Inactive-A How to interfere with hijacked MS Explorer

Status
Not open for further replies.
DDS produces two logs, DDS.txt and Attach.txt.
You posted only the latter one.
If you're getting only one log...

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
13:12:30.0041 0x17bc TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
13:12:38.0903 0x17bc ============================================================
13:12:38.0903 0x17bc Current date / time: 2014/11/09 13:12:38.0903
13:12:38.0903 0x17bc SystemInfo:
13:12:38.0903 0x17bc
13:12:38.0903 0x17bc OS Version: 6.1.7601 ServicePack: 1.0
13:12:38.0903 0x17bc Product type: Workstation
13:12:38.0903 0x17bc ComputerName: E4300-PC
13:12:38.0903 0x17bc UserName: e4300
13:12:38.0904 0x17bc Windows directory: C:\Windows
13:12:38.0904 0x17bc System windows directory: C:\Windows
13:12:38.0904 0x17bc Processor architecture: Intel x86
13:12:38.0904 0x17bc Number of processors: 2
13:12:38.0904 0x17bc Page size: 0x1000
13:12:38.0904 0x17bc Boot type: Normal boot
13:12:38.0904 0x17bc ============================================================
13:12:45.0326 0x17bc KLMD registered as C:\Windows\system32\drivers\38905514.sys
13:12:46.0796 0x17bc System UUID: {60915632-BB06-43AA-DDD3-38BD0FF011F5}
13:12:50.0287 0x17bc Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:12:50.0485 0x17bc ============================================================
13:12:50.0485 0x17bc \Device\Harddisk0\DR0:
13:12:50.0505 0x17bc MBR partitions:
13:12:50.0505 0x17bc \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:12:50.0505 0x17bc \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
13:12:50.0505 0x17bc ============================================================
13:12:50.0658 0x17bc C: <-> \Device\Harddisk0\DR0\Partition2
13:12:50.0658 0x17bc ============================================================
13:12:50.0658 0x17bc Initialize success
13:12:50.0658 0x17bc ============================================================
13:12:53.0616 0x1520 ============================================================
13:12:53.0616 0x1520 Scan started
13:12:53.0616 0x1520 Mode: Manual;
13:12:53.0616 0x1520 ============================================================
13:12:53.0616 0x1520 KSN ping started
13:12:56.0559 0x1520 KSN ping finished: true
13:13:05.0617 0x1520 ================ Scan system memory ========================
13:13:05.0617 0x1520 System memory - ok
13:13:05.0618 0x1520 ================ Scan services =============================
13:13:06.0139 0x1520 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:13:06.0146 0x1520 1394ohci - ok
13:13:06.0397 0x1520 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:13:06.0405 0x1520 ACPI - ok
13:13:06.0492 0x1520 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:13:06.0522 0x1520 AcpiPmi - ok
13:13:06.0787 0x1520 [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:13:06.0789 0x1520 AdobeARMservice - ok
13:13:06.0909 0x1520 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:13:06.0960 0x1520 adp94xx - ok
13:13:06.0972 0x1520 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:13:06.0979 0x1520 adpahci - ok
13:13:07.0009 0x1520 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:13:07.0015 0x1520 adpu320 - ok
13:13:07.0045 0x1520 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:13:07.0047 0x1520 AeLookupSvc - ok
13:13:07.0152 0x1520 [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\Windows\system32\drivers\afd.sys
13:13:07.0178 0x1520 AFD - ok
13:13:07.0217 0x1520 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
13:13:07.0244 0x1520 agp440 - ok
13:13:07.0302 0x1520 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
13:13:07.0316 0x1520 aic78xx - ok
13:13:07.0387 0x1520 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
13:13:07.0439 0x1520 ALG - ok
13:13:07.0506 0x1520 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
13:13:07.0539 0x1520 aliide - ok
13:13:07.0571 0x1520 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
13:13:07.0575 0x1520 amdagp - ok
13:13:07.0591 0x1520 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
13:13:07.0594 0x1520 amdide - ok
13:13:07.0644 0x1520 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:13:07.0648 0x1520 AmdK8 - ok
13:13:07.0663 0x1520 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:13:07.0666 0x1520 AmdPPM - ok
13:13:07.0701 0x1520 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:13:07.0722 0x1520 amdsata - ok
13:13:07.0850 0x1520 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:13:07.0860 0x1520 amdsbs - ok
13:13:07.0917 0x1520 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:13:07.0940 0x1520 amdxata - ok
13:13:08.0050 0x1520 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
13:13:08.0065 0x1520 AppID - ok
13:13:08.0098 0x1520 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:13:08.0099 0x1520 AppIDSvc - ok
13:13:08.0160 0x1520 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
13:13:08.0162 0x1520 Appinfo - ok
13:13:08.0340 0x1520 [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll
13:13:08.0403 0x1520 AppMgmt - ok
13:13:08.0511 0x1520 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
13:13:08.0544 0x1520 arc - ok
13:13:08.0603 0x1520 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:13:08.0623 0x1520 arcsas - ok
13:13:09.0268 0x1520 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:13:09.0603 0x1520 aspnet_state - ok
13:13:09.0758 0x1520 [ C0E092CBE5644AE4B3C6CD7C5396DF86, 2EF4137F28A2704B7B26ECE2785332137C63A10FBB84F1626747DFCADA0B8982 ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
13:13:09.0771 0x1520 aswHwid - ok
13:13:09.0880 0x1520 [ E452BCDA6AB8EB5A1F7DF7CF06BA92E9, A0FFA8AC1342D15C9804885841C824E5E9A8D3930605CA8CA736D906007EC3E0 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
13:13:09.0924 0x1520 aswMonFlt - ok
13:13:10.0094 0x1520 [ BCD184FF4CE25F1006A213C029671FEF, 51E8A8D24E8444D27786E426CB10A39ADE1F6BBC727D5B177910E16685E881E5 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
13:13:10.0102 0x1520 aswRdr - ok
13:13:10.0161 0x1520 [ 8474B5D0A5AC05AF046DC4EA69FA44DE, D4BE2972EF420A188374245B75B157A7EA2CC5D8DA9CFB2A2237412B66F900B0 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
13:13:10.0165 0x1520 aswRvrt - ok
13:13:10.0783 0x1520 [ FDABB5AB147DCF1FE96A5AB0BD6697DD, EF69A80C10B70C7E149BBF871074838AE3F564A80B050C2E5C7B409ADCC1C772 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
13:13:10.0902 0x1520 aswSnx - ok
13:13:10.0968 0x1520 [ 4E5235F155CDF152059A6B66BCEF22B9, 9C597BF4742A97086646BAB40E76C1AE863A0B2884D2C79816F5E78CF17644F5 ] aswSP C:\Windows\system32\drivers\aswSP.sys
13:13:11.0037 0x1520 aswSP - ok
13:13:11.0078 0x1520 [ EE89A22FB9FEC2CCC8A58C3C5D3AAA73, B0273AF2C3CCBFE059CC2B4BDB82E3C14E7D7631924A964CAECDD8A0D08C3466 ] aswStm C:\Windows\system32\drivers\aswStm.sys
13:13:11.0082 0x1520 aswStm - ok
13:13:11.0146 0x1520 [ 0E9DC85996E79F3E4F3AEEA44B65468A, B82D09B70DFBB4D184E3B09F6321E94B0B6EFDD091818E9FB218D39C435A55BF ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
13:13:11.0153 0x1520 aswVmm - ok
13:13:11.0227 0x1520 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:13:11.0229 0x1520 AsyncMac - ok
13:13:11.0255 0x1520 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
13:13:11.0256 0x1520 atapi - ok
13:13:11.0632 0x1520 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:13:11.0641 0x1520 AudioEndpointBuilder - ok
13:13:11.0786 0x1520 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:13:11.0800 0x1520 Audiosrv - ok
13:13:12.0119 0x1520 [ 5CE4F1E7D1BF789919DC7F2E7603C638, 604D4D824B9FE183B82637D212D7804DC88D6475383C1E6EE4269CAAD82E7C13 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:13:12.0403 0x1520 avast! Antivirus - ok
13:13:12.0782 0x1520 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:13:13.0202 0x1520 AxInstSV - ok
13:13:13.0298 0x1520 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
13:13:13.0350 0x1520 b06bdrv - ok
13:13:13.0450 0x1520 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
13:13:13.0493 0x1520 b57nd60x - ok
13:13:13.0725 0x1520 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
13:13:13.0728 0x1520 BDESVC - ok
13:13:13.0760 0x1520 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
13:13:14.0036 0x1520 Beep - ok
13:13:14.0336 0x1520 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
13:13:14.0399 0x1520 BFE - ok
13:13:14.0576 0x1520 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
13:13:15.0025 0x1520 BITS - ok
13:13:15.0068 0x1520 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:13:15.0088 0x1520 blbdrive - ok
13:13:15.0207 0x1520 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:13:15.0234 0x1520 bowser - ok
13:13:15.0314 0x1520 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:13:15.0317 0x1520 BrFiltLo - ok
13:13:15.0333 0x1520 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:13:15.0336 0x1520 BrFiltUp - ok
13:13:15.0364 0x1520 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
13:13:15.0367 0x1520 Browser - ok
13:13:15.0494 0x1520 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:13:15.0560 0x1520 Brserid - ok
13:13:15.0579 0x1520 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:13:15.0596 0x1520 BrSerWdm - ok
13:13:15.0610 0x1520 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:13:15.0613 0x1520 BrUsbMdm - ok
13:13:15.0621 0x1520 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:13:15.0633 0x1520 BrUsbSer - ok
13:13:15.0650 0x1520 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:13:15.0663 0x1520 BTHMODEM - ok
13:13:15.0768 0x1520 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
13:13:15.0801 0x1520 bthserv - ok
13:13:15.0940 0x1520 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:13:15.0993 0x1520 cdfs - ok
13:13:16.0204 0x1520 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\drivers\cdrom.sys
13:13:16.0215 0x1520 cdrom - ok
13:13:16.0386 0x1520 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
13:13:16.0389 0x1520 CertPropSvc - ok
13:13:16.0458 0x1520 [ 34B4DB818E86C2822C2AF43108D660F1, 516831FF244C7D3018331D181278B81348A2160388BFB8DD215EEBEB2D947ED0 ] CFRMD C:\Windows\system32\DRIVERS\CFRMD.sys
13:13:16.0484 0x1520 CFRMD - ok
13:13:16.0556 0x1520 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:13:16.0583 0x1520 circlass - ok
13:13:16.0676 0x1520 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
13:13:16.0704 0x1520 CLFS - ok
13:13:16.0795 0x1520 [ 48ADC94A8FD3E7013153A1E5CD74363F, 5F8D194B62457CE2E0445FD16863DF4DC33DBB52AAF0625D70DA3E5BEC576739 ] CLPSLauncher C:\Program Files\Common Files\COMODO\launcher_service.exe
13:13:17.0075 0x1520 CLPSLauncher - ok
13:13:17.0294 0x1520 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:13:17.0512 0x1520 clr_optimization_v2.0.50727_32 - ok
13:13:17.0621 0x1520 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:13:17.0871 0x1520 clr_optimization_v4.0.30319_32 - ok
13:13:17.0949 0x1520 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:13:17.0965 0x1520 CmBatt - ok
13:13:18.0511 0x1520 [ DFACF6F69457E3EE2CE81EDCB4693674, E04CA54BCF6C75C6382423A5BC965744E76EB67E6448C1094AD4C4DBE02670DB ] CmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
13:13:18.0667 0x1520 CmdAgent - ok
13:13:18.0760 0x1520 [ D620158051DC6A9D65C863F6E7211F1E, 10442A8A887112795AB6B894F6F9AA1CC3FDF01A1B931211CFA89EDDFDC1014F ] cmderd C:\Windows\system32\DRIVERS\cmderd.sys
13:13:18.0776 0x1520 cmderd - ok
13:13:18.0963 0x1520 [ 368DFF8B4EBD9002EB428C45759C3117, 3E55C7F5D5D8F0ECB82FA6034020A40DF4532E699501A8FBE8441A9BD4F751E2 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
13:13:19.0010 0x1520 cmdGuard - ok
13:13:19.0088 0x1520 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:13:19.0119 0x1520 cmdide - ok
13:13:19.0291 0x1520 [ A665EF912EEFD99EA557C6AB35CA1021, D8B53E70DF25E036F02D3707CF18ED2980F42A99D655230A9F7804E5F5D4BAB4 ] cmdvirth C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
13:13:19.0431 0x1520 cmdvirth - ok
13:13:19.0587 0x1520 [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG C:\Windows\system32\Drivers\cng.sys
13:13:19.0681 0x1520 CNG - ok
13:13:19.0712 0x1520 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:13:19.0712 0x1520 Compbatt - ok
13:13:19.0759 0x1520 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:13:19.0774 0x1520 CompositeBus - ok
13:13:19.0821 0x1520 COMSysApp - ok
13:13:19.0868 0x1520 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:13:19.0883 0x1520 crcdisk - ok
13:13:20.0055 0x1520 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:13:20.0055 0x1520 CryptSvc - ok
13:13:20.0164 0x1520 [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC C:\Windows\system32\drivers\csc.sys
13:13:20.0211 0x1520 CSC - ok
13:13:20.0663 0x1520 [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService C:\Windows\System32\cscsvc.dll
13:13:20.0679 0x1520 CscService - ok
13:13:21.0599 0x1520 CtAudDrv - ok
13:13:21.0677 0x1520 CtClsFlt - ok
13:13:21.0833 0x1520 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
13:13:21.0849 0x1520 DcomLaunch - ok
13:13:21.0943 0x1520 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
13:13:21.0974 0x1520 defragsvc - ok
13:13:22.0083 0x1520 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:13:22.0130 0x1520 DfsC - ok
13:13:22.0255 0x1520 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
13:13:22.0270 0x1520 Dhcp - ok
13:13:22.0333 0x1520 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
13:13:22.0333 0x1520 discache - ok
13:13:22.0489 0x1520 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:13:22.0520 0x1520 Disk - ok
13:13:22.0567 0x1520 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:13:22.0582 0x1520 Dnscache - ok
13:13:22.0660 0x1520 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
13:13:22.0910 0x1520 dot3svc - ok
13:13:23.0024 0x1520 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
13:13:23.0029 0x1520 DPS - ok
13:13:23.0347 0x1520 [ 803569711F5976AD4A1469A091617946, 9FCFAE663992126B43EF9C729172A27D0B10CA758251D687430361D3A08BB4E2 ] DragonUpdater C:\Program Files\Comodo\Dragon\dragon_updater.exe
13:13:23.0590 0x1520 DragonUpdater - ok
13:13:23.0680 0x1520 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:13:23.0700 0x1520 drmkaud - ok
13:13:23.0925 0x1520 [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:13:23.0999 0x1520 DXGKrnl - ok
13:13:24.0144 0x1520 [ 8EEF52AD831471E323EE7364A8656D35, 815E8D320019F55497B716872DA02BA4DFBA3BE2DD29AF74DA86DD6B0BCE5FA6 ] e1yexpress C:\Windows\system32\DRIVERS\e1y6032.sys
13:13:24.0150 0x1520 e1yexpress - ok
13:13:24.0232 0x1520 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
13:13:24.0236 0x1520 EapHost - ok
13:13:24.0673 0x1520 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
13:13:24.0831 0x1520 ebdrv - ok
13:13:24.0894 0x1520 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS C:\Windows\System32\lsass.exe
13:13:25.0006 0x1520 EFS - ok
13:13:25.0250 0x1520 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:13:25.0769 0x1520 ehRecvr - ok
13:13:25.0852 0x1520 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
13:13:25.0881 0x1520 ehSched - ok
13:13:26.0074 0x1520 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:13:26.0140 0x1520 elxstor - ok
13:13:26.0188 0x1520 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:13:26.0256 0x1520 ErrDev - ok
13:13:26.0398 0x1520 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
13:13:26.0424 0x1520 EventSystem - ok
13:13:26.0485 0x1520 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
13:13:26.0535 0x1520 exfat - ok
13:13:26.0569 0x1520 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:13:26.0605 0x1520 fastfat - ok
13:13:26.0855 0x1520 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
13:13:26.0868 0x1520 Fax - ok
13:13:26.0921 0x1520 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:13:26.0932 0x1520 fdc - ok
13:13:26.0993 0x1520 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
13:13:27.0024 0x1520 fdPHost - ok
13:13:27.0087 0x1520 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
13:13:27.0102 0x1520 FDResPub - ok
13:13:27.0118 0x1520 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:13:27.0134 0x1520 FileInfo - ok
13:13:27.0149 0x1520 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:13:27.0165 0x1520 Filetrace - ok
13:13:27.0212 0x1520 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:13:27.0227 0x1520 flpydisk - ok
13:13:27.0305 0x1520 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:13:27.0321 0x1520 FltMgr - ok
13:13:27.0602 0x1520 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
13:13:27.0617 0x1520 FontCache - ok
13:13:27.0804 0x1520 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:13:27.0820 0x1520 FontCache3.0.0.0 - ok
13:13:27.0851 0x1520 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:13:27.0867 0x1520 FsDepends - ok
13:13:27.0914 0x1520 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:13:27.0929 0x1520 Fs_Rec - ok
13:13:28.0054 0x1520 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:13:28.0070 0x1520 fvevol - ok
13:13:28.0163 0x1520 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:13:28.0179 0x1520 gagp30kx - ok
13:13:28.0569 0x1520 [ 39B47A50DC3D5E898298468307765710, 06268FF65CF69E2B0822477C2D1DA44721B1ADBE4F06C0D3AC0B70C2A18D8DC6 ] GeekBuddyRSP C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
13:13:28.0616 0x1520 GeekBuddyRSP - ok
13:13:28.0787 0x1520 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
13:13:28.0803 0x1520 gpsvc - ok
13:13:28.0943 0x1520 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
13:13:28.0943 0x1520 gupdate - ok
13:13:28.0959 0x1520 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:13:28.0959 0x1520 gupdatem - ok
13:13:29.0037 0x1520 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:13:29.0084 0x1520 hcw85cir - ok
13:13:29.0193 0x1520 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:13:29.0193 0x1520 HdAudAddService - ok
13:13:29.0286 0x1520 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:13:29.0286 0x1520 HDAudBus - ok
13:13:29.0302 0x1520 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:13:29.0318 0x1520 HidBatt - ok
13:13:29.0349 0x1520 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:13:29.0364 0x1520 HidBth - ok
13:13:29.0396 0x1520 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:13:29.0427 0x1520 HidIr - ok
13:13:29.0489 0x1520 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
13:13:29.0489 0x1520 hidserv - ok
13:13:29.0598 0x1520 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:13:29.0630 0x1520 HidUsb - ok
13:13:29.0676 0x1520 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
13:13:29.0676 0x1520 hkmsvc - ok
13:13:29.0770 0x1520 [ D4EBA07C2C2B621B0691749AEA52DB87, 0434511523817F69A75F39BC9173818C04AF3D36936C1672E4797ABEC1706518 ] HMD C:\Windows\system32\DRIVERS\hmd.sys
13:13:29.0801 0x1520 HMD - ok
13:13:29.0864 0x1520 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:13:30.0004 0x1520 HomeGroupListener - ok
13:13:30.0082 0x1520 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:13:30.0098 0x1520 HomeGroupProvider - ok
13:13:30.0191 0x1520 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:13:30.0207 0x1520 HpSAMD - ok
13:13:30.0316 0x1520 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:13:30.0316 0x1520 HTTP - ok
13:13:30.0394 0x1520 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:13:30.0394 0x1520 hwpolicy - ok
13:13:30.0519 0x1520 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:13:30.0534 0x1520 i8042prt - ok
13:13:30.0690 0x1520 [ 934AF4D7C5F457B9F0743F4299B77B67, F232554352BB7CD716D6173FC1AB2661E49480994BB22E9A6FE7A33B51F0A51B ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:13:30.0768 0x1520 iaStorV - ok
13:13:31.0002 0x1520 [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:13:31.0548 0x1520 idsvc - ok
13:13:31.0564 0x1520 IEEtwCollectorService - ok
13:13:33.0108 0x1520 [ 8266AE06DF974E5BA047B3E9E9E70B3F, 44E5A8EED802A1DDF3CCDB478A88A3AB3CF009F449FB11E0F94A28498342B4E2 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
13:13:33.0467 0x1520 igfx - ok
13:13:33.0592 0x1520 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:13:33.0608 0x1520 iirsp - ok
13:13:33.0826 0x1520 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
13:13:33.0842 0x1520 IKEEXT - ok
13:13:33.0857 0x1520 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
13:13:33.0904 0x1520 intelide - ok
13:13:33.0966 0x1520 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:13:34.0020 0x1520 intelppm - ok
13:13:34.0101 0x1520 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:13:34.0154 0x1520 IPBusEnum - ok
13:13:34.0192 0x1520 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:13:34.0208 0x1520 IpFilterDriver - ok
13:13:34.0352 0x1520 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:13:34.0370 0x1520 iphlpsvc - ok
13:13:34.0425 0x1520 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:13:34.0449 0x1520 IPMIDRV - ok
13:13:34.0481 0x1520 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:13:34.0498 0x1520 IPNAT - ok
13:13:34.0563 0x1520 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:13:34.0578 0x1520 IRENUM - ok
13:13:34.0616 0x1520 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:13:34.0630 0x1520 isapnp - ok
13:13:34.0714 0x1520 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:13:34.0839 0x1520 iScsiPrt - ok
13:13:34.0924 0x1520 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:13:34.0944 0x1520 kbdclass - ok
13:13:35.0023 0x1520 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:13:35.0042 0x1520 kbdhid - ok
13:13:35.0085 0x1520 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso C:\Windows\system32\lsass.exe
13:13:35.0098 0x1520 KeyIso - ok
13:13:35.0152 0x1520 [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:13:35.0173 0x1520 KSecDD - ok
13:13:35.0219 0x1520 [ D3964885F0A11ACF51DA3AAA776973B2, 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:13:35.0224 0x1520 KSecPkg - ok
13:13:35.0323 0x1520 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
13:13:35.0521 0x1520 KtmRm - ok
13:13:35.0595 0x1520 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:13:35.0604 0x1520 LanmanServer - ok
13:13:35.0648 0x1520 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:13:35.0655 0x1520 LanmanWorkstation - ok
13:13:35.0761 0x1520 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:13:35.0784 0x1520 lltdio - ok
13:13:35.0857 0x1520 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:13:35.0902 0x1520 lltdsvc - ok
13:13:35.0931 0x1520 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:13:35.0935 0x1520 lmhosts - ok
13:13:35.0984 0x1520 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:13:36.0030 0x1520 LSI_FC - ok
13:13:36.0053 0x1520 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:13:36.0058 0x1520 LSI_SAS - ok
13:13:36.0096 0x1520 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:13:36.0116 0x1520 LSI_SAS2 - ok
13:13:36.0135 0x1520 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:13:36.0153 0x1520 LSI_SCSI - ok
13:13:36.0173 0x1520 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
13:13:36.0189 0x1520 luafv - ok
13:13:36.0347 0x1520 [ D2DED3C333A5D9CB3F4C244B0F0DD877, 5C1D6C2520C24B12AC99B4B1AB8A0C41052B78CEC2E8B52807057B09A03AD81F ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:13:36.0350 0x1520 MBAMProtector - ok
13:13:36.0696 0x1520 [ 6D8A2EE4244630B290A837E79C0F37A1, 6783BBC0BDC93E4D6D43531A1AD0DF5CD26C3BBFA6384927C5CF65AD97FB04AD ] MBAMScheduler C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
13:13:36.0933 0x1520 MBAMScheduler - ok
13:13:37.0130 0x1520 [ 09D4503CBB6ADB3A54E7C7A75090B728, 6139EA3338FD64205481EDEC813A44F8D395FDA7B67AA431DA61F3631C3EDAE6 ] MBAMService C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
13:13:37.0333 0x1520 MBAMService - ok
13:13:37.0592 0x1520 [ 8E2E9CCD873ABF180F48BCAEEEBE347D, 35DBBB8E63B480151EA5701D9DB7C90642FA2391D044DB400D3644F3E21BB0C1 ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
13:13:37.0776 0x1520 MBAMSwissArmy - ok
13:13:37.0898 0x1520 [ 7A6526C8BD114DB7CA8930AB22D52A0B, 404CA6A1A8BBD749D9FE663CC7276CA927E79944D01EEE1EFA66F88DA7775FBA ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
13:13:37.0900 0x1520 MBAMWebAccessControl - ok
13:13:37.0962 0x1520 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:13:38.0066 0x1520 Mcx2Svc - ok
13:13:38.0362 0x1520 [ 7CF1B716372B89568AE4C0FE769F5869, 0D70A7A594BCFBB26D7249C0F4B0AF9EF874F2318B3FDCE44648CC61279594ED ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
13:13:38.0378 0x1520 MDM - ok
13:13:38.0471 0x1520 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:13:38.0471 0x1520 megasas - ok
13:13:38.0846 0x1520 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:13:38.0861 0x1520 MegaSR - ok
13:13:38.0924 0x1520 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
13:13:38.0924 0x1520 MMCSS - ok
13:13:38.0939 0x1520 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
13:13:38.0939 0x1520 Modem - ok
13:13:39.0064 0x1520 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:13:39.0080 0x1520 monitor - ok
13:13:39.0189 0x1520 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:13:39.0204 0x1520 mouclass - ok
13:13:39.0298 0x1520 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:13:39.0314 0x1520 mouhid - ok
13:13:39.0360 0x1520 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:13:39.0360 0x1520 mountmgr - ok
13:13:39.0548 0x1520 [ 28048289E32294004A86935CC40A3252, D397C3BAD6BCDA33FA0982E10677598E8BDF69A0933D19A36873CB45BA4FB819 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:13:39.0719 0x1520 MozillaMaintenance - ok
13:13:39.0782 0x1520 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
13:13:39.0782 0x1520 mpio - ok
13:13:39.0860 0x1520 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:13:39.0860 0x1520 mpsdrv - ok
13:13:39.0969 0x1520 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:13:39.0984 0x1520 MpsSvc - ok
13:13:40.0047 0x1520 [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:13:40.0047 0x1520 MRxDAV - ok
13:13:40.0094 0x1520 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:13:40.0109 0x1520 mrxsmb - ok
13:13:40.0140 0x1520 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:13:40.0156 0x1520 mrxsmb10 - ok
13:13:40.0218 0x1520 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:13:40.0218 0x1520 mrxsmb20 - ok
13:13:40.0312 0x1520 [ 4326D168944123F38DD3B2D9C37A0B12, 322AE93418BE3BA6B3E11C86431EC3F4B23CADC3B968B92978A08A7C0D0D8902 ] msahci C:\Windows\system32\drivers\msahci.sys
13:13:40.0312 0x1520 msahci - ok
13:13:40.0359 0x1520 [ 455029C7174A2DBB03DBA8A0D8BDDD9A, 614D71978B024109ADD9A7A74F74ABD5FAA1C36A2E859AF288398EAE7CD76DF2 ]
 
Msdsm C:\Windows\system32\drivers\msdsm.sys
13:13:40.0359 0x1520 msdsm - ok
13:13:40.0406 0x1520 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
13:13:40.0421 0x1520 MSDTC - ok
13:13:40.0468 0x1520 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:13:40.0484 0x1520 Msfs - ok
13:13:40.0530 0x1520 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:13:40.0530 0x1520 mshidkmdf - ok
13:13:40.0593 0x1520 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:13:40.0608 0x1520 msisadrv - ok
13:13:40.0718 0x1520 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:13:40.0764 0x1520 MSiSCSI - ok
13:13:40.0780 0x1520 msiserver - ok
13:13:40.0905 0x1520 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:13:40.0905 0x1520 MSKSSRV - ok
13:13:40.0967 0x1520 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:13:40.0967 0x1520 MSPCLOCK - ok
13:13:40.0998 0x1520 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:13:40.0998 0x1520 MSPQM - ok
13:13:41.0061 0x1520 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:13:41.0076 0x1520 MsRPC - ok
13:13:41.0092 0x1520 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:13:41.0123 0x1520 mssmbios - ok
13:13:41.0139 0x1520 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:13:41.0154 0x1520 MSTEE - ok
13:13:41.0186 0x1520 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:13:41.0186 0x1520 MTConfig - ok
13:13:41.0217 0x1520 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
13:13:41.0232 0x1520 Mup - ok
13:13:41.0373 0x1520 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
13:13:41.0388 0x1520 napagent - ok
13:13:41.0560 0x1520 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:13:41.0607 0x1520 NativeWifiP - ok
13:13:41.0872 0x1520 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:13:41.0872 0x1520 NDIS - ok
13:13:41.0997 0x1520 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:13:41.0997 0x1520 NdisCap - ok
13:13:42.0075 0x1520 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:13:42.0075 0x1520 NdisTapi - ok
13:13:42.0184 0x1520 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:13:42.0200 0x1520 Ndisuio - ok
13:13:42.0262 0x1520 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:13:42.0262 0x1520 NdisWan - ok
13:13:42.0371 0x1520 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:13:42.0371 0x1520 NDProxy - ok
13:13:42.0434 0x1520 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:13:42.0434 0x1520 NetBIOS - ok
13:13:42.0543 0x1520 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:13:42.0543 0x1520 NetBT - ok
13:13:42.0605 0x1520 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon C:\Windows\system32\lsass.exe
13:13:42.0621 0x1520 Netlogon - ok
13:13:42.0652 0x1520 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
13:13:42.0668 0x1520 Netman - ok
13:13:42.0886 0x1520 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:13:42.0886 0x1520 NetMsmqActivator - ok
13:13:42.0948 0x1520 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:13:42.0948 0x1520 NetPipeActivator - ok
13:13:43.0120 0x1520 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
13:13:43.0136 0x1520 netprofm - ok
13:13:43.0214 0x1520 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:13:43.0214 0x1520 NetTcpActivator - ok
13:13:43.0260 0x1520 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:13:43.0260 0x1520 NetTcpPortSharing - ok
13:13:43.0947 0x1520 [ 58218EC6B61B1169CF54AAB0D00F5FE2, B76ABB2AD78CE68D30F0F08563B0593D658298CDCF1B138B6E9FB0D64CBCC3C2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
13:13:44.0040 0x1520 netw5v32 - ok
13:13:44.0150 0x1520 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:13:44.0150 0x1520 nfrd960 - ok
13:13:44.0243 0x1520 [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:13:44.0259 0x1520 NlaSvc - ok
13:13:44.0306 0x1520 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:13:44.0352 0x1520 Npfs - ok
13:13:44.0540 0x1520 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
13:13:44.0540 0x1520 nsi - ok
13:13:44.0633 0x1520 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:13:44.0633 0x1520 nsiproxy - ok
13:13:44.0914 0x1520 [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:13:44.0976 0x1520 Ntfs - ok
13:13:45.0058 0x1520 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
13:13:45.0062 0x1520 Null - ok
13:13:45.0118 0x1520 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:13:45.0121 0x1520 nvraid - ok
13:13:45.0154 0x1520 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:13:45.0158 0x1520 nvstor - ok
13:13:45.0181 0x1520 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:13:45.0187 0x1520 nv_agp - ok
13:13:45.0332 0x1520 [ A015DD2BA6009C8BDD00A6C431302D06, 00EE112EF05F527568FC4C8347C872F8FF7244D70DEFAFF909DAAE79B87D3B01 ] OA001Ufd C:\Windows\system32\DRIVERS\OA001Ufd.sys
13:13:45.0336 0x1520 OA001Ufd - ok
13:13:45.0367 0x1520 [ 438FFCB55B8CE39B0BC71AFC0A059835, 18F9B46D74DDD10D6D90EEA1F4F01B9BA7EC29E02F3AFE5BBDF5AEFE14E2E061 ] OA001Vid C:\Windows\system32\DRIVERS\OA001Vid.sys
13:13:45.0373 0x1520 OA001Vid - ok
13:13:45.0476 0x1520 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:13:45.0559 0x1520 odserv - ok
13:13:45.0593 0x1520 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:13:45.0596 0x1520 ohci1394 - ok
13:13:45.0634 0x1520 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:13:45.0657 0x1520 ose - ok
13:13:45.0720 0x1520 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:13:45.0731 0x1520 p2pimsvc - ok
13:13:45.0773 0x1520 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
13:13:45.0818 0x1520 p2psvc - ok
13:13:45.0868 0x1520 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:13:45.0870 0x1520 Parport - ok
13:13:45.0917 0x1520 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:13:45.0919 0x1520 partmgr - ok
13:13:45.0933 0x1520 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
13:13:45.0934 0x1520 Parvdm - ok
13:13:45.0956 0x1520 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:13:45.0964 0x1520 PcaSvc - ok
13:13:45.0995 0x1520 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
13:13:45.0999 0x1520 pci - ok
13:13:46.0148 0x1520 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
13:13:46.0172 0x1520 pciide - ok
13:13:46.0205 0x1520 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:13:46.0212 0x1520 pcmcia - ok
13:13:46.0244 0x1520 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
13:13:46.0268 0x1520 pcw - ok
13:13:46.0321 0x1520 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:13:46.0342 0x1520 PEAUTH - ok
13:13:46.0401 0x1520 [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:13:46.0425 0x1520 PeerDistSvc - ok
13:13:46.0530 0x1520 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
13:13:47.0197 0x1520 pla - ok
13:13:47.0303 0x1520 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:13:47.0315 0x1520 PlugPlay - ok
13:13:47.0385 0x1520 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:13:47.0420 0x1520 PNRPAutoReg - ok
13:13:47.0466 0x1520 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:13:47.0477 0x1520 PNRPsvc - ok
13:13:47.0579 0x1520 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:13:47.0824 0x1520 PolicyAgent - ok
13:13:47.0896 0x1520 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
13:13:47.0904 0x1520 Power - ok
13:13:47.0955 0x1520 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:13:47.0957 0x1520 PptpMiniport - ok
13:13:47.0983 0x1520 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:13:47.0985 0x1520 Processor - ok
13:13:48.0091 0x1520 [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:13:48.0100 0x1520 ProfSvc - ok
13:13:48.0121 0x1520 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:13:48.0125 0x1520 ProtectedStorage - ok
13:13:48.0187 0x1520 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:13:48.0224 0x1520 Psched - ok
13:13:48.0546 0x1520 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:13:48.0579 0x1520 ql2300 - ok
13:13:48.0606 0x1520 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:13:48.0609 0x1520 ql40xx - ok
13:13:48.0699 0x1520 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
13:13:48.0827 0x1520 QWAVE - ok
13:13:48.0918 0x1520 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:13:48.0920 0x1520 QWAVEdrv - ok
13:13:48.0953 0x1520 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:13:48.0955 0x1520 RasAcd - ok
13:13:49.0050 0x1520 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:13:49.0052 0x1520 RasAgileVpn - ok
13:13:49.0091 0x1520 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
13:13:49.0091 0x1520 RasAuto - ok
13:13:49.0138 0x1520 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:13:49.0154 0x1520 Rasl2tp - ok
13:13:49.0279 0x1520 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
13:13:49.0575 0x1520 RasMan - ok
13:13:49.0606 0x1520 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:13:49.0606 0x1520 RasPppoe - ok
13:13:49.0669 0x1520 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:13:49.0669 0x1520 RasSstp - ok
13:13:49.0747 0x1520 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:13:49.0747 0x1520 rdbss - ok
13:13:49.0762 0x1520 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:13:49.0762 0x1520 rdpbus - ok
13:13:49.0809 0x1520 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:13:49.0809 0x1520 RDPCDD - ok
13:13:49.0871 0x1520 [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:13:49.0871 0x1520 RDPDR - ok
13:13:49.0903 0x1520 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:13:49.0903 0x1520 RDPENCDD - ok
13:13:49.0918 0x1520 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:13:49.0918 0x1520 RDPREFMP - ok
13:13:49.0996 0x1520 [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:13:49.0996 0x1520 RDPWD - ok
13:13:50.0059 0x1520 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:13:50.0059 0x1520 rdyboost - ok
13:13:50.0105 0x1520 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:13:50.0121 0x1520 RemoteAccess - ok
13:13:50.0152 0x1520 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:13:50.0168 0x1520 RemoteRegistry - ok
13:13:50.0199 0x1520 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:13:50.0199 0x1520 RpcEptMapper - ok
13:13:50.0246 0x1520 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
13:13:50.0246 0x1520 RpcLocator - ok
13:13:50.0277 0x1520 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
13:13:50.0293 0x1520 RpcSs - ok
13:13:50.0339 0x1520 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:13:50.0339 0x1520 rspndr - ok
13:13:50.0449 0x1520 [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:13:50.0464 0x1520 s3cap - ok
13:13:50.0495 0x1520 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs C:\Windows\system32\lsass.exe
13:13:50.0495 0x1520 SamSs - ok
13:13:50.0558 0x1520 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:13:50.0558 0x1520 sbp2port - ok
13:13:50.0620 0x1520 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:13:50.0636 0x1520 SCardSvr - ok
13:13:50.0667 0x1520 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:13:50.0667 0x1520 scfilter - ok
13:13:50.0792 0x1520 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
13:13:51.0088 0x1520 Schedule - ok
13:13:51.0104 0x1520 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:13:51.0104 0x1520 SCPolicySvc - ok
13:13:51.0151 0x1520 [ 0328BE1C7F1CBA23848179F8762E391C, EA80853F04BAE6F46F658B3EFED34BFDDE20E6F2BDA349EBC17EC75DFF19855D ] sdbus C:\Windows\system32\drivers\sdbus.sys
13:13:51.0151 0x1520 sdbus - ok
13:13:51.0197 0x1520 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:13:51.0322 0x1520 SDRSVC - ok
13:13:51.0369 0x1520 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:13:51.0369 0x1520 secdrv - ok
13:13:51.0400 0x1520 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
13:13:51.0400 0x1520 seclogon - ok
13:13:51.0431 0x1520 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll
13:13:51.0431 0x1520 SENS - ok
13:13:51.0494 0x1520 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:13:51.0494 0x1520 SensrSvc - ok
13:13:51.0525 0x1520 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:13:51.0525 0x1520 Serenum - ok
13:13:51.0556 0x1520 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:13:51.0556 0x1520 Serial - ok
13:13:51.0634 0x1520 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:13:51.0634 0x1520 sermouse - ok
13:13:51.0681 0x1520 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
13:13:51.0697 0x1520 SessionEnv - ok
13:13:51.0728 0x1520 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:13:51.0728 0x1520 sffdisk - ok
13:13:51.0759 0x1520 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:13:51.0759 0x1520 sffp_mmc - ok
13:13:51.0775 0x1520 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:13:51.0775 0x1520 sffp_sd - ok
13:13:51.0790 0x1520 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:13:51.0806 0x1520 sfloppy - ok
13:13:51.0884 0x1520 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:13:51.0915 0x1520 SharedAccess - ok
13:13:51.0962 0x1520 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:13:51.0977 0x1520 ShellHWDetection - ok
13:13:52.0024 0x1520 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
13:13:52.0024 0x1520 sisagp - ok
13:13:52.0071 0x1520 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:13:52.0071 0x1520 SiSRaid2 - ok
13:13:52.0102 0x1520 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:13:52.0102 0x1520 SiSRaid4 - ok
13:13:52.0133 0x1520 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:13:52.0133 0x1520 Smb - ok
13:13:52.0196 0x1520 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:13:52.0196 0x1520 SNMPTRAP - ok
13:13:52.0211 0x1520 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
13:13:52.0227 0x1520 spldr - ok
13:13:52.0289 0x1520 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
13:13:52.0305 0x1520 Spooler - ok
13:13:52.0523 0x1520 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
13:13:52.0586 0x1520 sppsvc - ok
13:13:52.0648 0x1520 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:13:52.0757 0x1520 sppuinotify - ok
13:13:52.0804 0x1520 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:13:52.0804 0x1520 srv - ok
13:13:52.0835 0x1520 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:13:52.0835 0x1520 srv2 - ok
13:13:52.0851 0x1520 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:13:52.0851 0x1520 srvnet - ok
13:13:52.0898 0x1520 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:13:52.0913 0x1520 SSDPSRV - ok
13:13:52.0929 0x1520 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:13:52.0929 0x1520 SstpSvc - ok
13:13:52.0960 0x1520 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:13:52.0976 0x1520 stexstor - ok
13:13:53.0038 0x1520 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
13:13:53.0225 0x1520 StiSvc - ok
13:13:53.0241 0x1520 [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:13:53.0257 0x1520 storflt - ok
13:13:53.0272 0x1520 [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc C:\Windows\system32\storsvc.dll
13:13:53.0288 0x1520 StorSvc - ok
13:13:53.0303 0x1520 [ DCAFFD62259E0BDB433DD6
 
13:13:53.0303 0x1520 [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:13:53.0319 0x1520 storvsc - ok
13:13:53.0335 0x1520 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
13:13:53.0350 0x1520 swenum - ok
13:13:53.0397 0x1520 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
13:13:53.0647 0x1520 swprv - ok
13:13:53.0974 0x1520 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
13:13:54.0021 0x1520 SysMain - ok
13:13:54.0130 0x1520 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
13:13:54.0302 0x1520 TabletInputService - ok
13:13:54.0349 0x1520 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
13:13:54.0520 0x1520 TapiSrv - ok
13:13:54.0614 0x1520 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
13:13:54.0676 0x1520 TBS - ok
13:13:54.0879 0x1520 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:13:54.0910 0x1520 Tcpip - ok
13:13:55.0051 0x1520 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:13:55.0082 0x1520 TCPIP6 - ok
13:13:55.0129 0x1520 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:13:55.0129 0x1520 tcpipreg - ok
13:13:55.0191 0x1520 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:13:55.0191 0x1520 TDPIPE - ok
13:13:55.0238 0x1520 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:13:55.0253 0x1520 TDTCP - ok
13:13:55.0300 0x1520 [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:13:55.0316 0x1520 tdx - ok
13:13:55.0347 0x1520 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:13:55.0363 0x1520 TermDD - ok
13:13:55.0441 0x1520 [ E05E31F7BF577228E27CFFCA5B54ABBD, BF053DE7FA6DF33E15D0DD421F34962D92575ED163E4A605FE6B8DA9CEA5CF55 ] TermService C:\Windows\System32\termsrv.dll
13:13:55.0456 0x1520 TermService - ok
13:13:55.0550 0x1520 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
13:13:55.0550 0x1520 Themes - ok
13:13:55.0612 0x1520 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
13:13:55.0628 0x1520 THREADORDER - ok
13:13:55.0753 0x1520 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
13:13:55.0753 0x1520 TrkWks - ok
13:13:56.0202 0x1520 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:13:56.0207 0x1520 TrustedInstaller - ok
13:13:56.0258 0x1520 [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:13:56.0260 0x1520 tssecsrv - ok
13:13:56.0344 0x1520 [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:13:56.0346 0x1520 TsUsbFlt - ok
13:13:56.0430 0x1520 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:13:56.0433 0x1520 tunnel - ok
13:13:56.0465 0x1520 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:13:56.0467 0x1520 uagp35 - ok
13:13:56.0545 0x1520 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:13:56.0551 0x1520 udfs - ok
13:13:56.0583 0x1520 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:13:56.0589 0x1520 UI0Detect - ok
13:13:56.0618 0x1520 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:13:56.0620 0x1520 uliagpkx - ok
13:13:56.0671 0x1520 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:13:56.0673 0x1520 umbus - ok
13:13:56.0696 0x1520 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:13:56.0697 0x1520 UmPass - ok
13:13:56.0752 0x1520 [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService C:\Windows\System32\umrdp.dll
13:13:56.0761 0x1520 UmRdpService - ok
13:13:56.0800 0x1520 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
13:13:56.0813 0x1520 upnphost - ok
13:13:56.0863 0x1520 [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:13:56.0866 0x1520 usbccgp - ok
13:13:56.0884 0x1520 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:13:56.0887 0x1520 usbcir - ok
13:13:56.0903 0x1520 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:13:56.0906 0x1520 usbehci - ok
13:13:56.0957 0x1520 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:13:56.0963 0x1520 usbhub - ok
13:13:56.0981 0x1520 [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:13:56.0983 0x1520 usbohci - ok
13:13:57.0022 0x1520 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:13:57.0026 0x1520 usbprint - ok
13:13:57.0070 0x1520 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:13:57.0073 0x1520 USBSTOR - ok
13:13:57.0089 0x1520 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:13:57.0093 0x1520 usbuhci - ok
13:13:57.0133 0x1520 [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
13:13:57.0137 0x1520 usbvideo - ok
13:13:57.0168 0x1520 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
13:13:57.0174 0x1520 UxSms - ok
13:13:57.0193 0x1520 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc C:\Windows\system32\lsass.exe
13:13:57.0197 0x1520 VaultSvc - ok
13:13:57.0217 0x1520 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:13:57.0219 0x1520 vdrvroot - ok
13:13:57.0282 0x1520 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
13:13:57.0299 0x1520 vds - ok
13:13:57.0353 0x1520 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:13:57.0355 0x1520 vga - ok
13:13:57.0387 0x1520 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:13:57.0389 0x1520 VgaSave - ok
13:13:57.0440 0x1520 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:13:57.0444 0x1520 vhdmp - ok
13:13:57.0487 0x1520 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
13:13:57.0489 0x1520 viaagp - ok
13:13:57.0508 0x1520 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
13:13:57.0510 0x1520 ViaC7 - ok
13:13:57.0549 0x1520 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
13:13:57.0551 0x1520 viaide - ok
13:13:57.0584 0x1520 [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:13:57.0589 0x1520 vmbus - ok
13:13:57.0622 0x1520 [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:13:57.0624 0x1520 VMBusHID - ok
13:13:57.0643 0x1520 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:13:57.0645 0x1520 volmgr - ok
13:13:57.0686 0x1520 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:13:57.0693 0x1520 volmgrx - ok
13:13:57.0729 0x1520 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:13:57.0737 0x1520 volsnap - ok
13:13:57.0782 0x1520 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:13:57.0786 0x1520 vsmraid - ok
13:13:57.0949 0x1520 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
13:13:58.0342 0x1520 VSS - ok
13:13:58.0359 0x1520 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:13:58.0361 0x1520 vwifibus - ok
13:13:58.0414 0x1520 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
13:13:58.0426 0x1520 W32Time - ok
13:13:58.0467 0x1520 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:13:58.0469 0x1520 WacomPen - ok
13:13:58.0510 0x1520 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:13:58.0513 0x1520 WANARP - ok
13:13:58.0518 0x1520 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:13:58.0521 0x1520 Wanarpv6 - ok
13:13:58.0814 0x1520 [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:13:58.0843 0x1520 WatAdminSvc - ok
13:13:58.0974 0x1520 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
13:13:59.0002 0x1520 wbengine - ok
13:13:59.0058 0x1520 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:13:59.0074 0x1520 WbioSrvc - ok
13:13:59.0138 0x1520 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:13:59.0333 0x1520 wcncsvc - ok
13:13:59.0368 0x1520 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:13:59.0376 0x1520 WcsPlugInService - ok
13:13:59.0419 0x1520 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:13:59.0421 0x1520 Wd - ok
13:13:59.0527 0x1520 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:13:59.0544 0x1520 Wdf01000 - ok
13:13:59.0566 0x1520 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:13:59.0574 0x1520 WdiServiceHost - ok
13:13:59.0585 0x1520 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:13:59.0593 0x1520 WdiSystemHost - ok
13:13:59.0660 0x1520 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
13:13:59.0923 0x1520 WebClient - ok
13:13:59.0974 0x1520 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:13:59.0985 0x1520 Wecsvc - ok
13:14:00.0010 0x1520 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:14:00.0019 0x1520 wercplsupport - ok
13:14:00.0046 0x1520 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
13:14:00.0053 0x1520 WerSvc - ok
13:14:00.0081 0x1520 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:14:00.0082 0x1520 WfpLwf - ok
13:14:00.0095 0x1520 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:14:00.0097 0x1520 WIMMount - ok
13:14:00.0257 0x1520 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:14:00.0257 0x1520 WinDefend - ok
13:14:00.0304 0x1520 WinHttpAutoProxySvc - ok
13:14:00.0398 0x1520 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:14:00.0413 0x1520 Winmgmt - ok
13:14:00.0476 0x1520 [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM C:\Windows\system32\WsmSvc.dll
13:14:00.0507 0x1520 WinRM - ok
13:14:00.0554 0x1520 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\drivers\WinUSB.sys
13:14:00.0554 0x1520 WinUsb - ok
13:14:00.0725 0x1520 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:14:00.0772 0x1520 Wlansvc - ok
13:14:00.0834 0x1520 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:14:00.0834 0x1520 WmiAcpi - ok
13:14:00.0897 0x1520 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:14:00.0897 0x1520 wmiApSrv - ok
13:14:01.0037 0x1520 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:14:01.0053 0x1520 WMPNetworkSvc - ok
13:14:01.0084 0x1520 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:14:01.0100 0x1520 WPCSvc - ok
13:14:01.0146 0x1520 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:14:01.0271 0x1520 WPDBusEnum - ok
13:14:01.0396 0x1520 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:14:01.0396 0x1520 ws2ifsl - ok
13:14:01.0443 0x1520 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\System32\wscsvc.dll
13:14:01.0443 0x1520 wscsvc - ok
13:14:01.0458 0x1520 WSearch - ok
13:14:01.0958 0x1520 [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv C:\Windows\system32\wuaueng.dll
13:14:01.0989 0x1520 wuauserv - ok
13:14:02.0051 0x1520 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:14:02.0067 0x1520 WudfPf - ok
13:14:02.0082 0x1520 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:14:02.0098 0x1520 WUDFRd - ok
13:14:02.0145 0x1520 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:14:02.0270 0x1520 wudfsvc - ok
13:14:02.0316 0x1520 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
13:14:02.0472 0x1520 WwanSvc - ok
13:14:02.0504 0x1520 ================ Scan global ===============================
13:14:02.0597 0x1520 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
13:14:02.0644 0x1520 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
13:14:02.0660 0x1520 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
13:14:02.0706 0x1520 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
13:14:02.0738 0x1520 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
13:14:02.0738 0x1520 [ Global ] - ok
13:14:02.0738 0x1520 ================ Scan MBR ==================================
13:14:02.0753 0x1520 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:14:04.0594 0x1520 \Device\Harddisk0\DR0 - ok
13:14:04.0594 0x1520 ================ Scan VBR ==================================
13:14:04.0625 0x1520 [ 60E2192FA81278F19C842B7D9DD1F916 ] \Device\Harddisk0\DR0\Partition1
13:14:04.0656 0x1520 \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
13:14:04.0656 0x1520 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
13:14:04.0672 0x1520 [ F616C68B30F6708157B2B11720F35B22 ] \Device\Harddisk0\DR0\Partition2
13:14:04.0672 0x1520 \Device\Harddisk0\DR0\Partition2 - ok
13:14:04.0672 0x1520 ================ Scan generic autorun ======================
13:14:04.0719 0x1520 [ 1029B84ECBE4B95ACB8491A3FE63D70F, DF765BEE2B20800646F70B9E473B95F52457316CB331A3E0BF6974D827AB989D ] C:\Windows\system32\igfxtray.exe
13:14:04.0844 0x1520 IgfxTray - ok
13:14:04.0859 0x1520 [ 3CD5BBDA19A1AB4EBA359E0A14FDF0F0, 992E7322C86DA533F6DB9192427EBDC5A8F4D1A878F4B30A17ABD54656CFF6C1 ] C:\Windows\system32\hkcmd.exe
13:14:04.0984 0x1520 HotKeysCmds - ok
13:14:05.0046 0x1520 [ 3142195521FEE436088EE8A5748DE1B1, EE8E65977AA0EAC0BF48F7C4620946E48679F047EFC515D5F2E52EA4B88C5731 ] C:\Windows\system32\igfxpers.exe
13:14:05.0187 0x1520 Persistence - ok
13:14:05.0390 0x1520 [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
13:14:05.0577 0x1520 Adobe ARM - ok
13:14:05.0624 0x1520 [ 308F2EE28005510DE616409148CF077B, A2126CB185B0053086BDD6F0A16A503F6CA629AC677E4B7AE6D43C770061D087 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
13:14:05.0624 0x1520 SunJavaUpdateSched - ok
13:14:06.0372 0x1520 [ C2D60F6277707014C1C670A4D27F36E8, 9F02C675BCE2BA500E8C1A4EA60BD553C1257836F5868126037E35772E9F251F ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
13:14:07.0955 0x1520 AvastUI.exe - ok
13:14:08.0321 0x1520 [ 39B47A50DC3D5E898298468307765710, 06268FF65CF69E2B0822477C2D1DA44721B1ADBE4F06C0D3AC0B70C2A18D8DC6 ] C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
13:14:08.0450 0x1520 tvncontrol - ok
13:14:08.0846 0x1520 [ 376FB589890E90BAA3D05867E44116E9, 287F0B0555E0A025C6F7F6C18B6FA79B849172AAB4ACC9406D726570DC6ABE87 ] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
13:14:08.0869 0x1520 COMODO Internet Security - ok
13:14:09.0114 0x1520 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
13:14:09.0137 0x1520 Sidebar - ok
13:14:09.0174 0x1520 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
13:14:09.0186 0x1520 mctadmin - ok
13:14:09.0412 0x1520 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
13:14:09.0433 0x1520 Sidebar - ok
13:14:09.0448 0x1520 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
13:14:09.0453 0x1520 mctadmin - ok
13:14:09.0867 0x1520 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2206.692 ), 0x41000 ( enabled : updated )
13:14:10.0004 0x1520 AV detected via SS2: COMODO Antivirus, C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ( 7.0.55655.4142 ), 0x61000 ( enabled : updated )
13:14:10.0020 0x1520 Win FW state via NFP2: enabled
13:14:10.0022 0x1520 ============================================================
13:14:10.0022 0x1520 Scan finished
13:14:10.0022 0x1520 ============================================================
13:14:10.0030 0x10f8 Detected object count: 1
13:14:10.0030 0x10f8 Actual detected object count: 1
13:18:43.0535 0x10f8 \Device\Harddisk0\DR0\Partition1 - copied to quarantine
13:18:43.0535 0x10f8 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
13:18:43.0551 0x10f8 \Device\Harddisk0\DR0\Partition1 - ok
13:18:43.0551 0x10f8 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure
13:18:44.0393 0x10f8 KLMD registered as C:\Windows\system32\drivers\06298480.sys
13:18:51.0943 0x164c Deinitialize success
 
13:21:41.0480 0x0e48 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
13:21:41.0917 0x0e48 ============================================================
13:21:41.0917 0x0e48 Current date / time: 2014/11/09 13:21:41.0917
13:21:41.0917 0x0e48 SystemInfo:
13:21:41.0917 0x0e48
13:21:41.0917 0x0e48 OS Version: 6.1.7601 ServicePack: 1.0
13:21:41.0917 0x0e48 Product type: Workstation
13:21:41.0917 0x0e48 ComputerName: E4300-PC
13:21:41.0917 0x0e48 UserName: e4300
13:21:41.0917 0x0e48 Windows directory: C:\Windows
13:21:41.0917 0x0e48 System windows directory: C:\Windows
13:21:41.0917 0x0e48 Processor architecture: Intel x86
13:21:41.0917 0x0e48 Number of processors: 2
13:21:41.0917 0x0e48 Page size: 0x1000
13:21:41.0917 0x0e48 Boot type: Normal boot
13:21:41.0917 0x0e48 ============================================================
13:21:41.0917 0x0e48 BG loaded
13:21:43.0446 0x0e48 System UUID: {60915632-BB06-43AA-DDD3-38BD0FF011F5}
13:21:46.0566 0x0e48 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:21:46.0566 0x0e48 ============================================================
13:21:46.0566 0x0e48 \Device\Harddisk0\DR0:
13:21:46.0566 0x0e48 MBR partitions:
13:21:46.0566 0x0e48 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:21:46.0566 0x0e48 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
13:21:46.0566 0x0e48 ============================================================
13:21:46.0644 0x0e48 C: <-> \Device\Harddisk0\DR0\Partition2
13:21:46.0644 0x0e48 ============================================================
13:21:46.0644 0x0e48 Initialize success
13:21:46.0644 0x0e48 ============================================================
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17344 BrowserJavaVersion: 10.67.2
Run by e4300 at 13:45:15 on 2014-11-09
.
============== Running Processes ================
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [tvncontrol] "c:\program files\common files\comodo\GeekBuddyRSP.exe" -controlservice -slave
mRun: [COMODO Internet Security] c:\program files\comodo\comodo internet security\cistray.exe
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\startg~1.lnk - c:\program files\comodo\geekbuddy\launcher.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{75A5450B-F15B-4EA3-9977-D0E951BDDD89} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{75A5450B-F15B-4EA3-9977-D0E951BDDD89}\14454593777333533453 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{75A5450B-F15B-4EA3-9977-D0E951BDDD89}\2656C6B696E6E2133656 : DHCPNameServer = 192.168.2.1
Notify: igfxcui - igfxdev.dll
Notify: movziuz - c:\users\e4300\appdata\local\movziuz.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.111\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\e4300\appdata\roaming\mozilla\firefox\profiles\aua89elv.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.169\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2014-11-09 20:18:43 -------- d-----w- C:\TDSSKiller_Quarantine
2014-11-09 01:07:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2014-11-09 01:07:35 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2014-11-09 01:07:35 1060864 ----a-w- c:\windows\system32\mfc71.dll
2014-11-09 01:05:54 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2014-11-09 01:05:39 -------- d-s---w- c:\programdata\Shared Space
2014-11-09 01:04:40 -------- d-----w- c:\program files\common files\COMODO
2014-11-09 01:04:19 -------- d-----w- c:\users\e4300\appdata\local\Comodo
2014-11-09 01:04:15 48392 ----a-w- c:\windows\system32\certsentry.dll
2014-11-09 01:04:04 -------- d-----w- c:\program files\Comodo
2014-11-09 01:03:52 -------- d-----w- c:\programdata\Comodo Downloader
2014-11-09 01:03:08 -------- d-----w- c:\programdata\Comodo
2014-11-07 17:14:16 8901368 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a2fe863d-5bd9-4255-9038-7e92c8459001}\mpengine.dll
2014-11-03 12:21:29 -------- d-----w- c:\users\e4300\appdata\local\ElevatedDiagnostics
2014-11-03 04:34:38 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-03 04:34:05 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-03 04:34:05 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-03 04:34:05 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-03 04:34:05 -------- d-----w- c:\programdata\Malwarebytes
2014-11-03 04:34:05 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-11-03 04:15:39 -------- d-----w- c:\users\e4300\appdata\roaming\AVAST Software
2014-11-03 04:08:07 91496 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-11-03 04:08:06 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-03 04:08:03 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-03 04:08:02 70384 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-11-03 04:08:01 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-11-03 04:08:01 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-03 04:07:58 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-03 04:07:48 43152 ----a-w- c:\windows\avastSS.scr
2014-11-03 04:01:57 -------- d-----w- c:\program files\AVAST Software
2014-11-03 03:54:17 -------- d-----w- c:\programdata\AVAST Software
2014-11-03 03:12:51 -------- d-----w- c:\users\e4300\appdata\local\CrashDumps
2014-11-03 03:08:52 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-11-03 03:08:51 -------- d-----w- c:\programdata\RogueKiller
2014-11-03 03:06:41 -------- d-----w- C:\E4300
2014-11-03 01:25:47 -------- d-----w- c:\users\e4300\appdata\local\Mozilla
2014-11-03 01:25:30 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-11-02 22:16:21 -------- d-----w- c:\programdata\PoxkEsosv
2014-11-02 22:16:21 -------- d-----w- c:\programdata\OufjeZfoze
2014-11-02 21:55:38 -------- d-----w- c:\program files\SmartCompare
2014-11-02 21:55:24 -------- d-----w- c:\program files\SaverADdon
2014-10-27 13:31:10 -------- d-----w- c:\programdata\SmartCompare
2014-10-27 13:30:20 -------- d-----w- c:\programdata\OnlineLowDeals
2014-10-22 15:03:24 -------- d--h--w- c:\programdata\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2014-10-16 03:45:41 81560 ----a-w- c:\windows\system32\mscories.dll
2014-10-14 14:22:41 -------- d-----w- c:\users\e4300\appdata\local\Google
2014-10-14 14:22:23 -------- d-----w- c:\users\e4300\appdata\local\Apps
2014-10-14 14:22:22 -------- d-----w- c:\users\e4300\appdata\local\Deployment
2014-10-14 02:52:15 -------- d-----w- c:\programdata\SaverADdon
.
==================== Find3M ====================
.
2014-10-28 12:35:00 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-09-29 00:41:36 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- c:\windows\system32\inetcpl.cpl
2014-09-25 01:40:50 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-19 01:25:12 4201472 ----a-w- c:\windows\system32\jscript9.dll
2014-09-19 01:14:57 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-09-19 01:14:44 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-09-19 01:02:07 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-09-19 00:50:15 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-09-19 00:49:31 597504 ----a-w- c:\windows\system32\jscript9diag.dll
2014-09-19 00:44:23 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-09-19 00:36:23 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-19 00:18:55 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- c:\windows\system32\wininet.dll
2014-09-18 01:32:52 2363904 ----a-w- c:\windows\system32\msi.dll
2014-09-13 01:40:05 67072 ----a-w- c:\windows\system32\packager.dll
2014-09-09 21:47:10 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-04 05:04:15 372736 ----a-w- c:\windows\system32\rastls.dll
2014-08-23 01:46:55 305152 ----a-w- c:\windows\system32\gdi32.dll
.
============= FINISH: 13:47:31.93 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 14 ActiveX
Adobe Reader XI (11.0.09)
Avast Free Antivirus
CAM UnZip 5.0.0.0
COMODO Antivirus
Comodo Dragon
GeekBuddy
Google Chrome
Google Update Helper
Integrated Webcam Driver (1.03.02.0919)
IrfanView Packages
Java 7 Update 60
Java Auto Updater
Malwarebytes Anti-Malware version 2.0.3.1025
Microsoft .NET Framework 4.5.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Mozilla Firefox 33.0.3 (x86 en-US)
Mozilla Maintenance Service
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2883031) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2883032) 32-Bit Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2899475) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
.
==== End Of File ===========================
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
 
RogueKiller V10.0.4.0 [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : e4300 [Administrator]
Mode : Delete -- Date : 11/09/2014 17:55:31

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-21-2579459372-583501214-59938211-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.yahoo.com/ -> Not selected
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2579459372-583501214-59938211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[Tr.Poweliks] HKEY_USERS\S-1-5-21-2579459372-583501214-59938211-1000\Software\classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32 -> Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\System32\DRIVERS\cmderd.sys)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 29fdfa556d13eb95d2083272401a4ed7
[BSP] e7a4d88e39462edee4d9ce59ade9badd : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 152525 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_11022014_201810.log - RKreport_SCN_11022014_201622.log - RKreport_SCN_11092014_173348.log - RKreport_DEL_11092014_173556.log
RKreport_DEL_11092014_174306.log - RKreport_DEL_11092014_174738.log - RKreport_SCN_11092014_175511.log
 
Malwarebytes antirootkit won't run; it says I have to end/cancel Malwarebytes antimalware, which is already installed.

I cannot figure out how to end Malwarebytes antimalware.

I need some specific help here on how to deal with this impasse. Thank you.
 
Step 1
Locate the blue Malwarebytes icon in the System Tray on the desktop taskbar, near the time and date display. If you don't see it, click the arrow on the taskbar to display more icons.

Step 2
Right-click the icon and select "Filesystem Protection."

Step 3
Right-click the icon again and select "Website Blocking."
 
Well, I went ahead and uninstalled malwarebytes.
MB antirootkit is now running.

Should I reinstall malwarebytes once the mwb rootkit is done?
 
The mbar folder has the system-log.txt file, but not the other noted file; no other txt files at all.
system-log.txt below
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 11.0.9600.17358

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 3707678720, free: 2358317056

Downloaded database version: v2014.11.09.08
Downloaded database version: v2014.11.08.01
=======================================
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 11.0.9600.17358

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 3707678720, free: 2397868032

=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 11.0.9600.17358

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 3707678720, free: 1952452608

Initializing...
=======================================
------------ Kernel report ------------
11/09/2014 19:07:20
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\DRIVERS\cmderd.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\DRIVERS\cmdguard.sys
\SystemRoot\system32\DRIVERS\CFRMD.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\hmd.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\e1y6032.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\netw5v32.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\drivers\sdbus.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\OA001Vid.sys
\SystemRoot\system32\DRIVERS\OA001Ufd.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\iertutil.dll
\Windows\System32\normaliz.dll
\Windows\System32\gdi32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\nsi.dll
\Windows\System32\wininet.dll
\Windows\System32\psapi.dll
\Windows\System32\imm32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\difxapi.dll
\Windows\System32\shell32.dll
\Windows\System32\lpk.dll
\Windows\System32\imagehlp.dll
\Windows\System32\kernel32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\user32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\sechost.dll
\Windows\System32\msctf.dll
\Windows\System32\shlwapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\usp10.dll
\Windows\System32\advapi32.dll
\Windows\System32\ole32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\urlmon.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff864ca348
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff8571a908
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff864ca348, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff864cb020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff864ca348, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8571a908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A42D04A3

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 312371200

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Done!
Scan finished
 
Please download Powelikscleaner (by ESET) and save it to your Desktop.

1. Double-click on ESETPoweliksCleaner.exe to start the tool.

2. Read the terms of the End-user license agreement and click Agree.

3. The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.

newtool1_zpsa1caa06e.png


4. If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.

newtool2_zps0e6d39b1.png


The tool will produce a log in the same directory the tool was run from.

Since that log may be very large as an exception attach it to your next reply.
 
I have a couple problems.
the output .log file DOES NOT SHOW UP in its folder when I attempt to "upload a file."
I am using firefox.

Please appreciate the fact that I know how to find a file on my computer, and it is not some mistake like I don't know where to find this.

I copied the content from the file and pasted it into a NEW notepad txt document.

When I attempt to "upload a file," techspot says the file is too big. It is 1,154 KB.

THAT file shows up in the folder, BUT the original output file, which is a .log file, still does not.

I can try google chrome instead of firefox.

Alternately, I can post the output in 3-4 posts in order to fit under the character limits of techspot.
 
Upload the file(s) here: http://www.sendspace.com/
Click on Browse button and navigate to the file you want to upload.
Click on Upload button.
Click on FIRST Copy Link button and paste the link in your next reply.
 
Status
Not open for further replies.
Back