Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware has inactivated antivirus and firewall

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Malware has inactivated antivirus and firewall

Unread postby jlissemore » January 3rd, 2014, 10:53 am

Sorry, here is the attached TDSSKiller report.
You do not have the required permissions to view the files attached to this post.
jlissemore
Regular Member
 
Posts: 25
Joined: January 1st, 2014, 1:43 pm
Advertisement
Register to Remove

Re: Malware has inactivated antivirus and firewall

Unread postby nunped » January 3rd, 2014, 11:48 am

Hi jlissemore,

TDSSKiller report was too long to post into this window so I have included it here as an attachment.

That's OK for this one! But I would prefer that you split the log in multiple answers so it's easier to search the thread.

Do you recognize and use this program?

FreeRide Games
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Malware has inactivated antivirus and firewall

Unread postby jlissemore » January 3rd, 2014, 12:16 pm

Hi numped,

I think I may have used TDSSKiller a few years ago with a problem on a different computer.

Here is the first half of the TDSSKiller report, second half will be in a separate reply.

09:42:25.0079 0x1ac8 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
09:42:25.0079 0x1ac8 UEFI system
09:42:31.0596 0x1ac8 ============================================================
09:42:31.0596 0x1ac8 Current date / time: 2014/01/03 09:42:31.0596
09:42:31.0596 0x1ac8 SystemInfo:
09:42:31.0596 0x1ac8
09:42:31.0596 0x1ac8 OS Version: 6.3.9600 ServicePack: 0.0
09:42:31.0596 0x1ac8 Product type: Workstation
09:42:31.0596 0x1ac8 ComputerName: LISSEMORE
09:42:31.0596 0x1ac8 UserName: jlissemore
09:42:31.0596 0x1ac8 Windows directory: C:\WINDOWS
09:42:31.0596 0x1ac8 System windows directory: C:\WINDOWS
09:42:31.0596 0x1ac8 Running under WOW64
09:42:31.0596 0x1ac8 Processor architecture: Intel x64
09:42:31.0596 0x1ac8 Number of processors: 4
09:42:31.0596 0x1ac8 Page size: 0x1000
09:42:31.0596 0x1ac8 Boot type: Normal boot
09:42:31.0596 0x1ac8 ============================================================
09:42:31.0752 0x1ac8 KLMD registered as C:\WINDOWS\system32\drivers\28231183.sys
09:42:31.0987 0x1ac8 System UUID: {04C9CCB8-62D6-1207-1D0E-14EB0275239B}
09:42:32.0518 0x1ac8 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:42:32.0518 0x1ac8 ============================================================
09:42:32.0518 0x1ac8 \Device\Harddisk0\DR0:
09:42:32.0518 0x1ac8 GPT partitions:
09:42:32.0518 0x1ac8 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {4B722EE1-1314-440F-BEC1-0FB94D8C5081}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1F4000
09:42:32.0518 0x1ac8 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {EFC627B3-C8A9-475A-A295-41968D5DD092}, Name: EFI system partition, StartLBA 0x1F4800, BlocksNum 0x82000
09:42:32.0518 0x1ac8 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {BFBFAFE7-A34F-448A-9A5B-6213EB736C22}, UniqueGUID: {16E2A788-DAB8-4F01-935E-6848CE236682}, Name: Basic data partition, StartLBA 0x276800, BlocksNum 0x1F4000
09:42:32.0518 0x1ac8 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {1E6B8DD7-56E7-4CD6-AC83-BB38DFFCF338}, Name: Microsoft reserved partition, StartLBA 0x46A800, BlocksNum 0x40000
09:42:32.0518 0x1ac8 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {59DFBD76-F0AD-4884-A843-9845567DDA24}, Name: Basic data partition, StartLBA 0x4AA800, BlocksNum 0x515EC800
09:42:32.0518 0x1ac8 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {7A6B3688-1A95-4141-94BF-C01354D84597}, Name: , StartLBA 0x51A97000, BlocksNum 0xAF000
09:42:32.0518 0x1ac8 \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {98AA9D32-17EE-414A-9EF9-467D2E00935D}, Name: Basic data partition, StartLBA 0x51B46000, BlocksNum 0x3200000
09:42:32.0518 0x1ac8 \Device\Harddisk0\DR0\Partition8: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {AEBD160B-CE80-4003-882E-C23717106774}, Name: Basic data partition, StartLBA 0x54D46000, BlocksNum 0x2800000
09:42:32.0518 0x1ac8 MBR partitions:
09:42:32.0518 0x1ac8 ============================================================
09:42:32.0565 0x1ac8 C: <-> \Device\Harddisk0\DR0\Partition5
09:42:32.0612 0x1ac8 D: <-> \Device\Harddisk0\DR0\Partition7
09:42:32.0612 0x1ac8 ============================================================
09:42:32.0612 0x1ac8 Initialize success
09:42:32.0612 0x1ac8 ============================================================
09:43:03.0351 0x1870 ============================================================
09:43:03.0351 0x1870 Scan started
09:43:03.0351 0x1870 Mode: Manual;
09:43:03.0351 0x1870 ============================================================
09:43:03.0351 0x1870 KSN ping started
09:43:05.0836 0x1870 KSN ping finished: true
09:43:06.0398 0x1870 ================ Scan system memory ========================
09:43:06.0398 0x1870 System memory - ok
09:43:06.0398 0x1870 ================ Scan services =============================
09:43:06.0539 0x1870 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
09:43:06.0554 0x1870 1394ohci - ok
09:43:06.0617 0x1870 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
09:43:06.0617 0x1870 3ware - ok
09:43:06.0742 0x1870 [ 3D30878A269D934100FA5F972E53AF39, 3D2D22D1A9D80DB94D6059C789FBD04DC945722B8644DF6DAA73D5713A10EC52 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
09:43:06.0757 0x1870 ACPI - ok
09:43:06.0789 0x1870 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
09:43:06.0789 0x1870 acpiex - ok
09:43:06.0804 0x1870 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
09:43:06.0804 0x1870 acpipagr - ok
09:43:06.0820 0x1870 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
09:43:06.0820 0x1870 AcpiPmi - ok
09:43:06.0836 0x1870 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
09:43:06.0851 0x1870 acpitime - ok
09:43:06.0883 0x1870 [ 3B42D95D20CD2AACDB0564471AE43ED7, BF49568D7060159F61D5F6DE7ECDECCCD1F920A2881544BA83CF420C822F6653 ] ACPIVPC C:\WINDOWS\System32\drivers\AcpiVpc.sys
09:43:06.0883 0x1870 ACPIVPC - ok
09:43:06.0976 0x1870 [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:43:06.0976 0x1870 AdobeARMservice - ok
09:43:07.0086 0x1870 [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:43:07.0101 0x1870 AdobeFlashPlayerUpdateSvc - ok
09:43:07.0164 0x1870 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
09:43:07.0195 0x1870 ADP80XX - ok
09:43:07.0258 0x1870 [ B19CA8E441D35AA2B1EE51C10B27DA1B, EBEB96EA44E665B2D4FCD1CC58621A20A17F036EA4A695340A2B65F94F69CDDC ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
09:43:07.0258 0x1870 AeLookupSvc - ok
09:43:07.0305 0x1870 [ 239268BAB58EAE9A3FF4E08334C00451, 13F927730DF9BAEDB3A7AB6F7238270A20E4CDEB3D5324A1C471DF2209F3D239 ] AFD C:\WINDOWS\system32\drivers\afd.sys
09:43:07.0320 0x1870 AFD - ok
09:43:07.0351 0x1870 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
09:43:07.0351 0x1870 agp440 - ok
09:43:07.0383 0x1870 [ 8E8E34B7BA059050EED827410D0697A2, 85B6684709F24729A6497563812A90A54068AC2DD9EEA03037CB1EEF5C85AAA9 ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
09:43:07.0383 0x1870 ahcache - ok
09:43:07.0414 0x1870 [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG C:\WINDOWS\System32\alg.exe
09:43:07.0414 0x1870 ALG - ok
09:43:07.0445 0x1870 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
09:43:07.0445 0x1870 AmdK8 - ok
09:43:07.0492 0x1870 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
09:43:07.0492 0x1870 AmdPPM - ok
09:43:07.0539 0x1870 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
09:43:07.0539 0x1870 amdsata - ok
09:43:07.0555 0x1870 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
09:43:07.0570 0x1870 amdsbs - ok
09:43:07.0586 0x1870 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
09:43:07.0586 0x1870 amdxata - ok
09:43:07.0633 0x1870 [ 5451A638FACAA57F2F179837BC29A543, E0BDBC13D84D97985983307E7D780E3FD29AE9EF2612C36FC2A92AF3566DA40B ] AMPPAL C:\WINDOWS\System32\drivers\AMPPAL.sys
09:43:07.0633 0x1870 AMPPAL - ok
09:43:07.0680 0x1870 [ 04951A9A937CBE28A2D3FEEA360B6D1F, D8AAF000BE4FE4B203DC2EB2A64F780A542E5238CE3F9952FD03277379B11529 ] AppID C:\WINDOWS\system32\drivers\appid.sys
09:43:07.0680 0x1870 AppID - ok
09:43:07.0711 0x1870 [ C0DC3F58214A227980AEB091CFD2F973, 0C3E8453C9F65ADA3E74C38C0E3AC3E0CBFD807B827097046265B38839E151E3 ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
09:43:07.0711 0x1870 AppIDSvc - ok
09:43:07.0742 0x1870 [ 7E790DE2487CEDB349D1750B9E47F090, EDA4A87EA2F89ABD174E9590DD46E70B9E7E4B35BDFC3ED90D79CD594F8CB2CD ] Appinfo C:\WINDOWS\System32\appinfo.dll
09:43:07.0742 0x1870 Appinfo - ok
09:43:07.0805 0x1870 [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:43:07.0805 0x1870 Apple Mobile Device - ok
09:43:07.0851 0x1870 [ 4B964AE0DF433A3BFA7BD24713BC2E9B, DC8933265E67E43CAE96EA64B146CB9067B536A4DA2C90EDCB38302BBFA1CE6B ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
09:43:07.0867 0x1870 AppReadiness - ok
09:43:07.0945 0x1870 [ 0B726D9ED75C787D6FFAF1E3873BCC70, DC3822B35FB65D53CC5D0E3982C326C5F47F0911BEB1F66DCC84A79C84621E1E ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
09:43:07.0976 0x1870 AppXSvc - ok
09:43:07.0992 0x1870 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
09:43:07.0992 0x1870 arcsas - ok
09:43:08.0023 0x1870 [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:43:08.0023 0x1870 AsyncMac - ok
09:43:08.0039 0x1870 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
09:43:08.0039 0x1870 atapi - ok
09:43:08.0070 0x1870 [ 4903CBC14742B5AB4DCF7A92F7DEC483, B8491FDA1D1E767658ECC5C3C3DDFB3EB12A969F0F6ACF116C18300FF54075D5 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
09:43:08.0086 0x1870 AudioEndpointBuilder - ok
09:43:08.0117 0x1870 [ 86DD7884124D363A63CCE7A11FDEBBED, E7BAE477D964E395A96342E077774467AA9DE5D8112BFCDE27EEA1CB04A2A480 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
09:43:08.0148 0x1870 Audiosrv - ok
09:43:08.0195 0x1870 [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
09:43:08.0195 0x1870 AxInstSV - ok
09:43:08.0258 0x1870 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
09:43:08.0289 0x1870 b06bdrv - ok
09:43:08.0305 0x1870 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
09:43:08.0320 0x1870 BasicDisplay - ok
09:43:08.0336 0x1870 [ 2748E116F8621A4DB0D39FCDD7318C01, DA2DEB7FE1D887B1EF5E2B5103270B72268D8ABDDA36C396627305C0BA90FC20 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
09:43:08.0336 0x1870 BasicRender - ok
09:43:08.0367 0x1870 [ 70433F7A216BD0B5EC7DA1202EE53E65, 12F3210EC5546714B34225770242F5CF4AC36032BB49A8E8989620BA274AC505 ] bcbtums C:\WINDOWS\system32\drivers\bcbtums.sys
09:43:08.0383 0x1870 bcbtums - ok
09:43:08.0476 0x1870 [ 18B186BCC56EC611DE519CBA7D4F65B0, 6F2520AAFDAA4208717DCD121527911D580727C5A6B8C4C7F07C4155C4D8662D ] BcmBtRSupport C:\WINDOWS\system32\BtwRSupportService.exe
09:43:08.0523 0x1870 BcmBtRSupport - ok
09:43:08.0555 0x1870 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
09:43:08.0555 0x1870 bcmfn2 - ok
09:43:08.0601 0x1870 [ BBE61A40665B83488901E41082A6097D, ADF750DB32E1295C57C03D587A60194529C8B83F90F433C3458288FB5E8F475B ] BDESVC C:\WINDOWS\System32\bdesvc.dll
09:43:08.0617 0x1870 BDESVC - ok
09:43:08.0648 0x1870 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\WINDOWS\system32\drivers\Beep.sys
09:43:08.0648 0x1870 Beep - ok
09:43:08.0711 0x1870 [ 6468B696C65775D51A06615830E0E79D, CC4081B3A4895192B4796A745F0BCE8C9C3149B854A7B9BEF84668A2E1D074B5 ] BFE C:\WINDOWS\System32\bfe.dll
09:43:08.0742 0x1870 BFE - ok
09:43:08.0789 0x1870 [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS C:\WINDOWS\System32\qmgr.dll
09:43:08.0820 0x1870 BITS - ok
09:43:08.0899 0x1870 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:43:08.0914 0x1870 Bonjour Service - ok
09:43:08.0945 0x1870 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
09:43:08.0945 0x1870 bowser - ok
09:43:08.0992 0x1870 [ 748141CC03DF40C38F17D3F96BB15C80, 8F1FA850BC6C6497325C0758DEA36C2839BE53C3F8143DFD3A905BEEFF538126 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
09:43:08.0992 0x1870 BrokerInfrastructure - ok
09:43:09.0024 0x1870 [ D528D6A92D187777691993DD757AF19A, 2C79978310193431E5FC462368424A172858D5351C92D4815C2A7E35B5DDE50C ] Browser C:\WINDOWS\System32\browser.dll
09:43:09.0024 0x1870 Browser - ok
09:43:09.0055 0x1870 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
09:43:09.0070 0x1870 BthAvrcpTg - ok
09:43:09.0086 0x1870 [ 131F1C8573E7BFB41C54FBF5309CCD94, DAFE51E3BADBD82A33B580F212B2D6520A120877C23F6D675521FEA2F4BA5A1F ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
09:43:09.0086 0x1870 BthEnum - ok
09:43:09.0102 0x1870 [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
09:43:09.0102 0x1870 BthHFEnum - ok
09:43:09.0117 0x1870 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
09:43:09.0117 0x1870 bthhfhid - ok
09:43:09.0180 0x1870 [ FCD8BD17B7193CFFF18C332D1A381D7F, CD8A03086695F8FF2566697164D1FD1B60210C017220EFBD78CB12C38CD12BE1 ] BthLEEnum C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys
09:43:09.0195 0x1870 BthLEEnum - ok
09:43:09.0211 0x1870 [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
09:43:09.0211 0x1870 BTHMODEM - ok
09:43:09.0274 0x1870 [ 3AFE71D80EDF5D4DE0C5731352905669, 3E370169B8C5D301954D1F1DA302F7A0DB2A034990E10B3D64458C48E5693205 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
09:43:09.0274 0x1870 BthPan - ok
09:43:09.0508 0x1870 [ 10EDF9E0838BA4578FFFFF274632D454, 7719C161A3A05DF62124177A8EC97800DFE855D2B738C443F1B44E8643A4CF44 ] BTHPORT C:\WINDOWS\System32\Drivers\BTHport.sys
09:43:09.0524 0x1870 BTHPORT - ok
09:43:09.0570 0x1870 [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv C:\WINDOWS\system32\bthserv.dll
09:43:09.0570 0x1870 bthserv - ok
09:43:09.0617 0x1870 [ 0E7FA34B975764C33B5DBC6F8C401627, 9727B9D216D0670D2F2BC5B464B5FDAEC8BC769CA6ADC7F3858EDA3DA0F8036C ] BTHUSB C:\WINDOWS\System32\Drivers\BTHUSB.sys
09:43:09.0617 0x1870 BTHUSB - ok
09:43:09.0649 0x1870 [ 20C8EB70C0B179DF06A01CA503F4A824, 1C2DADCBC5D85C1D4F6A28B7F374C829E6DCE0EB720EBDA43CF6AC0AC934AA5E ] btwampfl C:\WINDOWS\system32\DRIVERS\btwampfl.sys
09:43:09.0649 0x1870 btwampfl - ok
09:43:09.0695 0x1870 [ 220B09B63C1FF7869ACDB8E574DDFC63, 97BAA46544F2D76F502013B25F9F1EF403AAD853C2AC8730C794F228CFA6EDB4 ] btwaudio C:\WINDOWS\system32\drivers\btwaudio.sys
09:43:09.0711 0x1870 btwaudio - ok
09:43:09.0742 0x1870 [ F707AF3B94BE7AD7AA5F8886CCCADF80, 3E37BD52AE019711EA6D07A31958D9F65EDEDE5B5C24C38B30F6241CCB669EE7 ] btwavdt C:\WINDOWS\system32\drivers\btwavdt.sys
09:43:09.0742 0x1870 btwavdt - ok
09:43:09.0852 0x1870 [ 74C0B31E0FE7C3304FF982C3B194707C, 550EA3AB4402F49976485593CEA5046226A7B3DA7B1280B7D889FD8B02F7519F ] btwdins C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
09:43:09.0883 0x1870 btwdins - ok
09:43:09.0899 0x1870 [ C3C8974D99F976C927165363855690CD, 2B73E11FE341DE581CFF655E58C5671B83F4331529C30DADCAA9B6BE615D5E1F ] btwl2cap C:\WINDOWS\system32\DRIVERS\btwl2cap.sys
09:43:09.0899 0x1870 btwl2cap - ok
09:43:09.0930 0x1870 [ 54DCF9127FD6548F9C04B40635C59F77, E0E2175CE3FFBFD8439FA145259479416CAE7035C4FF0F8F2A3ACBFBAABFF1CE ] btwrchid C:\WINDOWS\System32\drivers\btwrchid.sys
09:43:09.0930 0x1870 btwrchid - ok
09:43:09.0945 0x1870 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553} - ok
09:43:09.0977 0x1870 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
09:43:09.0977 0x1870 cdfs - ok
09:43:10.0039 0x1870 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
09:43:10.0055 0x1870 cdrom - ok
09:43:10.0086 0x1870 [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
09:43:10.0086 0x1870 CertPropSvc - ok
09:43:10.0117 0x1870 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
09:43:10.0117 0x1870 circlass - ok
09:43:10.0180 0x1870 [ 7F006813C2AFE622C13D7AF94F56CD07, 9F4AEEE19B44F4117BE036F1475CE2E91ED740EB7D8D38364F9724517F777482 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
09:43:10.0195 0x1870 CLFS - ok
09:43:10.0211 0x1870 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
09:43:10.0211 0x1870 CmBatt - ok
09:43:10.0242 0x1870 [ 825BE21E6395E00698D8A23955A87972, 303F10C3BA72ABB3BA27D08968B10E8EB03FFB6951943B0E9DD35CF48BB72578 ] CNG C:\WINDOWS\system32\Drivers\cng.sys
09:43:10.0258 0x1870 CNG - ok
09:43:10.0274 0x1870 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys
09:43:10.0274 0x1870 CompositeBus - ok
09:43:10.0274 0x1870 COMSysApp - ok
09:43:10.0289 0x1870 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\WINDOWS\system32\drivers\condrv.sys
09:43:10.0289 0x1870 condrv - ok
09:43:10.0383 0x1870 [ 034643AFE2973A175E782AE530A0683C, C488572B971144D8A10F6EC8480175868913942896144D38BF49E3D8D1BC54F3 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
09:43:10.0399 0x1870 cphs - ok
09:43:10.0430 0x1870 [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
09:43:10.0445 0x1870 CryptSvc - ok
09:43:10.0477 0x1870 [ A193FAE9BF40D981C3094252B17DE601, 585E9F48676DA26DBD30398E4D0E33378D25CB726EFA973E48B69F31C96A6E4E ] ctxusbm C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
09:43:10.0477 0x1870 ctxusbm - ok
09:43:10.0508 0x1870 [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\WINDOWS\system32\drivers\dam.sys
09:43:10.0524 0x1870 dam - ok
09:43:10.0586 0x1870 [ 3FD5AE42EC87C6F532A931F96BE731DD, 8282823022391ACF65E23F461FCE5CAFFB5ADC077647FEF80B91BC4BC31EDFE2 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
09:43:10.0617 0x1870 DcomLaunch - ok
09:43:10.0633 0x1870 [ F4CCAADC2C78F57E4F16B24C9201CE22, B76A5C487A814CB986FE8CC398FB7493C9EAB9ACC933A3C35384FA447092EF00 ] defragsvc C:\WINDOWS\System32\defragsvc.dll
09:43:10.0649 0x1870 defragsvc - ok
09:43:10.0680 0x1870 [ 0BC71D4D3B5883903C37BF4E13B0F0C5, C5EC2AD001FB7E72D3D12DBADFE01C308ACCB7426E0B90CCB3ECE2DE49D5E7D4 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
09:43:10.0695 0x1870 DeviceAssociationService - ok
09:43:10.0727 0x1870 [ 752A457320A946E03C3AA86C3ACD735E, 63946150581532D862F4220606E74FFC479209E1A36CD57AA78AC4AE34A26F49 ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
09:43:10.0727 0x1870 DeviceInstall - ok
09:43:10.0774 0x1870 [ 5DB26D7E0216D0BF364A81D3829AD7B9, FD786D530EA9ADBCB48782FE091E926505A83F2BF3B4181A3D4EDFAA991C4E5E ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
09:43:10.0774 0x1870 Dfsc - ok
09:43:10.0821 0x1870 [ 8B107F55FD61654A6C9F1B819AEC5FC4, 773B1B9D3583F17B7C89BDE1EC4487ABB0AE039DF4583F8746460425443DA291 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
09:43:10.0836 0x1870 Dhcp - ok
09:43:10.0883 0x1870 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\WINDOWS\system32\drivers\disk.sys
09:43:10.0883 0x1870 disk - ok
09:43:10.0899 0x1870 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
09:43:10.0914 0x1870 dmvsc - ok
09:43:10.0946 0x1870 [ 5BAF7714E68F93515A937A3FA8587EF9, DD9296F75341EF96D514139DD8A8680B332E9B9D476368AB897FDA2D5D674E60 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
09:43:10.0961 0x1870 Dnscache - ok
09:43:10.0993 0x1870 [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc C:\WINDOWS\System32\dot3svc.dll
09:43:11.0008 0x1870 dot3svc - ok
09:43:11.0008 0x1870 [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS C:\WINDOWS\system32\dps.dll
09:43:11.0024 0x1870 DPS - ok
09:43:11.0039 0x1870 [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
09:43:11.0039 0x1870 drmkaud - ok
09:43:11.0086 0x1870 [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
09:43:11.0086 0x1870 DsmSvc - ok
09:43:11.0180 0x1870 [ A3D1CB64DF885ACE126543E6D7067348, AFB5EF73F7B2854669137F586171500E4EB00F12BFCFD6B743FABD165B4AEED3 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
09:43:11.0211 0x1870 DXGKrnl - ok
09:43:11.0243 0x1870 [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost C:\WINDOWS\System32\eapsvc.dll
09:43:11.0243 0x1870 Eaphost - ok
09:43:11.0399 0x1870 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
09:43:11.0477 0x1870 ebdrv - ok
09:43:11.0508 0x1870 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS C:\WINDOWS\System32\lsass.exe
09:43:11.0508 0x1870 EFS - ok
09:43:11.0524 0x1870 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
09:43:11.0539 0x1870 EhStorClass - ok
09:43:11.0571 0x1870 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
09:43:11.0571 0x1870 EhStorTcgDrv - ok
09:43:11.0602 0x1870 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
09:43:11.0602 0x1870 ErrDev - ok
09:43:11.0649 0x1870 [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem C:\WINDOWS\system32\es.dll
09:43:11.0680 0x1870 EventSystem - ok
09:43:11.0696 0x1870 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
09:43:11.0711 0x1870 exfat - ok
09:43:11.0727 0x1870 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
09:43:11.0727 0x1870 fastfat - ok
09:43:11.0789 0x1870 [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax C:\WINDOWS\system32\fxssvc.exe
09:43:11.0805 0x1870 Fax - ok
09:43:11.0836 0x1870 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
09:43:11.0836 0x1870 fdc - ok
09:43:11.0852 0x1870 [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost C:\WINDOWS\system32\fdPHost.dll
09:43:11.0852 0x1870 fdPHost - ok
09:43:11.0868 0x1870 [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub C:\WINDOWS\system32\fdrespub.dll
09:43:11.0868 0x1870 FDResPub - ok
09:43:11.0899 0x1870 [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc C:\WINDOWS\system32\fhsvc.dll
09:43:11.0899 0x1870 fhsvc - ok
09:43:11.0914 0x1870 [ 957A7A8F5ACCAF23DD9DFF6DAA393CE5, 85D1AC25CF8056FF303930A7E18DE5F7C3AEE429272CB791BD6F81F1DAFB7D8A ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
09:43:11.0914 0x1870 FileInfo - ok
09:43:11.0930 0x1870 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
09:43:11.0930 0x1870 Filetrace - ok
09:43:11.0946 0x1870 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
09:43:11.0946 0x1870 flpydisk - ok
09:43:11.0961 0x1870 [ 60D5067FCE6D9433D35E04C01D8538B3, 2D97E9E8FF18CF564DE8E70F68B56F0177DC6C0E9EEB7E1C58BBDF42456CB0D8 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
09:43:11.0961 0x1870 FltMgr - ok
09:43:12.0024 0x1870 [ 183CA7699474FDE235853967D1DA4D9B, 8FBD5997F1E39AFFD8C4322520DF4D2227279B5149017D825C188D7411BA99AF ] FontCache C:\WINDOWS\system32\FntCache.dll
09:43:12.0055 0x1870 FontCache - ok
09:43:12.0164 0x1870 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:43:12.0164 0x1870 FontCache3.0.0.0 - ok
09:43:12.0180 0x1870 [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
09:43:12.0180 0x1870 FsDepends - ok
09:43:12.0196 0x1870 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:43:12.0196 0x1870 Fs_Rec - ok
09:43:12.0258 0x1870 [ 83E1F0983B02A6F8EC764D18E24ECF10, B5CA3FCB442697681C513FB37C6BB74D7A72B67DC65E2FCA93A7F9E81B63EAAC ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
09:43:12.0289 0x1870 fvevol - ok
09:43:12.0305 0x1870 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys
09:43:12.0305 0x1870 FxPPM - ok
09:43:12.0336 0x1870 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
09:43:12.0336 0x1870 gagp30kx - ok
09:43:12.0352 0x1870 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:43:12.0352 0x1870 GEARAspiWDM - ok
09:43:12.0368 0x1870 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
09:43:12.0368 0x1870 gencounter - ok
09:43:12.0399 0x1870 [ FDA72810CA2F8409D9B31E833C448E34, FC24350E875D2AF2A41DB5EF0BFE4F876DADEACCC0B34B9B9C9B2CA185CBAE87 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
09:43:12.0399 0x1870 GPIOClx0101 - ok
09:43:12.0461 0x1870 [ 0BDE0FCF597E9B65600121EF54FF8340, DA5C96E84E05AD09251C82B4BFEDE274342409803730CEBF24EEAD0DCD42DA7E ] gpsvc C:\WINDOWS\System32\gpsvc.dll
09:43:12.0493 0x1870 gpsvc - ok
09:43:12.0602 0x1870 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:43:12.0602 0x1870 gupdate - ok
09:43:12.0618 0x1870 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:43:12.0618 0x1870 gupdatem - ok
09:43:12.0649 0x1870 [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:43:12.0649 0x1870 gusvc - ok
09:43:12.0696 0x1870 [ 03909BDBFF0DCACCABF2B2D4ADEE44DC, 42E631B23BB004F5C2128BAD334C21AB20FAD08AFED9E8191AE9373531BC73DD ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
09:43:12.0696 0x1870 HDAudBus - ok
09:43:12.0727 0x1870 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
09:43:12.0727 0x1870 HidBatt - ok
09:43:12.0758 0x1870 [ 1EA1B4FABB8CC348E73CA90DBA22E104, 5C18C6BD499272F216DD4626B5E8D38181AEAC9AD917FBEB614A75B70467B258 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
09:43:12.0758 0x1870 HidBth - ok
09:43:12.0774 0x1870 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
09:43:12.0789 0x1870 hidi2c - ok
09:43:12.0821 0x1870 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
09:43:12.0821 0x1870 HidIr - ok
09:43:12.0837 0x1870 [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv C:\WINDOWS\system32\hidserv.dll
09:43:12.0837 0x1870 hidserv - ok
09:43:12.0868 0x1870 [ F31397220D9687E11EB448649AA6E038, 671ACEAA8E00E0D4ED7E33D06A4558121DA4F56EB94F1CBC16FEB2EF3852F7A5 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
09:43:12.0868 0x1870 HidUsb - ok
09:43:12.0899 0x1870 [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc C:\WINDOWS\system32\kmsvc.dll
09:43:12.0899 0x1870 hkmsvc - ok
09:43:12.0930 0x1870 [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
09:43:12.0946 0x1870 HomeGroupListener - ok
09:43:12.0977 0x1870 [ BE5F89BAFBD4272D5A0C0A37B97865ED, 2F80CE6D123FEED9FA7B00ACF7547FF77E0E6FDC5243942E83BE308C46D414C6 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
09:43:12.0993 0x1870 HomeGroupProvider - ok
09:43:13.0024 0x1870 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
09:43:13.0024 0x1870 HpSAMD - ok
09:43:13.0087 0x1870 [ 3502776E366C913D49C0DA928AE3E6CB, 3FB452F640B78AEDFBC09188F25C566949660163732A180331226A93DB08F26C ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
09:43:13.0102 0x1870 HTTP - ok
09:43:13.0133 0x1870 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
09:43:13.0133 0x1870 hwpolicy - ok
09:43:13.0149 0x1870 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
09:43:13.0149 0x1870 hyperkbd - ok
09:43:13.0180 0x1870 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
09:43:13.0180 0x1870 HyperVideo - ok
09:43:13.0227 0x1870 [ 84CFC5EFA97D0C965EDE1D56F116A541, 0155EA62BF07D99D98D1C9B6559C8E3301B016A20D03DF1EF64B2FAB8C37403B ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
09:43:13.0227 0x1870 i8042prt - ok
09:43:13.0258 0x1870 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
09:43:13.0258 0x1870 iaLPSSi_GPIO - ok
09:43:13.0274 0x1870 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
09:43:13.0274 0x1870 iaLPSSi_I2C - ok
09:43:13.0337 0x1870 [ 0FE66A51D81A25AACEAAE4C26308121D, C5553F7ABA74A8EB71A4ED0E8F2A6AA2892F871D164F2D4FADB035BE7D1A8C44 ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys
09:43:13.0352 0x1870 iaStorA - ok
09:43:13.0399 0x1870 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
09:43:13.0415 0x1870 iaStorAV - ok
09:43:13.0446 0x1870 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
09:43:13.0462 0x1870 iaStorV - ok
09:43:13.0587 0x1870 [ ABEFA4BD23329FD9BD47496BF2E58774, 9689D4C6380735EE1CC7F480696CDDC229E0FA511942AC813314D353584D82DD ] IconMan_R C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
09:43:13.0618 0x1870 IconMan_R - ok
09:43:13.0633 0x1870 IEEtwCollectorService - ok
09:43:13.0790 0x1870 [ 7A5A61997B5404C8EDDFCC62378164DC, C2BCA8A2AA2DFCCF3489FC7F0F366ABBDC8606CFC6397CD7B17C8CD4A28DD17F ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
09:43:13.0884 0x1870 igfx - ok
09:43:13.0962 0x1870 [ B82255670D270B75D2D2F0F8747D1443, C40E151AC3FBF289456A4AD9E5744B314067ADA03FE729970410931904305F51 ] IKEEXT C:\WINDOWS\System32\ikeext.dll
09:43:13.0993 0x1870 IKEEXT - ok
09:43:14.0040 0x1870 [ 4011430BC9DA46ADFAE9915EFEC312FB, 925DDDA187AE7C46C94FBBFA18FC602260957B6BA891D65DFC09385B6DDEAB58 ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
09:43:14.0040 0x1870 intaud_WaveExtensible - ok
09:43:14.0196 0x1870 [ DDC860724AEF8F8E42AC61E6585769C6, 62AD5772E8097B03E161E6F14582E2A4BBA0DFA1A1E7F664D881D464E136DBD2 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
09:43:14.0337 0x1870 IntcAzAudAddService - ok
09:43:14.0368 0x1870 [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
09:43:14.0384 0x1870 IntcDAud - ok
09:43:14.0493 0x1870 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
09:43:14.0524 0x1870 Intel(R) Capability Licensing Service Interface - ok
09:43:14.0587 0x1870 [ 30E9FAC23E2537D82F2836CB81AEE186, 03E5072D43ECED70EF004D2E6E654B4CCCE059825CC3C641C0534E4C0BC0C7E8 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
09:43:14.0602 0x1870 Intel(R) ME Service - ok
09:43:14.0618 0x1870 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
09:43:14.0618 0x1870 intelide - ok
09:43:14.0634 0x1870 [ 139CFCDCD36B1B1782FD8C0014AC9B0E, E0D7E0E9B46A8CECE138D689820023BFA650FB689E4FD62855BED37E04F2D9FF ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
09:43:14.0634 0x1870 intelpep - ok
09:43:14.0681 0x1870 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
09:43:14.0681 0x1870 intelppm - ok
09:43:14.0727 0x1870 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:43:14.0727 0x1870 IpFilterDriver - ok
09:43:14.0790 0x1870 [ DFC4050D58565ADBEE793A8D4AEBDAE6, 89B900408F030CD45753A11D6AE6CBAB87E8B0E3F8401402D2D8713C045BF488 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
09:43:14.0821 0x1870 iphlpsvc - ok
09:43:14.0852 0x1870 [ 9949A3C7590B8C536C05312205079A82, 9276A09D5F910AE8358A96505AB3F66C514870944D58B63B71D5E96567D1E6BB ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
09:43:14.0852 0x1870 IPMIDRV - ok
09:43:14.0884 0x1870 [ E23D32BAF152FBE35F18C6A2AB8EF271, C244E54E472B724765497731ADC0DF6DA9EBA5E7B0723A4409061F5B928851E9 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
09:43:14.0884 0x1870 IPNAT - ok
09:43:14.0931 0x1870 [ 33B286326BD2B1A7748C43391058FB19, C6240C9ED5B7C227595E953E3D1AB5F2D45CCD86FDBDF985836A970B4B6467FE ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:43:14.0946 0x1870 iPod Service - ok
09:43:14.0977 0x1870 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
09:43:14.0977 0x1870 IRENUM - ok
09:43:14.0993 0x1870 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
09:43:14.0993 0x1870 isapnp - ok
09:43:15.0071 0x1870 [ 034D4BD9DC67C64F3A4C8A049B5173BF, C68AF5A5AD4092AA1C871BD38473AEF84EC3ECF4D06FBEB5F6C09972EF1B8A81 ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
09:43:15.0087 0x1870 iScsiPrt - ok
09:43:15.0118 0x1870 [ EE03564B7FAFE2E44EDA33D52E83B4A3, 53C917EEC92B813EB0C86B225E9887C9CDFDD7708AEA71BFAC0A3039E26D7BEB ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys
09:43:15.0118 0x1870 iwdbus - ok
09:43:15.0149 0x1870 [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
09:43:15.0149 0x1870 jhi_service - ok
09:43:15.0181 0x1870 [ 8BE92376799B6B44D543E8D07CDCF885, 425B8BB1BAF62F735B3CB5A002E6055879F02E7207E55942BFD37F1784F5F368 ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
09:43:15.0181 0x1870 kbdclass - ok
09:43:15.0196 0x1870 [ FB6E47E569D4872ABEB506BE03A45FBA, 5C4056CADA8F67587A119D9AE2A0EFAB30387CF6298F4019FF68AC92E2F6F54B ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
09:43:15.0196 0x1870 kbdhid - ok
09:43:15.0212 0x1870 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys
09:43:15.0212 0x1870 kdnic - ok
09:43:15.0227 0x1870 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso C:\WINDOWS\system32\lsass.exe
09:43:15.0243 0x1870 KeyIso - ok
09:43:15.0274 0x1870 [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
09:43:15.0274 0x1870 KSecDD - ok
09:43:15.0306 0x1870 [ 7296EA420134EAC390798B3232D066A4, 1F5D51EEFD389706660DFB4DB4BF3EC570BEC7097CEB5CAE70EFFE35C3255346 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
09:43:15.0321 0x1870 KSecPkg - ok
09:43:15.0337 0x1870 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
09:43:15.0337 0x1870 ksthunk - ok
09:43:15.0384 0x1870 [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
09:43:15.0399 0x1870 KtmRm - ok
09:43:15.0446 0x1870 [ 27B58E16CF895AC1F1A97C04814C2239, D4336155331DDBF91952CDC6C446C68FF524F979099BA8D9B3A578758F97B2BE ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
09:43:15.0462 0x1870 LanmanServer - ok
09:43:15.0509 0x1870 [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
09:43:15.0524 0x1870 LanmanWorkstation - ok
09:43:15.0571 0x1870 [ EE289BD147FDFF95EF1B9BD65D3B974A, EFD9D0F6C73E7D2D52DBE2E2A8D3009BFB6AB24776A100CA528A8365002C6105 ] lfsvc C:\WINDOWS\System32\GeofenceMonitorService.dll
09:43:15.0587 0x1870 lfsvc - ok
09:43:15.0602 0x1870 [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr C:\WINDOWS\system32\DRIVERS\LhdX64.sys
09:43:15.0618 0x1870 LHDmgr - ok
09:43:15.0634 0x1870 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys
09:43:15.0634 0x1870 lltdio - ok
09:43:15.0681 0x1870 [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
09:43:15.0696 0x1870 lltdsvc - ok
09:43:15.0728 0x1870 [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
09:43:15.0728 0x1870 lmhosts - ok
09:43:15.0759 0x1870 [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
09:43:15.0774 0x1870 LMS - ok
09:43:15.0806 0x1870 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
09:43:15.0806 0x1870 LSI_SAS - ok
09:43:15.0821 0x1870 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys
09:43:15.0837 0x1870 LSI_SAS2 - ok
09:43:15.0853 0x1870 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\WINDOWS\system32\drivers\lsi_sas3.sys
09:43:15.0853 0x1870 LSI_SAS3 - ok
09:43:15.0868 0x1870 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
09:43:15.0868 0x1870 LSI_SSS - ok
09:43:15.0915 0x1870 [ B6B69FF200F68888A7FAFDF204D00C91, 4C9BA7B8646C74AE1E49F513EF426930C09969F29F1533D84D020B414BB1609B ] LSM C:\WINDOWS\System32\lsm.dll
09:43:15.0946 0x1870 LSM - ok
09:43:15.0993 0x1870 [ 5EF604B0698F4FA962778285E8C5F1F2, 0465BDAB7EFBE9CC648E7E736B0B8BE152BD2FAB0917F6306675B9039C77F454 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
09:43:15.0993 0x1870 luafv - ok
09:43:16.0009 0x1870 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\WINDOWS\system32\drivers\megasas.sys
09:43:16.0009 0x1870 megasas - ok
09:43:16.0056 0x1870 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
09:43:16.0071 0x1870 megasr - ok
09:43:16.0087 0x1870 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
09:43:16.0103 0x1870 MEIx64 - ok
09:43:16.0150 0x1870 Microsoft SharePoint Workspace Audit Service - ok
09:43:16.0181 0x1870 [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS C:\WINDOWS\system32\mmcss.dll
09:43:16.0181 0x1870 MMCSS - ok
09:43:16.0196 0x1870 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\WINDOWS\system32\drivers\modem.sys
09:43:16.0196 0x1870 Modem - ok
09:43:16.0228 0x1870 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
09:43:16.0228 0x1870 monitor - ok
09:43:16.0243 0x1870 [ CEAC6D40FE887CE8406C2393CF97DE06, 34E76908B802764FF0D7AB3AF89BE77BD35B44787983343FAD89891891C0A045 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
09:43:16.0259 0x1870 mouclass - ok
09:43:16.0275 0x1870 [ 02D98BF804084E9A0D69D1C69B02CCA9, EC5BC5D87043DFFD035FD4DD27B3D94E03119063519E4151BCC3522B613E2D7F ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
09:43:16.0275 0x1870 mouhid - ok
09:43:16.0306 0x1870 [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
09:43:16.0321 0x1870 mountmgr - ok
09:43:16.0353 0x1870 [ A35576A433F4AEB0D48976A004657CB6, F820A759119785C3FB10B0EDCF8EF9985886A9B0767ABD45B2ACAC03498B321E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:43:16.0353 0x1870 MozillaMaintenance - ok
09:43:16.0368 0x1870 [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
09:43:16.0368 0x1870 mpsdrv - ok
09:43:16.0446 0x1870 [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
09:43:16.0478 0x1870 MpsSvc - ok
09:43:16.0525 0x1870 [ 59DCEC7499095DE5AED741358037AE2D, 60C4CEBCAE27C121E9D63BD2BC3E5863A91ABC77616C56C10618273A8F9B6F61 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
09:43:16.0525 0x1870 MRxDAV - ok
09:43:16.0571 0x1870 [ 6129EDB793A4255B1E2FB41773AC9D9A, 3292C64FAB3B83C87790FB35F54D6702987891234AF33FD1D5299C7084795375 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:43:16.0587 0x1870 mrxsmb - ok
09:43:16.0618 0x1870 [ 295771B092D4F7FCF2B62F80CCD14320, 53655B5ABA43A6A9114FE545B88F84E52319B905B8393A51BD97678D3F94A178 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
09:43:16.0634 0x1870 mrxsmb10 - ok
09:43:16.0665 0x1870 [ AAF56E4E84D35411B4E446C445732DFE, 7AC41CAA0842AE4DA4EEF976202C58D7923DAA367F0D7E800D432323D5E7DE1A ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
09:43:16.0665 0x1870 mrxsmb20 - ok
09:43:16.0681 0x1870 [ 4E888019078AC363076A5433E89AA4F8, 3DEBDA290230B3E83F956C902C960E39463B7EFE86439199521356762769FD91 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys
09:43:16.0696 0x1870 MsBridge - ok
09:43:16.0728 0x1870 [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC C:\WINDOWS\System32\msdtc.exe
09:43:16.0743 0x1870 MSDTC - ok
09:43:16.0759 0x1870 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
09:43:16.0759 0x1870 Msfs - ok
09:43:16.0775 0x1870 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
09:43:16.0790 0x1870 msgpiowin32 - ok
09:43:16.0806 0x1870 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
09:43:16.0806 0x1870 mshidkmdf - ok
09:43:16.0837 0x1870 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
09:43:16.0837 0x1870 mshidumdf - ok
09:43:16.0853 0x1870 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
09:43:16.0853 0x1870 msisadrv - ok
09:43:16.0900 0x1870 [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
09:43:16.0900 0x1870 MSiSCSI - ok
09:43:16.0915 0x1870 msiserver - ok
09:43:16.0947 0x1870 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:43:16.0947 0x1870 MSKSSRV - ok
09:43:16.0978 0x1870 [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys
09:43:16.0978 0x1870 MsLldp - ok
09:43:17.0009 0x1870 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:43:17.0009 0x1870 MSPCLOCK - ok
09:43:17.0025 0x1870 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
09:43:17.0025 0x1870 MSPQM - ok
09:43:17.0056 0x1870 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
09:43:17.0072 0x1870 MsRPC - ok
09:43:17.0103 0x1870 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
09:43:17.0103 0x1870 mssmbios - ok
09:43:17.0118 0x1870 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
09:43:17.0118 0x1870 MSTEE - ok
09:43:17.0150 0x1870 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
09:43:17.0150 0x1870 MTConfig - ok
09:43:17.0150 0x1870 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\WINDOWS\system32\Drivers\mup.sys
09:43:17.0150 0x1870 Mup - ok
09:43:17.0181 0x1870 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
09:43:17.0181 0x1870 mvumis - ok
09:43:17.0212 0x1870 [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent C:\WINDOWS\system32\qagentRT.dll
09:43:17.0243 0x1870 napagent - ok
09:43:17.0275 0x1870 [ CF8B989D89D6807B887690F2CF24EFD9, 7A3ED124D8D7736F57CD687111C478A206422D117099B2F752B6D933D009BCAC ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
09:43:17.0290 0x1870 NativeWifiP - ok
09:43:17.0322 0x1870 [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
09:43:17.0337 0x1870 NcaSvc - ok
09:43:17.0337 0x1870 [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService C:\WINDOWS\System32\ncbservice.dll
09:43:17.0353 0x1870 NcbService - ok
09:43:17.0369 0x1870 [ 2586C4C167499210DCBF3ECFD8CCE210, D8129FEDE9918BF4FB0057CC58700D4E08457060E810B9CC25CA0F598506ADB8 ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
09:43:17.0369 0x1870 NcdAutoSetup - ok
09:43:17.0431 0x1870 [ AD9086052A5E5153AF43FE74138A4B27, A511F785F8B29CE7CCC923489C9D03B4722E8FDD9853556D4F0F3CA608CFA956 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
09:43:17.0462 0x1870 NDIS - ok
09:43:17.0493 0x1870 [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys
09:43:17.0493 0x1870 NdisCap - ok
09:43:17.0509 0x1870 [ 9F1DA20E943BE7AA4ED5F3E1EBA78B37, CCD99962917BBE256F64AE14CCC9FD12433C72B5DB98E0E57CA8F212A11B3C8F ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
09:43:17.0509 0x1870 NdisImPlatform - ok
jlissemore
Regular Member
 
Posts: 25
Joined: January 1st, 2014, 1:43 pm

Re: Malware has inactivated antivirus and firewall

Unread postby jlissemore » January 3rd, 2014, 12:17 pm

Here is the second half of the TDSSKiller report:

09:43:17.0556 0x1870 [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:43:17.0556 0x1870 NdisTapi - ok
09:43:17.0572 0x1870 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:43:17.0587 0x1870 Ndisuio - ok
09:43:17.0587 0x1870 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
09:43:17.0603 0x1870 NdisVirtualBus - ok
09:43:17.0634 0x1870 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:43:17.0634 0x1870 NdisWan - ok
09:43:17.0650 0x1870 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:43:17.0650 0x1870 NdisWanLegacy - ok
09:43:17.0681 0x1870 [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
09:43:17.0681 0x1870 NDProxy - ok
09:43:17.0712 0x1870 [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
09:43:17.0712 0x1870 Ndu - ok
09:43:17.0728 0x1870 [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
09:43:17.0743 0x1870 NetBIOS - ok
09:43:17.0775 0x1870 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
09:43:17.0775 0x1870 NetBT - ok
09:43:17.0790 0x1870 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon C:\WINDOWS\system32\lsass.exe
09:43:17.0806 0x1870 Netlogon - ok
09:43:17.0837 0x1870 [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman C:\WINDOWS\System32\netman.dll
09:43:17.0853 0x1870 Netman - ok
09:43:17.0915 0x1870 [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
09:43:17.0931 0x1870 netprofm - ok
09:43:17.0994 0x1870 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:43:18.0009 0x1870 NetTcpPortSharing - ok
09:43:18.0040 0x1870 [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc C:\WINDOWS\system32\DRIVERS\netvsc63.sys
09:43:18.0040 0x1870 netvsc - ok
09:43:18.0181 0x1870 [ 3483D44E1B24F17E622870801403AD13, EF9C5290777A4E277D47C87A174FF9441BE23CAD2F456D35B808463041F4675C ] NETwNe64 C:\WINDOWS\system32\DRIVERS\NETwew00.sys
09:43:18.0259 0x1870 NETwNe64 - ok
09:43:18.0603 0x1870 [ 3184D1564F9970F4EC81AF0347AD42B7, 95F3BD3671BF2B962E12AD46E01F12D24AFB8B7366960625295438B8A0C5DF3A ] NETwNs64 C:\WINDOWS\system32\DRIVERS\NETwsw00.sys
09:43:18.0915 0x1870 NETwNs64 - ok
09:43:18.0962 0x1870 [ 3A280F3B3C7A46E29C404ACD46ECBF5E, 81C3367A2A212DBCC65B8A0166FD092E3205AB31A146B4B737061335CEC51F9D ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
09:43:18.0962 0x1870 NlaSvc - ok
09:43:19.0056 0x1870 [ AAAE3B793B248A3DF86C65928484AB9A, ECB9E33C1BEAAA59A77001661A313C6819362F3B047819D00D5E3D863591D1C0 ] nlsX86cc C:\windows\SysWOW64\NLSSRV32.EXE
09:43:19.0056 0x1870 nlsX86cc - ok
09:43:19.0072 0x1870 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
09:43:19.0072 0x1870 Npfs - ok
09:43:19.0087 0x1870 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
09:43:19.0103 0x1870 npsvctrig - ok
09:43:19.0134 0x1870 [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi C:\WINDOWS\system32\nsisvc.dll
09:43:19.0134 0x1870 nsi - ok
09:43:19.0150 0x1870 [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
09:43:19.0150 0x1870 nsiproxy - ok
09:43:19.0259 0x1870 [ 4412D565C0278C401575E11072C7DCE3, 82A0E9AA88750900EA0E9983157345456B418745C8BA62FAF339640E759C0418 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
09:43:19.0322 0x1870 Ntfs - ok
09:43:19.0337 0x1870 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\WINDOWS\system32\drivers\Null.sys
09:43:19.0337 0x1870 Null - ok
09:43:19.0353 0x1870 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
09:43:19.0369 0x1870 nvraid - ok
09:43:19.0384 0x1870 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
09:43:19.0400 0x1870 nvstor - ok
09:43:19.0416 0x1870 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
09:43:19.0431 0x1870 nv_agp - ok
09:43:19.0509 0x1870 [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:43:19.0525 0x1870 ose64 - ok
09:43:19.0697 0x1870 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:43:19.0759 0x1870 osppsvc - ok
09:43:19.0791 0x1870 [ 3B510F20806B94E389784ED09DBD2111, EF8896C500B3AA3A811FDE97BC322EF3295E9BD0DE236715D4A4C52CF63727E1 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
09:43:19.0806 0x1870 p2pimsvc - ok
09:43:19.0838 0x1870 [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc C:\WINDOWS\system32\p2psvc.dll
09:43:19.0869 0x1870 p2psvc - ok
09:43:19.0900 0x1870 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\WINDOWS\System32\drivers\parport.sys
09:43:19.0900 0x1870 Parport - ok
09:43:19.0947 0x1870 [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
09:43:19.0947 0x1870 partmgr - ok
09:43:19.0978 0x1870 [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
09:43:19.0994 0x1870 PcaSvc - ok
09:43:20.0056 0x1870 [ C0D3F3BC1C84B4BA746D9847314C1164, 66FDF288ACAE021C5F63BCCC68D7534B4DB737E252AB16DFF746355D8BE7502D ] pci C:\WINDOWS\system32\drivers\pci.sys
09:43:20.0072 0x1870 pci - ok
09:43:20.0088 0x1870 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
09:43:20.0088 0x1870 pciide - ok
09:43:20.0119 0x1870 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
09:43:20.0134 0x1870 pcmcia - ok
09:43:20.0150 0x1870 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
09:43:20.0150 0x1870 pcw - ok
09:43:20.0197 0x1870 [ B9D968D8E2B0F9C6301CEB39CFC9B9E4, 83F32831B0727F18B56DC3CAF37E45A3523D2BBCD54D1421F0DE5A0179D8A404 ] pdc C:\WINDOWS\system32\drivers\pdc.sys
09:43:20.0197 0x1870 pdc - ok
09:43:20.0259 0x1870 [ BA50CC0BD19004AAB88BE37338B6FA0D, 34D4720A621CCB4707F2EB929F6F44C317DBC6F055F7F34F3FAC68DFDAA00DEF ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
09:43:20.0275 0x1870 PEAUTH - ok
09:43:20.0306 0x1870 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
09:43:20.0306 0x1870 PerfHost - ok
09:43:20.0384 0x1870 [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla C:\WINDOWS\system32\pla.dll
09:43:20.0416 0x1870 pla - ok
09:43:20.0447 0x1870 [ 752A457320A946E03C3AA86C3ACD735E, 63946150581532D862F4220606E74FFC479209E1A36CD57AA78AC4AE34A26F49 ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
09:43:20.0447 0x1870 PlugPlay - ok
09:43:20.0463 0x1870 [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
09:43:20.0463 0x1870 PNRPAutoReg - ok
09:43:20.0478 0x1870 [ 3B510F20806B94E389784ED09DBD2111, EF8896C500B3AA3A811FDE97BC322EF3295E9BD0DE236715D4A4C52CF63727E1 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
09:43:20.0494 0x1870 PNRPsvc - ok
09:43:20.0541 0x1870 [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
09:43:20.0572 0x1870 PolicyAgent - ok
09:43:20.0572 0x1870 [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power C:\WINDOWS\system32\umpo.dll
09:43:20.0572 0x1870 Power - ok
09:43:20.0603 0x1870 [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:43:20.0619 0x1870 PptpMiniport - ok
09:43:20.0775 0x1870 [ B7DB57A000D46D4DE75BC0C563E58072, 8183EB09DC4D44DFF027CA0AAA8C09921A14F088C1BC427B6ACA42340AAF69E6 ] PrintNotify C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
09:43:20.0838 0x1870 PrintNotify - ok
09:43:20.0869 0x1870 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\WINDOWS\System32\drivers\processr.sys
09:43:20.0869 0x1870 Processor - ok
09:43:20.0900 0x1870 [ 8513A1E7AE4B9DC82C4B4F432C648A58, C0C629BF79722A12B35BDA6D5EF6FD2D96E013D80D8F17077E9137ED3988B452 ] ProfSvc C:\WINDOWS\system32\profsvc.dll
09:43:20.0916 0x1870 ProfSvc - ok
09:43:20.0931 0x1870 [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys
09:43:20.0931 0x1870 Psched - ok
09:43:20.0978 0x1870 [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE C:\WINDOWS\system32\qwave.dll
09:43:20.0978 0x1870 QWAVE - ok
09:43:20.0994 0x1870 [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
09:43:21.0009 0x1870 QWAVEdrv - ok
09:43:21.0025 0x1870 [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:43:21.0041 0x1870 RasAcd - ok
09:43:21.0056 0x1870 [ 55FE43112F61836D0581D615C72AA113, 35665E09BD74BD078A0BC49BF98102B5F3679A3FA2AC25FB629D448652D9938F ] RasAgileVpn C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
09:43:21.0056 0x1870 RasAgileVpn - ok
09:43:21.0088 0x1870 [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto C:\WINDOWS\System32\rasauto.dll
09:43:21.0088 0x1870 RasAuto - ok
09:43:21.0103 0x1870 [ BBB6272B7F46C4640A8CDB8A70C3450F, 4266C3ABD0D1D0219F715EA0F155744F7C1E3A7B722BE863831B57AE785419A2 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:43:21.0103 0x1870 Rasl2tp - ok
09:43:21.0134 0x1870 [ BF3B17016764F20F9D28CF1A8DC210C0, F64B410D444D4A3DFEE356EFC5B758781FA2612771EDCF72DB91D3120385D7DB ] RasMan C:\WINDOWS\System32\rasmans.dll
09:43:21.0150 0x1870 RasMan - ok
09:43:21.0166 0x1870 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:43:21.0166 0x1870 RasPppoe - ok
09:43:21.0181 0x1870 [ 2B0F1677CDD08967005F34488559BC6F, FFF168EBD171C0B85A448AD1A04F66534E889AE1DC128F68EA3F35D5996C8D39 ] RasSstp C:\WINDOWS\system32\DRIVERS\rassstp.sys
09:43:21.0181 0x1870 RasSstp - ok
09:43:21.0197 0x1870 [ B939A2A0F9D6C6C186721E268EB6FA93, 8AF03945428D8F0E9B6DE1C24627336398320C7C78E5F594E0A57AB2DB6E0A24 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:43:21.0213 0x1870 rdbss - ok
09:43:21.0244 0x1870 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
09:43:21.0244 0x1870 rdpbus - ok
09:43:21.0259 0x1870 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
09:43:21.0259 0x1870 RDPDR - ok
09:43:21.0275 0x1870 [ 858776908AF838E3790F3261B799CDA6, 5BE4658540382D1B2F46E503CE175D74E3870FE492B8B8F37C3CFB34FF8E2DA8 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
09:43:21.0275 0x1870 RdpVideoMiniport - ok
09:43:21.0306 0x1870 [ 847C6A08912C3515807049C93E526D65, 74AFC58793B43E73614D2F49B19FB360091E208097696D9DF0B0354761E0B30F ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
09:43:21.0306 0x1870 rdyboost - ok
09:43:21.0338 0x1870 [ 036746D54347FD2D0385668E2A4064E4, 7C670176176C86D6C3814367A6282A78F4E950F84DDEDA849829236C891F5BB9 ] ReFS C:\WINDOWS\system32\drivers\ReFS.sys
09:43:21.0353 0x1870 ReFS - ok
09:43:21.0416 0x1870 [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
09:43:21.0416 0x1870 RemoteAccess - ok
09:43:21.0463 0x1870 [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
09:43:21.0478 0x1870 RemoteRegistry - ok
09:43:21.0525 0x1870 [ 02307C86CB24769306B0DFA0C751952E, 637D90161C477995925936E4807B57EA80BE11761B26F5FC1B4B0F3EB52FBA87 ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
09:43:21.0525 0x1870 RFCOMM - ok
09:43:21.0556 0x1870 [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
09:43:21.0572 0x1870 RpcEptMapper - ok
09:43:21.0603 0x1870 [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator C:\WINDOWS\system32\locator.exe
09:43:21.0603 0x1870 RpcLocator - ok
09:43:21.0650 0x1870 [ 3FD5AE42EC87C6F532A931F96BE731DD, 8282823022391ACF65E23F461FCE5CAFFB5ADC077647FEF80B91BC4BC31EDFE2 ] RpcSs C:\WINDOWS\system32\rpcss.dll
09:43:21.0681 0x1870 RpcSs - ok
09:43:21.0713 0x1870 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
09:43:21.0728 0x1870 rspndr - ok
09:43:21.0760 0x1870 [ 8EB6DCEB7473C232D8BC9A886E3183AC, D81B089443306AD9D89F59DBC5F9C2F5B6A86112B4AB59316B97EE7D8B97D2FA ] RSUSBVSTOR C:\WINDOWS\System32\Drivers\RtsUVStor.sys
09:43:21.0775 0x1870 RSUSBVSTOR - ok
09:43:21.0806 0x1870 [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168 C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
09:43:21.0822 0x1870 RTL8168 - ok
09:43:21.0838 0x1870 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
09:43:21.0838 0x1870 s3cap - ok
09:43:21.0869 0x1870 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs C:\WINDOWS\system32\lsass.exe
09:43:21.0869 0x1870 SamSs - ok
09:43:21.0916 0x1870 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
09:43:21.0916 0x1870 sbp2port - ok
09:43:22.0056 0x1870 [ 794D4B48DFB6E999537C7C3947863463, 93DA8AA20D6B02A3360E7F56150F126E75266E9372E6409D42B89DA588EF49C3 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
09:43:22.0088 0x1870 SBSDWSCService - ok
09:43:22.0135 0x1870 [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
09:43:22.0135 0x1870 SCardSvr - ok
09:43:22.0166 0x1870 [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
09:43:22.0166 0x1870 ScDeviceEnum - ok
09:43:22.0213 0x1870 [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
09:43:22.0213 0x1870 scfilter - ok
09:43:22.0275 0x1870 [ 888A30EAB651502352C18745367FD179, 00CD9FA55F3E896D8BA81368DF1E855E2F64B5AC488EB4F9BF2C4E45ED63FD5F ] Schedule C:\WINDOWS\system32\schedsvc.dll
09:43:22.0306 0x1870 Schedule - ok
09:43:22.0338 0x1870 [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
09:43:22.0338 0x1870 SCPolicySvc - ok
09:43:22.0400 0x1870 [ 2F9A3380B8C0380E5608E29C7AA66899, 56D1908437DD3791E54866819E39CC89586C5CD804F47B556416FA8642D88CBB ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
09:43:22.0416 0x1870 sdbus - ok
09:43:22.0447 0x1870 [ 4EAF4DCF9DBD9A56952A58F56D61C005, BCA42FD1553569D3603008CC97D88FD309E87F8A8B1522A4287A0E81CAE6C294 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
09:43:22.0463 0x1870 sdstor - ok
09:43:22.0478 0x1870 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys
09:43:22.0478 0x1870 secdrv - ok
09:43:22.0510 0x1870 [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon C:\WINDOWS\system32\seclogon.dll
09:43:22.0525 0x1870 seclogon - ok
09:43:22.0541 0x1870 [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS C:\WINDOWS\System32\sens.dll
09:43:22.0541 0x1870 SENS - ok
09:43:22.0572 0x1870 [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
09:43:22.0588 0x1870 SensrSvc - ok
09:43:22.0619 0x1870 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
09:43:22.0619 0x1870 SerCx - ok
09:43:22.0650 0x1870 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
09:43:22.0666 0x1870 SerCx2 - ok
09:43:22.0682 0x1870 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
09:43:22.0682 0x1870 Serenum - ok
09:43:22.0728 0x1870 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\WINDOWS\System32\drivers\serial.sys
09:43:22.0728 0x1870 Serial - ok
09:43:22.0760 0x1870 [ 0BD2B65DCE756FDE95A2E5CCCBF7705D, F13FAFEC8FCF3E796196562717C433CE359A74A3E5876AB070647C717AF74028 ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
09:43:22.0760 0x1870 sermouse - ok
09:43:22.0807 0x1870 [ 441E6FF1F34D7A942946DB42A15FB519, A16BA505B74C7A2ADD08BD5B50728C2AD55062E0ABABAD7E3EE0EB97F3725523 ] SessionEnv C:\WINDOWS\system32\sessenv.dll
09:43:22.0822 0x1870 SessionEnv - ok
09:43:22.0822 0x1870 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
09:43:22.0838 0x1870 sfloppy - ok
09:43:22.0869 0x1870 [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
09:43:22.0885 0x1870 SharedAccess - ok
09:43:22.0947 0x1870 [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:43:22.0978 0x1870 ShellHWDetection - ok
09:43:23.0010 0x1870 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
09:43:23.0010 0x1870 SiSRaid2 - ok
09:43:23.0025 0x1870 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
09:43:23.0025 0x1870 SiSRaid4 - ok
09:43:23.0213 0x1870 [ D0776778A9FC5E37F2E9EB21FC8A9709, 37FA45B666DE664FDA378AA755F2FC9E1DF4674651EEE451253D99C04488CCD9 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
09:43:23.0275 0x1870 Skype C2C Service - ok
09:43:23.0322 0x1870 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:43:23.0322 0x1870 SkypeUpdate - ok
09:43:23.0353 0x1870 [ 4A2972573225A2DE4DEC0AD68529DF0F, CA0F7AF29019B18C37AE2C31361C765AB4156F9E7C3E65237C7D68345D22C634 ] SmbDrvI C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
09:43:23.0353 0x1870 SmbDrvI - ok
09:43:23.0416 0x1870 [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost C:\WINDOWS\System32\smphost.dll
09:43:23.0416 0x1870 smphost - ok
09:43:23.0447 0x1870 [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
09:43:23.0447 0x1870 SNMPTRAP - ok
09:43:23.0525 0x1870 [ F6EBE514D13ECE7EDC23440039CDF9AB, B58072BE7E4E52704C7B1D52DD49F469542B4B015C6D560369EEC1B046AFB254 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
09:43:23.0525 0x1870 spaceport - ok
09:43:23.0557 0x1870 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
09:43:23.0572 0x1870 SpbCx - ok
09:43:23.0603 0x1870 [ FE0CB40F36D3FCDD3A1B312EF72C38D5, 42EA50869752164764DFE8CE7E1C247BE8342A0C15F39158DC808E8A692C460F ] Spooler C:\WINDOWS\System32\spoolsv.exe
09:43:23.0619 0x1870 Spooler - ok
09:43:23.0791 0x1870 [ E6DEC72A2A23FAA53EB9FEC3C7E29D66, 58BB3B9D50DFFF99E790D5B768FAA387F16385436BA6EB704BE6DB1F63B8E4B2 ] sppsvc C:\WINDOWS\system32\sppsvc.exe
09:43:23.0994 0x1870 sppsvc - ok
09:43:24.0025 0x1870 [ 2B78788A1485F9B99A578A299DF42C02, A87183A9B13585C9E850437A45237105D39D7F3212ADB079D6AB430B67A59643 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
09:43:24.0041 0x1870 srv - ok
09:43:24.0072 0x1870 [ C1AE59C0B0817236EC083A91C396005A, 26F05ECB44C300DA8F333B115727C31C5C8252C83F37F0AE7DFF89B267599CDF ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
09:43:24.0072 0x1870 srv2 - ok
09:43:24.0104 0x1870 [ 77195C32175FC63D6054EBA5A066D727, 22F5D26809BC9288021620040FC7B7BB76708D434C863B3C0C20F73200C1C6A9 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
09:43:24.0104 0x1870 srvnet - ok
09:43:24.0150 0x1870 [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
09:43:24.0166 0x1870 SSDPSRV - ok
09:43:24.0213 0x1870 [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
09:43:24.0213 0x1870 SstpSvc - ok
09:43:24.0276 0x1870 [ 882E2063832AA21716D2C17F11BE4079, 8E2E20960B1D6A2E9C26AB1E1A7BD4571C12B04DD73BB0BA77A22111B78ACD37 ] Start8 C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
09:43:24.0276 0x1870 Start8 - ok
09:43:24.0322 0x1870 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
09:43:24.0322 0x1870 stexstor - ok
09:43:24.0385 0x1870 [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc C:\WINDOWS\System32\wiaservc.dll
09:43:24.0416 0x1870 stisvc - ok
09:43:24.0447 0x1870 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
09:43:24.0463 0x1870 storahci - ok
09:43:24.0479 0x1870 [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt C:\WINDOWS\system32\DRIVERS\vmstorfl.sys
09:43:24.0479 0x1870 storflt - ok
09:43:24.0510 0x1870 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
09:43:24.0510 0x1870 stornvme - ok
09:43:24.0526 0x1870 [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc C:\WINDOWS\system32\storsvc.dll
09:43:24.0541 0x1870 StorSvc - ok
09:43:24.0541 0x1870 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
09:43:24.0541 0x1870 storvsc - ok
09:43:24.0572 0x1870 [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc C:\WINDOWS\system32\svsvc.dll
09:43:24.0572 0x1870 svsvc - ok
09:43:24.0588 0x1870 [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum C:\WINDOWS\System32\drivers\swenum.sys
09:43:24.0588 0x1870 swenum - ok
09:43:24.0635 0x1870 [ A5DC2E63F5E5D3C0B843307374998479, B3156296D1750FEAF2354E217735B8D888C50599869233FB1B537167F2CECE0B ] swprv C:\WINDOWS\System32\swprv.dll
09:43:24.0650 0x1870 swprv - ok
09:43:24.0697 0x1870 [ 157DFCD1E83E964A5074742AE2DFA0C1, D6F4567F42402938F54A1E482BAE3B02E1BD5AF3788835A63829A3652E5DDA67 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
09:43:24.0713 0x1870 SynTP - ok
09:43:24.0760 0x1870 [ E45DA7CBBA34510C8B9473AD7D4FFD0B, 89C2AED757D86C276D78D29D94DCBF9C1B6A244A2153EC85CCB2E86C5F078387 ] SysMain C:\WINDOWS\system32\sysmain.dll
09:43:24.0791 0x1870 SysMain - ok
09:43:24.0838 0x1870 [ 373382005ACB27CB16ED16722FBE946A, A1F86A014A518B3C2EC22A8DD830111E3B2A71D860ECA65A96BC82560802ACF4 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
09:43:24.0854 0x1870 SystemEventsBroker - ok
09:43:24.0885 0x1870 [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
09:43:24.0901 0x1870 TabletInputService - ok
09:43:24.0916 0x1870 [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
09:43:24.0932 0x1870 TapiSrv - ok
09:43:25.0057 0x1870 [ 6617F44D2432C529B2249A0498B6B40A, E108D3949DE29FE3D3302337725B835BD182CD1CD9424A54829251178D0F49D3 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
09:43:25.0104 0x1870 Tcpip - ok
09:43:25.0151 0x1870 [ 6617F44D2432C529B2249A0498B6B40A, E108D3949DE29FE3D3302337725B835BD182CD1CD9424A54829251178D0F49D3 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:43:25.0197 0x1870 TCPIP6 - ok
09:43:25.0213 0x1870 [ 33A7D83EEB15431773A6E186CFAABA21, AC5100A76CA44BFADF4A54FDB09FF5D2FF13B9F8482DC1AE86C8C27005F77B0F ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
09:43:25.0213 0x1870 tcpipreg - ok
09:43:25.0244 0x1870 [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
09:43:25.0244 0x1870 tdx - ok
09:43:25.0244 0x1870 Teefer2 - ok
09:43:25.0260 0x1870 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
09:43:25.0260 0x1870 terminpt - ok
09:43:25.0338 0x1870 [ 2C77831737491F4D684D315B95C62883, 90A2574A281F19646CFCDA5FDF40063220058290D2D5523AD91B7E709EC36D3D ] TermService C:\WINDOWS\System32\termsrv.dll
09:43:25.0354 0x1870 TermService - ok
09:43:25.0369 0x1870 [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes C:\WINDOWS\system32\themeservice.dll
09:43:25.0369 0x1870 Themes - ok
09:43:25.0401 0x1870 [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER C:\WINDOWS\system32\mmcss.dll
09:43:25.0401 0x1870 THREADORDER - ok
09:43:25.0416 0x1870 [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
09:43:25.0432 0x1870 TimeBroker - ok
09:43:25.0479 0x1870 [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM C:\WINDOWS\system32\drivers\tpm.sys
09:43:25.0479 0x1870 TPM - ok
09:43:25.0510 0x1870 [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks C:\WINDOWS\System32\trkwks.dll
09:43:25.0526 0x1870 TrkWks - ok
09:43:25.0572 0x1870 [ DA56FFA46030E6FEB215E3D5DAA65B11, 36B5EED8F9044475000362DBFC8A2A40B889ED46382CCEFB6BA04BE0442F98C2 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
09:43:25.0572 0x1870 TrustedInstaller - ok
09:43:25.0619 0x1870 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
09:43:25.0619 0x1870 TsUsbFlt - ok
09:43:25.0635 0x1870 [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
09:43:25.0635 0x1870 TsUsbGD - ok
09:43:25.0666 0x1870 [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys
09:43:25.0666 0x1870 tunnel - ok
09:43:25.0697 0x1870 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
09:43:25.0697 0x1870 uagp35 - ok
09:43:25.0760 0x1870 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
09:43:25.0760 0x1870 UASPStor - ok
09:43:25.0807 0x1870 [ 5D1B430EA11064C56E7C8F84B90DEB6A, 874D9EE807F16321C4857030F9C18D2B925785FD4BB7ED047AF9535BF3F30D84 ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys
09:43:25.0807 0x1870 UCX01000 - ok
09:43:25.0838 0x1870 [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
09:43:25.0854 0x1870 udfs - ok
09:43:25.0885 0x1870 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
09:43:25.0885 0x1870 UEFI - ok
09:43:25.0932 0x1870 [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
09:43:25.0932 0x1870 UI0Detect - ok
09:43:25.0947 0x1870 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
09:43:25.0947 0x1870 uliagpkx - ok
09:43:25.0979 0x1870 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
09:43:25.0979 0x1870 umbus - ok
09:43:25.0979 0x1870 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
09:43:25.0979 0x1870 UmPass - ok
09:43:26.0026 0x1870 [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
09:43:26.0041 0x1870 UmRdpService - ok
09:43:26.0119 0x1870 [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
09:43:26.0135 0x1870 UNS - ok
09:43:26.0166 0x1870 [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost C:\WINDOWS\System32\upnphost.dll
09:43:26.0182 0x1870 upnphost - ok
09:43:26.0229 0x1870 [ 433ECDE01A52691FA7ACA51C10C09B70, B896296A3F8EF2AF3AC5F0091B9848156608586F1E10A95D70700BAB51E8062A ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
09:43:26.0229 0x1870 usbccgp - ok
09:43:26.0260 0x1870 [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
09:43:26.0260 0x1870 usbcir - ok
09:43:26.0291 0x1870 [ 5477D6E27C7D266EF8C152B9A25ADE5E, FEE81677D284A78A0C0FB60F887A952CFC759AE78B01206D73F59FE33612C519 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
09:43:26.0291 0x1870 usbehci - ok
09:43:26.0369 0x1870 [ DF56C2C04EFA328D7A66B69007130266, 719316EB25A8C7B82C7941D1C5B964CC4EDA4A997732F481526DE7356F6FC0D8 ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
09:43:26.0385 0x1870 usbhub - ok
09:43:26.0494 0x1870 [ C0E33820326199CE3CFD3B9F27F81D99, C67F55E7DD6F7FC4A96256A14A805D39C5CE8725FD86675C6C860B3DE8E4DBC3 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
09:43:26.0510 0x1870 USBHUB3 - ok
09:43:26.0541 0x1870 [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
09:43:26.0541 0x1870 usbohci - ok
09:43:26.0557 0x1870 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
09:43:26.0557 0x1870 usbprint - ok
09:43:26.0588 0x1870 [ B1230E9813B5C7E762DF27756AA23917, 985203D267C2BF5FA88FE043785DF3DDFD796CB3CC4007E171AF63F41C413239 ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
09:43:26.0604 0x1870 USBSTOR - ok
09:43:26.0619 0x1870 [ BA4FA655E0FC577DB7436FC963932CE4, 3336FDECD4AEC6B316D4C0803E22A12719EBEDD1A9427C0DF5D3B263BE600EE6 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
09:43:26.0619 0x1870 usbuhci - ok
09:43:26.0697 0x1870 [ 3B44CB989757428208CCFCC028C13110, E71BFA4BB0F4FAEDA79606C44F7DAAB317CD99C9382942E5830F440CF96D9B35 ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
09:43:26.0713 0x1870 USBXHCI - ok
09:43:26.0729 0x1870 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc C:\WINDOWS\system32\lsass.exe
09:43:26.0729 0x1870 VaultSvc - ok
09:43:26.0744 0x1870 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
09:43:26.0744 0x1870 vdrvroot - ok
09:43:26.0838 0x1870 [ CFBAD6B48EDFAA0828A52646B7C4C08D, DDC7D607E784CE6FB5BC62E53E6309EB583D74425E6D3FC8F3D3EC705D69C075 ] vds C:\WINDOWS\System32\vds.exe
09:43:26.0870 0x1870 vds - ok
09:43:26.0901 0x1870 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
09:43:26.0901 0x1870 VerifierExt - ok
09:43:27.0026 0x1870 [ 041D3EF364E624DBB2703A64A5AADF89, 94A52A35AFDD09EBCC4266BD6D44014AAB4BBDFD3F6E8C997A1CA49DFB48F60D ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
09:43:27.0041 0x1870 vhdmp - ok
09:43:27.0088 0x1870 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\WINDOWS\system32\drivers\viaide.sys
09:43:27.0088 0x1870 viaide - ok
09:43:27.0151 0x1870 [ 71B51CF0B12E216D1FA8262B3B8E7DB4, E392CE09E02519AD2E31FB42ECEEDA5D252A9F3F1F9E137AA0726784EF7DFB71 ] vm332avs C:\WINDOWS\System32\Drivers\vm332avs.sys
09:43:27.0182 0x1870 vm332avs - ok
09:43:27.0198 0x1870 [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
09:43:27.0198 0x1870 vmbus - ok
09:43:27.0213 0x1870 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
09:43:27.0213 0x1870 VMBusHID - ok
09:43:27.0260 0x1870 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
09:43:27.0260 0x1870 vmicguestinterface - ok
09:43:27.0291 0x1870 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
09:43:27.0291 0x1870 vmicheartbeat - ok
09:43:27.0307 0x1870 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
09:43:27.0323 0x1870 vmickvpexchange - ok
09:43:27.0338 0x1870 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
09:43:27.0354 0x1870 vmicrdv - ok
09:43:27.0370 0x1870 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
09:43:27.0385 0x1870 vmicshutdown - ok
09:43:27.0401 0x1870 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
09:43:27.0401 0x1870 vmictimesync - ok
09:43:27.0416 0x1870 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
09:43:27.0432 0x1870 vmicvss - ok
09:43:27.0479 0x1870 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
09:43:27.0479 0x1870 volmgr - ok
09:43:27.0510 0x1870 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
09:43:27.0526 0x1870 volmgrx - ok
09:43:27.0573 0x1870 [ 9F9CE33B50611A1C61A46B8911E0B30B, FE4EDF16CE8FC36BB2125FC7D1CF45C65B06A2C31D426635115D879987DF2159 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
09:43:27.0588 0x1870 volsnap - ok
09:43:27.0620 0x1870 [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
09:43:27.0620 0x1870 vpci - ok
09:43:27.0682 0x1870 [ 3B98AB9849754CB88265111422441DF7, 209A787A31918939DFFF7A75B8ED857620FA044DA95DBFED4B8E83140590AB4E ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
09:43:27.0713 0x1870 vpnagent - ok
09:43:27.0745 0x1870 [ 13E6D95E7AC67ABB7A1196557EF8849F, E1305FA88B27C4950A0A4EB9C5F64B1C5A32F1A887CEE712DBBE6E7E2FDC7116 ] vpnva C:\WINDOWS\system32\DRIVERS\vpnva64.sys
09:43:27.0745 0x1870 vpnva - ok
09:43:27.0776 0x1870 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
09:43:27.0791 0x1870 vsmraid - ok
09:43:27.0870 0x1870 [ D51D7EF1EA5ED2BB01E9D07E6E0533BC, E31118F42B316C9B6C9072D9628AA2801FC2519F1A46C9ED167843CD67183C19 ] VSS C:\WINDOWS\system32\vssvc.exe
09:43:27.0901 0x1870 VSS - ok
09:43:27.0932 0x1870 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
09:43:27.0932 0x1870 VSTXRAID - ok
09:43:27.0963 0x1870 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
09:43:27.0963 0x1870 vwifibus - ok
09:43:27.0995 0x1870 [ 6B26AD573CCDD5209DF4397438B76354, 2C8AC314EC471F6D8B0B12D49D621360A10DCADA7C52E73596730C954FF89FCF ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys
09:43:28.0010 0x1870 vwififlt - ok
09:43:28.0026 0x1870 [ 0B48E0DFB44EE475F4FD8A8EE599AF30, 28271D4CA0C642304CD8826A3D514F44E3391F9D6D07A1595BB30CE65E7E3494 ] vwifimp C:\WINDOWS\system32\DRIVERS\vwifimp.sys
09:43:28.0026 0x1870 vwifimp - ok
09:43:28.0073 0x1870 [ 7599E582CA3A6AAA95A18FFE1172D339, A0410778FBBC4302EA91CF24B944427410B4706535F1192504D4F34C3ED4503E ] W32Time C:\WINDOWS\system32\w32time.dll
09:43:28.0088 0x1870 W32Time - ok
09:43:28.0104 0x1870 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
09:43:28.0104 0x1870 WacomPen - ok
09:43:28.0151 0x1870 [ AFCD4054D61BD708B82991348ED1C763, EBDAC0E218F1DFC405DB3C8A2F014D20A17B0690EA381C750BED5C2AFCDFEBE3 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:43:28.0151 0x1870 Wanarp - ok
09:43:28.0167 0x1870 [ AFCD4054D61BD708B82991348ED1C763, EBDAC0E218F1DFC405DB3C8A2F014D20A17B0690EA381C750BED5C2AFCDFEBE3 ] Wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:43:28.0167 0x1870 Wanarpv6 - ok
09:43:28.0260 0x1870 [ 92BF4B3EBD6F163B94B7A20C65E7B698, 293E6FEFA862690A7B75443D6495144313D759971B98B495A99AAB0D2CF1F350 ] wbengine C:\WINDOWS\system32\wbengine.exe
09:43:28.0307 0x1870 wbengine - ok
09:43:28.0385 0x1870 [ 58F28103889817C93E5B5AFABC87E709, 547381B10DAC8A3CC16FB5DE6DF2FDA3CCD8F45DF581959FFF6E30875419B011 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
09:43:28.0401 0x1870 WbioSrvc - ok
09:43:28.0417 0x1870 [ 772365894F14652D376B2E5030179DC9, 3D917CED040456EB269BE2B82315CEAE3589FEC016DAE37FC5BC1C3D66DE3140 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
09:43:28.0432 0x1870 Wcmsvc - ok
09:43:28.0479 0x1870 [ D2726823DF7E19F213F4805A9D6D145F, A7F582C99918D204264D3B374F70D75984BDA5805203041E3DECB8153D16E102 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
09:43:28.0495 0x1870 wcncsvc - ok
09:43:28.0510 0x1870 [ 846C02A8B48CBD921A3D6AB521AA0DC4, B07573A774A6C65D24E5718DC25DF378270EB5B40221CA5A53B21D47838381D3 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
09:43:28.0510 0x1870 WcsPlugInService - ok
09:43:28.0557 0x1870 [ 694B28DE12AD47031FFB4B052662131A, FF3B1B1A69C82BB123073E10D9F1322ED8587F5BAC36F8AB7DAED22C7DD5C7DB ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
09:43:28.0557 0x1870 WdBoot - ok
09:43:28.0604 0x1870 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
09:43:28.0620 0x1870 Wdf01000 - ok
09:43:28.0635 0x1870 [ 0B99529A3BECC3528D865DDECB62503B, 28E6B44BDC52E212D2EB269491D3574B45EE9B19821FE15167D7FA05566C89F4 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
09:43:28.0651 0x1870 WdFilter - ok
09:43:28.0667 0x1870 [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
09:43:28.0667 0x1870 WdiServiceHost - ok
09:43:28.0667 0x1870 [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
09:43:28.0682 0x1870 WdiSystemHost - ok
09:43:28.0698 0x1870 [ 282E7D46310338FF4A6B7680440EB0DA, 04242798DD82F583154AEA3D775C9BFD574FC471D01CDEB9D070872425094D82 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
09:43:28.0698 0x1870 WdNisDrv - ok
09:43:28.0714 0x1870 WdNisSvc - ok
09:43:28.0729 0x1870 [ 6588A957873326361AB1CAC4E76F8394, BE17880CEDCAE5ED3B983443E3777842646A3E48B661422A717656E11F6DBA94 ] WebClient C:\WINDOWS\System32\webclnt.dll
09:43:28.0745 0x1870 WebClient - ok
09:43:28.0776 0x1870 [ 3274312F263882B51B964329FAF49734, 99A020377ACF0762BE5ECD2D68EB5E1497B9D59963247E725F7F96FB5DF41FAD ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
09:43:28.0792 0x1870 Wecsvc - ok
09:43:28.0807 0x1870 [ 7CDD84E0023A0C5C230B06A7965EC65E, 6EC7DC18C76D66CF9A893C3DD20F9BE3ADD76546F9A9BA42CE4F24854709F9D9 ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
09:43:28.0807 0x1870 WEPHOSTSVC - ok
09:43:28.0839 0x1870 [ AA1315B87D9B2E39584165318A59F15D, CD19608BE1F6B7AECF802F8D2DD4FCBDAA29450ED37F7D040DC6453924C7B0FE ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
09:43:28.0839 0x1870 wercplsupport - ok
09:43:28.0854 0x1870 [ 22B4C24AB921BFF7827FFBCA1F4E1BB3, B634F7018097A8E4EECDD9F032DF6A0FB6817FC3DEB92BCE6A0965B5D71D8DFA ] WerSvc C:\WINDOWS\System32\WerSvc.dll
09:43:28.0870 0x1870 WerSvc - ok
09:43:28.0901 0x1870 [ 2E3E82D7B1076B90F4E228A8EF17B261, 0492F8E0BE09DAD9922E85CCA7BCB1548CB9DC5841F46174A0657FDC59AAC3CE ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
09:43:28.0901 0x1870 WFPLWFS - ok
09:43:28.0932 0x1870 [ E06AFE2F94BA7CFA2FE4FD2A449E60E2, 99A81E16366E9E77905D873B0246E4C11B383FE1E99E0E1D9A07FAD4E52EA9E4 ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
09:43:28.0932 0x1870 WiaRpc - ok
09:43:28.0964 0x1870 [ 867BCC69ED9C31C501465EB0E8BA9DFA, 678B7FF4D4E8624514301956CDA7FB451159BBFC83FF2E4E5E7DADAE3C7AB2EC ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
09:43:28.0964 0x1870 WIMMount - ok
09:43:28.0964 0x1870 WinDefend - ok
09:43:29.0057 0x1870 [ DD079EC8F44DCA3A176B345C6ADEFB66, 6CD9371B83EA23D2181891FAE1DB285BC111A78C35F374E57666ED09860C91A9 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
09:43:29.0073 0x1870 WinHttpAutoProxySvc - ok
09:43:29.0136 0x1870 [ 9DB490F3E823C5C3C070644B96CB9D59, 81937D0B331E43C7C61514E60B3AD51370C5201F7B4D12F8534840D91EDC32DD ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
09:43:29.0136 0x1870 Winmgmt - ok
09:43:29.0261 0x1870 [ 690C3FC5C9DBD6B9AEDF8341EC720E41, 0E4412BB6DEB5761F7A889FD90821FAFD7C6E173F449EAB3A0446BA653D6AD0C ] WinRM C:\WINDOWS\system32\WsmSvc.dll
09:43:29.0307 0x1870 WinRM - ok
09:43:29.0386 0x1870 [ 9378B4E7E4E3EAE2F05823CFFF2C6EF4, 66BE95F975FAF3825DFA22BD4DA8693D37B15B83DBFDD36C7896F7363A127513 ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
09:43:29.0432 0x1870 WlanSvc - ok
09:43:29.0495 0x1870 [ C2838466CCC44FAEF2C3D4C1E5971ECB, 4CA5B1632302E59E754CEA5B3CA3977D8CE9DC7B2E8673B450BBF0D646AD7AD8 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
09:43:29.0526 0x1870 wlidsvc - ok
09:43:29.0557 0x1870 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
09:43:29.0557 0x1870 WmiAcpi - ok
09:43:29.0604 0x1870 [ 7AFAC828F52D62F304A911EC32F42EEE, 4EDCF4149069413A166169F2E23F7505F47B39B7EC319E1EF6D2C46CD140AA24 ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
09:43:29.0620 0x1870 wmiApSrv - ok
09:43:29.0636 0x1870 WMPNetworkSvc - ok
09:43:29.0729 0x1870 [ E178371E493BF17EB90FE71ABA8BE643, E6F96C62D6AD1FE65D54F6799ABC32D34DE8C6EBFF8A297CA3142EF096112FCE ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
09:43:29.0776 0x1870 workfolderssvc - ok
09:43:29.0808 0x1870 [ E746BCDBA2E02CF6B8D6B26FB167FBE0, 8875BBE444A33E0C477EF1A3899955501B7E0A9479CA8AA20DD8E6AA0D9A71E6 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
09:43:29.0823 0x1870 wpcfltr - ok
09:43:29.0839 0x1870 [ 4E6A0F60DA7EF050D3D26417CD4D24E9, E6B3BFB007B641D41F8532ED086F92CB3D86E210023DBFAA9AD8152A9FD33CCA ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll
09:43:29.0839 0x1870 WPCSvc - ok
09:43:29.0854 0x1870 [ D27491CFCE452C154CECFA155AD0EBC8, 1F3F74C253E3B07DE7EFE27C34DD9AF08617C7B03BB44C2902F69BA9DA3F21F2 ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
09:43:29.0854 0x1870 WPDBusEnum - ok
09:43:29.0870 0x1870 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
09:43:29.0886 0x1870 WpdUpFltr - ok
09:43:29.0901 0x1870 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
09:43:29.0901 0x1870 ws2ifsl - ok
09:43:29.0948 0x1870 [ 5CFA46C4ACB2FD70572017052378DAE5, F09134C4433A9E174889A16F29EA6628045B21BE4FA85275ACFD24D5DFB0D937 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
09:43:29.0948 0x1870 wscsvc - ok
09:43:29.0979 0x1870 [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice C:\WINDOWS\System32\drivers\WSDPrint.sys
09:43:29.0979 0x1870 WSDPrintDevice - ok
09:43:29.0979 0x1870 WSearch - ok
09:43:30.0120 0x1870 [ 3671C668670626DAB0D47B44F65F0489, 0B19244AEF6C819A72724B4DD4C7CD565CE825F0306FB35FC71A1AAB7D1D7FE4 ] WSService C:\WINDOWS\System32\WSService.dll
09:43:30.0183 0x1870 WSService - ok
09:43:30.0198 0x1870 [ 72B4E9DF6456C43C42A1419B09486045, 536BA7377B5BEA7EA46864453933111DB88DB8FB689C68915ACD7261A996E61D ] wsvd C:\WINDOWS\system32\DRIVERS\wsvd.sys
09:43:30.0214 0x1870 wsvd - ok
09:43:30.0354 0x1870 [ 86D0BF4F792053A50D6EE43DFA5837A5, 5705DAB9C5896F10757630439AC8FEAB5754251C6C90E9E8449220A65D1E95D5 ] wuauserv C:\WINDOWS\system32\wuaueng.dll
09:43:30.0417 0x1870 wuauserv - ok
09:43:30.0433 0x1870 [ 2FEAE33E9B2B56104596E1BA444405A9, 0A142F50E06F6224B9CB36B3CE62BE0B36DE8B8DB9F9E05D287DFB884CC7826E ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
09:43:30.0433 0x1870 WudfPf - ok
09:43:30.0479 0x1870 [ 19240C13F526125554B5370566F21A0A, 1DD88B092451CEC309A390319342BB4D36CE938BBE6D09127BBAA53960DD8E94 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
09:43:30.0495 0x1870 WUDFRd - ok
09:43:30.0511 0x1870 [ BB73CBC65AABC4EA0A5C6A1474A0A743, D644B3C6A7202CADDADB3B68FE1B2A7C76B023FE58F667EED4D538C1F4A65D64 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
09:43:30.0511 0x1870 wudfsvc - ok
09:43:30.0542 0x1870 [ 19240C13F526125554B5370566F21A0A, 1DD88B092451CEC309A390319342BB4D36CE938BBE6D09127BBAA53960DD8E94 ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
09:43:30.0542 0x1870 WUDFWpdFs - ok
09:43:30.0573 0x1870 [ 2FA9794CA36147756F3FDFD6CA29B46F, 4B86DC38C2411C281686E9A4E64DA6FB2992E39391371F78E012D6D8BB85123F ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
09:43:30.0589 0x1870 WwanSvc - ok
09:43:30.0636 0x1870 [ C6B289A70A2D36242A2CCAA2715E1747, B7B4762C16B0B9D25F4A20123CA16DA76A897460D2A20D8D1F347D618F49C8B3 ] X5XSEx_Pr148 C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys
09:43:30.0636 0x1870 X5XSEx_Pr148 - ok
09:43:30.0667 0x1870 [ 6FDEE5E0741A3FFA5E5772C6C94E3F64, 859EBC7F8FF3CE9F3301B5BF93CF0C84C2A4271F205B67D9B8DC463DC67DE661 ] XHCIPort C:\WINDOWS\System32\drivers\XHCIPort.sys
09:43:30.0683 0x1870 XHCIPort - ok
09:43:30.0698 0x1870 ================ Scan global ===============================
09:43:30.0745 0x1870 [ C89780A6F58D113C28A96D85D1261DC5, 185114F33A60916C7904E4A0F278CA43258454343E614F01F0DAFA98BAC981B1 ] C:\WINDOWS\system32\basesrv.dll
09:43:30.0792 0x1870 [ 599F1244C60E3D6C28A8DA7FBA7A2C13, 992E5EB5E3ED6172DC986085532224A148A09A4E9A4DED9556F34533EE98E4D0 ] C:\WINDOWS\system32\winsrv.dll
09:43:30.0823 0x1870 [ 9C1833ABD62876856836C5AE55C7CE86, 0A21E2C8B2FF3B0438C86DA7151A548F9C6F5C62CD402CBBEDB435994C8508F1 ] C:\WINDOWS\system32\sxssrv.dll
09:43:30.0855 0x1870 [ B4B610BBCB002EC478C6FD80CF915697, CE22B87A7C7C0D325CE66FB97E7318B4A41EE0BD14D902A410126A1EBBEAA6FB ] C:\WINDOWS\system32\services.exe
09:43:30.0870 0x1870 [ Global ] - ok
09:43:30.0870 0x1870 ================ Scan MBR ==================================
09:43:30.0886 0x1870 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
09:43:30.0901 0x1870 \Device\Harddisk0\DR0 - ok
09:43:30.0901 0x1870 ================ Scan VBR ==================================
09:43:30.0901 0x1870 [ D150F97677697360B24094B0B8115D6A ] \Device\Harddisk0\DR0\Partition1
09:43:30.0901 0x1870 \Device\Harddisk0\DR0\Partition1 - ok
09:43:30.0917 0x1870 [ F9B39588D91B23EFE8D70EDF05099F5B ] \Device\Harddisk0\DR0\Partition2
09:43:30.0917 0x1870 \Device\Harddisk0\DR0\Partition2 - ok
09:43:30.0933 0x1870 [ 7BFACD734AF054D5995AEC03B88AD242 ] \Device\Harddisk0\DR0\Partition3
09:43:30.0933 0x1870 \Device\Harddisk0\DR0\Partition3 - ok
09:43:30.0964 0x1870 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition4
09:43:30.0964 0x1870 \Device\Harddisk0\DR0\Partition4 - ok
09:43:30.0980 0x1870 [ BC0D4F77CAB2F11D70CCE364DDE4A4BD ] \Device\Harddisk0\DR0\Partition5
09:43:30.0980 0x1870 \Device\Harddisk0\DR0\Partition5 - ok
09:43:31.0011 0x1870 [ 414995331C6573BFB542719229B4E80D ] \Device\Harddisk0\DR0\Partition6
09:43:31.0011 0x1870 \Device\Harddisk0\DR0\Partition6 - ok
09:43:31.0026 0x1870 [ ADCF9696C8912693EB6F931A623B9382 ] \Device\Harddisk0\DR0\Partition7
09:43:31.0026 0x1870 \Device\Harddisk0\DR0\Partition7 - ok
09:43:31.0058 0x1870 [ 486E075097E34F21A2EC2148FBD55524 ] \Device\Harddisk0\DR0\Partition8
09:43:31.0058 0x1870 \Device\Harddisk0\DR0\Partition8 - ok
09:43:31.0058 0x1870 Waiting for KSN requests completion. In queue: 111
09:43:32.0073 0x1870 Waiting for KSN requests completion. In queue: 111
09:43:33.0074 0x1870 Waiting for KSN requests completion. In queue: 111
09:43:34.0074 0x1870 Waiting for KSN requests completion. In queue: 111
09:43:35.0090 0x1870 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.3.9600.16384 ), 0x61100 ( enabled : updated )
09:43:35.0090 0x1870 Win FW state via NFP2: enabled
09:43:37.0715 0x1870 ============================================================
09:43:37.0715 0x1870 Scan finished
09:43:37.0715 0x1870 ============================================================
09:43:37.0715 0x18e4 Detected object count: 0
09:43:37.0715 0x18e4 Actual detected object count: 0
jlissemore
Regular Member
 
Posts: 25
Joined: January 1st, 2014, 1:43 pm

Re: Malware has inactivated antivirus and firewall

Unread postby nunped » January 3rd, 2014, 12:28 pm

No, I was referring to:
FreeRide Games
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Malware has inactivated antivirus and firewall

Unread postby jlissemore » January 3rd, 2014, 12:34 pm

Hi nunped,

I apologize, not sure how I missed that in your last post.

No, I do not recognize and do not use FreeRide Games.
jlissemore
Regular Member
 
Posts: 25
Joined: January 1st, 2014, 1:43 pm

Re: Malware has inactivated antivirus and firewall

Unread postby nunped » January 3rd, 2014, 1:02 pm

No worries :)

Please proceed with the next steps:
Step 1 - Uninstall Program
These steps may not work, depending on your Windows 8 display. If they don't, please try to uninstall the program listed below using your usual way to uninstall a program.
  • Click on Start
  • Copy and paste the value below, into the Start Search entry box:
    appwiz.cpl
      Depending on your current view setting ...
    • Double click on Programs and Features.
    • Under Programs, click on Uninstall a program.
  • Locate the following program:
    FreeRide Games
  • Select the program and click on Uninstall to uninstall it.
  • Reboot your computer after this.

Step 2 - AdwCleaner - Scan/Clean
You should still have AdwCleaner on your desktop.
  1. Close ALL open programs, including your Internet browsers.
  2. Right click on adwcleaner.exe and select "Run as administrator" to run it.
  3. Click on Scan. When the scan finishes...the Clean button will become active.
  4. Click on Clean.
  5. Select OK at each prompt... to reboot the computer.
  6. A logfile C:\AdwCleaner[Sn].txt will open after you log back on the computer. ([Sn] n = number of run)
  7. Please post the content of the C:\AdwCleaner[Sn].txt logfile in your next reply.

Step 3 - OTL fix
  • Right click OTL.exe and select "Run as Administrator" to launch the program.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Do not include the words "Code: Select all". Press "Select all" to automatically select all the text on the box.
Code: Select all
:commands
[createrestorepoint]

:OTL
DRV - [2012/08/02 17:57:30 | 000,056,136 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.sys -- (X5XSEx_Pr148)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentControl,version=7.1.0.1: C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files (x86)\FreeRide Games\npExentControl.dll

:files
ipconfig /flushdns /c

:commands
[emptytemp]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Step 4 - SystemLook
Please download SystemLook from the link below and save it to your Desktop.

For 64 bit Systems
  • Right-click SystemLook.exe and select "Run as Administrator" to run it.
  • Copy and paste the content of the following codebox into the main textfield: Do not include the words Code: select all
  • (Click the select all button next to code to select the entire script).

    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *freeride*
    *exent*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *freeride*
    *exent*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    freeride
    exent
    
  • Click the Look button to start the scan.
    The scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Malware has inactivated antivirus and firewall

Unread postby jlissemore » January 3rd, 2014, 7:48 pm

Hi nunped

I did the uninstall procedure as you described. All other scans completed. I will send them in three separate replies.

AdwCleaner results:

# AdwCleaner v3.016 - Report created 03/01/2014 at 18:18:01
# Updated 23/12/2013 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : jlissemore - LISSEMORE
# Running from : C:\Users\jlissemore\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\jlissemore\AppData\Roaming\Mozilla\Firefox\Profiles\jedpc8xz.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\jlissemore\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1800 octets] - [03/01/2014 09:31:47]
AdwCleaner[R1].txt - [1860 octets] - [03/01/2014 09:33:36]
AdwCleaner[R2].txt - [1920 octets] - [03/01/2014 18:17:02]
AdwCleaner[S0].txt - [1847 octets] - [03/01/2014 18:18:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1907 octets] ##########
jlissemore
Regular Member
 
Posts: 25
Joined: January 1st, 2014, 1:43 pm

Re: Malware has inactivated antivirus and firewall

Unread postby jlissemore » January 3rd, 2014, 7:49 pm

OTL fix results:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named X5XSEx_Pr148 was found to stop!
Service\Driver key X5XSEx_Pr148 not found.
File C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@exent.com/npExentControl,version=7.1.0.1\ not found.
File C:\Program Files (x86)\FreeRide Games\npExentControl.dll not found.
File C:\Program Files (x86)\FreeRide Games\npExentControl.dll not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\jlissemore\Desktop\cmd.bat deleted successfully.
C:\Users\jlissemore\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: ADMINI~1
->Temp folder emptied: 378264 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default.migrated

User: jlissemore
->Temp folder emptied: 250298931 bytes
->Temporary Internet Files folder emptied: 21800410 bytes
->Java cache emptied: 2350260 bytes
->FireFox cache emptied: 248802829 bytes
->Google Chrome cache emptied: 425848646 bytes
->Flash cache emptied: 79225 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5793050 bytes
RecycleBin emptied: 7644 bytes

Total Files Cleaned = 911.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01032014_182625

Files\Folders moved on Reboot...
C:\Users\jlissemore\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
jlissemore
Regular Member
 
Posts: 25
Joined: January 1st, 2014, 1:43 pm

Re: Malware has inactivated antivirus and firewall

Unread postby jlissemore » January 3rd, 2014, 7:49 pm

SystemLook results:

SystemLook 04.09.10 by jpshortstuff
Log created at 18:39 on 03/01/2014 by jlissemore
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.1.337_x64__8wekyb3d8bbwe\AppCode\Data\SearchQueryData.js --a---- 11153 bytes [01:41 23/12/2013] [01:42 23/12/2013] 488DEF849AF5BD60D2F6BB3C48AEF106

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*freeride*"
No files found.

Searching for "*exent*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*freeride*"
C:\ProgramData\FreeRide Games d------ [00:25 19/09/2012]
C:\Users\All Users\FreeRide Games d------ [00:25 19/09/2012]

Searching for "*exent*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{743C3ACF-13EE-579F-AAFE-2A507E236308}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingSports_3.0.1.203_x64__8wekyb3d8bbwe\ActivatableClassId\AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9f41624-2083-45cd-ac36-af8119a22a41}]
@="CLocationSearchQuery"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
@="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
@="ISearchQueryCondition"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
@="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
@="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
@="ISearchQueryCondition"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
@="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{1E041E06-E1C5-4B7B-ADD3-20E32D155C2E}]
"ActivatableClassId"="Windows.ApplicationModel.Search.SearchQueryLinguisticDetails"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WindowsRuntime\CLSID\{1E041E06-E1C5-4B7B-ADD3-20E32D155C2E}]
"ActivatableClassId"="Windows.ApplicationModel.Search.SearchQueryLinguisticDetails"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
@="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
@="ISearchQueryCondition"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
@="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"
[HKEY_USERS\S-1-5-21-2147095363-1574057819-792747057-1001\Software\Classes\ActivatableClasses\CLSID\{743C3ACF-13EE-579F-AAFE-2A507E236308}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"
[HKEY_USERS\S-1-5-21-2147095363-1574057819-792747057-1001\Software\Classes\ActivatableClasses\Package\Microsoft.BingSports_3.0.1.203_x64__8wekyb3d8bbwe\ActivatableClassId\AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery]
[HKEY_USERS\S-1-5-21-2147095363-1574057819-792747057-1001_Classes\ActivatableClasses\CLSID\{743C3ACF-13EE-579F-AAFE-2A507E236308}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"
[HKEY_USERS\S-1-5-21-2147095363-1574057819-792747057-1001_Classes\ActivatableClasses\Package\Microsoft.BingSports_3.0.1.203_x64__8wekyb3d8bbwe\ActivatableClassId\AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery]

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-2147095363-1574057819-792747057-1001\Software\Trolltech]
[HKEY_USERS\S-1-5-21-2147095363-1574057819-792747057-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "freeride"
No data found.

Searching for "exent"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{301021B6-DC4F-532C-BF06-A0BFD35E9E57}]
"ActivatableClassId"="Microsoft.SpeechService.Client.AppSearch.IndexEntryFactory"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingSports_3.0.1.203_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.SpeechService.Client.AppSearch.IndexEntryFactory]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5FB1E1AE-138D-45B3-809C-A41858AA44D9}]
@="ExentStub Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{4FF78044-96B4-4312-A5B7-FDA3CB328095}\Contains\Files]
"C:\windows\Downloaded Program Files\ExentControl.ocx"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/windows/Downloaded Program Files/ExentControl.ocx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5FB1E1AE-138D-45B3-809C-A41858AA44D9}]
@="ExentStub Class"
[HKEY_USERS\S-1-5-21-2147095363-1574057819-792747057-1001\Software\Classes\ActivatableClasses\CLSID\{301021B6-DC4F-532C-BF06-A0BFD35E9E57}]
"ActivatableClassId"="Microsoft.SpeechService.Client.AppSearch.IndexEntryFactory"
[HKEY_USERS\S-1-5-21-2147095363-1574057819-792747057-1001\Software\Classes\ActivatableClasses\Package\Microsoft.BingSports_3.0.1.203_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.SpeechService.Client.AppSearch.IndexEntryFactory]
[HKEY_USERS\S-1-5-21-2147095363-1574057819-792747057-1001_Classes\ActivatableClasses\CLSID\{301021B6-DC4F-532C-BF06-A0BFD35E9E57}]
"ActivatableClassId"="Microsoft.SpeechService.Client.AppSearch.IndexEntryFactory"
[HKEY_USERS\S-1-5-21-2147095363-1574057819-792747057-1001_Classes\ActivatableClasses\Package\Microsoft.BingSports_3.0.1.203_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.SpeechService.Client.AppSearch.IndexEntryFactory]

-= EOF =-
jlissemore
Regular Member
 
Posts: 25
Joined: January 1st, 2014, 1:43 pm

Re: Malware has inactivated antivirus and firewall

Unread postby nunped » January 5th, 2014, 11:20 am

Hi jlissemore,

Step 1 - OTL fix
  • Right click OTL.exe and select "Run as Administrator" to launch the program.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Do not include the words "Code: Select all". Press "Select all" to automatically select all the text on the box.
Code: Select all
:commands
[createrestorepoint]

:files
C:\ProgramData\FreeRide Games
C:\Users\All Users\FreeRide Games

:reg
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-2147095363-1574057819-792747057-1001\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5FB1E1AE-138D-45B3-809C-A41858AA44D9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5FB1E1AE-138D-45B3-809C-A41858AA44D9}]

:commands
[emptytemp]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.


Can you tell me how is your computer behaving?
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Malware has inactivated antivirus and firewall

Unread postby jlissemore » January 5th, 2014, 11:38 am

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\ProgramData\FreeRide Games folder moved successfully.
File\Folder C:\Users\All Users\FreeRide Games not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2147095363-1574057819-792747057-1001\Software\Trolltech\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5FB1E1AE-138D-45B3-809C-A41858AA44D9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FB1E1AE-138D-45B3-809C-A41858AA44D9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5FB1E1AE-138D-45B3-809C-A41858AA44D9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FB1E1AE-138D-45B3-809C-A41858AA44D9}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: ADMINI~1
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default.migrated

User: jlissemore
->Temp folder emptied: 842880 bytes
->Temporary Internet Files folder emptied: 628426 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 34129749 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30020 bytes
RecycleBin emptied: 40269 bytes

Total Files Cleaned = 34.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01052014_103256

Files\Folders moved on Reboot...
C:\Users\jlissemore\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
C:\WINDOWS\temp\winstore.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Computer seems to be running fine. But I will have to reinstall my Symantec Endpoint Protection and see how that is working before I can tell you that it is back to normal. Thanks so much for your help so far.
jlissemore
Regular Member
 
Posts: 25
Joined: January 1st, 2014, 1:43 pm

Re: Malware has inactivated antivirus and firewall

Unread postby nunped » January 5th, 2014, 12:23 pm

Please, try to reinstall and tell me how it goes.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Malware has inactivated antivirus and firewall

Unread postby jlissemore » January 5th, 2014, 3:47 pm

Hi nunped. I was unable to install Symantec Endpoint protection. I tried three times and it started the install process but did not complete it. I did not get any error messages either. Windows Defender says it is working, (I had disabled it before trying to install SEP), so the computer seems fine. I don't know if the SEP installation problem has anything to do with the malware or if there is some other issue with SEP. I will contact my employer's IT staff for advice about the SEP installation.

Any other advice you can suggest?
jlissemore
Regular Member
 
Posts: 25
Joined: January 1st, 2014, 1:43 pm

Re: Malware has inactivated antivirus and firewall

Unread postby nunped » January 5th, 2014, 5:59 pm

Hi jlissemore,

Your computer appears to be free from malware.

Now, some clean-up steps:

OTL-Cleanup
You should still have this on your desktop, if so, please ignore the download instructions.
Please download OTL Save it to your Desktop.
  1. Right click on OTL.exe select "Run As Administrator" to run it
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal... please select OK to reboot your computer.
If you did not reboot your computer normally, please do so now, before continuing.


Stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly

Please reply to this post so I know you have read it. If you don't have any further questions this thread will be closed.

Safe surfing! ;)
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 125 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware