic Starter Posts: 56

    I also have multiple host precess for windows services that are not connected to any service and do not appear in the process list where they should and when I end them it opens multple com surroget processes on top of the 2 that I already have so I wind up with 3 sometimes 4 com surroget processes and one that appears then goes away periodically eset detectsdetects nothing malwarebytes on the other hand detects 2 rootki

    threat type location

    Cidox.J.vbr phyical sector master boot sector on volume #0

    forged physical sector physical sector master boot sector on volume #0​

    and I have already had malwarebytes remove these rootkits several times but when I reboot and rescan they are still there im hoping this can be fixed without reinstalling windows altho I realize that with the severity of the infection I may have to
     
    Last edited: Mar 24, 2015
  3. Orcus

    Orcus TS Rookie Topic Starter Posts: 56

    Ok here is what comes up in malware bytes
    threat..................................type................................. location
    rootkit.Cidox.J.vbr .................physical sector............master boot sector on volume #0 .......................... ....forged physical sector...........physical sector ............master boot sector on volume #0

    and I have already had malwarebytes remove these rootkits several times but when I reboot and rescan they are still there im hoping this can be fixed without reinstalling windows altho I realize that with the severity of the infection I may have to
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  5. Orcus

    Orcus TS Rookie Topic Starter Posts: 56

    Ok so I reinstalled avast from the link and it found and removed the Cidox rootkit and here ar the farbor log files bc idk where the avast log file would b first is the frst txt

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
    Ran by DELL-LD531 (administrator) on DELL-LD531-PC on 26-03-2015 04:13:29
    Running from C:\Users\DELL-LD531\Desktop
    Loaded Profiles: DELL-LD531 (Available profiles: DELL-LD531)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
    (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Windows\System32\vds.exe
    (Microsoft Corporation) C:\Windows\System32\taskmgr.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\setup\instup.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [84576 2013-07-23] (Nullsoft, Inc.)
    HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-03-26] (Avast Software s.r.o.)
    HKU\S-1-5-21-3824378701-4137103917-3232307303-1001\...\MountPoints2: {eba5d20b-0f61-11e3-b827-001c23836df3} - E:\LapNetWizard.exe
     
  6. Orcus

    Orcus TS Rookie Topic Starter Posts: 56

    Startup: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kickass_torrent (1).lnk
    ShortcutTarget: Kickass_torrent (1).lnk -> C:\ProgramData\{a91c42f8-1b69-e579-a91c-c42f81b60be0}\Kickass_torrent (1).exe (No File)
    Startup: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kickass_torrent.lnk
    ShortcutTarget: Kickass_torrent.lnk -> C:\ProgramData\{2b49548f-3040-1a70-2b49-9548f304523c}\Kickass_torrent.exe (No File)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
    HKU\S-1-5-21-3824378701-4137103917-3232307303-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-26] (Avast Software s.r.o.)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-26] (Avast Software s.r.o.)
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

    FireFox:
    ========
    FF ProfilePath: C:\Users\DELL-LD531\AppData\Roaming\Mozilla\Firefox\Profiles\xikrc5ub.default
    FF DefaultSearchEngine: Google
    FF DefaultSearchEngine.US: Google
    FF DefaultSearchUrl: hxxp://search.yahoo.com/search?fr=mkg030&p=
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-22] ()
    FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Program Files\Java\jre1.7.0_09\bin\dtplugin\npDeployJava1.dll [2013-10-18] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre1.7.0_09\bin\plugin2\npjp2.dll [2013-10-18] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-22] ()
    FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-07-23] (Nullsoft, Inc.)
    FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-10-16] (Pando Networks)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3824378701-4137103917-3232307303-1001: @leeuu.com/npgboxruner;version= -> C:\Users\DELL-LD531\AppData\Roaming\gbox\npgboxruner.dll No File
    FF Plugin HKU\S-1-5-21-3824378701-4137103917-3232307303-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\DELL-LD531\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-23] (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-3824378701-4137103917-3232307303-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-10-16] (Pando Networks)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Extension: PermissionResearch Download Support - C:\Users\DELL-LD531\AppData\Roaming\Mozilla\Firefox\Profiles\xikrc5ub.default\Extensions\PRd1-72IMa9XjxezONw@jetpack.xpi [2015-01-04]
    FF Extension: Gamers Unite! Snag Bar - C:\Users\DELL-LD531\AppData\Roaming\Mozilla\Firefox\Profiles\xikrc5ub.default\Extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}.xpi [2013-10-09]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-26]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\DELL-LD531\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Dragon Age Legends: Remix 01) - C:\Users\DELL-LD531\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkiinhllammkfejicmjmhnanlbifccfj [2015-01-09]
    CHR Extension: (YouTube) - C:\Users\DELL-LD531\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-07]
    CHR Extension: (Google Search) - C:\Users\DELL-LD531\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-07]
    CHR Extension: (Bookmark Manager) - C:\Users\DELL-LD531\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-03-13]
    CHR Extension: (Eukarion Tales (RPG Diablo 2 like)) - C:\Users\DELL-LD531\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnjfckdciblfcicegijojmpeolkedeac [2015-01-10]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\DELL-LD531\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
    CHR Extension: (Google Wallet) - C:\Users\DELL-LD531\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-06]
    CHR Extension: (Gmail) - C:\Users\DELL-LD531\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-07]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-26]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-26] (Avast Software s.r.o.)
    R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-26] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-26] (Avast Software s.r.o.)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-26] (Avast Software s.r.o.)
    S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-26] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-26] (Avast Software s.r.o.)
    S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-03-26] (Avast Software s.r.o.)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-26] (Avast Software s.r.o.)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-03-26] ()
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-10-09] (DT Soft Ltd)
    R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()
    R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
    S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-26] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
    S3 getbus; \??\C:\Users\DELL-L~1\AppData\Local\Temp\getbus.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
    S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]

    ========================== Drivers MD5 =======================

    C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
    C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
    C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
    C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
    C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
    C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\amdk8.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
    C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
    C:\Windows\system32\drivers\appid.sys 90C53BD47979FB8814F465A08B885102
    C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
    C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
    C:\Windows\system32\drivers\aswHwid.sys AA0B7720D0CB89DCC3363E5DBDF3EBB6
    C:\Windows\system32\drivers\aswMonFlt.sys 3B154DDD747CBAC31E33B276800736B0
    C:\Windows\system32\drivers\aswRdr2.sys CF1BFE4B95F0626C10E96A48B9B8EAC6
    C:\Windows\System32\Drivers\aswRvrt.sys 67C5C6F9DE8F6B43372EDADEBAD85E67
    C:\Windows\system32\drivers\aswSnx.sys BE3D7AC282909F1352742F98DA2C9D18
    C:\Windows\system32\drivers\aswSP.sys 2EF2CB17A9C46AE16276A15EF2F3AF74
    C:\Windows\system32\drivers\aswStm.sys D4408FE64734D8DA69AB699D8A4AEF0D
    C:\Windows\System32\Drivers\aswVmm.sys 8DF6664681FF5ADDBEB0D749B85B6544
    C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
    C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\atikmdag.sys AEAE4ABE6419923C037A0B2A157E1FC6
    C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\bcmwl664.sys FB4FDA64F2E8552EAEB5986C3F34462C
    C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
    C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
    C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
    C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
    C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
    C:\Windows\System32\CLFS.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\cng.sys 27667A788130A7F7A5858DE27572E6D7
    C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
    C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
    C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
    C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
    C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
    C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
    C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\dtsoftbus01.sys 46571ED73AE84469DCA53081D33CF3C8
    C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
    C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
    C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
    C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys 00C3C6C55C435810C9475C219F4D1B26
    C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
    C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
    C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
    C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
    C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
    C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
    C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
    C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
    C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
    C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
    C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
    C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
    C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
    C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
    C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
    C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
    C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
    C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
    C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
    C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\ksecdd.sys 56ED3EE5FED6BF2FC1305CF872042868
    C:\Windows\System32\Drivers\ksecpkg.sys 8BA90F480705D7153AD0060CCA62222A
    C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\LVPr2M64.sys DED333DBDBBCC3555A6E6244522E2F1A
    C:\Windows\System32\DRIVERS\LVPr2M64.sys DED333DBDBBCC3555A6E6244522E2F1A
    C:\Windows\System32\DRIVERS\LVUSBS64.sys 5C3FF68267A5D242EE79EE01B993D6CE
    C:\Windows\system32\drivers\mbam.sys CF12E148C6FC151335B7D7FE03F1C7A2
    C:\Windows\system32\drivers\MBAMSwissArmy.sys E9CD058C79EA15B4AA93E259FA713B07
    C:\Windows\system32\drivers\mwac.sys 0CE2F3E26C770CBAEB50787A2C1FD09E
    C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
    C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
    C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mountmgr.sys 87BCD1034CBF33537D4D4C251D39BA26
    C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
    C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
    C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
    C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
    C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
    C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
    C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
    C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
    C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
    C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
    C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
    C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
    C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
    C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
    C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
    C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
    C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\pcmcia.sys ==> MD5 is legit
    C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
    C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
    C:\Windows\System32\DRIVERS\LV302V64.SYS AE0B94363DA0F60D42B9D05B352F61ED
    C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
    C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
    C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
    C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
    C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
    C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
    C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8
    C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
    C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396
    C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
    C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
    C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
    C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
    C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78
    C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
    C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
    C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
    C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
    C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
    C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
    C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
    C:\Windows\system32\drivers\terminpt.sys EF4469AB69EB15E5D3754E6AEAFBCD3D
    C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
    C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
    C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
    C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
    C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
    C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
    C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
    C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
    C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
    C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
    C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
    C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
    C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
    C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
    C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
    C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
    C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
    C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
    C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
    C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
    C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
    C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
    C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
    C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
    C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
    C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
    C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
    C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
    C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
  7. Orcus

    Orcus TS Rookie Topic Starter Posts: 56

    ==================== Three Months Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-26 04:13 - 2015-03-26 04:17 - 00029584 _____ () C:\Users\DELL-LD531\Desktop\FRST.txt
    2015-03-26 04:12 - 2015-03-26 04:14 - 00000000 ____D () C:\FRST
    2015-03-26 04:10 - 2015-03-26 04:10 - 00000000 ____D () C:\Users\DELL-LD531\AppData\Roaming\AVAST Software
    2015-03-26 04:08 - 2015-03-26 04:08 - 00001922 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2015-03-26 04:08 - 2015-03-26 04:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2015-03-26 04:07 - 2015-03-26 04:07 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2015-03-26 04:05 - 2015-03-26 04:05 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
    2015-03-26 04:05 - 2015-03-26 04:05 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
    2015-03-26 04:05 - 2015-03-26 04:05 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2015-03-26 04:05 - 2015-03-26 04:05 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
    2015-03-26 04:05 - 2015-03-26 04:05 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
    2015-03-26 04:05 - 2015-03-26 04:05 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
    2015-03-26 04:05 - 2015-03-26 04:05 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2015-03-26 04:05 - 2015-03-26 04:05 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
    2015-03-26 04:05 - 2015-03-26 04:05 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2015-03-26 04:05 - 2015-03-26 04:04 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
    2015-03-26 04:01 - 2015-03-26 04:01 - 00000000 ____D () C:\Program Files\AVAST Software
    2015-03-26 03:57 - 2015-03-26 03:57 - 02095616 _____ (Farbar) C:\Users\DELL-LD531\Desktop\FRST64.exe
    2015-03-26 03:56 - 2015-03-26 03:58 - 150062624 _____ (Avast Software s.r.o.) C:\Users\DELL-LD531\Downloads\avast_free_antivirus_setup (1).exe
    2015-03-26 03:56 - 2015-03-26 03:57 - 00000000 ____D () C:\ProgramData\AVAST Software
    2015-03-26 03:56 - 2015-03-26 03:56 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\ydsiyudf.sys
    2015-03-26 03:53 - 2015-03-26 03:54 - 150062624 _____ (Avast Software s.r.o.) C:\Users\DELL-LD531\Downloads\avast_free_antivirus_setup.exe
    2015-03-24 15:22 - 2015-03-24 15:23 - 00247656 _____ () C:\Users\DELL-LD531\Desktop\ESETPoweliksCleaner.exe_20150324.152257.956.log
    2015-03-24 15:22 - 2015-03-24 15:22 - 00000022 _____ () C:\Users\DELL-LD531\Desktop\ESETPoweliksCleaner.exe_20150324.152257.956.zip
    2015-03-24 12:52 - 2015-03-24 12:53 - 00247656 _____ () C:\Users\DELL-LD531\Desktop\ESETPoweliksCleaner.exe_20150324.125245.2308.log
    2015-03-24 12:52 - 2015-03-24 12:52 - 00000022 _____ () C:\Users\DELL-LD531\Desktop\ESETPoweliksCleaner.exe_20150324.125245.2308.zip
    2015-03-24 05:51 - 2015-03-24 05:51 - 00220872 _____ (ESET) C:\Users\DELL-LD531\Desktop\ESETPoweliksCleaner.exe
    2015-03-22 17:24 - 2015-03-22 17:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-03-22 09:49 - 2015-02-02 22:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
    2015-03-22 09:49 - 2015-02-02 22:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
    2015-03-22 09:49 - 2015-01-30 22:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2015-03-22 09:49 - 2015-01-30 22:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2015-03-22 09:49 - 2015-01-30 18:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2015-03-22 04:14 - 2015-03-26 00:08 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-03-22 04:13 - 2015-03-22 04:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-03-22 04:13 - 2015-03-22 04:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-03-22 04:13 - 2015-03-22 04:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-03-22 04:13 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-03-22 04:13 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-03-22 04:13 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-03-22 04:09 - 2015-03-22 04:09 - 00014128 _____ () C:\Users\DELL-LD531\Downloads\MalwarebytesAnti-MalwarePremium2.1.4.1018FinalKaranPC - ThePirateBay.TO.torrent
    2015-03-22 04:00 - 2015-03-22 04:01 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
    2015-03-22 04:00 - 2015-03-22 04:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
    2015-03-22 03:59 - 2015-03-22 04:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
    2015-03-22 03:58 - 2015-03-22 03:58 - 02967032 _____ (Malwarebytes ) C:\Users\DELL-LD531\Downloads\mbae-setup-1.05.1.1016.exe
    2015-03-22 02:58 - 2015-03-22 03:21 - 00000000 ____D () C:\AdwCleaner
    2015-03-14 03:36 - 2015-03-20 01:55 - 00000000 ____D () C:\Users\DELL-LD531\Desktop\New folder
    2015-03-13 22:00 - 2015-03-06 00:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-03-13 22:00 - 2015-03-06 00:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-03-13 22:00 - 2015-03-06 00:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-03-13 22:00 - 2015-03-06 00:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-03-13 22:00 - 2015-03-06 00:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-03-13 22:00 - 2015-03-06 00:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-03-13 22:00 - 2015-03-06 00:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-03-13 22:00 - 2015-03-06 00:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-03-13 22:00 - 2015-03-06 00:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-03-13 22:00 - 2015-03-06 00:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-03-13 22:00 - 2015-03-06 00:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-03-13 22:00 - 2015-03-06 00:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-03-13 22:00 - 2015-03-06 00:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-03-13 22:00 - 2015-03-06 00:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-03-13 22:00 - 2015-03-06 00:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-03-13 22:00 - 2015-03-06 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-03-13 22:00 - 2015-03-06 00:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-03-13 22:00 - 2015-03-06 00:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-03-13 22:00 - 2015-03-06 00:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-03-13 22:00 - 2015-03-06 00:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-03-13 22:00 - 2015-03-06 00:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-03-13 22:00 - 2015-03-06 00:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-03-13 22:00 - 2015-03-06 00:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-03-13 22:00 - 2015-03-06 00:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-03-13 22:00 - 2015-03-06 00:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-03-13 22:00 - 2015-03-06 00:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-03-13 22:00 - 2015-03-06 00:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-03-13 22:00 - 2015-03-06 00:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-03-13 22:00 - 2015-03-06 00:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-03-13 22:00 - 2015-03-06 00:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-03-13 22:00 - 2015-03-06 00:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-03-13 22:00 - 2015-01-30 18:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-03-13 21:59 - 2015-02-02 22:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-03-13 21:59 - 2015-02-02 22:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2015-03-13 21:59 - 2015-02-02 22:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-03-13 21:59 - 2015-02-02 22:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2015-03-13 21:59 - 2015-02-02 22:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2015-03-13 21:59 - 2015-02-02 22:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-03-13 21:59 - 2015-02-02 22:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-03-13 21:59 - 2015-02-02 22:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-03-13 21:59 - 2015-02-02 22:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2015-03-13 21:59 - 2015-02-02 22:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2015-03-13 21:59 - 2015-02-02 22:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-03-13 21:58 - 2015-02-02 22:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-03-13 21:58 - 2015-02-02 22:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2015-03-13 21:58 - 2015-02-02 22:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2015-03-13 21:58 - 2015-02-02 22:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2015-03-13 21:58 - 2015-02-02 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-03-13 21:58 - 2015-02-02 22:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-03-13 21:58 - 2015-02-02 22:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2015-03-13 21:58 - 2015-02-02 22:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2015-03-13 21:58 - 2015-02-02 22:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2015-03-13 21:58 - 2015-02-02 22:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2015-03-13 21:58 - 2015-02-02 22:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2015-03-13 21:58 - 2015-02-02 22:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2015-03-13 21:58 - 2015-02-02 22:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2015-03-13 21:58 - 2015-02-02 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-03-13 21:58 - 2015-02-02 22:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
    2015-03-13 21:58 - 2015-02-02 22:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2015-03-13 21:58 - 2015-02-02 22:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2015-03-13 21:58 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2015-03-13 21:58 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2015-03-13 21:58 - 2015-02-02 22:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2015-03-13 21:58 - 2015-02-02 22:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2015-03-13 21:58 - 2015-02-02 22:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2015-03-13 21:58 - 2015-02-02 22:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2015-03-13 21:58 - 2015-02-02 22:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-03-13 21:58 - 2015-02-02 22:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2015-03-13 21:58 - 2015-02-02 22:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2015-03-13 21:58 - 2015-02-02 22:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2015-03-13 21:58 - 2015-02-02 22:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-03-13 21:58 - 2015-02-02 22:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2015-03-13 21:58 - 2015-02-02 22:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-03-13 21:58 - 2015-02-02 22:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2015-03-13 21:58 - 2015-02-02 22:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2015-03-13 21:58 - 2015-02-02 22:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2015-03-13 21:58 - 2015-02-02 22:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2015-03-13 21:58 - 2015-02-02 22:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-03-13 21:58 - 2015-02-02 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2015-03-13 21:58 - 2015-02-02 22:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-03-13 21:58 - 2015-02-02 22:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2015-03-13 21:58 - 2015-02-02 22:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-03-13 21:58 - 2015-02-02 22:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-03-13 21:58 - 2015-02-02 22:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2015-03-13 21:58 - 2015-02-02 22:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2015-03-13 21:58 - 2015-02-02 22:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
    2015-03-13 21:58 - 2015-02-02 22:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
    2015-03-13 21:58 - 2015-02-02 22:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
    2015-03-13 21:58 - 2015-02-02 22:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-03-13 21:58 - 2015-02-02 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2015-03-13 21:58 - 2015-02-02 22:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2015-03-13 21:58 - 2015-02-02 22:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2015-03-13 21:58 - 2015-02-02 22:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2015-03-13 21:58 - 2015-02-02 22:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2015-03-13 21:58 - 2015-02-02 22:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2015-03-13 21:58 - 2015-02-02 22:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2015-03-13 21:58 - 2015-02-02 22:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2015-03-13 21:58 - 2015-02-02 22:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2015-03-13 21:58 - 2015-02-02 22:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2015-03-13 21:58 - 2015-02-02 22:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2015-03-13 21:58 - 2015-02-02 22:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2015-03-13 21:58 - 2015-02-02 22:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2015-03-13 21:58 - 2015-02-02 22:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2015-03-13 21:58 - 2015-02-02 22:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2015-03-13 21:58 - 2015-02-02 22:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2015-03-13 21:58 - 2015-02-02 22:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2015-03-13 21:58 - 2015-02-02 22:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2015-03-13 21:58 - 2015-02-02 22:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2015-03-13 21:58 - 2015-02-02 22:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2015-03-13 21:58 - 2015-02-02 22:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2015-03-13 21:58 - 2015-02-02 22:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2015-03-13 21:58 - 2015-02-02 22:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-03-13 21:58 - 2015-02-02 22:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2015-03-13 21:58 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2015-03-13 21:58 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2015-03-13 21:58 - 2015-02-02 22:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2015-03-13 21:58 - 2015-02-02 22:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2015-03-13 21:58 - 2015-02-02 22:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2015-03-13 21:58 - 2015-02-02 22:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2015-03-13 21:58 - 2015-02-02 22:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-03-13 21:58 - 2015-02-02 21:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2015-03-13 21:58 - 2014-10-31 17:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2015-03-13 21:51 - 2015-02-23 22:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-03-13 21:51 - 2015-02-23 21:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-03-13 21:51 - 2015-02-20 19:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-03-13 21:51 - 2015-02-20 19:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-03-13 21:51 - 2015-02-20 19:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-03-13 21:51 - 2015-02-20 19:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-03-13 21:51 - 2015-02-20 18:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-03-13 21:51 - 2015-02-19 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-03-13 21:51 - 2015-02-19 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-03-13 21:51 - 2015-02-19 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-03-13 21:51 - 2015-02-19 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-03-13 21:51 - 2015-02-19 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-03-13 21:51 - 2015-02-19 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-03-13 21:51 - 2015-02-19 21:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-03-13 21:51 - 2015-02-19 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-03-13 21:51 - 2015-02-19 21:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-03-13 21:51 - 2015-02-19 21:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-03-13 21:51 - 2015-02-19 21:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-03-13 21:51 - 2015-02-19 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-03-13 21:51 - 2015-02-19 21:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-03-13 21:51 - 2015-02-19 21:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-03-13 21:51 - 2015-02-19 21:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-03-13 21:51 - 2015-02-19 20:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-03-13 21:51 - 2015-02-19 20:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-03-13 21:51 - 2015-02-19 20:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-03-13 21:51 - 2015-02-19 20:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-03-13 21:51 - 2015-02-19 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-03-13 21:51 - 2015-02-19 20:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-03-13 21:51 - 2015-02-19 20:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-03-13 21:51 - 2015-02-19 20:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-03-13 21:51 - 2015-02-19 20:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-03-13 21:51 - 2015-02-19 19:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-03-13 21:51 - 2015-02-19 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-03-13 21:50 - 2015-02-20 20:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-03-13 21:50 - 2015-02-20 18:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-03-13 21:50 - 2015-02-19 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-03-13 21:50 - 2015-02-19 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-03-13 21:50 - 2015-02-19 21:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-03-13 21:50 - 2015-02-19 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-03-13 21:50 - 2015-02-19 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-03-13 21:50 - 2015-02-19 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-03-13 21:50 - 2015-02-19 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-03-13 21:50 - 2015-02-19 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-03-13 21:50 - 2015-02-19 21:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-03-13 21:50 - 2015-02-19 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-03-13 21:50 - 2015-02-19 21:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-03-13 21:50 - 2015-02-19 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-03-13 21:50 - 2015-02-19 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-03-13 21:50 - 2015-02-19 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-03-13 21:50 - 2015-02-19 20:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-03-13 21:50 - 2015-02-19 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-03-13 21:50 - 2015-02-19 20:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-03-13 21:50 - 2015-02-19 20:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-03-13 21:50 - 2015-02-19 20:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-03-13 21:50 - 2015-02-19 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-03-13 21:50 - 2015-02-19 20:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-03-13 21:49 - 2015-02-13 00:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-03-13 21:49 - 2015-02-13 00:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-03-13 21:47 - 2015-02-19 23:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2015-03-13 21:47 - 2015-02-19 23:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2015-03-13 21:47 - 2015-02-19 23:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-03-13 21:47 - 2015-02-19 23:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2015-03-13 21:47 - 2015-02-19 23:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2015-03-13 21:47 - 2015-02-19 23:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2015-03-13 21:47 - 2015-02-19 23:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2015-03-13 21:47 - 2015-02-19 23:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2015-03-13 21:47 - 2015-02-19 22:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-03-13 21:47 - 2015-02-19 22:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2015-03-13 21:47 - 2015-02-02 22:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-03-13 21:47 - 2015-02-02 22:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-03-13 21:47 - 2015-01-16 21:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2015-03-13 21:47 - 2015-01-16 21:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2015-03-13 21:13 - 2015-02-25 22:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-03-13 21:10 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2015-03-13 21:10 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2015-03-13 01:33 - 2015-03-13 01:33 - 00002366 _____ () C:\Users\Public\Desktop\FINAL FANTASY XIV - A Realm Reborn.lnk
    2015-03-13 01:33 - 2015-03-13 01:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX
    2015-03-13 01:33 - 2015-03-13 01:33 - 00000000 ____D () C:\Program Files (x86)\SquareEnix
    2015-03-12 15:06 - 2015-03-12 15:04 - 112206656 _____ (SQUARE ENIX CO., LTD.) C:\Users\DELL-LD531\Desktop\ffxivsetup_ft.exe
    2015-03-12 06:36 - 2015-03-16 06:35 - 00013312 _____ () C:\Users\DELL-LD531\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-03-12 00:26 - 2015-03-26 00:27 - 00654573 _____ () C:\Windows\WindowsUpdate.log
    2015-03-12 00:24 - 2015-03-24 17:57 - 00000616 _____ () C:\Windows\setupact.log
    2015-03-12 00:24 - 2015-03-14 03:20 - 00060864 _____ () C:\Users\DELL-LD531\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-03-12 00:24 - 2015-03-12 00:24 - 00000000 _____ () C:\Windows\setuperr.log
    2015-03-12 00:23 - 2015-03-24 17:56 - 00019734 _____ () C:\Windows\PFRO.log
    2015-03-12 00:23 - 2015-03-14 03:17 - 00273384 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-03-11 15:34 - 2015-03-22 03:38 - 00000000 __SHD () C:\Users\DELL-LD531\AppData\Local\EmieUserList
    2015-03-11 15:34 - 2015-03-22 03:38 - 00000000 __SHD () C:\Users\DELL-LD531\AppData\Local\EmieSiteList
    2015-03-11 15:34 - 2015-03-22 03:38 - 00000000 __SHD () C:\Users\DELL-LD531\AppData\Local\EmieBrowserModeList
    2015-03-07 06:36 - 2015-03-20 01:24 - 00000000 ____D () C:\Users\DELL-LD531\AppData\Roaming\vlc
    2015-03-07 06:34 - 2015-03-07 06:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2015-03-06 06:21 - 2015-03-21 14:49 - 00000000 ____D () C:\Users\DELL-LD531\Desktop\naruto converted
    2015-03-06 04:01 - 2015-03-07 06:34 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
    2015-03-06 03:56 - 2015-03-06 04:01 - 03084980 _____ () C:\Users\DELL-LD531\Downloads\vlc-2.2.0-win32.exe
    2015-03-06 03:25 - 2015-03-21 14:51 - 00000000 ____D () C:\Users\DELL-LD531\Desktop\Naruto
    2015-03-05 12:08 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
    2015-03-05 12:08 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls
    2015-02-20 14:04 - 2015-02-20 14:04 - 00000000 ____D () C:\Users\DELL-LD531\AppData\Local\IsolatedStorage
    2015-02-20 13:07 - 2015-02-20 13:08 - 24743106 _____ () C:\Users\DELL-LD531\Downloads\vlc-2.1.5-win32.exe
    2015-02-19 11:49 - 2015-02-19 11:52 - 00000000 ____D () C:\Users\DELL-LD531\Documents\TorrentRover
    2015-02-19 11:21 - 2015-02-19 11:22 - 03645952 _____ (Microsoft Corporation) C:\Users\DELL-LD531\Downloads\TorrentRoverSetup.exe
    2015-02-13 22:02 - 2015-03-14 10:37 - 00000000 ____D () C:\Windows\rescache
    2015-02-12 14:53 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-02-12 14:53 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2015-02-12 14:51 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-12 14:51 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
    2015-02-12 14:47 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
    2015-02-12 14:47 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
    2015-02-12 14:47 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
    2015-02-12 14:47 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
    2015-02-08 21:49 - 2015-02-08 21:49 - 00172493 _____ () C:\Users\DELL-LD531\Downloads\One_Piece_season_1-9_(ep1-336)_english_dubbed.torrent
    2015-02-08 10:10 - 2015-02-09 07:33 - 00000000 ____D () C:\Users\DELL-LD531\Desktop\fcmb files all
    2015-02-07 22:41 - 2015-02-07 22:41 - 00328768 _____ (InstallerTech Corp) C:\Users\DELL-LD531\Downloads\Unconfirmed 564861.crdownload
    2015-02-06 02:00 - 2015-02-06 02:00 - 00000000 ____D () C:\Users\DELL-LD531\AppData\Local\Deployment
    2015-02-06 02:00 - 2015-02-06 02:00 - 00000000 ____D () C:\Users\DELL-LD531\AppData\Local\Apps\2.0
    2015-02-05 18:39 - 2015-02-05 18:40 - 00755856 _____ (CoolROM) C:\Users\DELL-LD531\Downloads\CR_Downloader_for_dragonball-z---budokai-tenkaichi-3 (7).exe
    2015-02-05 16:13 - 2015-02-05 16:13 - 00755856 _____ (CoolROM) C:\Users\DELL-LD531\Downloads\CR_Downloader_for_dragonball-z---budokai-tenkaichi-3 (6).exe
    2015-02-05 07:40 - 2015-02-05 07:40 - 00755856 _____ (CoolROM) C:\Users\DELL-LD531\Downloads\CR_Downloader_for_dragonball-z---budokai-tenkaichi-3 (5).exe
    2015-02-05 05:55 - 2015-02-05 05:55 - 00755856 _____ (CoolROM) C:\Users\DELL-LD531\Downloads\CR_Downloader_for_dragonball-z---budokai-tenkaichi-3 (4).exe
    2015-02-05 05:22 - 2015-02-05 05:22 - 1302090027 _____ () C:\Users\DELL-LD531\Downloads\DragonBall Z - Budokai Tenkaichi 3.7z
    2015-02-05 05:02 - 2015-02-05 05:02 - 00755856 _____ (CoolROM) C:\Users\DELL-LD531\Downloads\CR_Downloader_for_dragonball-z---budokai-tenkaichi-3 (3).exe
    2015-02-05 04:34 - 2015-02-05 04:34 - 00755856 _____ (CoolROM) C:\Users\DELL-LD531\Downloads\CR_Downloader_for_dragonball-z---budokai-tenkaichi-3 (2).exe
    2015-02-05 04:34 - 2015-02-05 04:34 - 00755856 _____ (CoolROM) C:\Users\DELL-LD531\Downloads\CR_Downloader_for_dragonball-z---budokai-tenkaichi-3 (1).exe
    2015-02-05 04:33 - 2015-02-05 04:34 - 00755856 _____ (CoolROM) C:\Users\DELL-LD531\Downloads\CR_Downloader_for_dragonball-z---budokai-tenkaichi-3.exe
    2015-02-04 08:39 - 2015-02-04 08:39 - 00000000 ____D () C:\Users\DELL-LD531\Downloads\MAME (Emulator + 3500 roms)
    2015-02-04 07:07 - 2015-02-04 08:35 - 903394893 ____R () C:\Users\DELL-LD531\Downloads\MAME (Emulator + 3500 roms).rar
    2015-02-02 22:25 - 2015-02-02 22:26 - 00002406 _____ () C:\Users\DELL-LD531\Documents\freemcboot&esr instructions.txt
    2015-02-02 06:19 - 2015-02-02 06:19 - 00000121 _____ () C:\Users\DELL-LD531\Downloads\League of Angels.url
    2015-01-27 01:37 - 2015-01-27 01:37 - 00000000 ____D () C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Calculator Plus
    2015-01-27 01:37 - 2015-01-27 01:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Calculator Plus
    2015-01-27 01:36 - 2015-01-27 01:37 - 00486912 _____ () C:\Users\DELL-LD531\Downloads\CalcPlus.msi
    2015-01-23 10:18 - 2015-01-23 10:18 - 00000644 _____ () C:\Users\DELL-LD531\Downloads\maintenance.html
    2015-01-18 01:44 - 2015-01-18 01:44 - 00288909 _____ () C:\Users\DELL-LD531\Downloads\kotor yavin station xbox_10924_i16686527_il345.exe
    2015-01-16 00:27 - 2015-01-16 00:27 - 00078493 _____ () C:\Users\DELL-LD531\Downloads\list.htm
    2015-01-15 23:22 - 2015-01-15 23:22 - 00211676 _____ () C:\Users\DELL-LD531\Downloads\Yup, Jailbreaking Your iPad Really Is Illegal - ReadWrite.html
    2015-01-15 23:22 - 2015-01-15 23:22 - 00000000 ____D () C:\Users\DELL-LD531\Downloads\Yup, Jailbreaking Your iPad Really Is Illegal - ReadWrite_files
    2015-01-15 08:26 - 2015-01-15 08:33 - 00000000 ____D () C:\Users\DELL-LD531\Downloads\auction info
    2015-01-15 07:33 - 2015-01-15 07:37 - 00000000 ____D () C:\Users\DELL-LD531\Downloads\The Dark Tower [TPB]
    2015-01-15 00:48 - 2015-01-15 00:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zelda Time To Triumph
    2015-01-15 00:48 - 2015-01-15 00:48 - 00000000 ____D () C:\Program Files (x86)\Zelda Time To Triumph
    2015-01-14 21:49 - 2015-01-14 21:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zelda Navi's Quest
    2015-01-14 21:48 - 2015-01-14 21:48 - 00000000 ____D () C:\Program Files (x86)\Zelda Navi's Quest
    2015-01-14 21:45 - 2015-01-14 21:47 - 11884175 _____ (Vincent Jouillat ) C:\Users\DELL-LD531\Downloads\ZeldaNSQ_US.exe
    2015-01-14 16:23 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-14 16:23 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-14 16:23 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-14 16:23 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-14 16:23 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-14 16:23 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-10 10:11 - 2015-01-10 10:11 - 00000000 ____D () C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
    2015-01-10 10:11 - 2015-01-10 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
    2015-01-10 10:11 - 2015-01-10 10:11 - 00000000 ____D () C:\Program Files (x86)\Winamp Detect
    2015-01-10 10:10 - 2015-03-14 03:06 - 00000000 ____D () C:\Users\DELL-LD531\AppData\Roaming\Winamp
    2015-01-10 10:10 - 2015-01-10 10:11 - 00000000 ____D () C:\Program Files (x86)\Winamp
    2015-01-07 09:16 - 2015-01-07 09:16 - 00880784 _____ (Google Inc.) C:\Users\DELL-LD531\Downloads\ChromeSetup (1).exe
    2015-01-07 09:02 - 2015-01-07 09:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-01-07 08:59 - 2015-03-26 04:10 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-07 08:59 - 2015-03-25 16:10 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-07 08:59 - 2015-02-03 17:05 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-01-07 08:59 - 2015-02-03 17:05 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-01-07 08:59 - 2015-01-07 09:01 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-01-07 08:58 - 2015-01-07 08:59 - 00880784 _____ (Google Inc.) C:\Users\DELL-LD531\Downloads\ChromeSetup.exe
    2015-01-04 23:25 - 2015-01-04 23:25 - 00000000 ____D () C:\Users\DELL-LD531\AppData\Roaming\Yahoo!
    2015-01-04 23:25 - 2015-01-04 23:25 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
    2015-01-04 23:25 - 2015-01-04 23:25 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
    2015-01-04 00:30 - 2014-10-19 12:12 - 00713216 _____ () C:\Windows\system32\xvidcore.dll
    2015-01-04 00:30 - 2014-10-19 12:12 - 00638976 _____ () C:\Windows\SysWOW64\xvidcore.dll
    2015-01-04 00:30 - 2014-10-19 12:12 - 00251392 _____ () C:\Windows\system32\xvidvfw.dll
    2015-01-04 00:30 - 2014-10-19 12:12 - 00235520 _____ () C:\Windows\SysWOW64\xvidvfw.dll
    2015-01-04 00:30 - 2014-10-19 12:12 - 00169984 _____ () C:\Windows\system32\xvid.ax
    2015-01-04 00:30 - 2014-10-19 12:12 - 00147456 _____ () C:\Windows\SysWOW64\xvid.ax
    2015-01-03 04:10 - 2015-01-03 04:10 - 00000000 ____D () C:\Program Files (x86)\Zelda Oni Link Begins
    2015-01-02 21:13 - 2015-01-02 21:13 - 00000000 ____D () C:\Users\DELL-LD531\Downloads\JoyToKey_en
    2015-01-02 21:13 - 2015-01-02 21:13 - 00000000 ____D () C:\Program Files (x86)\Zelda Return of the Hylian
    2015-01-02 21:11 - 2015-01-02 21:11 - 00816854 _____ () C:\Users\DELL-LD531\Downloads\JoyToKey_en.zip
    2015-01-02 21:00 - 2015-01-02 21:02 - 04518084 _____ (Vincent Jouillat ) C:\Users\DELL-LD531\Downloads\Zelda3T_US.exe
    2015-01-02 08:48 - 2015-01-02 08:48 - 00000000 ____D () C:\Users\DELL-LD531\Documents\Activision
    2014-12-28 09:51 - 2014-12-28 09:59 - 606425905 ____R () C:\Users\DELL-LD531\Downloads\Halo.rar

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-26 04:09 - 2013-10-18 23:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-03-24 18:03 - 2009-07-13 23:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-03-24 18:03 - 2009-07-13 23:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-03-24 18:02 - 2009-07-14 00:13 - 00796934 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-03-24 17:57 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-24 17:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
    2015-03-24 17:56 - 2013-10-08 17:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-03-22 09:43 - 2013-10-08 17:46 - 00000000 ____D () C:\Users\DELL-LD531\Desktop\Maintinence
    2015-03-22 09:35 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
    2015-03-22 04:11 - 2013-10-08 20:14 - 00000000 ____D () C:\Users\DELL-LD531\AppData\Roaming\uTorrent
    2015-03-22 03:32 - 2014-09-18 07:52 - 00000000 ____D () C:\Users\DELL-LD531\AppData\Local\Adobe
    2015-03-22 03:32 - 2013-10-18 23:35 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-03-22 03:31 - 2013-10-09 11:31 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-03-22 03:31 - 2013-10-09 11:31 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-03-18 14:14 - 2013-12-01 20:09 - 00000000 ____D () C:\Users\DELL-LD531\Downloads\(Psx)RpgCollectionv1.0
    2015-03-16 05:31 - 2013-10-08 17:47 - 00000000 ____D () C:\Users\DELL-LD531\Desktop\Games
    2015-03-14 03:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2015-03-14 03:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
    2015-03-13 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-03-13 01:33 - 2013-12-07 23:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-03-13 01:32 - 2013-10-14 18:01 - 00000000 ____D () C:\Users\DELL-LD531\Documents\My Games
    2015-03-12 19:34 - 2014-10-05 05:57 - 00000000 ____D () C:\Users\DELL-LD531\AppData\Local\GameSpy
    2015-03-12 06:34 - 2013-10-08 17:47 - 00000000 ____D () C:\Users\DELL-LD531\Desktop\Misc
    2015-03-11 15:48 - 2013-11-08 00:56 - 00000000 ____D () C:\Windows\Minidump
    2015-03-08 10:44 - 2009-07-14 00:08 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-03-06 06:10 - 2013-10-08 20:16 - 00000841 _____ () C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk

    ==================== Files in the root of some directories =======

    2014-02-08 16:54 - 2014-02-08 16:54 - 0000000 _____ () C:\Users\DELL-LD531\AppData\Roaming\SharedSettings.ccs
    2015-03-12 06:36 - 2015-03-16 06:35 - 0013312 _____ () C:\Users\DELL-LD531\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-10-05 05:56 - 2014-10-05 05:56 - 0000098 _____ () C:\Users\DELL-LD531\AppData\Local\fusioncache.dat
    2014-06-01 06:05 - 2014-06-01 06:05 - 0007614 _____ () C:\Users\DELL-LD531\AppData\Local\Resmon.ResmonCfg

    Some content of TEMP:
    ====================
    C:\Users\DELL-LD531\AppData\Local\Temp\install_flashplayer17x32au_mssd_aaa_aih.exe
    C:\Users\DELL-LD531\AppData\Local\Temp\Quarantine.exe
    C:\Users\DELL-LD531\AppData\Local\Temp\sqlite3.dll


    Some zero byte size files/folders:
    ==========================
    C:\Windows\SysWOW64\javaw.exe

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    ==================== BCD ================================

    Windows Boot Manager
    --------------------
    identifier {bootmgr}
    device partition=\Device\HarddiskVolume1
    description Windows Boot Manager
    locale en-US
    inherit {globalsettings}
    default {current}
    resumeobject {eec28912-06e5-11e3-a34b-eaece5551012}
    displayorder {current}
    toolsdisplayorder {memdiag}
    timeout 30

    Windows Boot Loader
    -------------------
    identifier {current}
    device partition=C:
    path \Windows\system32\winload.exe
    description Windows 7
    locale en-US
    inherit {bootloadersettings}
    recoverysequence {eec28914-06e5-11e3-a34b-eaece5551012}
    recoveryenabled Yes
    osdevice partition=C:
    systemroot \Windows
    resumeobject {eec28912-06e5-11e3-a34b-eaece5551012}
    nx OptIn

    Windows Boot Loader
    -------------------
    identifier {eec28914-06e5-11e3-a34b-eaece5551012}
    device ramdisk=[C:]\Recovery\eec28914-06e5-11e3-a34b-eaece5551012\Winre.wim,{eec28915-06e5-11e3-a34b-eaece5551012}
    path \windows\system32\winload.exe
    description Windows Recovery Environment
    inherit {bootloadersettings}
    osdevice ramdisk=[C:]\Recovery\eec28914-06e5-11e3-a34b-eaece5551012\Winre.wim,{eec28915-06e5-11e3-a34b-eaece5551012}
    systemroot \windows
    nx OptIn
    winpe Yes

    Resume from Hibernate
    ---------------------
    identifier {eec28912-06e5-11e3-a34b-eaece5551012}
    device partition=C:
    path \Windows\system32\winresume.exe
    description Windows Resume Application
    locale en-US
    inherit {resumeloadersettings}
    filedevice partition=C:
    filepath \hiberfil.sys
    debugoptionenabled No

    Windows Memory Tester
    ---------------------
    identifier {memdiag}
    device partition=\Device\HarddiskVolume1
    path \boot\memtest.exe
    description Windows Memory Diagnostic
    locale en-US
    inherit {globalsettings}
    badmemoryaccess Yes

    EMS Settings
    ------------
    identifier {emssettings}
    bootems Yes

    Debugger Settings
    -----------------
    identifier {dbgsettings}
    debugtype Serial
    debugport 1
    baudrate 115200

    RAM Defects
    -----------
    identifier {badmemory}

    Global Settings
    ---------------
    identifier {globalsettings}
    inherit {dbgsettings}
    {emssettings}
    {badmemory}

    Boot Loader Settings
    --------------------
    identifier {bootloadersettings}
    inherit {globalsettings}
    {hypervisorsettings}

    Hypervisor Settings
    -------------------
    identifier {hypervisorsettings}
    hypervisordebugtype Serial
    hypervisordebugport 1
    hypervisorbaudrate 115200

    Resume Loader Settings
    ----------------------
    identifier {resumeloadersettings}
    inherit {globalsettings}

    Device options
    --------------
    identifier {eec28915-06e5-11e3-a34b-eaece5551012}
    description Ramdisk Options
    ramdisksdidevice partition=C:
    ramdisksdipath \Recovery\eec28914-06e5-11e3-a34b-eaece5551012\boot.sdi



    LastRegBack: 2015-03-25 00:46

    ==================== End Of Log ============================
     
  8. Orcus

    Orcus TS Rookie Topic Starter Posts: 56

    Next is addition txt created by farbar
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
    Ran by DELL-LD531 at 2015-03-26 04:25:23
    Running from C:\Users\DELL-LD531\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-3824378701-4137103917-3232307303-1001\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
    Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    ATI Catalyst Install Manager (HKLM\...\{9D00A8DA-650F-21C6-E787-78756733F15F}) (Version: 3.0.715.0 - ATI Technologies, Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
    ccc-core-static (x32 Version: 2010.0210.2339.42455 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 3.14 - Piriform)
    Cheat Engine 6.1 (HKLM-x32\...\Cheat Engine 6.1_is1) (Version: - Dark Byte)
    ComicRack v0.9.168 (HKLM\...\ComicRack) (Version: v0.9.168 - cYo Soft)
    DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
    FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
    FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version: - Image-Line)
    Free M4a to MP3 Converter 8.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
    Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
    Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009F0}) (Version: 7.0.90 - Oracle)
    LEGO® Batman™ (x32 Version: 1.00.0000 - Warner Bros. Interactive Entertainment) Hidden
    Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
    Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
    Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
    Magic The Gathering (HKLM-x32\...\InstallShield_{6463EA8A-08AE-48BB-A921-A570CA34F28B}) (Version: 3.201 - Wizards of the Coast)
    Magic The Gathering (x32 Version: 3.201 - Wizards of the Coast) Hidden
    MagicTG (HKLM-x32\...\{a517a98e-d5c2-41ea-a12d-47365cbd8813}.sdb) (Version: - )
    Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)
    Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
    Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Calculator Plus (HKLM-x32\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
    NVIDIA GAME System Software 2.8.1 (HKLM-x32\...\{4F0C7CCF-5666-474B-B02E-AC514A95EC93}) (Version: 2.8.1 - NVIDIA Corporation)
    NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
    Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
    Plane9 v1.7 (HKLM-x32\...\Plane9) (Version: v1.7 - Joakim Eriksson / Planestate Software)
    Sid Meier's Civilization 4 - Beyond the Sword (HKLM-x32\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.03 - Firaxis Games)
    Sid Meier's Civilization 4 - Warlords (HKLM-x32\...\{3E4B349F-10B5-4586-9D99-489A90A8B228}) (Version: 2.13 - Firaxis Games)
    Sid Meier's Civilization 4 (HKLM-x32\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.74 - Firaxis Games)
    Sid Meier's Civilization 4 (x32 Version: 1.00.0000 - Firaxis Games) Hidden
    Skins (x32 Version: 2010.0210.2339.42455 - ATI) Hidden
    Unity Web Player (HKU\S-1-5-21-3824378701-4137103917-3232307303-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc)
    Winamp Detector Plug-in (HKU\S-1-5-21-3824378701-4137103917-3232307303-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
    WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
    Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
    Zelda Navi's Quest 1.8 (HKLM-x32\...\{6379F7CF-56B3-45AA-B4FC-35ECD5D4A599}_is1) (Version: - Vincent Jouillat)
    Zelda Oni Link Begins 3.6 US (HKLM-x32\...\{6974032B-B70E-4F19-9B60-7658758AEC35}_is1) (Version: - Vincent Jouillat)
    Zelda Return of the Hylian 6.11 US (HKLM-x32\...\{BE60A6BB-F098-4392-A363-31724321DE5B}_is1) (Version: - Vincent Jouillat)
    Zelda Time To Triumph 1.9 US (HKLM-x32\...\{8816D80B-242C-4056-991C-13EE93B5ECB0}_is1) (Version: - Vincent Jouillat)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {00C7B1CC-87D4-4B60-8788-981903D6CE17} - System32\Tasks\{1721C467-4D73-43BD-9CCD-7D34564D1272} => \\Oem-2d238fd7bc4\samsung (e)\Program Files\Warner Bros. Interactive Entertainment\LEGO Batman\LEGOBatman.exe
    Task: {0D45C305-27EE-41F8-B5C3-726FF9926305} - System32\Tasks\{94DC7AAB-F4AD-4466-A3F2-940E5ED8D550} => pcalua.exe -a C:\Users\DELL-LD531\Downloads\TVWSetup.exe -d C:\Users\DELL-LD531\Downloads
    Task: {128EF963-8C74-4944-A719-903EE6017010} - System32\Tasks\{DD432E9F-7ED7-4DC2-B47B-664FA0EBE2EB} => C:\Program Files\ComicRack\ComicRack.exe [2013-04-09] ()
    Task: {1A37B3E1-084B-4AF0-A1C7-AB638430F801} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-07] (Google Inc.)
    Task: {2014F3FD-95BA-4A75-8AE0-0F9CCAD86391} - System32\Tasks\{3FF0B130-8E90-4D40-A977-BB4F347FAA96} => \\Action-pc\f\Program Files\Injustice Gods Among Us Ultimate Edition\DiscContentPCG\Injustice.exe
    Task: {38FDFC21-E7E3-42BA-B081-F8A4F29A1360} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-26] (Adobe Systems Incorporated)
    Task: {3CB1BD78-F833-480D-92B6-76BE426067F8} - System32\Tasks\{44D43091-EA60-433C-8817-8E92E443715A} => \\Oem-2d238fd7bc4\samsung (e)\Program Files\Foxy Games\Dragon Crossroads\DragonCrossroads.exe
    Task: {50A16959-8D1C-439D-8B45-9050C3DF53A0} - System32\Tasks\{3D339131-C4B1-4C47-897A-9C898176AF93} => C:\Program Files\ComicRack\ComicRack.exe [2013-04-09] ()
    Task: {51E6C450-2900-40B2-B54C-3C02F3C08685} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe
    Task: {54D893EE-874F-4F32-BF8B-D787A4199BD8} - System32\Tasks\{E42B733A-6DA9-4839-A13B-2A53A69FEC6F} => \\Oem-2d238fd7bc4\samsung (e)\Program Files\Warner Bros. Interactive Entertainment\LEGO Batman\LEGOBatman.exe
    Task: {59C3FA05-C65D-4BFE-895F-812D2753847E} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe
    Task: {59E95B9C-C67E-449D-A62D-94841E92359C} - System32\Tasks\{61D73689-CD90-4138-B5B6-FF24C79F2F67} => C:\Program Files\ComicRack\ComicRack.exe [2013-04-09] ()
    Task: {652802C2-2CDD-4478-81DD-61C8F66866AA} - System32\Tasks\{B212E0E8-3E51-4D1D-BA88-C96BDC61188C} => C:\Program Files\ComicRack\ComicRack.exe [2013-04-09] ()
    Task: {66E4FA6D-2268-4295-A38A-3B6DFFECE204} - System32\Tasks\{9E830ACA-EA65-45CE-9DF9-79875D96F694} => \\Action-pc\f\Program Files\Injustice Gods Among Us Ultimate Edition\DiscContentPCG\InjusticeLauncher.exe
    Task: {6A3FD0D3-1ECA-487D-91CD-B365D08130C0} - System32\Tasks\{7D1568EA-5E8A-473A-AD40-361D62DEF499} => \\Oem-2d238fd7bc4\samsung (e)\Games\Complete Emulator Collection\epsxe 1.8.0\ePSXe.exe
    Task: {6A83FAA4-4673-48EB-96A3-B81A91E712FE} - System32\Tasks\{96D56026-84D6-4B70-858E-FC0070A9E5C6} => \\Oem-2d238fd7bc4\samsung (e)\Games\Complete Emulator Collection\Nintendo 64 Emulator\Project64.exe
    Task: {6EA1B964-120F-4DC8-B10D-A7798B485F7B} - System32\Tasks\{0CAFA86C-63A1-4121-B7F8-34C569C4BCF1} => pcalua.exe -a "C:\Program Files (x86)\OGPlanet\Red Stone\Uninstall.exe" -d "C:\Program Files (x86)\OGPlanet\Red Stone"
    Task: {83A030DF-6905-44C0-8BE4-4510CF80D3CB} - System32\Tasks\{A968DE97-506E-4AFC-90A4-83290D9869D4} => C:\Program Files\ComicRack\ComicRack.exe [2013-04-09] ()
    Task: {83D92784-6BCC-41A4-8465-B83628375B0F} - System32\Tasks\{3D00CA2E-2EEB-47A9-B3A5-A702B8676C5B} => \\Oem-2d238fd7bc4\samsung (e)\Program Files\Warner Bros. Interactive Entertainment\LEGO Batman\LEGOBatman.exe
    Task: {851E7D7C-E018-41C3-8F59-F62E9470694C} - System32\Tasks\{EA398567-17D6-4F59-8B76-538707BEAB20} => C:\Program Files\ComicRack\ComicRack.exe [2013-04-09] ()
    Task: {918FC5E4-ABA4-422D-B1C2-DA8D58404240} - System32\Tasks\{D70A027F-24CE-492C-B0A1-746770AE43F2} => pcalua.exe -a C:\Users\DELL-LD531\Downloads\TVWSetup(3).exe -d C:\Users\DELL-LD531\Downloads
    Task: {929AFDEA-C560-48DE-A96B-F9CC1A9A567A} - System32\Tasks\{4A805B30-034E-40A9-98CC-6AE23A365C1F} => \\Oem-2d238fd7bc4\samsung (e)\Program Files\Warner Bros. Interactive Entertainment\LEGO Batman\LEGOBatman.exe
    Task: {9F96AAD6-D3C1-4DC5-93D0-7624CE82CF7E} - System32\Tasks\{102B9DD8-E36F-48B8-8F3A-4A1FD0F9C9BA} => C:\Users\DELL-LD531\Desktop\Project64 2.1\Project64.exe
    Task: {A2354589-7932-4EB9-A992-A68C7E4A489D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-26] (Avast Software s.r.o.)
    Task: {B3930C93-D244-4C86-A11F-BE9E903F0185} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-07] (Google Inc.)
    Task: {B80B6A78-D51A-4CBA-87E3-81C6499783B9} - System32\Tasks\{25F4BD58-A0FC-401F-98FB-A24E9CD5330A} => C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
    Task: {BBFC21BD-4EFB-4FAB-B302-BC05C2D9CD19} - System32\Tasks\{04C828BA-4A43-40BE-825E-748A5E1F0B67} => \\Oem-2d238fd7bc4\samsung (e)\Program Files\Foxy Games\Dragon Crossroads\DragonCrossroads.exe
    Task: {D77A3480-0534-44AB-97A3-01B6DCDF4179} - System32\Tasks\{955801CF-C09A-4BC7-A881-47A15AE17B12} => pcalua.exe -a C:\Users\DELL-LD531\Downloads\TVWSetup(1).exe -d C:\Users\DELL-LD531\Downloads
    Task: {DD6301C2-FEE9-4C24-8C32-C7830A8C92C7} - System32\Tasks\{22D09D86-AB63-4CE5-951A-89965185BC33} => C:\Program Files\ComicRack\ComicRack.exe [2013-04-09] ()
    Task: {E1C036AD-0C42-41A1-9B4B-20C9AD76408A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {E7F472AE-6F82-4F53-8342-11EC4CD6BD49} - System32\Tasks\{69393B99-C744-4460-91E8-72F53A723233} => \\Action-pc\f\Program Files\Injustice Gods Among Us Ultimate Edition\DiscContentPCG\Injustice.exe
    Task: {F9815964-C0E5-4C42-A773-5F9F3C83F630} - System32\Tasks\{4F7519CA-F85F-47CD-86CE-4312EB10184D} => C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2013-08-16 19:56 - 2013-08-16 19:56 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
    2008-11-25 10:19 - 2008-11-25 10:19 - 01193472 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Implementation\64\wbocx.ocx
    2009-11-24 13:36 - 2009-11-24 13:36 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2013-10-09 19:43 - 2013-10-09 16:52 - 00107520 ____R () C:\Program Files (x86)\DAEMON Tools Pro\BRD.dll
    2015-03-26 04:05 - 2015-03-26 04:05 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-03-26 04:04 - 2015-03-26 04:04 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-03-26 04:06 - 2015-03-26 04:06 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15032300\algo.dll
    2015-03-26 04:14 - 2015-03-26 04:14 - 02923008 _____ () C:\Program Files\AVAST Software\Avast\defs\15032600\algo.dll
    2015-03-26 04:05 - 2015-03-26 04:05 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3824378701-4137103917-3232307303-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\DELL-LD531\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    DNS Servers: 75.75.75.75 - 75.75.76.76

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Users^DELL-LD531^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Playpanel.lnk => C:\Windows\pss\Adobe Playpanel.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^DELL-LD531^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^DELL-LD531^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk => C:\Windows\pss\Xfire.lnk.Startup
    MSCONFIG\startupreg: Comrade.exe => C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe
    MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode
    MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
    MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-3824378701-4137103917-3232307303-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-3824378701-4137103917-3232307303-1029 - Limited - Enabled)
    DELL-LD531 (S-1-5-21-3824378701-4137103917-3232307303-1001 - Administrator - Enabled) => C:\Users\DELL-LD531
    Guest (S-1-5-21-3824378701-4137103917-3232307303-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-3824378701-4137103917-3232307303-1002 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/26/2015 04:25:52 AM) (Source: VSS) (EventID: 12292) (User: )
    Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    ].


    Operation:
    Obtain a callable interface for this provider
    List interfaces for all providers supporting this context
    Query Shadow Copies

    Context:
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
    Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
    Snapshot Context: 13
    Snapshot Context: 13
    Execution Context: Coordinator

    Error: (03/26/2015 04:25:52 AM) (Source: VSS) (EventID: 13) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    ]


    Operation:
    Obtain a callable interface for this provider
    List interfaces for all providers supporting this context
    Query Shadow Copies

    Context:
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
    Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
    Snapshot Context: 13
    Snapshot Context: 13
    Execution Context: Coordinator

    Error: (03/26/2015 04:01:40 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Users\DELL-L~1\AppData\Local\Temp\_av_iup.tm~a04520\instup.exe /edition:1 /prod:ais /sfx /sfxstorage:C:\Users\DELL-L~1\AppData\Local\Temp\_av_iup.tm~a04520; Description = avast! antivirus system restore point; Error = 0x80042302).

    Error: (03/26/2015 04:01:40 AM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine GetProviderMgmtInterface. hr = 0x8004230f, The shadow copy provider had an unexpected error while trying to process the specified operation.
    .

    Error: (03/26/2015 04:01:40 AM) (Source: VSS) (EventID: 12292) (User: )
    Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    ].


    Operation:
    Obtain a callable interface for this provider
    Obtaining provider management interface

    Context:
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
    Class ID: {00000000-0000-0000-0000-000000000000}
    Snapshot Context: -1
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

    Error: (03/26/2015 04:01:40 AM) (Source: VSS) (EventID: 13) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    ]


    Operation:
    Obtain a callable interface for this provider
    Obtaining provider management interface

    Context:
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
    Class ID: {00000000-0000-0000-0000-000000000000}
    Snapshot Context: -1
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

    Error: (03/25/2015 00:00:22 AM) (Source: VSS) (EventID: 12292) (User: )
    Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    ].


    Operation:
    Obtain a callable interface for this provider
    List interfaces for all providers supporting this context
    Query Shadow Copies

    Context:
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
    Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
    Snapshot Context: 13
    Snapshot Context: 13
    Execution Context: Coordinator

    Error: (03/25/2015 00:00:22 AM) (Source: VSS) (EventID: 13) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    ]


    Operation:
    Obtain a callable interface for this provider
    List interfaces for all providers supporting this context
    Query Shadow Copies

    Context:
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
    Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
    Snapshot Context: 13
    Snapshot Context: 13
    Execution Context: Coordinator

    Error: (03/25/2015 00:00:21 AM) (Source: System Restore) (EventID: 8211) (User: )
    Description: The scheduled restore point could not be created. Additional information: (0x80042302).

    Error: (03/25/2015 00:00:21 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80042302).


    System errors:
    =============
    Error: (03/24/2015 05:59:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
    %%-2140993535

    Error: (03/24/2015 05:59:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Peer Name Resolution Protocol service terminated with the following error:
    %%-2140993535

    Error: (03/24/2015 05:59:09 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

    Error: (03/24/2015 05:59:10 PM) (Source: PNRPSvc) (EventID: 102) (User: )
    Description: 0x80630801

    Error: (03/24/2015 05:59:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
    %%-2140993535

    Error: (03/24/2015 05:59:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Peer Name Resolution Protocol service terminated with the following error:
    %%-2140993535

    Error: (03/24/2015 05:59:07 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

    Error: (03/24/2015 05:59:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
    %%-2140993535

    Error: (03/24/2015 05:59:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Peer Name Resolution Protocol service terminated with the following error:
    %%-2140993535

    Error: (03/24/2015 05:59:07 PM) (Source: PNRPSvc) (EventID: 102) (User: )
    Description: 0x80630801


    Microsoft Office Sessions:
    =========================
    Error: (03/26/2015 04:25:52 AM) (Source: VSS) (EventID: 12292) (User: )
    Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


    Operation:
    Obtain a callable interface for this provider
    List interfaces for all providers supporting this context
    Query Shadow Copies

    Context:
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
    Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
    Snapshot Context: 13
    Snapshot Context: 13
    Execution Context: Coordinator

    Error: (03/26/2015 04:25:52 AM) (Source: VSS) (EventID: 13) (User: )
    Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


    Operation:
    Obtain a callable interface for this provider
    List interfaces for all providers supporting this context
    Query Shadow Copies

    Context:
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
    Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
    Snapshot Context: 13
    Snapshot Context: 13
    Execution Context: Coordinator

    Error: (03/26/2015 04:01:40 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: C:\Users\DELL-L~1\AppData\Local\Temp\_av_iup.tm~a04520\instup.exe /edition:1 /prod:ais /sfx /sfxstorage:C:\Users\DELL-L~1\AppData\Local\Temp\_av_iup.tm~a04520avast! antivirus system restore point0x80042302

    Error: (03/26/2015 04:01:40 AM) (Source: VSS) (EventID: 8193) (User: )
    Description: GetProviderMgmtInterface0x8004230f, The shadow copy provider had an unexpected error while trying to process the specified operation.

    Error: (03/26/2015 04:01:40 AM) (Source: VSS) (EventID: 12292) (User: )
    Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


    Operation:
    Obtain a callable interface for this provider
    Obtaining provider management interface

    Context:
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
    Class ID: {00000000-0000-0000-0000-000000000000}
    Snapshot Context: -1
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

    Error: (03/26/2015 04:01:40 AM) (Source: VSS) (EventID: 13) (User: )
    Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


    Operation:
    Obtain a callable interface for this provider
    Obtaining provider management interface

    Context:
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
    Class ID: {00000000-0000-0000-0000-000000000000}
    Snapshot Context: -1
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

    Error: (03/25/2015 00:00:22 AM) (Source: VSS) (EventID: 12292) (User: )
    Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


    Operation:
    Obtain a callable interface for this provider
    List interfaces for all providers supporting this context
    Query Shadow Copies

    Context:
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
    Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
    Snapshot Context: 13
    Snapshot Context: 13
    Execution Context: Coordinator

    Error: (03/25/2015 00:00:22 AM) (Source: VSS) (EventID: 13) (User: )
    Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


    Operation:
    Obtain a callable interface for this provider
    List interfaces for all providers supporting this context
    Query Shadow Copies

    Context:
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
    Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
    Snapshot Context: 13
    Snapshot Context: 13
    Execution Context: Coordinator

    Error: (03/25/2015 00:00:21 AM) (Source: System Restore) (EventID: 8211) (User: )
    Description: 0x80042302

    Error: (03/25/2015 00:00:21 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80042302


    CodeIntegrity Errors:
    ===================================
    Date: 2013-10-01 18:21:32.591
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-10-01 18:21:31.952
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-60
    Percentage of memory in use: 52%
    Total physical RAM: 1918.33 MB
    Available physical RAM: 907.54 MB
    Total Pagefile: 3836.66 MB
    Available Pagefile: 2319.13 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.8 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:74.43 GB) (Free:28.02 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 86308630)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)

    ==================== End Of Log ===================
     
  9. Orcus

    Orcus TS Rookie Topic Starter Posts: 56

    And this is shortcut txt created by farbar
    Users shortcut scan result (x64) Version: 11-03-2015
    Ran by DELL-LD531 at 2015-03-26 04:31:57
    Running from C:\Users\DELL-LD531\Desktop
    Boot Mode: Normal
    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)



    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zelda Time To Triumph\Uninstall Zelda Time To Triumph.lnk -> C:\Program Files (x86)\Zelda Time To Triumph\unins000.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zelda Time To Triumph\UserGuide.lnk -> C:\Program Files (x86)\Zelda Time To Triumph\UserGuide.pdf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zelda Time To Triumph\Zelda Time To Triumph.lnk -> C:\Program Files (x86)\Zelda Time To Triumph\Zelda3T.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zelda Navi's Quest\Manuel FR.lnk -> C:\Program Files (x86)\Zelda Navi's Quest\Manuel_FR.pdf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zelda Navi's Quest\Uninstall Zelda Navi's Quest.lnk -> C:\Program Files (x86)\Zelda Navi's Quest\unins000.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zelda Navi's Quest\User Guide US.lnk -> C:\Program Files (x86)\Zelda Navi's Quest\UserGuide_US.pdf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zelda Navi's Quest\Zelda Navi's Quest.lnk -> C:\Program Files (x86)\Zelda Navi's Quest\ZeldaNSQ.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Uninstall Winamp.lnk -> C:\Program Files (x86)\Winamp\UninstWA.exe (Nullsoft, Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\What's New.lnk -> C:\Program Files (x86)\Winamp\whatsnew.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Winamp.lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX\FINAL FANTASY XIV - A Realm Reborn\FINAL FANTASY XIV - A Realm Reborn.lnk -> C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe (SQUARE ENIX CO., LTD.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX\FINAL FANTASY XIV - A Realm Reborn\FINAL FANTASY XIV System Information.lnk -> C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivsysinfo.exe (SQUARE ENIX CO., LTD.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit\Malwarebytes Anti-Exploit.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Malwarebytes Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit\Uninstall Malwarebytes Anti-Exploit.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Exploit\unins000.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)
    Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{7369BEDC-976E-47EF-86BC-6930D6E30979}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe (Firaxis Games)
    Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{0EF0A05C-E817-402E-9E4E-CA94D9AC542C}\PlayTasks\2\View EULA File.lnk -> \\Action-pc\f\Program Files\Warner Bros. Interactive Entertainment\LEGO Batman\EULA.rtf (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{0EF0A05C-E817-402E-9E4E-CA94D9AC542C}\PlayTasks\1\View Readme File.lnk -> \\Action-pc\f\Program Files\Warner Bros. Interactive Entertainment\LEGO Batman\readme.rtf (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{0EF0A05C-E817-402E-9E4E-CA94D9AC542C}\PlayTasks\0\Play.lnk -> \\Action-pc\f\Program Files\Warner Bros. Interactive Entertainment\LEGO Batman\LEGOBatman.exe (No File)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
    Shortcut: C:\Users\DELL-LD531\Links\Desktop.lnk -> C:\Users\DELL-LD531\Desktop ()
    Shortcut: C:\Users\DELL-LD531\Links\Downloads.lnk -> C:\Users\DELL-LD531\Downloads ()
    Shortcut: C:\Users\DELL-LD531\Desktop\f (Action-pc) - Shortcut.lnk -> \\Action-pc\f ()
    Shortcut: C:\Users\DELL-LD531\Desktop\Misc\Adobe Reader XI.lnk -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
    Shortcut: C:\Users\DELL-LD531\Desktop\Misc\Cheat Engine.lnk -> C:\Program Files (x86)\Cheat Engine 6.1\Cheat Engine.exe ()
    Shortcut: C:\Users\DELL-LD531\Desktop\Misc\DAEMON Tools Pro.lnk -> C:\Program Files (x86)\DAEMON Tools Pro\DTPro.exe (DT Soft Ltd)
    Shortcut: C:\Users\DELL-LD531\Desktop\Misc\DeskTunes.lnk -> C:\Program Files (x86)\DeskTunes\Desk Tunes.exe (No File)
    Shortcut: C:\Users\DELL-LD531\Desktop\Misc\Free M4a to MP3 Converter.lnk -> C:\Program Files (x86)\Free M4a to MP3 Converter\m4a_converter.exe (ManiacTools)
    Shortcut: C:\Users\DELL-LD531\Desktop\Misc\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\DELL-LD531\Desktop\Misc\Guppy Youtube Saved.lnk -> C:\Users\DELL-LD531\Guppy Youtube Saved\GuppyYoutubeSaved.exe (No File)
    Shortcut: C:\Users\DELL-LD531\Desktop\Misc\Logitech Vid.lnk -> C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe (Logitech Inc.)
    Shortcut: C:\Users\DELL-LD531\Desktop\Misc\Logitech Webcam Software.lnk -> C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
    Shortcut: C:\Users\DELL-LD531\Desktop\Misc\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    Shortcut: C:\Users\DELL-LD531\Desktop\Misc\My Music Tools.lnk -> C:\Program Files (x86)\Free M4a to MP3 Converter\mymusictools.url ()
    Shortcut: C:\Users\DELL-LD531\Desktop\Misc\Skype.lnk -> C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe ()
    Shortcut: C:\Users\DELL-LD531\Desktop\Misc\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
    Shortcut: C:\Users\DELL-LD531\Desktop\Misc\Winamp.lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)
    Shortcut: C:\Users\DELL-LD531\Desktop\Misc\wmplayer - Shortcut.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation)
    Shortcut: C:\Users\DELL-LD531\Desktop\Misc\Yahoo! Messenger.lnk -> C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    Shortcut: C:\Users\DELL-LD531\Desktop\Misc\µTorrent.lnk -> C:\Users\DELL-LD531\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
    Shortcut: C:\Users\DELL-LD531\Desktop\Maintinence\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
    Shortcut: C:\Users\DELL-LD531\Desktop\Maintinence\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
    Shortcut: C:\Users\DELL-LD531\Desktop\Maintinence\TorrentRover.lnk -> C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Installer\{7370555E-FD41-4EAF-8B51-FF1C9E51D909}\_766737D1020D31D7ABA2E3.exe (No File)
    Shortcut: C:\Users\DELL-LD531\Desktop\Maintinence\WinZip Driver Updater.lnk -> C:\Program Files (x86)\WinZip Driver Updater\HighestAvailable.exe (No File)
    Shortcut: C:\Users\DELL-LD531\Desktop\Maintinence\Yahoo! Messenger.lnk -> C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\ASIO4ALL v2 Instruction Manual.lnk -> \\Action-pc\f\Program Files)\ASIO4ALL v2\ASIO4ALL v2 Instruction Manual.pdf (No File)
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (No File)
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\Beyond the Sword Trainer - Shortcut.lnk -> C:\Users\DELL-LD531\Desktop\Games\swbey3031trn-ch\Beyond the Sword Trainer.exe ()
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\Civ4BeyondSword - Shortcut.lnk -> C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe (Firaxis Games)
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\Civilization4 - Shortcut.lnk -> C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe (Firaxis Games)
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\ComicRack.lnk -> C:\Program Files\ComicRack\ComicRack.exe ()
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\ePSXe - Shortcut.lnk -> \\Action-pc\f\Games\Complete Emulator Collection\epsxe 1.8.0\ePSXe.exe ()
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\epsxe 1.7.0 and 1.6.0 (with GameShark, CodeBreaker, And Action Replay) - Shortcut.lnk -> \\Action-pc\f\Games\Complete Emulator Collection\ps1\epsxe 1.7.0 and 1.6.0 (with GameShark, CodeBreaker, And Action Replay) ()
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\Fate - Shortcut.lnk -> \\Action-pc\f\Program Files\Wild Tangent\Fate\Fate.exe (No File)
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\FL Studio 10.lnk -> \\Action-pc\f\Program Files\Image-Line\FL Studio 10\FL.exe (Image-Line)
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\Fusion - Shortcut.lnk -> \\Action-pc\f\Games\Complete Emulator Collection\Sega Emulator\Fusion.exe ()
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\Green Lantern ROTM PC LAUNCHER [Hyperdrive25] - Shortcut.lnk -> \\Action-pc\f\Program Files\Green Lantern Rise Of The Manhunters (DS VERSION) PC [Hyperdrive25]\Green Lantern ROTM PC LAUNCHER [Hyperdrive25].exe ()
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\halo - Shortcut.lnk -> \\Action-pc\f\Program Files\Halo\halo.exe (Microsoft Corporation)
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\JoyToKey - Shortcut.lnk -> C:\Users\DELL-LD531\Downloads\JoyToKey_en\JoyToKey_en\JoyToKey.exe ()
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\Launch Sid Meier's Civilization 4 - Warlords.lnk -> C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe (Firaxis Games)
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\Launch Sid Meier's Civilization 4.lnk -> C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe (Firaxis Games)
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\Magic TG Launcher.lnk -> C:\Program Files (x86)\MagicTG\MTGLauncher.exe ()
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\MemManager - Shortcut.lnk -> \\Action-pc\f\Games\Complete Emulator Collection\epsxe 1.8.0\memcards\MemManager.exe (Aldo Vargas - http://www.aldostools.com)
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\MUA - Shortcut.lnk -> \\Action-pc\f\Program Files\Marvel.Ultimate.Alliance.PC.Game(djDEVASTATE™)\MUA.exe ()
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\Nintendo - Shortcut.lnk -> \\Action-pc\f\Games\Complete Emulator Collection\Nintendo Emulator\Nintendo.exe ()
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\OGPlanet.lnk -> C:\Program Files (x86)\OGPlanet\USLauncher\ogplauncher.exe (No File)
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\pec - Shortcut.lnk -> \\Action-pc\f\Games\Complete Emulator Collection\psx emulation cheater\pec.exe (NillSoftWare)
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\Project64 - Shortcut.lnk -> \\Action-pc\f\Games\Complete Emulator Collection\Nintendo 64 Emulator\Project64.exe ()
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\Strategy Guides - Shortcut.lnk -> \\Action-pc\f\Games\Strategy Guides ()
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\Torchlight - Shortcut.lnk -> \\Action-pc\f\Program Files\Torchlight\Torchlight.exe (No File)
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\VisualBoyAdvance - Shortcut.lnk -> \\Action-pc\f\Games\Complete Emulator Collection\VisualBoyAdvance-1.7.2\VisualBoyAdvance.exe (None)
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\Xfire.lnk -> C:\Program Files (x86)\Xfire\Xfire.exe (No File)
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\Xpadder - Shortcut.lnk -> \\Oem-2d238fd7bc4\samsung (e)\Program Files\CAPCOM\Devil May Cry 3 Special Edition\Xpadder.exe (No File)
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\zdoom - Shortcut.lnk -> \\Action-pc\f\Program Files\zdoom\zdoom-2.5.0\zdoom.exe ( )
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\Zelda3T.lnk -> C:\Program Files (x86)\Zelda Time To Triumph\Zelda3T.exe ()
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\ZeldaNSQ.lnk -> C:\Program Files (x86)\Zelda Navi's Quest\ZeldaNSQ.exe ()
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\ZeldaOLB.lnk -> C:\Program Files (x86)\Zelda Oni Link Begins\ZeldaOLB.exe ()
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\ZeldaROTH.lnk -> C:\Program Files (x86)\Zelda Return of the Hylian\ZeldaROTH.exe ()
    Shortcut: C:\Users\DELL-LD531\Desktop\Games\zsnesw - Shortcut.lnk -> \\Action-pc\f\Games\Complete Emulator Collection\Super Nintendo Emulator\zsnesw.exe ()
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -> C:\Users\DELL-LD531\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in\Uninstall Winamp Detector Plug-in.lnk -> C:\Program Files (x86)\Winamp Detect\UninstWaDetect.exe (Nullsoft, Inc.)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kickass_torrent (1).lnk -> C:\ProgramData\{a91c42f8-1b69-e579-a91c-c42f81b60be0}\Kickass_torrent (1).exe (No File)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kickass_torrent.lnk -> C:\ProgramData\{2b49548f-3040-1a70-2b49-9548f304523c}\Kickass_torrent.exe (No File)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plane9\Configure Plane9.lnk -> C:\Program Files (x86)\Plane9\Plane9.Config.exe (Planestate Software)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plane9\Documentation.lnk -> C:\Program Files (x86)\Plane9\Plane9Doc.url ()
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plane9\Plane9 User Data.lnk -> C:\Users\DELL-LD531\AppData\Roaming\Plane9 (No File)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plane9\Scene Editor.lnk -> C:\Program Files (x86)\Plane9\Plane9.Editor.exe (Planestate Software)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plane9\Uninstall.lnk -> C:\Program Files (x86)\Plane9\uninst.exe ()
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plane9\Website.lnk -> C:\Program Files (x86)\Plane9\Plane9.url ()
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OGPlanet\Game Launcher.lnk -> C:\Program Files (x86)\OGPlanet\USLauncher\ogplauncher.exe (No File)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OGPlanet\OGPlanet.lnk -> C:\Program Files (x86)\OGPlanet\USLauncher\ogplauncher.exe (No File)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OGPlanet\Uninstall OGPlanet Launcher.lnk -> C:\Program Files (x86)\OGPlanet\USLauncher\uninst.exe (No File)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Calculator Plus\Microsoft Calculator Plus.lnk -> C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Installer\{83073C45-3003-4671-9A86-243AAADD915A}\_18be6784.exe ()
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\FL Studio 10 (extended memory).lnk -> \\Action-pc\f\Program Files\Image-Line\FL Studio 10\FL (extended memory).exe (Image-Line)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\FL Studio 10.lnk -> \\Action-pc\f\Program Files\Image-Line\FL Studio 10\FL.exe (Image-Line)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\FL Studio online.lnk -> \\Action-pc\f\Program Files\Image-Line\FL Studio 10\System\Internet\FL Studio online.url ()
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Help.lnk -> \\Action-pc\f\Program Files\Image-Line\FL Studio 10\Help\FL.chm ()
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Uninstall.lnk -> \\Action-pc\f\Program Files\Image-Line\FL Studio 10\Uninstall.exe ()
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\What's new.lnk -> \\Action-pc\f\Program Files\Image-Line\FL Studio 10\WhatsNew.doc (No File)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dragon Crossroads\Dragon Crossroads.lnk -> \\Oem-2d238fd7bc4\samsung (e)\Program Files\Foxy Games\Dragon Crossroads\DragonCrossroads.exe (No File)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dragon Crossroads\Play Over 14.000 Online Games on The Playing Bay.lnk -> \\Oem-2d238fd7bc4\samsung (e)\Program Files\Foxy Games\Dragon Crossroads\Play Over 14.000 Online Games on The Playing Bay.html (No File)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dragon Crossroads\Uninstall Dragon Crossroads.lnk -> \\Oem-2d238fd7bc4\samsung (e)\Program Files\Foxy Games\Dragon Crossroads\uninstall.exe (No File)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\ASIO4ALL v2 Instruction Manual.lnk -> \\Action-pc\f\Program Files)\ASIO4ALL v2\ASIO4ALL v2 Instruction Manual.pdf (No File)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\ASIO4ALL Web Site.lnk -> \\Action-pc\f\Program Files)\ASIO4ALL v2\ASIO4ALL Web Site.url (No File)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\Uninstall.lnk -> \\Action-pc\f\Program Files)\ASIO4ALL v2\uninstall.exe (No File)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free M4a to MP3 Converter.lnk -> C:\Program Files (x86)\Free M4a to MP3 Converter\m4a_converter.exe (ManiacTools)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Xfire.lnk -> C:\Program Files (x86)\Xfire\Xfire.exe (No File)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk -> C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -> C:\Users\DELL-LD531\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Winamp.lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Task Manager.lnk -> C:\Windows\System32\taskmgr.exe (Microsoft Corporation)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Winamp.lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)
    Shortcut: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\WordPad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
    Shortcut: C:\Users\DELL-LD531\AppData\Local\Microsoft\Windows\GameExplorer\{E73E83A2-ABF1-4C89-83AE-247D0A0F6561}\PlayTasks\0\Play.lnk -> \\Action-pc\f\Program Files\Halo\halo.exe (Microsoft Corporation)
    Shortcut: C:\Users\DELL-LD531\AppData\Local\Microsoft\Windows\GameExplorer\{8D2469A6-9124-445C-8969-7FCC4A2BD135}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe (Firaxis Games)
    Shortcut: C:\Users\DELL-LD531\AppData\Local\Microsoft\Windows\GameExplorer\{554ACF60-B6AF-4AE4-8876-4E8467FCA4C9}\PlayTasks\0\Play.lnk -> \\Action-pc\f\Program Files\Marvel.Ultimate.Alliance.PC.Game(djDEVASTATE™)\MUA.exe ()
    Shortcut: C:\Users\DELL-LD531\AppData\Local\Microsoft\Windows\GameExplorer\{249A34CF-8D38-4E73-B04F-CDC9F11BF6BD}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe (Firaxis Games)
    Shortcut: C:\Users\DELL-LD531\AppData\Local\Microsoft\Windows\GameExplorer\{1136CBFA-15CE-46CF-9260-C707005874E9}\PlayTasks\0\Play.lnk -> \\ACTION-PC\Program Files\Halo\halo.exe (Microsoft Corporation)
    Shortcut: C:\Users\Public\Desktop\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)
    Shortcut: C:\Users\Public\Desktop\FINAL FANTASY XIV - A Realm Reborn.lnk -> C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe (SQUARE ENIX CO., LTD.)




    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
    ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
    ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
    ShortcutWithArgument: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plane9\Run Plane9 Screensaver.lnk -> C:\Windows\Plane9.scr () -> /s
    ShortcutWithArgument: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Advanced\Install plugin version.lnk -> \\Action-pc\f\Program Files\Image-Line\FL Studio 10\FL.exe (Image-Line) -> /PluginSetup
    ShortcutWithArgument: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Advanced\Reset settings.lnk -> \\Action-pc\f\Program Files\Image-Line\FL Studio 10\FL.exe (Image-Line) -> /Reset
    ShortcutWithArgument: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Advanced\Uninstall DXi plugin.lnk -> \\Action-pc\f\Program Files\Image-Line\FL Studio 10\FL.exe (Image-Line) -> /RemoveDXi
    ShortcutWithArgument: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Advanced\Unregister ReWire client.lnk -> \\Action-pc\f\Program Files\Image-Line\FL Studio 10\FL.exe (Image-Line) -> /RemoveReWire
    ShortcutWithArgument: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
    ShortcutWithArgument: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
    ShortcutWithArgument: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
    ShortcutWithArgument: C:\Users\DELL-LD531\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\70f62c6a7f1739bd\pinned.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %systemRoot%\system32\shell32.dll,Options_RunDLL 1


    InternetURL: C:\Users\DELL-LD531\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
    InternetURL: C:\Users\DELL-LD531\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
    InternetURL: C:\Users\DELL-LD531\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
    InternetURL: C:\Users\DELL-LD531\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
    InternetURL: C:\Users\DELL-LD531\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
    InternetURL: C:\Users\DELL-LD531\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
    InternetURL: C:\Users\DELL-LD531\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
    InternetURL: C:\Users\DELL-LD531\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
    InternetURL: C:\Users\DELL-LD531\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
    InternetURL: C:\Users\DELL-LD531\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
    InternetURL: C:\Users\DELL-LD531\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
    InternetURL: C:\Users\DELL-LD531\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
    InternetURL: C:\Users\DELL-LD531\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
    InternetURL: C:\Users\DELL-LD531\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
    InternetURL: C:\Users\DELL-LD531\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
    InternetURL: C:\Users\DELL-LD531\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
    InternetURL: C:\Users\DELL-LD531\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
    InternetURL: C:\Users\DELL-LD531\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
    InternetURL: C:\Users\DELL-LD531\Downloads\League of Angels.url -> hxxp://angel.gtarcade.com
    InternetURL: C:\Users\DELL-LD531\Desktop\Games\Naruto Sages66.url -> hxxp://saga.games.la

    ==================== End of log =============================
     
  10. Orcus

    Orcus TS Rookie Topic Starter Posts: 56

    And like I said as for avast it reoved the cidox j root kit which is what malware bytes is constantly removing but I cant seem to find the log file if u need that log file and know what folder it would b located in plz let me knoow and I can post it too also something of note after running avast and farbar avast popped up that I needed to update some programs and when I updated the flash plyer active x it did the update but then I had to manually reboot bc the laptop became unresponsive and I cant seem to rememebr if its just an issue with updaing thru avast or if it may have been caused by something else I origonally quit using avast when they recently changed the interface and everything so its been awhile since ive used it
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Let's double check if it's gone for good....

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  12. Orcus

    Orcus TS Rookie Topic Starter Posts: 56

    05:25:51.0762 0x0d98 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
    05:26:06.0271 0x0d98 ============================================================
    05:26:06.0271 0x0d98 Current date / time: 2015/03/28 05:26:06.0271
    05:26:06.0271 0x0d98 SystemInfo:
    05:26:06.0271 0x0d98
    05:26:06.0271 0x0d98 OS Version: 6.1.7601 ServicePack: 1.0
    05:26:06.0271 0x0d98 Product type: Workstation
    05:26:06.0271 0x0d98 ComputerName: DELL-LD531-PC
    05:26:06.0271 0x0d98 UserName: DELL-LD531
    05:26:06.0271 0x0d98 Windows directory: C:\Windows
    05:26:06.0271 0x0d98 System windows directory: C:\Windows
    05:26:06.0271 0x0d98 Running under WOW64
    05:26:06.0271 0x0d98 Processor architecture: Intel x64
    05:26:06.0271 0x0d98 Number of processors: 2
    05:26:06.0271 0x0d98 Page size: 0x1000
    05:26:06.0271 0x0d98 Boot type: Normal boot
    05:26:06.0271 0x0d98 ============================================================
    05:26:11.0169 0x0d98 KLMD registered as C:\Windows\system32\drivers\85947701.sys
    05:26:15.0412 0x0d98 System UUID: {6DBBFA4D-035F-533D-6F73-C562EDA8073A}
    05:26:22.0495 0x0d98 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 ( 74.53 Gb ), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    05:26:22.0573 0x0d98 ============================================================
    05:26:22.0573 0x0d98 \Device\Harddisk0\DR0:
    05:26:22.0588 0x0d98 MBR partitions:
    05:26:22.0588 0x0d98 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    05:26:22.0588 0x0d98 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC800
    05:26:22.0588 0x0d98 ============================================================
    05:26:22.0744 0x0d98 C: <-> \Device\Harddisk0\DR0\Partition2
    05:26:22.0744 0x0d98 ============================================================
    05:26:22.0744 0x0d98 Initialize success
    05:26:22.0744 0x0d98 ============================================================
    05:26:30.0497 0x0d10 ============================================================
    05:26:30.0497 0x0d10 Scan started
    05:26:30.0497 0x0d10 Mode: Manual;
    05:26:30.0497 0x0d10 ============================================================
    05:26:30.0497 0x0d10 KSN ping started
    05:26:33.0820 0x0d10 KSN ping finished: true
    05:26:35.0848 0x0d10 ================ Scan system memory ========================
    05:26:35.0848 0x0d10 System memory - ok
    05:26:35.0864 0x0d10 ================ Scan services =============================
    05:26:36.0441 0x0d10 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
    05:26:36.0488 0x0d10 1394ohci - ok
    05:26:36.0815 0x0d10 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    05:26:36.0909 0x0d10 ACPI - ok
    05:26:37.0003 0x0d10 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    05:26:37.0018 0x0d10 AcpiPmi - ok
    05:26:37.0408 0x0d10 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    05:26:37.0424 0x0d10 AdobeARMservice - ok
    05:26:37.0689 0x0d10 [ B0FE8D243A4EC6727D7EC5019C4B26B1, 6A319A77E19937208237BDBD2A545367EEC7B4B7ED732E0BAF616070C2FD88A3 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    05:26:37.0736 0x0d10 AdobeFlashPlayerUpdateSvc - ok
    05:26:38.0001 0x0d10 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    05:26:38.0110 0x0d10 adp94xx - ok
    05:26:38.0344 0x0d10 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
    05:26:38.0391 0x0d10 adpahci - ok
    05:26:38.0563 0x0d10 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    05:26:38.0594 0x0d10 adpu320 - ok
    05:26:38.0797 0x0d10 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    05:26:38.0812 0x0d10 AeLookupSvc - ok
    05:26:39.0062 0x0d10 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
    05:26:39.0140 0x0d10 AFD - ok
    05:26:39.0249 0x0d10 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
    05:26:39.0265 0x0d10 agp440 - ok
    05:26:39.0405 0x0d10 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
    05:26:39.0436 0x0d10 ALG - ok
    05:26:39.0561 0x0d10 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
    05:26:39.0561 0x0d10 aliide - ok
    05:26:39.0639 0x0d10 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
    05:26:39.0655 0x0d10 amdide - ok
    05:26:39.0842 0x0d10 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    05:26:39.0873 0x0d10 AmdK8 - ok
    05:26:39.0951 0x0d10 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
    05:26:39.0967 0x0d10 AmdPPM - ok
    05:26:40.0107 0x0d10 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    05:26:40.0138 0x0d10 amdsata - ok
    05:26:40.0280 0x0d10 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    05:26:40.0311 0x0d10 amdsbs - ok
    05:26:40.0404 0x0d10 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
    05:26:40.0404 0x0d10 amdxata - ok
    05:26:40.0529 0x0d10 [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
    05:26:40.0560 0x0d10 AppID - ok
    05:26:40.0638 0x0d10 [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    05:26:40.0670 0x0d10 AppIDSvc - ok
    05:26:40.0794 0x0d10 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
    05:26:40.0810 0x0d10 Appinfo - ok
    05:26:40.0919 0x0d10 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
    05:26:40.0966 0x0d10 AppMgmt - ok
    05:26:41.0060 0x0d10 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
    05:26:41.0091 0x0d10 arc - ok
    05:26:41.0169 0x0d10 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
    05:26:41.0200 0x0d10 arcsas - ok
    05:26:41.0668 0x0d10 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    05:26:41.0793 0x0d10 aspnet_state - ok
    05:26:41.0886 0x0d10 [ AA0B7720D0CB89DCC3363E5DBDF3EBB6, A00E47DD5D32A3D9652B8C11899D455EA239DA33222AA80F3743BCF8BBC7BE5A ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
    05:26:41.0902 0x0d10 aswHwid - ok
    05:26:41.0996 0x0d10 [ 3B154DDD747CBAC31E33B276800736B0, AAE2C0F62F510C7183BAEAF762290F8431DCCC8618F80EDC9B6028720F0C1C47 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
    05:26:42.0011 0x0d10 aswMonFlt - ok
    05:26:42.0106 0x0d10 [ CF1BFE4B95F0626C10E96A48B9B8EAC6, 99897F005A0AD3DF7AEEAD63C662C6FC4B3BDCA47B6641AD5D12AFD2406282F1 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
    05:26:42.0184 0x0d10 aswRdr - ok
    05:26:42.0262 0x0d10 [ 67C5C6F9DE8F6B43372EDADEBAD85E67, 4FA16109494681BEF9F84574CF3407BB001A1757CA2CE036B8EAC969AB9D428B ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
    05:26:42.0293 0x0d10 aswRvrt - ok
    05:26:42.0667 0x0d10 [ BE3D7AC282909F1352742F98DA2C9D18, 15C4A3240CD37531A6A6D406E34B4AAE93DD0FA449D3F37237ECFCB01D2F3BE8 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
    05:26:42.0855 0x0d10 aswSnx - ok
    05:26:43.0213 0x0d10 [ 2EF2CB17A9C46AE16276A15EF2F3AF74, 7D9CB982ED06BCBCA4A714CB723E54E8DCCCA35D5D11E9E32F5D7CFE99DCA62F ] aswSP C:\Windows\system32\drivers\aswSP.sys
    05:26:43.0323 0x0d10 aswSP - ok
    05:26:43.0479 0x0d10 [ D4408FE64734D8DA69AB699D8A4AEF0D, F0D04D468DD3CD1F664A5FF5043A4308B539F5465C43DA0994D4D8F84753B831 ] aswStm C:\Windows\system32\drivers\aswStm.sys
    05:26:43.0525 0x0d10 aswStm - ok
    05:26:43.0681 0x0d10 [ 8DF6664681FF5ADDBEB0D749B85B6544, BCC2359E9A3F92499EDFD22B497048F6EA51C769D2DC70A5AD821C5AB681844C ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
    05:26:43.0744 0x0d10 aswVmm - ok
    05:26:43.0884 0x0d10 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    05:26:43.0900 0x0d10 AsyncMac - ok
    05:26:44.0056 0x0d10 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
    05:26:44.0071 0x0d10 atapi - ok
    05:26:44.0586 0x0d10 [ CA4A0176FA380EFD45DE9D0ACB9E1F86, D5CA4A13EE8DCCD5B01A709A808AE51AAC064F7A4C3D4F0A6E272CDB46D28585 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
    05:26:44.0758 0x0d10 Ati External Event Utility - ok
    05:26:47.0239 0x0d10 [ AEAE4ABE6419923C037A0B2A157E1FC6, F04A79797AB697AA8316C37DF0D79ED28A9134BD0E1B2C9400619C0A9B3634FF ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    05:26:48.0300 0x0d10 atikmdag - ok
    05:26:49.0049 0x0d10 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    05:26:49.0189 0x0d10 AudioEndpointBuilder - ok
    05:26:49.0376 0x0d10 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
    05:26:49.0501 0x0d10 AudioSrv - ok
    05:26:49.0782 0x0d10 [ 210A326658D72D7F2EE2267F3D9C44D4, 25BC620209B5F4BCF5C3F323290E41255F68660F3DFF901FA5A78423A7293D73 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    05:26:49.0844 0x0d10 avast! Antivirus - ok
    05:26:49.0938 0x0d10 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
    05:26:49.0969 0x0d10 AxInstSV - ok
    05:26:50.0172 0x0d10 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    05:26:50.0266 0x0d10 b06bdrv - ok
    05:26:50.0406 0x0d10 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    05:26:50.0453 0x0d10 b57nd60a - ok
    05:26:51.0046 0x0d10 [ FB4FDA64F2E8552EAEB5986C3F34462C, EFC81E1227339FC721B926633BE15B5476A161452D6D054455F4B1FE87D9B891 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
    05:26:51.0529 0x0d10 BCM43XX - ok
    05:26:51.0685 0x0d10 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
    05:26:51.0716 0x0d10 BDESVC - ok
    05:26:51.0810 0x0d10 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
    05:26:51.0810 0x0d10 Beep - ok
    05:26:51.0997 0x0d10 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
    05:26:52.0138 0x0d10 BFE - ok
    05:26:52.0372 0x0d10 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
    05:26:52.0543 0x0d10 BITS - ok
    05:26:52.0652 0x0d10 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    05:26:52.0668 0x0d10 blbdrive - ok
    05:26:52.0777 0x0d10 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    05:26:52.0793 0x0d10 bowser - ok
    05:26:52.0871 0x0d10 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    05:26:52.0886 0x0d10 BrFiltLo - ok
    05:26:52.0964 0x0d10 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    05:26:52.0964 0x0d10 BrFiltUp - ok
    05:26:53.0074 0x0d10 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
    05:26:53.0105 0x0d10 Browser - ok
    05:26:53.0198 0x0d10 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    05:26:53.0292 0x0d10 Brserid - ok
    05:26:53.0386 0x0d10 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    05:26:53.0417 0x0d10 BrSerWdm - ok
    05:26:53.0479 0x0d10 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    05:26:53.0495 0x0d10 BrUsbMdm - ok
    05:26:53.0588 0x0d10 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    05:26:53.0588 0x0d10 BrUsbSer - ok
    05:26:53.0666 0x0d10 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    05:26:53.0682 0x0d10 BTHMODEM - ok
    05:26:53.0791 0x0d10 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
    05:26:53.0822 0x0d10 bthserv - ok
    05:26:53.0916 0x0d10 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    05:26:53.0932 0x0d10 cdfs - ok
    05:26:54.0041 0x0d10 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    05:26:54.0072 0x0d10 cdrom - ok
    05:26:54.0150 0x0d10 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
    05:26:54.0212 0x0d10 CertPropSvc - ok
    05:26:54.0306 0x0d10 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
    05:26:54.0322 0x0d10 circlass - ok
    05:26:54.0571 0x0d10 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
    05:26:54.0665 0x0d10 CLFS - ok
    05:26:54.0821 0x0d10 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    05:26:54.0852 0x0d10 clr_optimization_v2.0.50727_32 - ok
    05:26:54.0961 0x0d10 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    05:26:54.0977 0x0d10 clr_optimization_v2.0.50727_64 - ok
    05:26:55.0102 0x0d10 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    05:26:55.0133 0x0d10 clr_optimization_v4.0.30319_32 - ok
    05:26:55.0211 0x0d10 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    05:26:55.0289 0x0d10 clr_optimization_v4.0.30319_64 - ok
    05:26:55.0351 0x0d10 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    05:26:55.0367 0x0d10 CmBatt - ok
    05:26:55.0429 0x0d10 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
    05:26:55.0445 0x0d10 cmdide - ok
    05:26:55.0601 0x0d10 [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
    05:26:55.0694 0x0d10 CNG - ok
    05:26:55.0757 0x0d10 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    05:26:55.0772 0x0d10 Compbatt - ok
    05:26:55.0835 0x0d10 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    05:26:55.0850 0x0d10 CompositeBus - ok
    05:26:55.0897 0x0d10 COMSysApp - ok
    05:26:55.0975 0x0d10 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    05:26:56.0006 0x0d10 crcdisk - ok
    05:26:56.0147 0x0d10 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll
    05:26:56.0194 0x0d10 CryptSvc - ok
    05:26:56.0351 0x0d10 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
    05:26:56.0460 0x0d10 CSC - ok
    05:26:56.0647 0x0d10 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
    05:26:56.0772 0x0d10 CscService - ok
    05:26:56.0990 0x0d10 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
    05:26:57.0099 0x0d10 DcomLaunch - ok
    05:26:57.0240 0x0d10 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
    05:26:57.0302 0x0d10 defragsvc - ok
    05:26:57.0427 0x0d10 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    05:26:57.0443 0x0d10 DfsC - ok
    05:26:57.0567 0x0d10 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
    05:26:57.0645 0x0d10 Dhcp - ok
    05:26:57.0723 0x0d10 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
    05:26:57.0739 0x0d10 discache - ok
    05:26:57.0833 0x0d10 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
    05:26:57.0864 0x0d10 Disk - ok
    05:26:57.0973 0x0d10 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
    05:26:57.0989 0x0d10 dmvsc - ok
    05:26:58.0082 0x0d10 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    05:26:58.0129 0x0d10 Dnscache - ok
    05:26:58.0254 0x0d10 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
    05:26:58.0301 0x0d10 dot3svc - ok
    05:26:58.0425 0x0d10 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
    05:26:58.0488 0x0d10 DPS - ok
    05:26:58.0644 0x0d10 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    05:26:58.0706 0x0d10 drmkaud - ok
    05:26:58.0831 0x0d10 [ 46571ED73AE84469DCA53081D33CF3C8, 8BB386BB4F6AD39F06A8607CD1DF3D67CFA45BBE52E40EDB90EB8C862283EBFF ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    05:26:58.0893 0x0d10 dtsoftbus01 - ok
    05:26:59.0159 0x0d10 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    05:26:59.0346 0x0d10 DXGKrnl - ok
    05:26:59.0455 0x0d10 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
    05:26:59.0502 0x0d10 EapHost - ok
    05:27:00.0313 0x0d10 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
    05:27:00.0906 0x0d10 ebdrv - ok
    05:27:01.0077 0x0d10 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] EFS C:\Windows\System32\lsass.exe
    05:27:01.0093 0x0d10 EFS - ok
    05:27:01.0296 0x0d10 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    05:27:01.0436 0x0d10 ehRecvr - ok
    05:27:01.0530 0x0d10 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
    05:27:01.0561 0x0d10 ehSched - ok
    05:27:01.0701 0x0d10 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    05:27:01.0826 0x0d10 elxstor - ok
    05:27:01.0889 0x0d10 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    05:27:01.0889 0x0d10 ErrDev - ok
    05:27:02.0107 0x0d10 [ 00C3C6C55C435810C9475C219F4D1B26, 397E57AD97DD2C233ACF4C210B4AD227C516C9B2D01680FE22198168B627D267 ] ESProtectionDriver C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
    05:27:02.0123 0x0d10 ESProtectionDriver - ok
    05:27:02.0294 0x0d10 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
    05:27:02.0372 0x0d10 EventSystem - ok
    05:27:02.0497 0x0d10 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
    05:27:02.0544 0x0d10 exfat - ok
    05:27:02.0622 0x0d10 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    05:27:02.0669 0x0d10 fastfat - ok
    05:27:02.0840 0x0d10 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
    05:27:02.0965 0x0d10 Fax - ok
    05:27:03.0074 0x0d10 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
    05:27:03.0090 0x0d10 fdc - ok
    05:27:03.0152 0x0d10 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
    05:27:03.0169 0x0d10 fdPHost - ok
    05:27:03.0231 0x0d10 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
    05:27:03.0262 0x0d10 FDResPub - ok
    05:27:03.0356 0x0d10 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    05:27:03.0372 0x0d10 FileInfo - ok
    05:27:03.0434 0x0d10 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    05:27:03.0450 0x0d10 Filetrace - ok
    05:27:03.0496 0x0d10 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    05:27:03.0512 0x0d10 flpydisk - ok
    05:27:03.0637 0x0d10 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    05:27:03.0699 0x0d10 FltMgr - ok
    05:27:03.0980 0x0d10 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
    05:27:04.0230 0x0d10 FontCache - ok
    05:27:04.0354 0x0d10 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    05:27:04.0370 0x0d10 FontCache3.0.0.0 - ok
    05:27:04.0448 0x0d10 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    05:27:04.0479 0x0d10 FsDepends - ok
    05:27:04.0557 0x0d10 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    05:27:04.0557 0x0d10 Fs_Rec - ok
    05:27:04.0666 0x0d10 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    05:27:04.0713 0x0d10 fvevol - ok
    05:27:04.0807 0x0d10 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    05:27:04.0822 0x0d10 gagp30kx - ok
    05:27:04.0947 0x0d10 getbus - ok
    05:27:05.0166 0x0d10 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
    05:27:05.0337 0x0d10 gpsvc - ok
    05:27:05.0462 0x0d10 [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    05:27:05.0478 0x0d10 gupdate - ok
    05:27:05.0556 0x0d10 [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    05:27:05.0587 0x0d10 gupdatem - ok
    05:27:05.0665 0x0d10 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    05:27:05.0680 0x0d10 hcw85cir - ok
    05:27:05.0836 0x0d10 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    05:27:05.0930 0x0d10 HdAudAddService - ok
    05:27:06.0024 0x0d10 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    05:27:06.0055 0x0d10 HDAudBus - ok
    05:27:06.0117 0x0d10 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    05:27:06.0133 0x0d10 HidBatt - ok
    05:27:06.0211 0x0d10 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    05:27:06.0242 0x0d10 HidBth - ok
    05:27:06.0304 0x0d10 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
    05:27:06.0320 0x0d10 HidIr - ok
    05:27:06.0414 0x0d10 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
    05:27:06.0429 0x0d10 hidserv - ok
    05:27:06.0507 0x0d10 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    05:27:06.0523 0x0d10 HidUsb - ok
    05:27:06.0616 0x0d10 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
    05:27:06.0648 0x0d10 hkmsvc - ok
    05:27:06.0741 0x0d10 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    05:27:06.0804 0x0d10 HomeGroupListener - ok
    05:27:06.0897 0x0d10 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    05:27:06.0960 0x0d10 HomeGroupProvider - ok
    05:27:07.0038 0x0d10 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    05:27:07.0069 0x0d10 HpSAMD - ok
    05:27:07.0240 0x0d10 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    05:27:07.0396 0x0d10 HTTP - ok
    05:27:07.0490 0x0d10 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    05:27:07.0506 0x0d10 hwpolicy - ok
    05:27:07.0584 0x0d10 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    05:27:07.0615 0x0d10 i8042prt - ok
    05:27:07.0755 0x0d10 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    05:27:07.0880 0x0d10 iaStorV - ok
    05:27:08.0130 0x0d10 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    05:27:08.0301 0x0d10 idsvc - ok
    05:27:08.0379 0x0d10 IEEtwCollectorService - ok
    05:27:08.0457 0x0d10 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    05:27:08.0488 0x0d10 iirsp - ok
    05:27:08.0738 0x0d10 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
    05:27:08.0925 0x0d10 IKEEXT - ok
    05:27:09.0050 0x0d10 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
    05:27:09.0081 0x0d10 intelide - ok
    05:27:09.0144 0x0d10 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\drivers\intelppm.sys
    05:27:09.0175 0x0d10 intelppm - ok
    05:27:09.0268 0x0d10 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    05:27:09.0331 0x0d10 IPBusEnum - ok
    05:27:09.0409 0x0d10 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    05:27:09.0424 0x0d10 IpFilterDriver - ok
    05:27:09.0627 0x0d10 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    05:27:09.0721 0x0d10 iphlpsvc - ok
    05:27:09.0799 0x0d10 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    05:27:09.0830 0x0d10 IPMIDRV - ok
    05:27:09.0924 0x0d10 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    05:27:09.0955 0x0d10 IPNAT - ok
    05:27:10.0017 0x0d10 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
    05:27:10.0033 0x0d10 IRENUM - ok
    05:27:10.0095 0x0d10 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    05:27:10.0111 0x0d10 isapnp - ok
    05:27:10.0220 0x0d10 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    05:27:10.0282 0x0d10 iScsiPrt - ok
    05:27:10.0376 0x0d10 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    05:27:10.0392 0x0d10 kbdclass - ok
    05:27:10.0454 0x0d10 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    05:27:10.0470 0x0d10 kbdhid - ok
    05:27:10.0532 0x0d10 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] KeyIso C:\Windows\system32\lsass.exe
    05:27:10.0563 0x0d10 KeyIso - ok
    05:27:10.0641 0x0d10 [ 56ED3EE5FED6BF2FC1305CF872042868, 44F77AE3CD83284800FF106156ABCB63047327855E2535EE278289AF6F05579C ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    05:27:10.0672 0x0d10 KSecDD - ok
    05:27:10.0750 0x0d10 [ 8BA90F480705D7153AD0060CCA62222A, B3E610DFAB382368114D026947084A72AFC4F5BF9C28317F411D4ED91E0B3192 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    05:27:10.0797 0x0d10 KSecPkg - ok
    05:27:10.0844 0x0d10 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    05:27:10.0860 0x0d10 ksthunk - ok
    05:27:11.0000 0x0d10 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
    05:27:11.0109 0x0d10 KtmRm - ok
    05:27:11.0218 0x0d10 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
    05:27:11.0296 0x0d10 LanmanServer - ok
    05:27:11.0390 0x0d10 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    05:27:11.0452 0x0d10 LanmanWorkstation - ok
    05:27:11.0562 0x0d10 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    05:27:11.0593 0x0d10 lltdio - ok
    05:27:11.0702 0x0d10 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    05:27:11.0780 0x0d10 lltdsvc - ok
    05:27:11.0842 0x0d10 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
    05:27:11.0874 0x0d10 lmhosts - ok
    05:27:11.0998 0x0d10 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    05:27:12.0014 0x0d10 LSI_FC - ok
    05:27:12.0123 0x0d10 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    05:27:12.0154 0x0d10 LSI_SAS - ok
    05:27:12.0232 0x0d10 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    05:27:12.0248 0x0d10 LSI_SAS2 - ok
    05:27:12.0310 0x0d10 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    05:27:12.0342 0x0d10 LSI_SCSI - ok
    05:27:12.0435 0x0d10 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
    05:27:12.0466 0x0d10 luafv - ok
    05:27:12.0607 0x0d10 [ DED333DBDBBCC3555A6E6244522E2F1A, 6909875090A9013685BA16EAAC666C173F138F0AF7172A40E746E6EFDE02D133 ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
    05:27:12.0654 0x0d10 LVPr2M64 - ok
    05:27:12.0732 0x0d10 [ DED333DBDBBCC3555A6E6244522E2F1A, 6909875090A9013685BA16EAAC666C173F138F0AF7172A40E746E6EFDE02D133 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
    05:27:12.0732 0x0d10 LVPr2Mon - ok
    05:27:12.0872 0x0d10 [ A35679E56E78091E1042A2D7ADBF2958, F2282B697DCDD5767F65D99FEA374D3757C6133D42BD5A9C582C217619213290 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    05:27:12.0919 0x0d10 LVPrcS64 - ok
    05:27:13.0012 0x0d10 [ 5C3FF68267A5D242EE79EE01B993D6CE, 853637AC30A16698F2F583693E98B67104ECE5B8F80C6FB88266665162623B92 ] LVUSBS64 C:\Windows\system32\DRIVERS\LVUSBS64.sys
    05:27:13.0044 0x0d10 LVUSBS64 - ok
    05:27:13.0278 0x0d10 [ FCF1A9F544CD89564CFAC9572AB2DDBB, B5793DF12FE656FF73F3094CEE8986E2E90C64C47EAED9FA190A66E601125B42 ] MbaeSvc C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
    05:27:13.0387 0x0d10 MbaeSvc - ok
    05:27:13.0449 0x0d10 [ CF12E148C6FC151335B7D7FE03F1C7A2, 7087DF6D884AF0A57AC22D7AE9C2903913AAB4CE52D19666B6513C3D5706E43C ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    05:27:13.0465 0x0d10 MBAMProtector - ok
    05:27:13.0886 0x0d10 [ 86701B8E4C53280AA8642AC85F8500F4, 6839F2B840410857AE7DA215A17922A7499A9B99D96032756525878E98175103 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    05:27:14.0245 0x0d10 MBAMScheduler - ok
    05:27:14.0526 0x0d10 [ E27891A49DF92004041FEC5C3A2D4230, A4679A1F10F84935875E35A83FC7075499B8F4CBB543209A38C0D946347CD264 ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    05:27:14.0760 0x0d10 MBAMService - ok
    05:27:14.0884 0x0d10 [ E9CD058C79EA15B4AA93E259FA713B07, 2B09F65188D8782F9C797545F2F791EC7EAB85D8914B2C0B30BD869C412E3980 ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
    05:27:14.0916 0x0d10 MBAMSwissArmy - ok
    05:27:15.0009 0x0d10 [ 0CE2F3E26C770CBAEB50787A2C1FD09E, 2DDB1827027D2CC8E78FE737B5DA21783EFCD13430DBB140C34DAACACD6EF492 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
    05:27:15.0025 0x0d10 MBAMWebAccessControl - ok
    05:27:15.0118 0x0d10 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    05:27:15.0196 0x0d10 Mcx2Svc - ok
    05:27:15.0290 0x0d10 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
    05:27:15.0306 0x0d10 megasas - ok
    05:27:15.0430 0x0d10 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    05:27:15.0493 0x0d10 MegaSR - ok
    05:27:15.0586 0x0d10 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
    05:27:15.0618 0x0d10 MMCSS - ok
    05:27:15.0680 0x0d10 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
    05:27:15.0696 0x0d10 Modem - ok
    05:27:15.0789 0x0d10 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    05:27:15.0805 0x0d10 monitor - ok
    05:27:15.0867 0x0d10 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    05:27:15.0898 0x0d10 mouclass - ok
    05:27:15.0945 0x0d10 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    05:27:15.0961 0x0d10 mouhid - ok
    05:27:16.0054 0x0d10 [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    05:27:16.0070 0x0d10 mountmgr - ok
    05:27:16.0195 0x0d10 [ 81E8AF6407EC3F41908FE37F054353EA, 756C7656ED68AEAE4225E952ED1CED0717264D3378DB8DF0B2D70B6EBC67C62F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    05:27:16.0242 0x0d10 MozillaMaintenance - ok
    05:27:16.0335 0x0d10 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
    05:27:16.0366 0x0d10 mpio - ok
    05:27:16.0460 0x0d10 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    05:27:16.0476 0x0d10 mpsdrv - ok
    05:27:16.0710 0x0d10 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
    05:27:16.0850 0x0d10 MpsSvc - ok
    05:27:16.0990 0x0d10 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    05:27:17.0022 0x0d10 MRxDAV - ok
    05:27:17.0115 0x0d10 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    05:27:17.0146 0x0d10 mrxsmb - ok
    05:27:17.0256 0x0d10 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    05:27:17.0318 0x0d10 mrxsmb10 - ok
    05:27:17.0412 0x0d10 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    05:27:17.0443 0x0d10 mrxsmb20 - ok
    05:27:17.0521 0x0d10 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
    05:27:17.0536 0x0d10 msahci - ok
    05:27:17.0649 0x0d10 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    05:27:17.0680 0x0d10 msdsm - ok
    05:27:17.0789 0x0d10 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
    05:27:17.0836 0x0d10 MSDTC - ok
    05:27:17.0945 0x0d10 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    05:27:17.0961 0x0d10 Msfs - ok
    05:27:18.0027 0x0d10 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    05:27:18.0043 0x0d10 mshidkmdf - ok
    05:27:18.0089 0x0d10 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    05:27:18.0105 0x0d10 msisadrv - ok
    05:27:18.0199 0x0d10 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    05:27:18.0245 0x0d10 MSiSCSI - ok
    05:27:18.0292 0x0d10 msiserver - ok
    05:27:18.0386 0x0d10 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    05:27:18.0401 0x0d10 MSKSSRV - ok
    05:27:18.0464 0x0d10 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    05:27:18.0464 0x0d10 MSPCLOCK - ok
    05:27:18.0526 0x0d10 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    05:27:18.0542 0x0d10 MSPQM - ok
    05:27:18.0667 0x0d10 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    05:27:18.0760 0x0d10 MsRPC - ok
    05:27:18.0854 0x0d10 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    05:27:18.0869 0x0d10 mssmbios - ok
    05:27:18.0947 0x0d10 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    05:27:18.0963 0x0d10 MSTEE - ok
    05:27:19.0025 0x0d10 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    05:27:19.0025 0x0d10 MTConfig - ok
    05:27:19.0103 0x0d10 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
    05:27:19.0119 0x0d10 Mup - ok
    05:27:19.0275 0x0d10 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
    05:27:19.0384 0x0d10 napagent - ok
    05:27:19.0556 0x0d10 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    05:27:19.0618 0x0d10 NativeWifiP - ok
    05:27:19.0899 0x0d10 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
    05:27:20.0086 0x0d10 NDIS - ok
    05:27:20.0180 0x0d10 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    05:27:20.0195 0x0d10 NdisCap - ok
    05:27:20.0289 0x0d10 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    05:27:20.0305 0x0d10 NdisTapi - ok
    05:27:20.0383 0x0d10 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    05:27:20.0414 0x0d10 Ndisuio - ok
    05:27:20.0492 0x0d10 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    05:27:20.0539 0x0d10 NdisWan - ok
    05:27:20.0601 0x0d10 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    05:27:20.0617 0x0d10 NDProxy - ok
    05:27:20.0679 0x0d10 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    05:27:20.0710 0x0d10 NetBIOS - ok
    05:27:20.0835 0x0d10 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT
     
  13. Orcus

    Orcus TS Rookie Topic Starter Posts: 56

    C:\Windows\system32\DRIVERS\netbt.sys
    05:27:20.0897 0x0d10 NetBT - ok
    05:27:20.0960 0x0d10 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] Netlogon C:\Windows\system32\lsass.exe
    05:27:20.0991 0x0d10 Netlogon - ok
    05:27:21.0163 0x0d10 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
    05:27:21.0256 0x0d10 Netman - ok
    05:27:21.0397 0x0d10 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    05:27:21.0428 0x0d10 NetMsmqActivator - ok
    05:27:21.0490 0x0d10 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    05:27:21.0521 0x0d10 NetPipeActivator - ok
    05:27:21.0709 0x0d10 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
    05:27:21.0818 0x0d10 netprofm - ok
    05:27:21.0880 0x0d10 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    05:27:21.0911 0x0d10 NetTcpActivator - ok
    05:27:21.0989 0x0d10 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    05:27:22.0021 0x0d10 NetTcpPortSharing - ok
    05:27:22.0130 0x0d10 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    05:27:22.0145 0x0d10 nfrd960 - ok
    05:27:22.0286 0x0d10 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
    05:27:22.0348 0x0d10 NlaSvc - ok
    05:27:22.0442 0x0d10 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
    05:27:22.0457 0x0d10 Npfs - ok
    05:27:22.0551 0x0d10 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
    05:27:22.0582 0x0d10 nsi - ok
    05:27:22.0629 0x0d10 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    05:27:22.0645 0x0d10 nsiproxy - ok
    05:27:23.0066 0x0d10 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    05:27:23.0393 0x0d10 Ntfs - ok
    05:27:23.0487 0x0d10 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
    05:27:23.0503 0x0d10 Null - ok
    05:27:23.0612 0x0d10 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    05:27:23.0643 0x0d10 nvraid - ok
    05:27:23.0752 0x0d10 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    05:27:23.0783 0x0d10 nvstor - ok
    05:27:23.0908 0x0d10 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    05:27:23.0939 0x0d10 nv_agp - ok
    05:27:24.0033 0x0d10 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    05:27:24.0064 0x0d10 ohci1394 - ok
    05:27:24.0205 0x0d10 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    05:27:24.0298 0x0d10 p2pimsvc - ok
    05:27:24.0439 0x0d10 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
    05:27:24.0563 0x0d10 p2psvc - ok
    05:27:24.0641 0x0d10 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
    05:27:24.0673 0x0d10 Parport - ok
    05:27:24.0813 0x0d10 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    05:27:24.0844 0x0d10 partmgr - ok
    05:27:24.0938 0x0d10 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
    05:27:25.0000 0x0d10 PcaSvc - ok
    05:27:25.0125 0x0d10 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
    05:27:25.0156 0x0d10 pci - ok
    05:27:25.0265 0x0d10 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
    05:27:25.0265 0x0d10 pciide - ok
    05:27:25.0375 0x0d10 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    05:27:25.0421 0x0d10 pcmcia - ok
    05:27:25.0484 0x0d10 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
    05:27:25.0499 0x0d10 pcw - ok
    05:27:25.0671 0x0d10 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    05:27:25.0811 0x0d10 PEAUTH - ok
    05:27:26.0123 0x0d10 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    05:27:26.0420 0x0d10 PeerDistSvc - ok
    05:27:26.0716 0x0d10 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
    05:27:26.0732 0x0d10 PerfHost - ok
    05:27:27.0449 0x0d10 [ AE0B94363DA0F60D42B9D05B352F61ED, 284EA0123798BDBBAA93F912AD45B3D3F1F662FDDA5C73C0AC0D76AC2F9033C0 ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V64.SYS
    05:27:27.0949 0x0d10 PID_PEPI - ok
    05:27:28.0339 0x0d10 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
    05:27:28.0635 0x0d10 pla - ok
    05:27:28.0822 0x0d10 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    05:27:28.0931 0x0d10 PlugPlay - ok
    05:27:29.0025 0x0d10 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    05:27:29.0056 0x0d10 PNRPAutoReg - ok
    05:27:29.0181 0x0d10 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    05:27:29.0259 0x0d10 PNRPsvc - ok
    05:27:29.0432 0x0d10 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    05:27:29.0556 0x0d10 PolicyAgent - ok
    05:27:29.0681 0x0d10 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
    05:27:29.0744 0x0d10 Power - ok
    05:27:29.0837 0x0d10 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    05:27:29.0868 0x0d10 PptpMiniport - ok
    05:27:29.0946 0x0d10 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
    05:27:29.0962 0x0d10 Processor - ok
    05:27:30.0102 0x0d10 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
    05:27:30.0180 0x0d10 ProfSvc - ok
    05:27:30.0258 0x0d10 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] ProtectedStorage C:\Windows\system32\lsass.exe
    05:27:30.0290 0x0d10 ProtectedStorage - ok
    05:27:30.0368 0x0d10 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    05:27:30.0399 0x0d10 Psched - ok
    05:27:30.0742 0x0d10 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    05:27:31.0038 0x0d10 ql2300 - ok
    05:27:31.0164 0x0d10 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    05:27:31.0195 0x0d10 ql40xx - ok
    05:27:31.0351 0x0d10 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
    05:27:31.0414 0x0d10 QWAVE - ok
    05:27:31.0492 0x0d10 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    05:27:31.0523 0x0d10 QWAVEdrv - ok
    05:27:31.0585 0x0d10 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    05:27:31.0601 0x0d10 RasAcd - ok
    05:27:31.0741 0x0d10 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    05:27:31.0773 0x0d10 RasAgileVpn - ok
    05:27:31.0866 0x0d10 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
    05:27:31.0929 0x0d10 RasAuto - ok
    05:27:32.0038 0x0d10 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    05:27:32.0069 0x0d10 Rasl2tp - ok
    05:27:32.0194 0x0d10 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
    05:27:32.0303 0x0d10 RasMan - ok
    05:27:32.0381 0x0d10 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    05:27:32.0412 0x0d10 RasPppoe - ok
    05:27:32.0490 0x0d10 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    05:27:32.0521 0x0d10 RasSstp - ok
    05:27:32.0678 0x0d10 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    05:27:32.0741 0x0d10 rdbss - ok
    05:27:32.0803 0x0d10 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    05:27:32.0819 0x0d10 rdpbus - ok
    05:27:32.0866 0x0d10 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    05:27:32.0881 0x0d10 RDPCDD - ok
    05:27:33.0044 0x0d10 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    05:27:33.0075 0x0d10 RDPDR - ok
    05:27:33.0184 0x0d10 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    05:27:33.0200 0x0d10 RDPENCDD - ok
    05:27:33.0293 0x0d10 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    05:27:33.0309 0x0d10 RDPREFMP - ok
    05:27:33.0449 0x0d10 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    05:27:33.0465 0x0d10 RdpVideoMiniport - ok
    05:27:33.0591 0x0d10 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    05:27:33.0637 0x0d10 RDPWD - ok
    05:27:33.0762 0x0d10 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    05:27:33.0809 0x0d10 rdyboost - ok
    05:27:33.0918 0x0d10 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
    05:27:33.0965 0x0d10 RemoteAccess - ok
    05:27:34.0074 0x0d10 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    05:27:34.0137 0x0d10 RemoteRegistry - ok
    05:27:34.0246 0x0d10 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    05:27:34.0277 0x0d10 RpcEptMapper - ok
    05:27:34.0339 0x0d10 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
    05:27:34.0355 0x0d10 RpcLocator - ok
    05:27:34.0527 0x0d10 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
    05:27:34.0636 0x0d10 RpcSs - ok
    05:27:34.0761 0x0d10 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    05:27:34.0792 0x0d10 rspndr - ok
    05:27:34.0870 0x0d10 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    05:27:34.0885 0x0d10 s3cap - ok
    05:27:34.0963 0x0d10 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] SamSs C:\Windows\system32\lsass.exe
    05:27:34.0979 0x0d10 SamSs - ok
    05:27:35.0073 0x0d10 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    05:27:35.0088 0x0d10 sbp2port - ok
    05:27:35.0213 0x0d10 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    05:27:35.0275 0x0d10 SCardSvr - ok
    05:27:35.0338 0x0d10 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    05:27:35.0353 0x0d10 scfilter - ok
    05:27:35.0619 0x0d10 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
    05:27:35.0868 0x0d10 Schedule - ok
    05:27:35.0993 0x0d10 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
    05:27:36.0009 0x0d10 SCPolicySvc - ok
    05:27:36.0165 0x0d10 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    05:27:36.0227 0x0d10 SDRSVC - ok
    05:27:36.0305 0x0d10 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
    05:27:36.0336 0x0d10 secdrv - ok
    05:27:36.0430 0x0d10 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
    05:27:36.0461 0x0d10 seclogon - ok
    05:27:36.0555 0x0d10 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
    05:27:36.0586 0x0d10 SENS - ok
    05:27:36.0742 0x0d10 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
    05:27:36.0789 0x0d10 SensrSvc - ok
    05:27:36.0867 0x0d10 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    05:27:36.0898 0x0d10 Serenum - ok
    05:27:36.0991 0x0d10 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
    05:27:37.0023 0x0d10 Serial - ok
    05:27:37.0085 0x0d10 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
    05:27:37.0101 0x0d10 sermouse - ok
    05:27:37.0288 0x0d10 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
    05:27:37.0366 0x0d10 SessionEnv - ok
    05:27:37.0491 0x0d10 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    05:27:37.0506 0x0d10 sffdisk - ok
    05:27:37.0553 0x0d10 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    05:27:37.0569 0x0d10 sffp_mmc - ok
    05:27:37.0647 0x0d10 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    05:27:37.0662 0x0d10 sffp_sd - ok
    05:27:37.0725 0x0d10 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    05:27:37.0756 0x0d10 sfloppy - ok
    05:27:37.0959 0x0d10 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    05:27:38.0052 0x0d10 SharedAccess - ok
    05:27:38.0239 0x0d10 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    05:27:38.0380 0x0d10 ShellHWDetection - ok
    05:27:38.0567 0x0d10 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    05:27:38.0598 0x0d10 SiSRaid2 - ok
    05:27:38.0707 0x0d10 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    05:27:38.0739 0x0d10 SiSRaid4 - ok
    05:27:38.0910 0x0d10 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    05:27:38.0973 0x0d10 Smb - ok
    05:27:39.0082 0x0d10 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    05:27:39.0113 0x0d10 SNMPTRAP - ok
    05:27:39.0175 0x0d10 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
    05:27:39.0191 0x0d10 spldr - ok
    05:27:39.0425 0x0d10 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
    05:27:39.0565 0x0d10 Spooler - ok
    05:27:40.0299 0x0d10 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
    05:27:41.0016 0x0d10 sppsvc - ok
    05:27:41.0172 0x0d10 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    05:27:41.0219 0x0d10 sppuinotify - ok
    05:27:41.0375 0x0d10 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
    05:27:41.0469 0x0d10 srv - ok
    05:27:41.0609 0x0d10 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    05:27:41.0703 0x0d10 srv2 - ok
    05:27:41.0843 0x0d10 [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    05:27:41.0921 0x0d10 SrvHsfHDA - ok
    05:27:42.0233 0x0d10 [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    05:27:42.0545 0x0d10 SrvHsfV92 - ok
    05:27:42.0826 0x0d10 [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    05:27:42.0982 0x0d10 SrvHsfWinac - ok
    05:27:43.0138 0x0d10 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    05:27:43.0169 0x0d10 srvnet - ok
    05:27:43.0278 0x0d10 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    05:27:43.0341 0x0d10 SSDPSRV - ok
    05:27:43.0419 0x0d10 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
    05:27:43.0465 0x0d10 SstpSvc - ok
    05:27:43.0575 0x0d10 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
    05:27:43.0606 0x0d10 stexstor - ok
    05:27:43.0824 0x0d10 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
    05:27:43.0965 0x0d10 stisvc - ok
    05:27:44.0043 0x0d10 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    05:27:44.0058 0x0d10 storflt - ok
    05:27:44.0152 0x0d10 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
    05:27:44.0167 0x0d10 storvsc - ok
    05:27:44.0245 0x0d10 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    05:27:44.0245 0x0d10 swenum - ok
    05:27:44.0417 0x0d10 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
    05:27:44.0557 0x0d10 swprv - ok
    05:27:44.0823 0x0d10 [ C3A39C4079305480972D29C44B868C78, 8F1BB75C743256F905EAEDE744B6082C53774C49126875FB4E4FBA30F5478B17 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
    05:27:44.0869 0x0d10 Synth3dVsc - ok
    05:27:45.0961 0x0d10 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
    05:27:46.0601 0x0d10 SysMain - ok
    05:27:46.0819 0x0d10 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
    05:27:46.0866 0x0d10 TabletInputService - ok
    05:27:47.0038 0x0d10 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
    05:27:47.0147 0x0d10 TapiSrv - ok
    05:27:47.0319 0x0d10 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
    05:27:47.0428 0x0d10 TBS - ok
    05:27:48.0036 0x0d10 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    05:27:48.0489 0x0d10 Tcpip - ok
    05:27:49.0237 0x0d10 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    05:27:49.0581 0x0d10 TCPIP6 - ok
    05:27:49.0783 0x0d10 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    05:27:49.0815 0x0d10 tcpipreg - ok
    05:27:49.0971 0x0d10 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    05:27:49.0986 0x0d10 TDPIPE - ok
    05:27:50.0127 0x0d10 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    05:27:50.0158 0x0d10 TDTCP - ok
    05:27:50.0329 0x0d10 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    05:27:50.0392 0x0d10 tdx - ok
    05:27:50.0595 0x0d10 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    05:27:50.0610 0x0d10 TermDD - ok
    05:27:50.0766 0x0d10 [ EF4469AB69EB15E5D3754E6AEAFBCD3D, 3609214C3D5181364B544EBF17E9A109952BE1C4C35BE0A8727BFA8F49ECB130 ] terminpt C:\Windows\system32\drivers\terminpt.sys
    05:27:50.0782 0x0d10 terminpt - ok
    05:27:51.0063 0x0d10 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
    05:27:51.0312 0x0d10 TermService - ok
    05:27:51.0421 0x0d10 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
    05:27:51.0453 0x0d10 Themes - ok
    05:27:51.0546 0x0d10 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
    05:27:51.0562 0x0d10 THREADORDER - ok
    05:27:51.0672 0x0d10 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
    05:27:51.0734 0x0d10 TrkWks - ok
    05:27:51.0859 0x0d10 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    05:27:51.0890 0x0d10 TrustedInstaller - ok
    05:27:52.0000 0x0d10 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    05:27:52.0015 0x0d10 tssecsrv - ok
    05:27:52.0249 0x0d10 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    05:27:52.0296 0x0d10 TsUsbFlt - ok
    05:27:52.0374 0x0d10 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    05:27:52.0390 0x0d10 TsUsbGD - ok
    05:27:52.0717 0x0d10 [ E1748D04AE40118B62BC18AC86032192, A954B141D1B27272C771D14F3B40C7CC1F572DD72559F2C96182EFBE2B095FDE ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
    05:27:52.0748 0x0d10 tsusbhub - ok
    05:27:52.0873 0x0d10 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    05:27:52.0904 0x0d10 tunnel - ok
    05:27:53.0139 0x0d10 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    05:27:53.0264 0x0d10 uagp35 - ok
    05:27:53.0498 0x0d10 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    05:27:53.0592 0x0d10 udfs - ok
    05:27:53.0841 0x0d10 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
    05:27:53.0888 0x0d10 UI0Detect - ok
    05:27:53.0997 0x0d10 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    05:27:54.0013 0x0d10 uliagpkx - ok
    05:27:54.0107 0x0d10 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    05:27:54.0122 0x0d10 umbus - ok
    05:27:54.0232 0x0d10 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
    05:27:54.0310 0x0d10 UmPass - ok
    05:27:54.0529 0x0d10 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
    05:27:54.0607 0x0d10 UmRdpService - ok
    05:27:54.0747 0x0d10 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
    05:27:54.0841 0x0d10 upnphost - ok
    05:27:54.0966 0x0d10 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    05:27:54.0997 0x0d10 usbaudio - ok
    05:27:55.0106 0x0d10 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    05:27:55.0137 0x0d10 usbccgp - ok
    05:27:55.0246 0x0d10 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
    05:27:55.0278 0x0d10 usbcir - ok
    05:27:55.0449 0x0d10 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    05:27:55.0465 0x0d10 usbehci - ok
    05:27:55.0700 0x0d10 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    05:27:55.0778 0x0d10 usbhub - ok
    05:27:55.0871 0x0d10 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    05:27:55.0887 0x0d10 usbohci - ok
    05:27:56.0012 0x0d10 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    05:27:56.0027 0x0d10 usbprint - ok
    05:27:56.0152 0x0d10 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    05:27:56.0168 0x0d10 usbscan - ok
    05:27:56.0277 0x0d10 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    05:27:56.0308 0x0d10 USBSTOR - ok
    05:27:56.0402 0x0d10 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    05:27:56.0433 0x0d10 usbuhci - ok
    05:27:56.0589 0x0d10 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
    05:27:56.0651 0x0d10 UxSms - ok
    05:27:56.0792 0x0d10 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] VaultSvc C:\Windows\system32\lsass.exe
    05:27:56.0823 0x0d10 VaultSvc - ok
    05:27:56.0917 0x0d10 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    05:27:56.0932 0x0d10 vdrvroot - ok
    05:27:57.0151 0x0d10 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
    05:27:57.0307 0x0d10 vds - ok
    05:27:57.0463 0x0d10 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    05:27:57.0494 0x0d10 vga - ok
    05:27:57.0603 0x0d10 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
    05:27:57.0634 0x0d10 VgaSave - ok
    05:27:57.0666 0x0d10 VGPU - ok
    05:27:57.0775 0x0d10 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    05:27:57.0837 0x0d10 vhdmp - ok
    05:27:57.0946 0x0d10 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
    05:27:57.0962 0x0d10 viaide - ok
    05:27:58.0056 0x0d10 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
    05:27:58.0102 0x0d10 vmbus - ok
    05:27:58.0212 0x0d10 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    05:27:58.0227 0x0d10 VMBusHID - ok
    05:27:58.0336 0x0d10 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    05:27:58.0352 0x0d10 volmgr - ok
    05:27:58.0477 0x0d10 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    05:27:58.0570 0x0d10 volmgrx - ok
    05:27:58.0759 0x0d10 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
    05:27:58.0821 0x0d10 volsnap - ok
    05:27:58.0930 0x0d10 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    05:27:58.0977 0x0d10 vsmraid - ok
    05:27:59.0367 0x0d10 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
    05:27:59.0726 0x0d10 VSS - ok
    05:27:59.0866 0x0d10 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    05:27:59.0882 0x0d10 vwifibus - ok
    05:27:59.0975 0x0d10 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    05:27:59.0991 0x0d10 vwififlt - ok
    05:28:00.0131 0x0d10 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
    05:28:00.0256 0x0d10 W32Time - ok
    05:28:00.0350 0x0d10 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    05:28:00.0381 0x0d10 WacomPen - ok
    05:28:00.0490 0x0d10 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    05:28:00.0506 0x0d10 WANARP - ok
    05:28:00.0584 0x0d10 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    05:28:00.0631 0x0d10 Wanarpv6 - ok
    05:28:01.0005 0x0d10 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    05:28:01.0270 0x0d10 WatAdminSvc - ok
    05:28:01.0691 0x0d10 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
    05:28:02.0113 0x0d10 wbengine - ok
    05:28:02.0269 0x0d10 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    05:28:02.0331 0x0d10 WbioSrvc - ok
    05:28:02.0487 0x0d10 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    05:28:02.0612 0x0d10 wcncsvc - ok
    05:28:02.0705 0x0d10 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    05:28:02.0752 0x0d10 WcsPlugInService - ok
    05:28:02.0908 0x0d10 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
    05:28:02.0924 0x0d10 Wd - ok
    05:28:03.0173 0x0d10 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    05:28:03.0392 0x0d10 Wdf01000 - ok
    05:28:03.0517 0x0d10 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
    05:28:03.0579 0x0d10 WdiServiceHost - ok
    05:28:03.0688 0x0d10 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
    05:28:03.0735 0x0d10 WdiSystemHost - ok
    05:28:03.0891 0x0d10 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
    05:28:03.0969 0x0d10 WebClient - ok
    05:28:04.0125 0x0d10 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
    05:28:04.0203 0x0d10 Wecsvc - ok
    05:28:04.0312 0x0d10 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    05:28:04.0359 0x0d10 wercplsupport - ok
    05:28:04.0421 0x0d10 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
    05:28:04.0468 0x0d10 WerSvc - ok
    05:28:04.0562 0x0d10 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    05:28:04.0577 0x0d10 WfpLwf - ok
    05:28:04.0671 0x0d10 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    05:28:04.0702 0x0d10 WIMMount - ok
    05:28:04.0811 0x0d10 WinDefend - ok
    05:28:04.0889 0x0d10 WinHttpAutoProxySvc - ok
    05:28:05.0077 0x0d10 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    05:28:05.0139 0x0d10 Winmgmt - ok
    05:28:05.0591 0x0d10 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
    05:28:06.0028 0x0d10 WinRM - ok
    05:28:06.0215 0x0d10 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    05:28:06.0231 0x0d10 WinUsb - ok
    05:28:06.0481 0x0d10 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
    05:28:06.0746 0x0d10 Wlansvc - ok
    05:28:06.0886 0x0d10 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    05:28:06.0902 0x0d10 WmiAcpi - ok
    05:28:07.0042 0x0d10 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    05:28:07.0120 0x0d10 wmiApSrv - ok
    05:28:07.0198 0x0d10 WMPNetworkSvc - ok
    05:28:07.0276 0x0d10 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
    05:28:07.0323 0x0d10 WPCSvc - ok
    05:28:07.0417 0x0d10 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    05:28:07.0479 0x0d10 WPDBusEnum - ok
    05:28:07.0557 0x0d10 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    05:28:07.0557 0x0d10 ws2ifsl - ok
    05:28:07.0651 0x0d10 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
    05:28:07.0713 0x0d10 wscsvc - ok
    05:28:07.0822 0x0d10 WSearch - ok
    05:28:08.0415 0x0d10 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
    05:28:08.0945 0x0d10 wuauserv - ok
    05:28:09.0117 0x0d10 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    05:28:09.0148 0x0d10 WudfPf - ok
    05:28:09.0242 0x0d10 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    05:28:09.0289 0x0d10 WUDFRd - ok
    05:28:09.0382 0x0d10 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    05:28:09.0445 0x0d10 wudfsvc - ok
    05:28:09.0554 0x0d10 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
    05:28:09.0647 0x0d10 WwanSvc - ok
    05:28:09.0835 0x0d10 X6va013 - ok
    05:28:09.0913 0x0d10 X6va015 - ok
    05:28:10.0178 0x0d10 [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    05:28:10.0303 0x0d10 YahooAUService - ok
    05:28:10.0381 0x0d10 ================ Scan global ===============================
    05:28:10.0459 0x0d10 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
    05:28:10.0568 0x0d10 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
    05:28:10.0693 0x0d10 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
    05:28:10.0864 0x0d10 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
    05:28:11.0005 0x0d10 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
    05:28:11.0098 0x0d10 [ Global ] - ok
    05:28:11.0098 0x0d10 ================ Scan MBR ==================================
    05:28:11.0129 0x0d10 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    05:28:14.0390 0x0d10 \Device\Harddisk0\DR0 - ok
    05:28:14.0405 0x0d10 ================ Scan VBR ==================================
    05:28:14.0405 0x0d10 [ 462B862A0D762AD7CB46C168424C9F32 ] \Device\Harddisk0\DR0\Partition1
    05:28:14.0421 0x0d10 \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
    05:28:14.0421 0x0d10 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
    05:28:17.0573 0x0d10 [ 48AD4C460D094C87AD71EBB367788B39 ] \Device\Harddisk0\DR0\Partition2
    05:28:17.0589 0x0d10 \Device\Harddisk0\DR0\Partition2 - ok
    05:28:17.0589 0x0d10 ================ Scan generic autorun ======================
    05:28:17.0698 0x0d10 [ 53FD418622B72D709CE92AA8DBFDB0F6, 6169893D35E424EC5CBF480C35935D5C8B464B2045D10A4A475B8442FF3C528B ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    05:28:17.0729 0x0d10 StartCCC - ok
    05:28:17.0807 0x0d10 [ BEAE23E7FC6DCC19E9B0F1811F02834F, AF0C770CA1E239EC700CB260BC9CD6586034225ACA2F8966BC1A4D6BAA5ACC9E ] C:\Program Files (x86)\Winamp\winampa.exe
    05:28:17.0838 0x0d10 WinampAgent - ok
    05:28:18.0369 0x0d10 [ 93D4E7E780D6A385FCC226D1596E0ACA, 2F079B84BBF289CF484745544AE084A9BA83FB398259FB3D0042EA7E9A0AABC0 ] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
    05:28:18.0774 0x0d10 Malwarebytes Anti-Exploit - ok
    05:28:19.0898 0x0d10 [ 06964B7DE858BB6317164BF184E9C766, ADE3D2A7256A8F3F11B6E35979413850EB22B9BBADCE3EC73BE04A1622512126 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
    05:28:20.0865 0x0d10 AvastUI.exe - ok
    05:28:21.0053 0x0d10 [ 1606CBD0193E93952CD4EACDC9229651, 0FC50B71C1C7F607FF66BF4EF066AA1CC2AA373F9475B4FCC32CCF50F93D5CDC ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    05:28:21.0100 0x0d10 SunJavaUpdateSched - ok
    05:28:21.0396 0x0d10 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
    05:28:21.0615 0x0d10 Sidebar - ok
    05:28:21.0693 0x0d10 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
    05:28:21.0739 0x0d10 mctadmin - ok
    05:28:22.0008 0x0d10 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
    05:28:22.0180 0x0d10 Sidebar - ok
    05:28:22.0242 0x0d10 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
    05:28:22.0289 0x0d10 mctadmin - ok
    05:28:22.0305 0x0d10 Waiting for KSN requests completion. In queue: 9
    05:28:23.0319 0x0d10 Waiting for KSN requests completion. In queue: 9
    05:28:24.0333 0x0d10 Waiting for KSN requests completion. In queue: 9
    05:28:25.0347 0x0d10 Waiting for KSN requests completion. In queue: 9
    05:28:26.0782 0x0d10 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2215.880 ), 0x41000 ( enabled : updated )
    05:28:27.0359 0x0d10 Win FW state via NFP2: enabled
    05:28:30.0417 0x0d10 ============================================================
    05:28:30.0417 0x0d10 Scan finished
    05:28:30.0417 0x0d10 ============================================================
    05:28:30.0526 0x0e1c Detected object count: 1
    05:28:30.0526 0x0e1c Actual detected object count: 1
    05:28:58.0637 0x0e1c \Device\Harddisk0\DR0\Partition1 - copied to quarantine
    05:28:58.0653 0x0e1c \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
    05:28:58.0668 0x0e1c \Device\Harddisk0\DR0\Partition1 - ok
    05:28:58.0684 0x0e1c \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure
    05:28:59.0699 0x0e1c KLMD registered as C:\Windows\system32\drivers\13214291.sys
    05:29:17.0951 0x0f60 Deinitialize success
     
  14. Orcus

    Orcus TS Rookie Topic Starter Posts: 56

    Now hyeres something messed up I have a false taskhost exe and when I end process tree it creates a false com surroget and for some reason after I ran tds killer I know have a msg on my desktop in the lower corner that says this copy of windows is not genuine but I know for a fact itt is this rooy kit seems to b called cidox and every program I run finds it and removes it but when I reboot iand rescan its right back and now im being told my cop yof windows is npt genuine?? and I know for an absolute fact it is ??? im thuroughrly confused at this point how do I reverify my version of windows will a system restore make it go back to being verified
     
  15. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    No. System restore won't fix it.
    Unfortunately some infection like rootkits will cause this kind of issue.
    We'll see what we can do about it.

    Re-run TDSSKiller one more time and post fresh log.
     
  16. Orcus

    Orcus TS Rookie Topic Starter Posts: 56

    Ok I fixed the windows not genuine thing I went to the cmd prompt and typed SLMGR/REARM and it popped up that I needed to restart and when I did it was fixed it is apparently a fairly common issue but back to thiis Cidox root kit nothing I do getd rid of it or it does but it comes back as soon as I reboot
     
  17. Orcus

    Orcus TS Rookie Topic Starter Posts: 56

    Ok first I should b more clear on how I fixed the this version of windows is not genuine issue
    1 I went to the start menue and typed cmd in the search box
    2 I right clicked on cmd and clicked run as administrator to open the dos command prompt (to do this u must run as administrator)
    3 when the dos command prompt opened I typed SLMGR -REARM (SLMGR is Windows software licensing management tool. REARM command will reset the licensing status of machine) and press enter. If you see same error message, then try SLMGR /REARM instead of SLMGR -REARM.
    5 when the box came up saying I needed to restart I did and the this version of windows is not genuine message was gone
    but now tdsskiller is saying nothing found but I still have the same extra processes and my cpu usage is constantly at 100% also the svchost.exe process connected to the computer browser service, background intelligent transfer service and a cpl other services r connected to goes up and keeps going up until I end process tree on it a cpl times and stop the background intelligent transfer service then it stays within normal usage range I still have multiple com surroget processes and the same stuff as before as well im gonna try to reboot and then re run tdsskiller bc this cidox seems like once a virus program gets rid of it that it can then fool the program into thinking its gone when it isnt and ill post both the log from tdsskiller saying all clear and the log after I reboot here
     
  18. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Very well...

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  19. Orcus

    Orcus TS Rookie Topic Starter Posts: 56

    Here is the log that said nothing detected
    13:11:07.0997 0x106c TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
    13:11:18.0742 0x106c ============================================================
    13:11:18.0743 0x106c Current date / time: 2015/03/28 13:11:18.0742
    13:11:18.0743 0x106c SystemInfo:
    13:11:18.0744 0x106c
    13:11:18.0744 0x106c OS Version: 6.1.7601 ServicePack: 1.0
    13:11:18.0744 0x106c Product type: Workstation
    13:11:18.0745 0x106c ComputerName: DELL-LD531-PC
    13:11:18.0758 0x106c UserName: DELL-LD531
    13:11:18.0758 0x106c Windows directory: C:\Windows
    13:11:18.0758 0x106c System windows directory: C:\Windows
    13:11:18.0758 0x106c Running under WOW64
    13:11:18.0758 0x106c Processor architecture: Intel x64
    13:11:18.0759 0x106c Number of processors: 2
    13:11:18.0759 0x106c Page size: 0x1000
    13:11:18.0759 0x106c Boot type: Normal boot
    13:11:18.0759 0x106c ============================================================
    13:11:22.0168 0x106c KLMD registered as C:\Windows\system32\drivers\74103486.sys
    13:11:24.0556 0x106c System UUID: {6DBBFA4D-035F-533D-6F73-C562EDA8073A}
    13:11:34.0980 0x106c Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 ( 74.53 Gb ), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    13:11:35.0148 0x106c ============================================================
    13:11:35.0148 0x106c \Device\Harddisk0\DR0:
    13:11:35.0149 0x106c MBR partitions:
    13:11:35.0149 0x106c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    13:11:35.0150 0x106c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC800
    13:11:35.0150 0x106c ============================================================
    13:11:35.0218 0x106c C: <-> \Device\Harddisk0\DR0\Partition2
    13:11:35.0250 0x106c ============================================================
    13:11:35.0251 0x106c Initialize success
    13:11:35.0251 0x106c ============================================================
    13:11:42.0826 0x0620 ============================================================
    13:11:42.0826 0x0620 Scan started
    13:11:42.0826 0x0620 Mode: Manual;
    13:11:42.0827 0x0620 ============================================================
    13:11:42.0827 0x0620 KSN ping started
    13:12:02.0357 0x0620 KSN ping finished: true
    13:12:05.0345 0x0620 ================ Scan system memory ========================
    13:12:05.0345 0x0620 System memory - ok
    13:12:05.0348 0x0620 ================ Scan services =============================
    13:12:05.0911 0x0620 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
    13:12:05.0951 0x0620 1394ohci - ok
    13:12:06.0533 0x0620 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    13:12:06.0666 0x0620 ACPI - ok
    13:12:06.0741 0x0620 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    13:12:06.0760 0x0620 AcpiPmi - ok
    13:12:06.0922 0x0620 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    13:12:06.0942 0x0620 AdobeARMservice - ok
    13:12:07.0353 0x0620 [ B0FE8D243A4EC6727D7EC5019C4B26B1, 6A319A77E19937208237BDBD2A545367EEC7B4B7ED732E0BAF616070C2FD88A3 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    13:12:07.0404 0x0620 AdobeFlashPlayerUpdateSvc - ok
    13:12:07.0605 0x0620 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    13:12:07.0715 0x0620 adp94xx - ok
    13:12:07.0877 0x0620 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
    13:12:07.0955 0x0620 adpahci - ok
    13:12:08.0292 0x0620 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    13:12:08.0335 0x0620 adpu320 - ok
    13:12:08.0436 0x0620 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    13:12:08.0456 0x0620 AeLookupSvc - ok
    13:12:08.0672 0x0620 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
    13:12:08.0803 0x0620 AFD - ok
    13:12:08.0947 0x0620 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
    13:12:08.0978 0x0620 agp440 - ok
    13:12:09.0048 0x0620 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
    13:12:09.0082 0x0620 ALG - ok
    13:12:09.0210 0x0620 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
    13:12:09.0251 0x0620 aliide - ok
    13:12:09.0311 0x0620 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
    13:12:09.0323 0x0620 amdide - ok
    13:12:09.0400 0x0620 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    13:12:09.0417 0x0620 AmdK8 - ok
    13:12:09.0491 0x0620 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
    13:12:09.0508 0x0620 AmdPPM - ok
    13:12:09.0594 0x0620 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    13:12:09.0628 0x0620 amdsata - ok
    13:12:09.0785 0x0620 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    13:12:09.0823 0x0620 amdsbs - ok
    13:12:09.0964 0x0620 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
    13:12:09.0977 0x0620 amdxata - ok
    13:12:10.0069 0x0620 [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
    13:12:10.0087 0x0620 AppID - ok
    13:12:10.0145 0x0620 [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    13:12:10.0164 0x0620 AppIDSvc - ok
    13:12:10.0260 0x0620 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
    13:12:10.0292 0x0620 Appinfo - ok
    13:12:10.0442 0x0620 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
    13:12:10.0502 0x0620 AppMgmt - ok
    13:12:10.0595 0x0620 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
    13:12:10.0616 0x0620 arc - ok
    13:12:10.0694 0x0620 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
    13:12:10.0735 0x0620 arcsas - ok
    13:12:11.0082 0x0620 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    13:12:11.0120 0x0620 aspnet_state - ok
    13:12:11.0213 0x0620 [ AA0B7720D0CB89DCC3363E5DBDF3EBB6, A00E47DD5D32A3D9652B8C11899D455EA239DA33222AA80F3743BCF8BBC7BE5A ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
    13:12:11.0244 0x0620 aswHwid - ok
    13:12:11.0317 0x0620 [ 3B154DDD747CBAC31E33B276800736B0, AAE2C0F62F510C7183BAEAF762290F8431DCCC8618F80EDC9B6028720F0C1C47 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
    13:12:11.0377 0x0620 aswMonFlt - ok
    13:12:11.0464 0x0620 [ CF1BFE4B95F0626C10E96A48B9B8EAC6, 99897F005A0AD3DF7AEEAD63C662C6FC4B3BDCA47B6641AD5D12AFD2406282F1 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
    13:12:11.0495 0x0620 aswRdr - ok
    13:12:11.0607 0x0620 [ 67C5C6F9DE8F6B43372EDADEBAD85E67, 4FA16109494681BEF9F84574CF3407BB001A1757CA2CE036B8EAC969AB9D428B ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
    13:12:11.0666 0x0620 aswRvrt - ok
    13:12:11.0965 0x0620 [ BE3D7AC282909F1352742F98DA2C9D18, 15C4A3240CD37531A6A6D406E34B4AAE93DD0FA449D3F37237ECFCB01D2F3BE8 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
    13:12:12.0443 0x0620 aswSnx - ok
    13:12:12.0665 0x0620 [ 2EF2CB17A9C46AE16276A15EF2F3AF74, 7D9CB982ED06BCBCA4A714CB723E54E8DCCCA35D5D11E9E32F5D7CFE99DCA62F ] aswSP C:\Windows\system32\drivers\aswSP.sys
    13:12:12.0786 0x0620 aswSP - ok
    13:12:12.0922 0x0620 [ D4408FE64734D8DA69AB699D8A4AEF0D, F0D04D468DD3CD1F664A5FF5043A4308B539F5465C43DA0994D4D8F84753B831 ] aswStm C:\Windows\system32\drivers\aswStm.sys
    13:12:12.0951 0x0620 aswStm - ok
    13:12:13.0269 0x0620 [ 8DF6664681FF5ADDBEB0D749B85B6544, BCC2359E9A3F92499EDFD22B497048F6EA51C769D2DC70A5AD821C5AB681844C ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
    13:12:13.0325 0x0620 aswVmm - ok
    13:12:13.0524 0x0620 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    13:12:13.0841 0x0620 AsyncMac - ok
    13:12:13.0945 0x0620 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
    13:12:13.0955 0x0620 atapi - ok
    13:12:14.0489 0x0620 [ CA4A0176FA380EFD45DE9D0ACB9E1F86, D5CA4A13EE8DCCD5B01A709A808AE51AAC064F7A4C3D4F0A6E272CDB46D28585 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
    13:12:14.0914 0x0620 Ati External Event Utility - ok
    13:12:16.0617 0x0620 [ AEAE4ABE6419923C037A0B2A157E1FC6, F04A79797AB697AA8316C37DF0D79ED28A9134BD0E1B2C9400619C0A9B3634FF ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    13:12:18.0423 0x0620 atikmdag - ok
    13:12:18.0919 0x0620 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    13:12:19.0076 0x0620 AudioEndpointBuilder - ok
    13:12:19.0313 0x0620 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
    13:12:19.0463 0x0620 AudioSrv - ok
    13:12:20.0012 0x0620 [ 210A326658D72D7F2EE2267F3D9C44D4, 25BC620209B5F4BCF5C3F323290E41255F68660F3DFF901FA5A78423A7293D73 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    13:12:20.0120 0x0620 avast! Antivirus - ok
    13:12:20.0237 0x0620 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
    13:12:20.0263 0x0620 AxInstSV - ok
    13:12:20.0444 0x0620 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    13:12:20.0750 0x0620 b06bdrv - ok
    13:12:20.0989 0x0620 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    13:12:21.0081 0x0620 b57nd60a - ok
    13:12:22.0044 0x0620 [ FB4FDA64F2E8552EAEB5986C3F34462C, EFC81E1227339FC721B926633BE15B5476A161452D6D054455F4B1FE87D9B891 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
    13:12:22.0839 0x0620 BCM43XX - ok
    13:12:23.0026 0x0620 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
    13:12:23.0146 0x0620 BDESVC - ok
    13:12:23.0233 0x0620 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
    13:12:23.0243 0x0620 Beep - ok
    13:12:23.0489 0x0620 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
    13:12:23.0639 0x0620 BFE - ok
    13:12:24.0066 0x0620 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
    13:12:24.0684 0x0620 BITS - ok
    13:12:24.0820 0x0620 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    13:12:24.0848 0x0620 blbdrive - ok
    13:12:25.0008 0x0620 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    13:12:25.0040 0x0620 bowser - ok
    13:12:25.0124 0x0620 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    13:12:25.0136 0x0620 BrFiltLo - ok
    13:12:25.0257 0x0620 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    13:12:25.0290 0x0620 BrFiltUp - ok
    13:12:25.0390 0x0620 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
    13:12:25.0417 0x0620 Browser - ok
    13:12:25.0803 0x0620 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    13:12:25.0882 0x0620 Brserid - ok
    13:12:26.0070 0x0620 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    13:12:26.0085 0x0620 BrSerWdm - ok
    13:12:26.0160 0x0620 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    13:12:26.0172 0x0620 BrUsbMdm - ok
    13:12:26.0255 0x0620 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    13:12:26.0273 0x0620 BrUsbSer - ok
    13:12:26.0366 0x0620 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    13:12:26.0410 0x0620 BTHMODEM - ok
    13:12:26.0544 0x0620 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
    13:12:26.0566 0x0620 bthserv - ok
    13:12:26.0654 0x0620 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    13:12:26.0680 0x0620 cdfs - ok
    13:12:26.0805 0x0620 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    13:12:26.0848 0x0620 cdrom - ok
    13:12:26.0935 0x0620 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
    13:12:26.0955 0x0620 CertPropSvc - ok
    13:12:27.0046 0x0620 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
    13:12:27.0061 0x0620 circlass - ok
    13:12:27.0195 0x0620 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
    13:12:27.0335 0x0620 CLFS - ok
    13:12:27.0478 0x0620 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    13:12:27.0535 0x0620 clr_optimization_v2.0.50727_32 - ok
    13:12:27.0993 0x0620 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    13:12:28.0034 0x0620 clr_optimization_v2.0.50727_64 - ok
    13:12:28.0329 0x0620 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    13:12:28.0526 0x0620 clr_optimization_v4.0.30319_32 - ok
    13:12:28.0669 0x0620 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    13:12:28.0712 0x0620 clr_optimization_v4.0.30319_64 - ok
    13:12:28.0813 0x0620 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    13:12:28.0841 0x0620 CmBatt - ok
    13:12:28.0902 0x0620 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
    13:12:28.0924 0x0620 cmdide - ok
    13:12:29.0121 0x0620 [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
    13:12:29.0218 0x0620 CNG - ok
    13:12:29.0304 0x0620 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    13:12:29.0325 0x0620 Compbatt - ok
    13:12:29.0389 0x0620 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    13:12:29.0411 0x0620 CompositeBus - ok
    13:12:29.0486 0x0620 COMSysApp - ok
    13:12:29.0582 0x0620 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    13:12:29.0592 0x0620 crcdisk - ok
    13:12:29.0751 0x0620 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll
    13:12:29.0817 0x0620 CryptSvc - ok
    13:12:30.0009 0x0620 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
    13:12:30.0108 0x0620 CSC - ok
    13:12:30.0330 0x0620 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
    13:12:30.0450 0x0620 CscService - ok
    13:12:30.0826 0x0620 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
    13:12:30.0983 0x0620 DcomLaunch - ok
    13:12:31.0131 0x0620 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
    13:12:31.0255 0x0620 defragsvc - ok
    13:12:31.0370 0x0620 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    13:12:31.0400 0x0620 DfsC - ok
    13:12:31.0642 0x0620 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
    13:12:31.0725 0x0620 Dhcp - ok
    13:12:31.0812 0x0620 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
    13:12:31.0836 0x0620 discache - ok
    13:12:31.0906 0x0620 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
    13:12:31.0933 0x0620 Disk - ok
    13:12:32.0042 0x0620 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
    13:12:32.0062 0x0620 dmvsc - ok
    13:12:32.0150 0x0620 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    13:12:32.0195 0x0620 Dnscache - ok
    13:12:32.0318 0x0620 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
    13:12:32.0419 0x0620 dot3svc - ok
    13:12:32.0562 0x0620 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
    13:12:32.0617 0x0620 DPS - ok
    13:12:32.0692 0x0620 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    13:12:32.0701 0x0620 drmkaud - ok
    13:12:32.0852 0x0620 [ 46571ED73AE84469DCA53081D33CF3C8, 8BB386BB4F6AD39F06A8607CD1DF3D67CFA45BBE52E40EDB90EB8C862283EBFF ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    13:12:32.0901 0x0620 dtsoftbus01 - ok
    13:12:33.0316 0x0620 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    13:12:33.0580 0x0620 DXGKrnl - ok
    13:12:33.0716 0x0620 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
    13:12:33.0748 0x0620 EapHost - ok
    13:12:34.0845 0x0620 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
    13:12:35.0838 0x0620 ebdrv - ok
    13:12:36.0039 0x0620 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] EFS C:\Windows\System32\lsass.exe
    13:12:36.0061 0x0620 EFS - ok
    13:12:36.0333 0x0620 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    13:12:36.0540 0x0620 ehRecvr - ok
    13:12:36.0637 0x0620 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
    13:12:36.0665 0x0620 ehSched - ok
    13:12:36.0855 0x0620 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    13:12:36.0974 0x0620 elxstor - ok
    13:12:37.0127 0x0620 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    13:12:37.0144 0x0620 ErrDev - ok
    13:12:37.0345 0x0620 [ 00C3C6C55C435810C9475C219F4D1B26, 397E57AD97DD2C233ACF4C210B4AD227C516C9B2D01680FE22198168B627D267 ] ESProtectionDriver C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
    13:12:37.0400 0x0620 ESProtectionDriver - ok
    13:12:37.0571 0x0620 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
    13:12:37.0675 0x0620 EventSystem - ok
    13:12:37.0816 0x0620 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
    13:12:37.0867 0x0620 exfat - ok
    13:12:38.0035 0x0620 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    13:12:38.0077 0x0620 fastfat - ok
    13:12:38.0453 0x0620 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
    13:12:38.0605 0x0620 Fax - ok
    13:12:38.0730 0x0620 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
    13:12:38.0811 0x0620 fdc - ok
    13:12:38.0877 0x0620 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
    13:12:38.0898 0x0620 fdPHost - ok
    13:12:38.0981 0x0620 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
    13:12:39.0091 0x0620 FDResPub - ok
    13:12:39.0166 0x0620 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    13:12:39.0192 0x0620 FileInfo - ok
    13:12:39.0272 0x0620 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    13:12:39.0382 0x0620 Filetrace - ok
    13:12:39.0434 0x0620 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    13:12:39.0456 0x0620 flpydisk - ok
    13:12:39.0608 0x0620 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    13:12:39.0676 0x0620 FltMgr - ok
    13:12:40.0175 0x0620 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
    13:12:40.0394 0x0620 FontCache - ok
    13:12:40.0518 0x0620 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    13:12:40.0550 0x0620 FontCache3.0.0.0 - ok
    13:12:40.0643 0x0620 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    13:12:40.0737 0x0620 FsDepends - ok
    13:12:40.0815 0x0620 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    13:12:40.0846 0x0620 Fs_Rec - ok
    13:12:40.0971 0x0620 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    13:12:41.0033 0x0620 fvevol - ok
    13:12:41.0127 0x0620 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    13:12:41.0158 0x0620 gagp30kx - ok
    13:12:41.0314 0x0620 getbus - ok
    13:12:41.0610 0x0620 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
    13:12:41.0892 0x0620 gpsvc - ok
    13:12:42.0079 0x0620 [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    13:12:42.0095 0x0620 gupdate - ok
    13:12:42.0189 0x0620 [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    13:12:42.0220 0x0620 gupdatem - ok
    13:12:42.0282 0x0620 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    13:12:42.0313 0x0620 hcw85cir - ok
    13:12:42.0454 0x0620 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    13:12:42.0532 0x0620 HdAudAddService - ok
    13:12:42.0672 0x0620 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    13:12:42.0703 0x0620 HDAudBus - ok
    13:12:42.0766 0x0620 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    13:12:42.0797 0x0620 HidBatt - ok
    13:12:42.0891 0x0620 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    13:12:42.0906 0x0620 HidBth - ok
    13:12:42.0984 0x0620 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
    13:12:43.0015 0x0620 HidIr - ok
    13:12:43.0140 0x0620 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
    13:12:43.0203 0x0620 hidserv - ok
    13:12:43.0312 0x0620 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    13:12:43.0327 0x0620 HidUsb - ok
    13:12:43.0422 0x0620 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
    13:12:43.0500 0x0620 hkmsvc - ok
    13:12:43.0609 0x0620 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    13:12:43.0656 0x0620 HomeGroupListener - ok
    13:12:43.0796 0x0620 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    13:12:43.0890 0x0620 HomeGroupProvider - ok
    13:12:43.0984 0x0620 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    13:12:43.0999 0x0620 HpSAMD - ok
    13:12:44.0233 0x0620 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    13:12:44.0420 0x0620 HTTP - ok
    13:12:44.0561 0x0620 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    13:12:44.0576 0x0620 hwpolicy - ok
    13:12:44.0717 0x0620 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    13:12:44.0764 0x0620 i8042prt - ok
    13:12:44.0920 0x0620 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    13:12:45.0029 0x0620 iaStorV - ok
    13:12:45.0372 0x0620 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    13:12:45.0793 0x0620 idsvc - ok
    13:12:45.0934 0x0620 IEEtwCollectorService - ok
    13:12:46.0105 0x0620 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    13:12:46.0121 0x0620 iirsp - ok
    13:12:46.0386 0x0620 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
    13:12:46.0651 0x0620 IKEEXT - ok
    13:12:46.0838 0x0620 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
    13:12:46.0870 0x0620 intelide - ok
    13:12:46.0963 0x0620 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\drivers\intelppm.sys
    13:12:47.0072 0x0620 intelppm - ok
    13:12:47.0182 0x0620 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    13:12:47.0338 0x0620 IPBusEnum - ok
    13:12:47.0431 0x0620 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    13:12:47.0447 0x0620 IpFilterDriver - ok
    13:12:47.0729 0x0620 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    13:12:47.0916 0x0620 iphlpsvc - ok
    13:12:48.0009 0x0620 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    13:12:48.0056 0x0620 IPMIDRV - ok
    13:12:48.0134 0x0620 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    13:12:48.0171 0x0620 IPNAT - ok
    13:12:48.0238 0x0620 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
    13:12:48.0254 0x0620 IRENUM - ok
    13:12:48.0332 0x0620 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    13:12:48.0347 0x0620 isapnp - ok
    13:12:48.0472 0x0620 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    13:12:48.0536 0x0620 iScsiPrt - ok
    13:12:48.0614 0x0620 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    13:12:48.0692 0x0620 kbdclass - ok
    13:12:48.0754 0x0620 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    13:12:48.0770 0x0620 kbdhid - ok
    13:12:48.0833 0x0620 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] KeyIso C:\Windows\system32\lsass.exe
    13:12:48.0864 0x0620 KeyIso - ok
    13:12:48.0958 0x0620 [ 56ED3EE5FED6BF2FC1305CF872042868, 44F77AE3CD83284800FF106156ABCB63047327855E2535EE278289AF6F05579C ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    13:12:49.0005 0x0620 KSecDD - ok
    13:12:49.0083 0x0620 [ 8BA90F480705D7153AD0060CCA62222A, B3E610DFAB382368114D026947084A72AFC4F5BF9C28317F411D4ED91E0B3192 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    13:12:49.0161 0x0620 KSecPkg - ok
    13:12:49.0239 0x0620 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    13:12:49.0254 0x0620 ksthunk - ok
    13:12:49.0426 0x0620 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
    13:12:49.0519 0x0620 KtmRm - ok
    13:12:49.0722 0x0620 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
    13:12:49.0831 0x0620 LanmanServer - ok
    13:12:49.0925 0x0620 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    13:12:49.0972 0x0620 LanmanWorkstation - ok
    13:12:50.0081 0x0620 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    13:12:50.0159 0x0620 lltdio - ok
    13:12:50.0254 0x0620 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    13:12:50.0378 0x0620 lltdsvc - ok
    13:12:50.0456 0x0620 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
    13:12:50.0472 0x0620 lmhosts - ok
    13:12:50.0644 0x0620 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    13:12:50.0675 0x0620 LSI_FC - ok
    13:12:50.0800 0x0620 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    13:12:50.0846 0x0620 LSI_SAS - ok
    13:12:50.0924 0x0620 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    13:12:50.0956 0x0620 LSI_SAS2 - ok
    13:12:51.0018 0x0620 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    13:12:51.0065 0x0620 LSI_SCSI - ok
    13:12:51.0158 0x0620 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
    13:12:51.0190 0x0620 luafv - ok
    13:12:51.0268 0x0620 [ DED333DBDBBCC3555A6E6244522E2F1A, 6909875090A9013685BA16EAAC666C173F138F0AF7172A40E746E6EFDE02D133 ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
    13:12:51.0283 0x0620 LVPr2M64 - ok
    13:12:51.0361 0x0620 [ DED333DBDBBCC3555A6E6244522E2F1A, 6909875090A9013685BA16EAAC666C173F138F0AF7172A40E746E6EFDE02D133 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
    13:12:51.0377 0x0620 LVPr2Mon - ok
    13:12:51.0502 0x0620 [ A35679E56E78091E1042A2D7ADBF2958, F2282B697DCDD5767F65D99FEA374D3757C6133D42BD5A9C582C217619213290 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    13:12:51.0548 0x0620 LVPrcS64 - ok
    13:12:51.0626 0x0620 [ 5C3FF68267A5D242EE79EE01B993D6CE, 853637AC30A16698F2F583693E98B67104ECE5B8F80C6FB88266665162623B92 ] LVUSBS64 C:\Windows\system32\DRIVERS\LVUSBS64.sys
    13:12:51.0642 0x0620 LVUSBS64 - ok
    13:12:51.0938 0x0620 [ FCF1A9F544CD89564CFAC9572AB2DDBB, B5793DF12FE656FF73F3094CEE8986E2E90C64C47EAED9FA190A66E601125B42 ] MbaeSvc C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
    13:12:52.0063 0x0620 MbaeSvc - ok
    13:12:52.0157 0x0620 [ CF12E148C6FC151335B7D7FE03F1C7A2, 7087DF6D884AF0A57AC22D7AE9C2903913AAB4CE52D19666B6513C3D5706E43C ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    13:12:52.0172 0x0620 MBAMProtector - ok
    13:12:52.0938 0x0620 [ 86701B8E4C53280AA8642AC85F8500F4, 6839F2B840410857AE7DA215A17922A7499A9B99D96032756525878E98175103 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    13:12:53.0499 0x0620 MBAMScheduler - ok
    13:12:53.0889 0x0620 [ E27891A49DF92004041FEC5C3A2D4230, A4679A1F10F84935875E35A83FC7075499B8F4CBB543209A38C0D946347CD264 ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    13:12:54.0170 0x0620 MBAMService - ok
    13:12:54.0373 0x0620 [ E9CD058C79EA15B4AA93E259FA713B07, 2B09F65188D8782F9C797545F2F791EC7EAB85D8914B2C0B30BD869C412E3980 ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
    13:12:54.0404 0x0620 MBAMSwissArmy - ok
    13:12:54.0529 0x0620 [ 0CE2F3E26C770CBAEB50787A2C1FD09E, 2DDB1827027D2CC8E78FE737B5DA21783EFCD13430DBB140C34DAACACD6EF492 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
    13:12:54.0545 0x0620 MBAMWebAccessControl - ok
    13:12:54.0638 0x0620 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    13:12:54.0669 0x0620 Mcx2Svc - ok
    13:12:54.0794 0x0620 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
    13:12:54.0841 0x0620 megasas - ok
    13:12:54.0981 0x0620 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    13:12:55.0028 0x0620 MegaSR - ok
    13:12:55.0215 0x0620 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
    13:12:55.0247 0x0620 MMCSS - ok
    13:12:55.0309 0x0620 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
    13:12:55.0340 0x0620 Modem - ok
    13:12:55.0418 0x0620 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    13:12:55.0434 0x0620 monitor - ok
    13:12:55.0543 0x0620 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    13:12:55.0559 0x0620 mouclass - ok
    13:12:55.0638 0x0620 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    13:12:55.0653 0x0620 mouhid - ok
    13:12:55.0778 0x0620 [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    13:12:55.0809 0x0620 mountmgr - ok
    13:12:55.0934 0x0620 [ 81E8AF6407EC3F41908FE37F054353EA, 756C7656ED68AEAE4225E952ED1CED0717264D3378DB8DF0B2D70B6EBC67C62F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    13:12:55.0981 0x0620 MozillaMaintenance - ok
    13:12:56.0074 0x0620 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
    13:12:56.0121 0x0620 mpio - ok
    13:12:56.0215 0x0620 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    13:12:56.0230 0x0620 mpsdrv - ok
    13:12:56.0511 0x0620 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
    13:12:56.0730 0x0620 MpsSvc - ok
    13:12:56.0839 0x0620 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    13:12:56.0870 0x0620 MRxDAV - ok
    13:12:57.0073 0x0620 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    13:12:57.0213 0x0620 mrxsmb - ok
    13:12:57.0400 0x0620 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    13:12:57.0463 0x0620 mrxsmb10 - ok
    13:12:57.0603 0x0620 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    13:12:57.0634 0x0620 mrxsmb20 - ok
    13:12:57.0775 0x0620 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
    13:12:57.0806 0x0620 msahci - ok
    13:12:57.0962 0x0620 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    13:12:57.0993 0x0620 msdsm - ok
    13:12:58.0087 0x0620 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
    13:12:58.0149 0x0620 MSDTC - ok
    13:12:58.0243 0x0620 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    13:12:58.0274 0x0620 Msfs - ok
    13:12:58.0399 0x0620 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    13:12:58.0414 0x0620 mshidkmdf - ok
    13:12:58.0492 0x0620 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    13:12:58.0508 0x0620 msisadrv - ok
    13:12:58.0711 0x0620 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    13:12:58.0773 0x0620 MSiSCSI - ok
    13:12:58.0820 0x0620 msiserver - ok
    13:12:58.0914 0x0620 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    13:12:58.0929 0x0620 MSKSSRV - ok
    13:12:59.0008 0x0620 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    13:12:59.0039 0x0620 MSPCLOCK - ok
    13:12:59.0102 0x0620 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    13:12:59.0133 0x0620 MSPQM - ok
    13:12:59.0305 0x0620 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    13:12:59.0383 0x0620 MsRPC - ok
    13:12:59.0461 0x0620 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
     
  20. Orcus

    Orcus TS Rookie Topic Starter Posts: 56

    \mssmbios.sys
    13:12:59.0507 0x0620 mssmbios - ok
    13:12:59.0617 0x0620 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    13:12:59.0648 0x0620 MSTEE - ok
    13:12:59.0726 0x0620 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    13:12:59.0757 0x0620 MTConfig - ok
    13:12:59.0836 0x0620 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
    13:12:59.0867 0x0620 Mup - ok
    13:13:00.0148 0x0620 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
    13:13:00.0257 0x0620 napagent - ok
    13:13:00.0507 0x0620 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    13:13:00.0663 0x0620 NativeWifiP - ok
    13:13:00.0990 0x0620 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
    13:13:01.0224 0x0620 NDIS - ok
    13:13:01.0349 0x0620 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    13:13:01.0380 0x0620 NdisCap - ok
    13:13:01.0427 0x0620 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    13:13:01.0458 0x0620 NdisTapi - ok
    13:13:01.0552 0x0620 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    13:13:01.0583 0x0620 Ndisuio - ok
    13:13:01.0678 0x0620 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    13:13:01.0771 0x0620 NdisWan - ok
    13:13:01.0834 0x0620 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    13:13:01.0849 0x0620 NDProxy - ok
    13:13:01.0912 0x0620 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    13:13:01.0943 0x0620 NetBIOS - ok
    13:13:02.0053 0x0620 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    13:13:02.0177 0x0620 NetBT - ok
    13:13:02.0272 0x0620 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] Netlogon C:\Windows\system32\lsass.exe
    13:13:02.0288 0x0620 Netlogon - ok
    13:13:02.0444 0x0620 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
    13:13:02.0537 0x0620 Netman - ok
    13:13:02.0802 0x0620 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    13:13:02.0912 0x0620 NetMsmqActivator - ok
    13:13:02.0975 0x0620 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    13:13:03.0006 0x0620 NetPipeActivator - ok
    13:13:03.0178 0x0620 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
    13:13:03.0303 0x0620 netprofm - ok
    13:13:03.0459 0x0620 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    13:13:03.0490 0x0620 NetTcpActivator - ok
    13:13:03.0552 0x0620 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    13:13:03.0615 0x0620 NetTcpPortSharing - ok
    13:13:03.0724 0x0620 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    13:13:03.0755 0x0620 nfrd960 - ok
    13:13:03.0895 0x0620 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
    13:13:03.0958 0x0620 NlaSvc - ok
    13:13:04.0067 0x0620 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
    13:13:04.0098 0x0620 Npfs - ok
    13:13:04.0161 0x0620 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
    13:13:04.0192 0x0620 nsi - ok
    13:13:04.0255 0x0620 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    13:13:04.0271 0x0620 nsiproxy - ok
    13:13:04.0848 0x0620 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    13:13:05.0348 0x0620 Ntfs - ok
    13:13:05.0457 0x0620 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
    13:13:05.0598 0x0620 Null - ok
    13:13:05.0756 0x0620 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    13:13:05.0787 0x0620 nvraid - ok
    13:13:06.0022 0x0620 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    13:13:06.0053 0x0620 nvstor - ok
    13:13:06.0193 0x0620 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    13:13:06.0209 0x0620 nv_agp - ok
    13:13:06.0396 0x0620 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    13:13:06.0443 0x0620 ohci1394 - ok
    13:13:06.0677 0x0620 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    13:13:06.0811 0x0620 p2pimsvc - ok
    13:13:06.0990 0x0620 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
    13:13:07.0150 0x0620 p2psvc - ok
    13:13:07.0262 0x0620 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
    13:13:07.0278 0x0620 Parport - ok
    13:13:07.0387 0x0620 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    13:13:07.0402 0x0620 partmgr - ok
    13:13:07.0512 0x0620 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
    13:13:07.0558 0x0620 PcaSvc - ok
    13:13:07.0668 0x0620 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
    13:13:07.0699 0x0620 pci - ok
    13:13:07.0809 0x0620 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
    13:13:07.0825 0x0620 pciide - ok
    13:13:08.0012 0x0620 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    13:13:08.0090 0x0620 pcmcia - ok
    13:13:08.0168 0x0620 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
    13:13:08.0199 0x0620 pcw - ok
    13:13:08.0402 0x0620 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    13:13:08.0605 0x0620 PEAUTH - ok
    13:13:09.0041 0x0620 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    13:13:09.0447 0x0620 PeerDistSvc - ok
    13:13:09.0698 0x0620 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
    13:13:09.0791 0x0620 PerfHost - ok
    13:13:10.0992 0x0620 [ AE0B94363DA0F60D42B9D05B352F61ED, 284EA0123798BDBBAA93F912AD45B3D3F1F662FDDA5C73C0AC0D76AC2F9033C0 ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V64.SYS
    13:13:11.0648 0x0620 PID_PEPI - ok
    13:13:12.0209 0x0620 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
    13:13:12.0599 0x0620 pla - ok
    13:13:12.0864 0x0620 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    13:13:12.0974 0x0620 PlugPlay - ok
    13:13:13.0083 0x0620 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    13:13:13.0114 0x0620 PNRPAutoReg - ok
    13:13:13.0270 0x0620 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    13:13:13.0348 0x0620 PNRPsvc - ok
    13:13:13.0613 0x0620 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    13:13:13.0785 0x0620 PolicyAgent - ok
    13:13:13.0988 0x0620 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
    13:13:14.0034 0x0620 Power - ok
    13:13:14.0128 0x0620 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    13:13:14.0175 0x0620 PptpMiniport - ok
    13:13:14.0253 0x0620 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
    13:13:14.0284 0x0620 Processor - ok
    13:13:14.0549 0x0620 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
    13:13:14.0612 0x0620 ProfSvc - ok
    13:13:14.0674 0x0620 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] ProtectedStorage C:\Windows\system32\lsass.exe
    13:13:14.0721 0x0620 ProtectedStorage - ok
    13:13:14.0799 0x0620 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    13:13:14.0861 0x0620 Psched - ok
    13:13:15.0376 0x0620 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    13:13:15.0782 0x0620 ql2300 - ok
    13:13:15.0969 0x0620 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    13:13:16.0016 0x0620 ql40xx - ok
    13:13:16.0187 0x0620 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
    13:13:16.0250 0x0620 QWAVE - ok
    13:13:16.0328 0x0620 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    13:13:16.0343 0x0620 QWAVEdrv - ok
    13:13:16.0406 0x0620 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    13:13:16.0421 0x0620 RasAcd - ok
    13:13:16.0499 0x0620 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    13:13:16.0515 0x0620 RasAgileVpn - ok
    13:13:16.0593 0x0620 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
    13:13:16.0640 0x0620 RasAuto - ok
    13:13:16.0733 0x0620 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    13:13:16.0764 0x0620 Rasl2tp - ok
    13:13:16.0920 0x0620 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
    13:13:17.0030 0x0620 RasMan - ok
    13:13:17.0217 0x0620 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    13:13:17.0248 0x0620 RasPppoe - ok
    13:13:17.0342 0x0620 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    13:13:17.0357 0x0620 RasSstp - ok
    13:13:17.0622 0x0620 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    13:13:17.0854 0x0620 rdbss - ok
    13:13:17.0941 0x0620 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    13:13:17.0957 0x0620 rdpbus - ok
    13:13:18.0006 0x0620 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    13:13:18.0056 0x0620 RDPCDD - ok
    13:13:18.0229 0x0620 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    13:13:18.0265 0x0620 RDPDR - ok
    13:13:18.0474 0x0620 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    13:13:18.0487 0x0620 RDPENCDD - ok
    13:13:18.0574 0x0620 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    13:13:18.0589 0x0620 RDPREFMP - ok
    13:13:18.0773 0x0620 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    13:13:18.0841 0x0620 RdpVideoMiniport - ok
    13:13:18.0945 0x0620 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    13:13:19.0025 0x0620 RDPWD - ok
    13:13:19.0178 0x0620 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    13:13:19.0225 0x0620 rdyboost - ok
    13:13:19.0356 0x0620 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
    13:13:19.0442 0x0620 RemoteAccess - ok
    13:13:19.0569 0x0620 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    13:13:19.0636 0x0620 RemoteRegistry - ok
    13:13:19.0827 0x0620 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    13:13:19.0924 0x0620 RpcEptMapper - ok
    13:13:20.0008 0x0620 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
    13:13:20.0029 0x0620 RpcLocator - ok
    13:13:20.0231 0x0620 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
    13:13:20.0446 0x0620 RpcSs - ok
    13:13:20.0654 0x0620 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    13:13:20.0756 0x0620 rspndr - ok
    13:13:20.0867 0x0620 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    13:13:20.0955 0x0620 s3cap - ok
    13:13:21.0089 0x0620 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] SamSs C:\Windows\system32\lsass.exe
    13:13:21.0155 0x0620 SamSs - ok
    13:13:21.0250 0x0620 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    13:13:21.0277 0x0620 sbp2port - ok
    13:13:21.0395 0x0620 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    13:13:21.0453 0x0620 SCardSvr - ok
    13:13:21.0532 0x0620 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    13:13:21.0689 0x0620 scfilter - ok
    13:13:22.0042 0x0620 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
    13:13:22.0486 0x0620 Schedule - ok
    13:13:22.0587 0x0620 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
    13:13:22.0617 0x0620 SCPolicySvc - ok
    13:13:22.0713 0x0620 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    13:13:22.0818 0x0620 SDRSVC - ok
    13:13:22.0933 0x0620 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
    13:13:22.0946 0x0620 secdrv - ok
    13:13:23.0068 0x0620 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
    13:13:23.0108 0x0620 seclogon - ok
    13:13:23.0216 0x0620 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
    13:13:23.0259 0x0620 SENS - ok
    13:13:23.0338 0x0620 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
    13:13:23.0391 0x0620 SensrSvc - ok
    13:13:23.0457 0x0620 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    13:13:23.0474 0x0620 Serenum - ok
    13:13:23.0577 0x0620 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
    13:13:23.0603 0x0620 Serial - ok
    13:13:23.0675 0x0620 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
    13:13:23.0690 0x0620 sermouse - ok
    13:13:24.0206 0x0620 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
    13:13:24.0261 0x0620 SessionEnv - ok
    13:13:24.0324 0x0620 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    13:13:24.0364 0x0620 sffdisk - ok
    13:13:24.0421 0x0620 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    13:13:24.0456 0x0620 sffp_mmc - ok
    13:13:24.0557 0x0620 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    13:13:24.0570 0x0620 sffp_sd - ok
    13:13:24.0626 0x0620 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    13:13:24.0650 0x0620 sfloppy - ok
    13:13:24.0961 0x0620 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    13:13:25.0069 0x0620 SharedAccess - ok
    13:13:25.0320 0x0620 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    13:13:25.0432 0x0620 ShellHWDetection - ok
    13:13:25.0546 0x0620 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    13:13:25.0571 0x0620 SiSRaid2 - ok
    13:13:25.0650 0x0620 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    13:13:25.0672 0x0620 SiSRaid4 - ok
    13:13:25.0760 0x0620 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    13:13:25.0810 0x0620 Smb - ok
    13:13:25.0942 0x0620 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    13:13:25.0975 0x0620 SNMPTRAP - ok
    13:13:26.0047 0x0620 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
    13:13:26.0073 0x0620 spldr - ok
    13:13:26.0433 0x0620 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
    13:13:26.0590 0x0620 Spooler - ok
    13:13:27.0701 0x0620 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
    13:13:28.0544 0x0620 sppsvc - ok
    13:13:28.0715 0x0620 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    13:13:28.0768 0x0620 sppuinotify - ok
    13:13:28.0959 0x0620 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
    13:13:29.0130 0x0620 srv - ok
    13:13:29.0324 0x0620 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    13:13:29.0416 0x0620 srv2 - ok
    13:13:29.0572 0x0620 [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    13:13:29.0650 0x0620 SrvHsfHDA - ok
    13:13:29.0977 0x0620 [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    13:13:30.0367 0x0620 SrvHsfV92 - ok
    13:13:30.0586 0x0620 [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    13:13:30.0742 0x0620 SrvHsfWinac - ok
    13:13:31.0007 0x0620 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    13:13:31.0038 0x0620 srvnet - ok
    13:13:31.0132 0x0620 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    13:13:31.0210 0x0620 SSDPSRV - ok
    13:13:31.0288 0x0620 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
    13:13:31.0319 0x0620 SstpSvc - ok
    13:13:31.0412 0x0620 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
    13:13:31.0444 0x0620 stexstor - ok
    13:13:31.0693 0x0620 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
    13:13:31.0943 0x0620 stisvc - ok
    13:13:32.0052 0x0620 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    13:13:32.0083 0x0620 storflt - ok
    13:13:32.0146 0x0620 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
    13:13:32.0161 0x0620 storvsc - ok
    13:13:32.0255 0x0620 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    13:13:32.0317 0x0620 swenum - ok
    13:13:32.0568 0x0620 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
    13:13:32.0693 0x0620 swprv - ok
    13:13:32.0802 0x0620 [ C3A39C4079305480972D29C44B868C78, 8F1BB75C743256F905EAEDE744B6082C53774C49126875FB4E4FBA30F5478B17 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
    13:13:32.0833 0x0620 Synth3dVsc - ok
    13:13:33.0410 0x0620 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
    13:13:33.0987 0x0620 SysMain - ok
    13:13:34.0112 0x0620 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
    13:13:34.0143 0x0620 TabletInputService - ok
    13:13:34.0284 0x0620 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
    13:13:34.0440 0x0620 TapiSrv - ok
    13:13:34.0502 0x0620 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
    13:13:34.0565 0x0620 TBS - ok
    13:13:35.0096 0x0620 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    13:13:35.0503 0x0620 Tcpip - ok
    13:13:36.0236 0x0620 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    13:13:36.0595 0x0620 TCPIP6 - ok
    13:13:36.0751 0x0620 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    13:13:36.0844 0x0620 tcpipreg - ok
    13:13:36.0953 0x0620 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    13:13:36.0969 0x0620 TDPIPE - ok
    13:13:37.0047 0x0620 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    13:13:37.0063 0x0620 TDTCP - ok
    13:13:37.0203 0x0620 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    13:13:37.0250 0x0620 tdx - ok
    13:13:37.0312 0x0620 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    13:13:37.0375 0x0620 TermDD - ok
    13:13:37.0468 0x0620 [ EF4469AB69EB15E5D3754E6AEAFBCD3D, 3609214C3D5181364B544EBF17E9A109952BE1C4C35BE0A8727BFA8F49ECB130 ] terminpt C:\Windows\system32\drivers\terminpt.sys
    13:13:37.0499 0x0620 terminpt - ok
    13:13:37.0749 0x0620 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
    13:13:38.0030 0x0620 TermService - ok
    13:13:38.0139 0x0620 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
    13:13:38.0170 0x0620 Themes - ok
    13:13:38.0311 0x0620 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
    13:13:38.0342 0x0620 THREADORDER - ok
    13:13:38.0467 0x0620 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
    13:13:38.0529 0x0620 TrkWks - ok
    13:13:38.0763 0x0620 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    13:13:38.0810 0x0620 TrustedInstaller - ok
    13:13:38.0903 0x0620 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    13:13:38.0919 0x0620 tssecsrv - ok
    13:13:39.0013 0x0620 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    13:13:39.0028 0x0620 TsUsbFlt - ok
    13:13:39.0106 0x0620 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    13:13:39.0137 0x0620 TsUsbGD - ok
    13:13:39.0262 0x0620 [ E1748D04AE40118B62BC18AC86032192, A954B141D1B27272C771D14F3B40C7CC1F572DD72559F2C96182EFBE2B095FDE ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
    13:13:39.0293 0x0620 tsusbhub - ok
    13:13:39.0527 0x0620 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    13:13:39.0559 0x0620 tunnel - ok
    13:13:39.0699 0x0620 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    13:13:39.0715 0x0620 uagp35 - ok
    13:13:39.0871 0x0620 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    13:13:39.0995 0x0620 udfs - ok
    13:13:40.0184 0x0620 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
    13:13:40.0230 0x0620 UI0Detect - ok
    13:13:40.0324 0x0620 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    13:13:40.0355 0x0620 uliagpkx - ok
    13:13:40.0464 0x0620 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    13:13:40.0527 0x0620 umbus - ok
    13:13:40.0620 0x0620 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
    13:13:40.0652 0x0620 UmPass - ok
    13:13:40.0792 0x0620 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
    13:13:40.0854 0x0620 UmRdpService - ok
    13:13:40.0995 0x0620 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
    13:13:41.0182 0x0620 upnphost - ok
    13:13:41.0338 0x0620 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    13:13:41.0369 0x0620 usbaudio - ok
    13:13:41.0478 0x0620 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    13:13:41.0510 0x0620 usbccgp - ok
    13:13:41.0619 0x0620 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
    13:13:41.0666 0x0620 usbcir - ok
    13:13:41.0775 0x0620 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    13:13:41.0806 0x0620 usbehci - ok
    13:13:42.0072 0x0620 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    13:13:42.0181 0x0620 usbhub - ok
    13:13:42.0306 0x0620 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    13:13:42.0400 0x0620 usbohci - ok
    13:13:42.0541 0x0620 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    13:13:42.0557 0x0620 usbprint - ok
    13:13:42.0650 0x0620 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    13:13:42.0682 0x0620 usbscan - ok
    13:13:42.0775 0x0620 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    13:13:42.0806 0x0620 USBSTOR - ok
    13:13:42.0884 0x0620 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    13:13:42.0916 0x0620 usbuhci - ok
    13:13:42.0994 0x0620 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
    13:13:43.0040 0x0620 UxSms - ok
    13:13:43.0103 0x0620 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] VaultSvc C:\Windows\system32\lsass.exe
    13:13:43.0134 0x0620 VaultSvc - ok
    13:13:43.0228 0x0620 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    13:13:43.0243 0x0620 vdrvroot - ok
    13:13:43.0462 0x0620 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
    13:13:43.0586 0x0620 vds - ok
    13:13:43.0680 0x0620 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    13:13:43.0711 0x0620 vga - ok
    13:13:43.0789 0x0620 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
    13:13:43.0820 0x0620 VgaSave - ok
    13:13:43.0867 0x0620 VGPU - ok
    13:13:43.0992 0x0620 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    13:13:44.0101 0x0620 vhdmp - ok
    13:13:44.0210 0x0620 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
    13:13:44.0226 0x0620 viaide - ok
    13:13:44.0335 0x0620 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
    13:13:44.0398 0x0620 vmbus - ok
    13:13:44.0522 0x0620 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    13:13:44.0569 0x0620 VMBusHID - ok
    13:13:44.0647 0x0620 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    13:13:44.0678 0x0620 volmgr - ok
    13:13:44.0881 0x0620 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    13:13:44.0959 0x0620 volmgrx - ok
    13:13:45.0115 0x0620 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
    13:13:45.0178 0x0620 volsnap - ok
    13:13:45.0287 0x0620 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    13:13:45.0349 0x0620 vsmraid - ok
    13:13:45.0958 0x0620 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
    13:13:46.0379 0x0620 VSS - ok
    13:13:46.0566 0x0620 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    13:13:46.0582 0x0620 vwifibus - ok
    13:13:46.0660 0x0620 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    13:13:46.0691 0x0620 vwififlt - ok
    13:13:46.0878 0x0620 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
    13:13:47.0034 0x0620 W32Time - ok
    13:13:47.0174 0x0620 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    13:13:47.0190 0x0620 WacomPen - ok
    13:13:47.0330 0x0620 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    13:13:47.0362 0x0620 WANARP - ok
    13:13:47.0408 0x0620 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    13:13:47.0440 0x0620 Wanarpv6 - ok
    13:13:47.0892 0x0620 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    13:13:48.0157 0x0620 WatAdminSvc - ok
    13:13:48.0703 0x0620 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
    13:13:49.0062 0x0620 wbengine - ok
    13:13:49.0280 0x0620 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    13:13:49.0358 0x0620 WbioSrvc - ok
    13:13:49.0530 0x0620 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    13:13:49.0639 0x0620 wcncsvc - ok
    13:13:49.0717 0x0620 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    13:13:49.0764 0x0620 WcsPlugInService - ok
    13:13:49.0873 0x0620 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
    13:13:49.0873 0x0620 Wd - ok
    13:13:50.0107 0x0620 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    13:13:50.0310 0x0620 Wdf01000 - ok
    13:13:50.0419 0x0620 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
    13:13:50.0466 0x0620 WdiServiceHost - ok
    13:13:50.0529 0x0620 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
    13:13:50.0577 0x0620 WdiSystemHost - ok
    13:13:50.0808 0x0620 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
    13:13:50.0886 0x0620 WebClient - ok
    13:13:51.0104 0x0620 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
    13:13:51.0166 0x0620 Wecsvc - ok
    13:13:51.0276 0x0620 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    13:13:51.0322 0x0620 wercplsupport - ok
    13:13:51.0463 0x0620 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
    13:13:51.0588 0x0620 WerSvc - ok
    13:13:51.0744 0x0620 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    13:13:51.0775 0x0620 WfpLwf - ok
    13:13:51.0837 0x0620 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    13:13:51.0853 0x0620 WIMMount - ok
    13:13:51.0931 0x0620 WinDefend - ok
    13:13:52.0040 0x0620 WinHttpAutoProxySvc - ok
    13:13:52.0290 0x0620 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    13:13:52.0352 0x0620 Winmgmt - ok
    13:13:52.0867 0x0620 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
    13:13:53.0413 0x0620 WinRM - ok
    13:13:53.0726 0x0620 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    13:13:53.0757 0x0620 WinUsb - ok
    13:13:54.0210 0x0620 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
    13:13:54.0413 0x0620 Wlansvc - ok
    13:13:54.0585 0x0620 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    13:13:54.0600 0x0620 WmiAcpi - ok
    13:13:54.0757 0x0620 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    13:13:54.0820 0x0620 wmiApSrv - ok
    13:13:54.0929 0x0620 WMPNetworkSvc - ok
    13:13:55.0101 0x0620 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
    13:13:55.0194 0x0620 WPCSvc - ok
    13:13:55.0289 0x0620 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    13:13:55.0398 0x0620 WPDBusEnum - ok
    13:13:55.0554 0x0620 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    13:13:55.0601 0x0620 ws2ifsl - ok
    13:13:55.0710 0x0620 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
    13:13:55.0788 0x0620 wscsvc - ok
    13:13:55.0835 0x0620 WSearch - ok
    13:13:56.0989 0x0620 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
    13:13:57.0504 0x0620 wuauserv - ok
    13:13:57.0644 0x0620 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    13:13:57.0676 0x0620 WudfPf - ok
    13:13:57.0769 0x0620 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    13:13:57.0800 0x0620 WUDFRd - ok
    13:13:57.0910 0x0620 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    13:13:57.0956 0x0620 wudfsvc - ok
    13:13:58.0066 0x0620 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
    13:13:58.0206 0x0620 WwanSvc - ok
    13:13:58.0440 0x0620 X6va013 - ok
    13:13:58.0549 0x0620 X6va015 - ok
    13:13:58.0955 0x0620 [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService
     
  21. Orcus

    Orcus TS Rookie Topic Starter Posts: 56

    YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    13:13:59.0080 0x0620 YahooAUService - ok
    13:13:59.0142 0x0620 ================ Scan global ===============================
    13:13:59.0298 0x0620 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
    13:13:59.0423 0x0620 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
    13:13:59.0563 0x0620 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
    13:13:59.0735 0x0620 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
    13:13:59.0969 0x0620 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
    13:14:00.0062 0x0620 [ Global ] - ok
    13:14:00.0062 0x0620 ================ Scan MBR ==================================
    13:14:00.0109 0x0620 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    13:14:01.0248 0x0620 \Device\Harddisk0\DR0 - ok
    13:14:01.0248 0x0620 ================ Scan VBR ==================================
    13:14:01.0295 0x0620 [ 0B0DF563389BB8E405D95729C67480B8 ] \Device\Harddisk0\DR0\Partition1
    13:14:01.0373 0x0620 \Device\Harddisk0\DR0\Partition1 - ok
    13:14:01.0451 0x0620 [ 48AD4C460D094C87AD71EBB367788B39 ] \Device\Harddisk0\DR0\Partition2
    13:14:01.0466 0x0620 \Device\Harddisk0\DR0\Partition2 - ok
    13:14:01.0466 0x0620 ================ Scan generic autorun ======================
    13:14:01.0716 0x0620 [ 53FD418622B72D709CE92AA8DBFDB0F6, 6169893D35E424EC5CBF480C35935D5C8B464B2045D10A4A475B8442FF3C528B ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    13:14:01.0763 0x0620 StartCCC - ok
    13:14:01.0903 0x0620 [ BEAE23E7FC6DCC19E9B0F1811F02834F, AF0C770CA1E239EC700CB260BC9CD6586034225ACA2F8966BC1A4D6BAA5ACC9E ] C:\Program Files (x86)\Winamp\winampa.exe
    13:14:01.0934 0x0620 WinampAgent - ok
    13:14:03.0011 0x0620 [ 93D4E7E780D6A385FCC226D1596E0ACA, 2F079B84BBF289CF484745544AE084A9BA83FB398259FB3D0042EA7E9A0AABC0 ] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
    13:14:03.0448 0x0620 Malwarebytes Anti-Exploit - ok
    13:14:05.0288 0x0620 [ 06964B7DE858BB6317164BF184E9C766, ADE3D2A7256A8F3F11B6E35979413850EB22B9BBADCE3EC73BE04A1622512126 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
    13:14:06.0365 0x0620 AvastUI.exe - ok
    13:14:06.0724 0x0620 [ 1606CBD0193E93952CD4EACDC9229651, 0FC50B71C1C7F607FF66BF4EF066AA1CC2AA373F9475B4FCC32CCF50F93D5CDC ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    13:14:06.0786 0x0620 SunJavaUpdateSched - ok
    13:14:07.0082 0x0620 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
    13:14:07.0316 0x0620 Sidebar - ok
    13:14:07.0426 0x0620 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
    13:14:07.0457 0x0620 mctadmin - ok
    13:14:07.0816 0x0620 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
    13:14:08.0003 0x0620 Sidebar - ok
    13:14:08.0096 0x0620 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
    13:14:08.0128 0x0620 mctadmin - ok
    13:14:08.0143 0x0620 Waiting for KSN requests completion. In queue: 80
    13:14:09.0157 0x0620 Waiting for KSN requests completion. In queue: 80
    13:14:10.0171 0x0620 Waiting for KSN requests completion. In queue: 80
    13:14:15.0756 0x0620 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2215.880 ), 0x41000 ( enabled : updated )
    13:14:16.0489 0x0620 Win FW state via NFP2: enabled
    13:14:19.0578 0x0620 ============================================================
    13:14:19.0578 0x0620 Scan finished
    13:14:19.0578 0x0620 ============================================================
    13:14:19.0703 0x12a4 Detected object count: 0
    13:14:19.0703 0x12a4 Actual detected object count: 0
    13:35:30.0388 0x0554 Deinitialize success
     
  22. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Go on...
     
  23. Orcus

    Orcus TS Rookie Topic Starter Posts: 56

    Ok so malwarebytes came up with nothing but in the log it says rootkits r disabled but upon a double check of the settings it is infact set to check for them so I went back and looked thru my logs from malwarebytes for the last few days and something has overridden the setting to have it look for rootkits and told it instead to not check for root kits without changing the setting in the program but heres the log
     
  24. Orcus

    Orcus TS Rookie Topic Starter Posts: 56

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 3/28/2015
    Scan Time: 3:01:54 PM
    Logfile: cleantst1.txt
    Administrator: Yes

    Version: 2.01.4.1018
    Malware Database: v2015.03.28.06
    Rootkit Database: v2015.03.26.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: DELL-LD531

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 368102
    Time Elapsed: 1 hr, 49 min, 45 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  25. Orcus

    Orcus TS Rookie Topic Starter Posts: 56

    Adw is another one I ran a few days ago bc I had the browser shop adware popping up all over and adw and eset were what I found was used to get rid of it when I very first ran it it found this cidox rootkit but ran it today and nothing heres the log from it
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...