Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[Adware] Deal Finder & Cloudscout removal help [Solved]


  • This topic is locked This topic is locked

#1
axxon007

axxon007

    Member

  • Member
  • PipPip
  • 10 posts

Hi everyone,

I have some problems with adware Deal Finder and Cloudscout. I have followed some suggestions, but they didn't work. Deal Finder still shows up on chrome when I go to shopping sites like Amazon, ebay.

 

Here is OTL Log.

 

OTL logfile created on: 1/01/2015 4:49:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ThanhUTS\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17183)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy


5.89 Gb Total Physical Memory | 3.53 Gb Available Physical Memory | 59.92% Memory free
11.89 Gb Paging File | 9.55 Gb Available in Paging File | 80.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 113.69 Gb Total Space | 72.44 Gb Free Space | 63.71% Space Free | Partition Type: NTFS
Drive D: | 195.31 Gb Total Space | 193.61 Gb Free Space | 99.13% Space Free | Partition Type: NTFS
Drive E: | 146.48 Gb Total Space | 130.15 Gb Free Space | 88.85% Space Free | Partition Type: NTFS


Computer Name: THANH | User Name: ThanhUTS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2015/01/01 16:47:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ThanhUTS\Downloads\OTL.exe
PRC - [2014/12/15 22:29:59 | 005,476,112 | ---- | M] (TeamViewer GmbH) -- c:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
PRC - [2014/12/15 22:29:58 | 016,362,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer.exe
PRC - [2014/12/15 22:29:58 | 005,426,448 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
PRC - [2014/12/15 22:07:21 | 000,229,136 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\tv_w32.exe
PRC - [2014/12/06 12:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/04/17 22:53:46 | 000,181,936 | ---- | M] (NoMachine) -- C:\Program Files (x86)\NoMachine Enterprise Client\bin\nxfsd.exe
PRC - [2013/12/21 17:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/13 06:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2012/12/14 00:44:31 | 000,544,840 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012/08/05 10:02:22 | 001,548,952 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe
PRC - [2012/07/20 20:09:42 | 000,193,576 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe
PRC - [2012/07/19 02:10:34 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/07/19 02:10:32 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/07/19 02:10:26 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/07/19 02:10:18 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2006/04/19 10:55:00 | 000,675,840 | ---- | M] () -- C:\Program Files (x86)\UniKey Vista 2.0\UniKeyVista2.0.exe




[color=#E56717]========== Modules (No Company Name) ==========[/color]


MOD - [2014/12/06 12:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014/12/06 12:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
MOD - [2014/12/06 12:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
MOD - [2014/12/06 12:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
MOD - [2006/04/19 10:55:00 | 000,675,840 | ---- | M] () -- C:\Program Files (x86)\UniKey Vista 2.0\UniKeyVista2.0.exe
MOD - [2006/04/19 10:53:51 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\UniKey Vista 2.0\UKHook40.dll




[color=#E56717]========== Services (SafeList) ==========[/color]


SRV:[b]64bit:[/b] - File not found [Auto | Stopped] -- C:\Program Files\010\wcejvfgvem32.exe run options=00100010100000000000000000000000 source=9F5A23BE-4D8D-48F3-AF6A-1EFE6B021C16 -- (wcejvfgvem32)
SRV:[b]64bit:[/b] - File not found [Auto | Stopped] -- C:\Program Files\Kromtech\Common\AccountService.exe -- (KromtechAccountService)
SRV:[b]64bit:[/b] - File not found [Auto | Stopped] -- C:\Program Files\010\hxaxuacnrr32.exe run options=00100010100000000000000000000000 source=AB314DC6-093A-4418-B0B8-E73ED10897F7 -- (hxaxuacnrr32)
SRV:[b]64bit:[/b] - [2014/10/03 09:29:16 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2014/09/22 17:04:33 | 000,016,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2014/07/07 16:52:33 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:[b]64bit:[/b] - [2014/05/30 10:02:28 | 000,439,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:[b]64bit:[/b] - [2013/09/13 06:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:[b]64bit:[/b] - [2013/08/29 10:24:04 | 003,378,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:[b]64bit:[/b] - [2013/08/29 10:23:48 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:[b]64bit:[/b] - [2013/08/29 10:23:40 | 000,626,416 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:[b]64bit:[/b] - [2013/08/29 10:23:20 | 000,149,744 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:[b]64bit:[/b] - [2013/08/16 16:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:[b]64bit:[/b] - [2013/07/27 17:05:15 | 002,676,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:[b]64bit:[/b] - [2013/06/01 20:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:[b]64bit:[/b] - [2013/05/04 17:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2013/05/04 17:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:[b]64bit:[/b] - [2013/03/02 13:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:[b]64bit:[/b] - [2013/03/02 13:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:[b]64bit:[/b] - [2013/01/10 10:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:[b]64bit:[/b] - [2012/09/20 17:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:[b]64bit:[/b] - [2012/08/25 12:33:20 | 000,291,240 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Teco\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:[b]64bit:[/b] - [2012/07/29 04:20:44 | 000,458,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:[b]64bit:[/b] - [2012/07/28 09:35:00 | 000,053,384 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV:[b]64bit:[/b] - [2012/07/26 14:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:[b]64bit:[/b] - [2012/07/26 14:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:[b]64bit:[/b] - [2012/07/26 14:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:[b]64bit:[/b] - [2012/07/26 14:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:[b]64bit:[/b] - [2012/07/26 14:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:[b]64bit:[/b] - [2012/07/26 14:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:[b]64bit:[/b] - [2012/07/26 14:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2012/07/26 14:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:[b]64bit:[/b] - [2012/07/26 14:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:[b]64bit:[/b] - [2012/07/26 14:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:[b]64bit:[/b] - [2012/07/26 11:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:[b]64bit:[/b] - [2012/07/26 11:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:[b]64bit:[/b] - [2012/07/26 11:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:[b]64bit:[/b] - [2012/07/26 11:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:[b]64bit:[/b] - [2012/07/26 11:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:[b]64bit:[/b] - [2012/07/26 11:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:[b]64bit:[/b] - [2012/04/21 09:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:[b]64bit:[/b] - [2009/07/29 09:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2014/12/15 22:29:58 | 005,426,448 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer)
SRV - [2014/04/17 22:53:52 | 001,248,944 | ---- | M] (NoMachine) [Auto | Running] -- C:\Program Files (x86)\NoMachine Enterprise Client\bin\nxusbd64.exe -- (nxusbd)
SRV - [2014/04/17 22:53:46 | 000,861,360 | ---- | M] (NoMachine) [Auto | Running] -- C:\Program Files (x86)\NoMachine Enterprise Client\bin\nxdeviced64.exe -- (nxdeviced)
SRV - [2014/04/17 22:53:46 | 000,181,936 | ---- | M] (NoMachine) [Auto | Running] -- C:\Program Files (x86)\NoMachine Enterprise Client\bin\nxfsd.exe -- (nxfsd)
SRV - [2013/12/21 17:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/07/27 17:05:15 | 002,676,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/12/14 00:44:31 | 000,544,840 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012/08/08 21:58:38 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/07/26 14:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/20 20:09:42 | 000,193,576 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
SRV - [2012/07/19 02:10:34 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/19 02:10:32 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/19 02:10:26 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012/07/19 02:10:18 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)




[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV:[b]64bit:[/b] - [2014/09/22 16:53:10 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:[b]64bit:[/b] - [2014/08/27 09:08:01 | 000,270,024 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:[b]64bit:[/b] - [2014/07/25 00:50:54 | 000,447,296 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:[b]64bit:[/b] - [2013/11/12 19:53:16 | 000,068,096 | ---- | M] (NoMachine) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nxusbh.sys -- (nxusbh)
DRV:[b]64bit:[/b] - [2013/11/04 19:52:18 | 000,010,240 | ---- | M] (NoMachine) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nxusbs.sys -- (nxusbs)
DRV:[b]64bit:[/b] - [2013/11/01 21:22:28 | 000,027,032 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tosrfec.sys -- (tosrfec)
DRV:[b]64bit:[/b] - [2013/10/10 22:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:[b]64bit:[/b] - [2013/10/09 16:12:46 | 003,345,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwew00.sys -- (NETwNe64)
DRV:[b]64bit:[/b] - [2013/10/05 17:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:[b]64bit:[/b] - [2013/09/18 09:17:38 | 000,239,320 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\eamonm.sys -- (eamonm)
DRV:[b]64bit:[/b] - [2013/09/18 09:17:38 | 000,239,296 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\edevmon.sys -- (edevmon)
DRV:[b]64bit:[/b] - [2013/09/18 09:17:38 | 000,220,232 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\epfw.sys -- (epfw)
DRV:[b]64bit:[/b] - [2013/09/18 09:17:38 | 000,168,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ehdrv.sys -- (ehdrv)
DRV:[b]64bit:[/b] - [2013/09/18 09:17:38 | 000,062,136 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\epfwwfp.sys -- (epfwwfp)
DRV:[b]64bit:[/b] - [2013/09/18 09:17:38 | 000,044,120 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:[b]64bit:[/b] - [2013/08/16 16:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:[b]64bit:[/b] - [2013/08/10 17:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:[b]64bit:[/b] - [2013/07/09 19:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:[b]64bit:[/b] - [2013/07/02 12:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:[b]64bit:[/b] - [2013/07/02 12:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:[b]64bit:[/b] - [2013/06/29 17:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2013/06/01 14:08:26 | 000,117,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthA2DP.sys -- (BthA2DP)
DRV:[b]64bit:[/b] - [2013/03/02 21:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:[b]64bit:[/b] - [2013/03/02 21:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:[b]64bit:[/b] - [2013/02/02 18:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:[b]64bit:[/b] - [2013/01/10 12:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:[b]64bit:[/b] - [2012/12/14 00:28:42 | 000,050,128 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpnva64-6.sys -- (vpnva)
DRV:[b]64bit:[/b] - [2012/12/14 00:26:36 | 000,112,080 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acsock64.sys -- (acsock)
DRV:[b]64bit:[/b] - [2012/11/27 14:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:[b]64bit:[/b] - [2012/11/20 15:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:[b]64bit:[/b] - [2012/11/16 18:08:44 | 000,020,312 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:[b]64bit:[/b] - [2012/11/06 14:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:[b]64bit:[/b] - [2012/10/12 19:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2012/10/11 18:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:[b]64bit:[/b] - [2012/09/20 18:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2012/09/20 18:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2012/08/29 12:02:50 | 000,454,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2012/08/29 12:02:48 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:[b]64bit:[/b] - [2012/08/10 14:29:54 | 000,035,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:[b]64bit:[/b] - [2012/08/10 14:29:54 | 000,025,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iwdbus.sys -- (iwdbus)
DRV:[b]64bit:[/b] - [2012/08/10 14:29:52 | 000,188,384 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\xHCIPort.sys -- (XHCIPort)
DRV:[b]64bit:[/b] - [2012/08/10 14:29:52 | 000,048,096 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usb3Hub.sys -- (usb3Hub)
DRV:[b]64bit:[/b] - [2012/08/07 00:36:12 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2012/08/01 21:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:[b]64bit:[/b] - [2012/08/01 07:28:54 | 000,028,632 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Thotkey.sys -- (Thotkey)
DRV:[b]64bit:[/b] - [2012/07/31 18:04:12 | 000,690,832 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:[b]64bit:[/b] - [2012/07/26 16:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012/07/26 16:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:[b]64bit:[/b] - [2012/07/26 16:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:[b]64bit:[/b] - [2012/07/26 16:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:[b]64bit:[/b] - [2012/07/26 16:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:[b]64bit:[/b] - [2012/07/26 16:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:[b]64bit:[/b] - [2012/07/26 16:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:[b]64bit:[/b] - [2012/07/26 16:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2012/07/26 16:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2012/07/26 16:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:[b]64bit:[/b] - [2012/07/26 16:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2012/07/26 16:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:[b]64bit:[/b] - [2012/07/26 16:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:[b]64bit:[/b] - [2012/07/26 16:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2012/07/26 16:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:[b]64bit:[/b] - [2012/07/26 16:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2012/07/26 16:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2012/07/26 15:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:[b]64bit:[/b] - [2012/07/26 15:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:[b]64bit:[/b] - [2012/07/26 14:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2012/07/26 13:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:[b]64bit:[/b] - [2012/07/26 13:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:[b]64bit:[/b] - [2012/07/26 13:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:[b]64bit:[/b] - [2012/07/26 13:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:[b]64bit:[/b] - [2012/07/26 13:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:[b]64bit:[/b] - [2012/07/26 13:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:[b]64bit:[/b] - [2012/07/26 13:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:[b]64bit:[/b] - [2012/07/26 13:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:[b]64bit:[/b] - [2012/07/26 13:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:[b]64bit:[/b] - [2012/07/26 13:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:[b]64bit:[/b] - [2012/07/26 13:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:[b]64bit:[/b] - [2012/07/26 13:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:[b]64bit:[/b] - [2012/07/26 13:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:[b]64bit:[/b] - [2012/07/26 13:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2012/07/26 13:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:[b]64bit:[/b] - [2012/07/26 13:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2012/07/26 13:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2012/07/26 13:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:[b]64bit:[/b] - [2012/07/26 13:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:[b]64bit:[/b] - [2012/07/26 13:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:[b]64bit:[/b] - [2012/07/26 13:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:[b]64bit:[/b] - [2012/07/26 11:34:42 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\TVALZ_O.SYS -- (TVALZ)
DRV:[b]64bit:[/b] - [2012/07/25 19:54:00 | 000,031,184 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:[b]64bit:[/b] - [2012/07/22 10:59:02 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\TVALZFL.sys -- (TVALZFL)
DRV:[b]64bit:[/b] - [2012/07/21 11:09:40 | 000,043,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\irstrtdv.sys -- (irstrtdv)
DRV:[b]64bit:[/b] - [2012/07/19 11:48:30 | 000,035,672 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\LPCFilter.sys -- (LPCFilter)
DRV:[b]64bit:[/b] - [2012/07/04 00:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2012/06/20 01:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2012/06/19 04:30:56 | 000,499,096 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\tos_sps64.sys -- (tos_sps64)
DRV:[b]64bit:[/b] - [2012/06/14 13:24:00 | 000,252,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:[b]64bit:[/b] - [2008/05/07 10:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2014/02/24 14:37:00 | 000,057,008 | ---- | M] (NoMachine) [File_System | Auto | Running] -- C:\Program Files (x86)\NoMachine Enterprise Client\bin\drivers\nxdisk\amd64\nxfs.sys -- (nxfs)
DRV - [2014/01/24 15:21:52 | 000,087,216 | ---- | M] (NoMachine) [Kernel | Auto | Running] -- C:\Program Files (x86)\NoMachine Enterprise Client\bin\drivers\nxusb\NT6\amd64\nxusbf.sys -- (nxusbf)




[color=#E56717]========== Standard Registry (SafeList) ==========[/color]




[color=#E56717]========== Internet Explorer ==========[/color]


IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{B6B9B7AC-4A4B-4F48-AA2B-B3B80D8157A4}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{B6B9B7AC-4A4B-4F48-AA2B-B3B80D8157A4}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




[color=#E56717]========== FireFox ==========[/color]


FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.0.2: C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.0.2: C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014/03/28 15:57:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Fshare Tool\Addon




[color=#E56717]========== Chrome  ==========[/color]


CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\ThanhUTS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\


O1 HOSTS File: ([2014/12/07 08:46:44 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: []  File not found
O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [SRS Premium Sound 3D] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [TecoResident] C:\Program Files\Toshiba\Teco\TecoResident.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [TosPU] C:\Program Files\TOSHIBA\PasswordUtility\TosPU.exe (Copyright (C) TOSHIBA Corp. 2012)
O4:[b]64bit:[/b] - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [UniKey] C:\Program Files (x86)\UniKey Vista 2.0\UniKeyVista2.0.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8DD6D7A-85E3-4E7F-9AE5-B79C27859EEA}: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8DD6D7A-85E3-4E7F-9AE5-B79C27859EEA}: NameServer = 31.168.224.106,5.135.12.52
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2A2FAE7-1702-4F3E-A020-6161C96E7F13}: DhcpNameServer = 138.25.62.144 138.25.40.190
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2A2FAE7-1702-4F3E-A020-6161C96E7F13}: NameServer = 31.168.224.106,5.135.12.52
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F947CB68-5D5A-46FE-A594-1BCCE3DCECC1}: NameServer = 31.168.224.106,5.135.12.52
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{620184d3-13fa-11e4-be83-84a6c84f917d}\Shell - "" = AutoRun
O33 - MountPoints2\{620184d3-13fa-11e4-be83-84a6c84f917d}\Shell\AutoRun\command - "" = "F:\LaunchU3.exe" -a
O33 - MountPoints2\{7d622597-b625-11e3-be77-84a6c84f917d}\Shell - "" = AutoRun
O33 - MountPoints2\{7d622597-b625-11e3-be77-84a6c84f917d}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2015/01/01 16:19:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2014/12/31 09:52:51 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/12/30 11:18:43 | 000,000,000 | ---D | C] -- C:\windows\SysNative\log
[2014/12/30 10:27:58 | 000,000,000 | ---D | C] -- C:\Users\ThanhUTS\AppData\Local\ElevatedDiagnostics
[2014/12/26 23:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/12/07 09:18:11 | 000,000,000 | ---D | C] -- C:\Users\ThanhUTS\AppData\Local\Apps
[2014/12/07 09:18:10 | 000,000,000 | ---D | C] -- C:\Users\ThanhUTS\AppData\Local\Deployment
[2014/12/04 23:08:29 | 000,000,000 | ---D | C] -- C:\windows\Minidump


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2015/01/01 16:19:31 | 000,001,002 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 10.lnk
[2015/01/01 16:13:16 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2015/01/01 13:56:00 | 000,000,914 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA1d020e0c2e31584.job
[2015/01/01 13:56:00 | 000,000,914 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/01 11:53:35 | 000,000,910 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/31 09:16:08 | 000,354,752 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/12/31 09:15:54 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/12/31 09:15:52 | 766,656,511 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/30 11:18:53 | 000,001,635 | ---- | M] () -- C:\Users\ThanhUTS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/12/29 10:04:38 | 000,002,250 | ---- | M] () -- C:\Users\ThanhUTS\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/12/26 23:25:55 | 000,002,226 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/21 15:57:58 | 000,848,230 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/12/21 15:57:58 | 000,723,700 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/12/21 15:57:58 | 000,136,838 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/12/07 12:21:31 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/12/04 23:08:17 | 600,230,372 | ---- | M] () -- C:\windows\MEMORY.DMP


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2015/01/01 16:19:31 | 000,001,014 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
[2015/01/01 16:19:31 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 10.lnk
[2014/12/26 23:25:55 | 000,002,250 | ---- | C] () -- C:\Users\ThanhUTS\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/12/26 23:25:55 | 000,002,226 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/26 18:51:30 | 000,000,914 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA1d020e0c2e31584.job
[2014/12/07 09:19:55 | 000,000,914 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/07 09:19:54 | 000,000,910 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/07 00:20:34 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/12/04 23:08:17 | 600,230,372 | ---- | C] () -- C:\windows\MEMORY.DMP
[2014/04/20 15:48:05 | 000,000,388 | ---- | C] () -- C:\Users\ThanhUTS\site.xml
[2014/04/20 10:43:34 | 000,000,687 | ---- | C] () -- C:\Users\ThanhUTS\.Xauthority
[2014/03/30 12:03:07 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll


[color=#E56717]========== ZeroAccess Check ==========[/color]




[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64


[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]


[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64


[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/10/11 18:44:56 | 019,764,736 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment


[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/10/11 16:57:57 | 017,562,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 14:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free


[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 14:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 14:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both


[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]


[color=#E56717]========== LOP Check ==========[/color]


[2014/11/05 15:10:29 | 000,000,000 | ---D | M] -- C:\Users\ThanhUTS\AppData\Roaming\Blackboard
[2014/03/28 15:59:03 | 000,000,000 | ---D | M] -- C:\Users\ThanhUTS\AppData\Roaming\ESET
[2014/03/28 16:22:44 | 000,000,000 | ---D | M] -- C:\Users\ThanhUTS\AppData\Roaming\Oracle
[2014/03/28 14:42:21 | 000,000,000 | ---D | M] -- C:\Users\ThanhUTS\AppData\Roaming\URSoft
[2014/03/28 14:03:52 | 000,000,000 | ---D | M] -- C:\Users\ThanhUTS\AppData\Roaming\WinBatch


[color=#E56717]========== Purity Check ==========[/color]






[color=#E56717]========== Alternate Data Streams ==========[/color]


@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:1CE11B51


< End of report >

Thank you for your help.

 

Kind regards,

 
 

Attached Files

  • Attached File  OTL.Txt   95KB   53 downloads

  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks To Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • Please download to and run all requested tools from your Desktop.
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
  • Now, let's get started, shall we? :thumbsup:


    Hello, as you have Win 8 for your operating system, we'll need to use a different scanner to get a look at your system and see what's going on. :)


    Scan with Farbar's Recovery Scan Tool (FRST)


    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Place a check in the box marked Addition.txt

      farbarmainpanel_zps77bf9e25.jpg
    • Press the Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
    Things I need to see in your next post:

    Please post each of these logs as a separate reply in this thread.

    FRST Log

    Addition.txt Log

  • 0

#3
axxon007

axxon007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hi pystryker,

 

Thank you for your reply.

 

Here are FRST Log and Addition Log.

 

Thank you very much. 

 

Axxon007

 

Attached Files


  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello, you're quite welcome. :) In the future, please do not attach the logs in your replies. Please copy and paste them into your replies. It makes them so much easier to analyze. :thumbsup:
  • 0

#5
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello, let's get started. :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Multiple Anti-Virus Programs Installed

Your log indicates you have 2 anti-virus programs installed on your machine. They are "Windows Defender" and "ESET Smart Security 7.0".
  • Research shows that having multiple anti-virus programs installed is not a good idea. Even thought one is disabled, they will still load the drivers and such they need in case they are activated. This is a case of more is not better. They will often conflict with each, provide false positives, and additional problems.
  • We need to remove one. As Windows Defender is integrated into Windows so much, I'd recommend you remove ESET.
Step 2: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-3805003500-4178845559-2028292636-1001\...\MountPoints2: {620184d3-13fa-11e4-be83-84a6c84f917d} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-3805003500-4178845559-2028292636-1001\...\MountPoints2: {7d622597-b625-11e3-be77-84a6c84f917d} - "F:\WD SmartWare.exe" autoplay=true
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3805003500-4178845559-2028292636-1001 -> {B6B9B7AC-4A4B-4F48-AA2B-B3B80D8157A4} URL =
S2 hxaxuacnrr32; C:\Program Files\010\hxaxuacnrr32.exe run options=00100010100000000000000000000000 source=AB314DC6-093A-4418-B0B8-E73ED10897F7 [X]
C:\Program Files\010\hxaxuacnrr32.exe
S2 wcejvfgvem32; C:\Program Files\010\wcejvfgvem32.exe run options=00100010100000000000000000000000 source=9F5A23BE-4D8D-48F3-AF6A-1EFE6B021C16 [X]
C:\Program Files\010\wcejvfgvem32.exe
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 5: Scan with TDSSKiller

Please download TDSSKiller to the desktop.

Alternate download is here.
  • Right-click on TDSSKiller.exe and select Run as Administrator to start the program and follow the prompts.
  • When the main GUI(graphical user interface) window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:\
  • To find the log go to Start(Windows 7 Orb) > Computer > C: >> TDSSKiller.V.V.V.VV_DD.DD.YYYY_TT.TT.TT_log <-- The letters denote the version and date & time etc.
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!


Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

TDSSKiller Log

How is the machine running at this time?

  • 0

#6
axxon007

axxon007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2015 03
Ran by ThanhUTS at 2015-01-04 09:39:38 Run:1
Running from C:\Users\ThanhUTS\Desktop
Loaded Profile: ThanhUTS (Available profiles: ThanhUTS)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-3805003500-4178845559-2028292636-1001\...\MountPoints2: {620184d3-13fa-11e4-be83-84a6c84f917d} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-3805003500-4178845559-2028292636-1001\...\MountPoints2: {7d622597-b625-11e3-be77-84a6c84f917d} - "F:\WD SmartWare.exe" autoplay=true
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3805003500-4178845559-2028292636-1001 -> {B6B9B7AC-4A4B-4F48-AA2B-B3B80D8157A4} URL =
S2 hxaxuacnrr32; C:\Program Files\010\hxaxuacnrr32.exe run options=00100010100000000000000000000000 source=AB314DC6-093A-4418-B0B8-E73ED10897F7 [X]
C:\Program Files\010\hxaxuacnrr32.exe
S2 wcejvfgvem32; C:\Program Files\010\wcejvfgvem32.exe run options=00100010100000000000000000000000 source=9F5A23BE-4D8D-48F3-AF6A-1EFE6B021C16 [X]
C:\Program Files\010\wcejvfgvem32.exe
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-3805003500-4178845559-2028292636-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{620184d3-13fa-11e4-be83-84a6c84f917d}" => Key deleted successfully.
HKCR\CLSID\{620184d3-13fa-11e4-be83-84a6c84f917d} => Key not found. 
"HKU\S-1-5-21-3805003500-4178845559-2028292636-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d622597-b625-11e3-be77-84a6c84f917d}" => Key deleted successfully.
HKCR\CLSID\{7d622597-b625-11e3-be77-84a6c84f917d} => Key not found. 
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-3805003500-4178845559-2028292636-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B6B9B7AC-4A4B-4F48-AA2B-B3B80D8157A4}" => Key deleted successfully.
HKCR\CLSID\{B6B9B7AC-4A4B-4F48-AA2B-B3B80D8157A4} => Key not found. 
hxaxuacnrr32 => Service deleted successfully.
"C:\Program Files\010\hxaxuacnrr32.exe" => File/Directory not found.
wcejvfgvem32 => Service deleted successfully.
"C:\Program Files\010\wcejvfgvem32.exe" => File/Directory not found.
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully.

=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 4.1 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 09:40:10 ====

  • 0

#7
axxon007

axxon007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Junkware Removal Tool

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8 x64
Ran by ThanhUTS on Sun 04/01/2015 at  9:48:50.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\ThanhUTS\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 04/01/2015 at  9:51:10.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#8
axxon007

axxon007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

 AdwCleaner log

# AdwCleaner v4.106 - Report created 04/01/2015 at 10:02:21
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 8  (64 bits)
# Username : ThanhUTS - THANH
# Running from : C:\Users\ThanhUTS\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\ThanhUTS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\ThanhUTS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17183


-\\ Google Chrome v39.0.2171.95

[C:\Users\ThanhUTS\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.mq.edu.au/search/search-results.html?cx=018228073491741698199%3Abz06o_gto80&cof=FORID%3A9&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=mq.edu.au%2F&ref=www.google.com.au%2F&ss=7457j2601433j32

*************************

AdwCleaner[R1].txt - [1235 octets] - [04/01/2015 10:02:21]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1295 octets] ##########


  • 0

#9
axxon007

axxon007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

TDSS log

10:28:52.0920 0x083c  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
10:28:52.0920 0x083c  UEFI system
10:29:00.0896 0x083c  ============================================================
10:29:00.0896 0x083c  Current date / time: 2015/01/04 10:29:00.0896
10:29:00.0896 0x083c  SystemInfo:
10:29:00.0896 0x083c  
10:29:00.0896 0x083c  OS Version: 6.2.9200 ServicePack: 0.0
10:29:00.0896 0x083c  Product type: Workstation
10:29:00.0896 0x083c  ComputerName: THANH
10:29:00.0897 0x083c  UserName: ThanhUTS
10:29:00.0897 0x083c  Windows directory: C:\windows
10:29:00.0897 0x083c  System windows directory: C:\windows
10:29:00.0897 0x083c  Running under WOW64
10:29:00.0897 0x083c  Processor architecture: Intel x64
10:29:00.0897 0x083c  Number of processors: 4
10:29:00.0897 0x083c  Page size: 0x1000
10:29:00.0897 0x083c  Boot type: Normal boot
10:29:00.0897 0x083c  ============================================================
10:29:01.0868 0x083c  KLMD registered as C:\windows\system32\drivers\55037198.sys
10:29:01.0951 0x083c  System UUID: {E666E356-3532-71FB-DC96-3D11E41F1805}
10:29:02.0524 0x083c  Drive \Device\Harddisk0\DR0 - Size: 0x74707B0E00 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:29:02.0524 0x083c  Drive \Device\Harddisk1\DR1 - Size: 0x2CDF00000 ( 11.22 Gb ), SectorSize: 0x200, Cylinders: 0x5B8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:29:02.0528 0x083c  ============================================================
10:29:02.0528 0x083c  \Device\Harddisk0\DR0:
10:29:02.0528 0x083c  GPT partitions:
10:29:02.0529 0x083c  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {C77D3C44-FD30-11E1-897E-A7838DAC2561}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xE1000
10:29:02.0529 0x083c  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {C77D3C4A-FD30-11E1-897E-A7838DAC2561}, Name: Basic data partition, StartLBA 0xE1800, BlocksNum 0x82000
10:29:02.0529 0x083c  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {C77D3C4C-FD30-11E1-897E-A7838DAC2561}, Name: Basic data partition, StartLBA 0x163800, BlocksNum 0x40000
10:29:02.0529 0x083c  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {C77D3C54-FD30-11E1-897E-A7838DAC2561}, Name: Basic data partition, StartLBA 0x1A3800, BlocksNum 0xE363800
10:29:02.0529 0x083c  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {EDBB8FCD-6018-442D-8C7B-68952D8CEAE3}, Name: Basic data partition, StartLBA 0xE507000, BlocksNum 0x1869F800
10:29:02.0529 0x083c  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {F49FF5F3-A43D-48C7-B47A-C08A99335CCF}, Name: Basic data partition, StartLBA 0x26BA6800, BlocksNum 0x124F8000
10:29:02.0529 0x083c  \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {0A8E5E32-3F26-4D5D-9AAE-2E1B31FB4EC1}, Name: Basic data partition, StartLBA 0x3909F000, BlocksNum 0x12E4800
10:29:02.0529 0x083c  MBR partitions:
10:29:02.0529 0x083c  \Device\Harddisk1\DR1:
10:29:02.0529 0x083c  GPT partitions:
10:29:02.0529 0x083c  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {D3BFE2DE-3DAF-11DF-BA40-E3A556D89593}, UniqueGUID: {D4C89081-2FBA-11E2-BE71-B888E31B8B86}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x166E800
10:29:02.0529 0x083c  MBR partitions:
10:29:02.0529 0x083c  ============================================================
10:29:02.0530 0x083c  C: <-> \Device\Harddisk0\DR0\Partition4
10:29:02.0531 0x083c  D: <-> \Device\Harddisk0\DR0\Partition5
10:29:02.0532 0x083c  E: <-> \Device\Harddisk0\DR0\Partition6
10:29:02.0532 0x083c  ============================================================
10:29:02.0532 0x083c  Initialize success
10:29:02.0532 0x083c  ============================================================
10:29:31.0730 0x00cc  ============================================================
10:29:31.0730 0x00cc  Scan started
10:29:31.0730 0x00cc  Mode: Manual; SigCheck; TDLFS; 
10:29:31.0730 0x00cc  ============================================================
10:29:31.0730 0x00cc  KSN ping started
10:29:35.0120 0x00cc  KSN ping finished: true
10:29:35.0714 0x00cc  ================ Scan system memory ========================
10:29:35.0714 0x00cc  System memory - ok
10:29:35.0714 0x00cc  ================ Scan services =============================
10:29:35.0792 0x00cc  [ E890C46E4754F0DF51BAFCC8D2E07498, E620D03030F3B65442E0A5CB8B59016A6E8DB3BCA52741977B8897B34438E902 ] 1394ohci        C:\windows\System32\drivers\1394ohci.sys
10:29:35.0824 0x00cc  1394ohci - ok
10:29:35.0824 0x00cc  [ 4F18D4C7EA14F11A7211F60D553C03DB, 09AB6D2D8E9B7B6D6A97708551C0E4B34538947A15EA2A69C11764D7BC0BB7F6 ] 3ware           C:\windows\system32\drivers\3ware.sys
10:29:35.0839 0x00cc  3ware - ok
10:29:35.0855 0x00cc  [ 975AABEB243B800C23626D6B652C5A9C, FB02336F26AF10BA2A0D1B97C33CB1D78BB90CA51EF008A613A0274779798FAD ] ACPI            C:\windows\system32\drivers\ACPI.sys
10:29:35.0886 0x00cc  ACPI - ok
10:29:35.0886 0x00cc  [ DC968C37822117E576B933F34A2D130C, 4C94E00ADC242296D7CBBFC7346D5F9AE5FE1B0C616ECA3BDE10A7B34FD2040B ] acpiex          C:\windows\system32\Drivers\acpiex.sys
10:29:35.0902 0x00cc  acpiex - ok
10:29:35.0902 0x00cc  [ 0CA9F7C3A78227C21A0A7854E245CFB2, D54147C9C1EE2F0098B863B0852E027DB89D6FA67F6B7FD54F609D9715A11442 ] acpipagr        C:\windows\System32\drivers\acpipagr.sys
10:29:35.0902 0x00cc  acpipagr - ok
10:29:35.0917 0x00cc  [ 8EB8DA03B142D3DD1EB9ED8107A76C43, 24B9B24F9A5BDF3AAD13C4EE0638497D9CA4A100096C6EAE403E0215EA89C439 ] AcpiPmi         C:\windows\System32\drivers\acpipmi.sys
10:29:35.0933 0x00cc  AcpiPmi - ok
10:29:35.0933 0x00cc  [ CBCE725C5D86ABA7D2604E22951AA9B8, DE0440F0E943F057EBCD01DB4B1E12DBC241FBF03C42021306D322AB88FF8F21 ] acpitime        C:\windows\System32\drivers\acpitime.sys
10:29:35.0949 0x00cc  acpitime - ok
10:29:35.0949 0x00cc  [ 5AE65DCD983077278A6173C2872BCA99, 81C4DE30A3C20338761D04121773C7B4BB88F8A0AF82F55B8EBF3C84194AD9B6 ] acsock          C:\windows\system32\DRIVERS\acsock64.sys
10:29:35.0964 0x00cc  acsock - ok
10:29:35.0980 0x00cc  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:29:35.0980 0x00cc  AdobeARMservice - ok
10:29:35.0995 0x00cc  [ 93C6388592B99925C1D1576E465BC80F, 4C48BE5471DA4788357D71E90DFEA20FE320C7AAE1F4C55AFBE2E46FEA5CF8FB ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
10:29:36.0011 0x00cc  adp94xx - ok
10:29:36.0027 0x00cc  [ D27763E0247292654E7F7D16444C7C72, 0314C713D31E2B34F215B52F804F014D876E6ED92DC656CC3E27920CCD36CF0E ] adpahci         C:\windows\system32\drivers\adpahci.sys
10:29:36.0042 0x00cc  adpahci - ok
10:29:36.0058 0x00cc  [ 67B90070FF48F794AF19F9FCF0080D75, 5D0D352606D58D2CA0814F38EF7B1774C030BE44353DF5910CBFAAF4FDE64ED6 ] adpu320         C:\windows\system32\drivers\adpu320.sys
10:29:36.0074 0x00cc  adpu320 - ok
10:29:36.0074 0x00cc  [ 974AE60BF5B90E31412D93596C968E5B, 092B59C2B67C4618E7B1800615D1DF7199482F60D0D27BD91763F7F8D7FC883F ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
10:29:36.0089 0x00cc  AeLookupSvc - ok
10:29:36.0105 0x00cc  [ FE7FB9612D354EB41DF4F0FF5D6FB259, 98D5BD9C1300195C49CB0717A831A06D99F7AE631D5EA065E10BFE7C2FA57A18 ] AFD             C:\windows\system32\drivers\afd.sys
10:29:36.0136 0x00cc  AFD - ok
10:29:36.0136 0x00cc  [ 01590377A5AB19E792528C628A2A68F9, F3A4B6CA4E8D4436E44E36D7F7EEF3DC861D1EE50D41F4273226C4ED95674B84 ] agp440          C:\windows\system32\drivers\agp440.sys
10:29:36.0152 0x00cc  agp440 - ok
10:29:36.0167 0x00cc  [ D1BE8E6E5B3AF23A4393AF1BF867977A, B3AE97D35A9304198715D76F6C3F0545AA176FDEBA6C2055782558B11DFA14EB ] ALG             C:\windows\System32\alg.exe
10:29:36.0183 0x00cc  ALG - ok
10:29:36.0199 0x00cc  [ 025E8C755BE293E50854D26D1BBE5133, 4373639689306A3D8FE0F862072711BAD5DBAA45E105CD3129586439A90EE070 ] AllUserInstallAgent C:\windows\system32\AUInstallAgent.dll
10:29:36.0214 0x00cc  AllUserInstallAgent - ok
10:29:36.0214 0x00cc  [ 5A81054B824004B1ECC04F0034A1CDF9, 73A1986A4B346C425157216EBF16CC90EFFC642EDF6109E6364CF0552E3388FD ] AmdK8           C:\windows\System32\drivers\amdk8.sys
10:29:36.0230 0x00cc  AmdK8 - ok
10:29:36.0230 0x00cc  [ B849D453E644FAB9BC8EF6DC8CA9C4C6, B803CDA478D3385937C44CBB05A0E65ABACEFEBA682975787C44E2904FB89D2D ] AmdPPM          C:\windows\System32\drivers\amdppm.sys
10:29:36.0245 0x00cc  AmdPPM - ok
10:29:36.0245 0x00cc  [ 35A0EB5AECB0FA3C41A2FB514A562304, 737783ABF348288471AC7051D4DC6CB336D686C94EC7B8938DCA74AFE9BECB1C ] amdsata         C:\windows\system32\drivers\amdsata.sys
10:29:36.0261 0x00cc  amdsata - ok
10:29:36.0261 0x00cc  [ 00452671904F5EE94B50BF0219C97164, 99F9B86D3DB3E10B014120A63CD43CBAAB22C8E38851090ABE37D89ABD61F7B6 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
10:29:36.0277 0x00cc  amdsbs - ok
10:29:36.0292 0x00cc  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7, DC0B8B798720F5F75F8AFD3383CF69194282AEEE84DCACB97382F4C86E1D3E49 ] amdxata         C:\windows\system32\drivers\amdxata.sys
10:29:36.0292 0x00cc  amdxata - ok
10:29:36.0292 0x00cc  [ 83B3682CE922FB0F415734B26D9D6233, 9102E8B410BB1AE426770896B6AB584D1F02830337FBB2DEC182F3F19832F35F ] AppID           C:\windows\system32\drivers\appid.sys
10:29:36.0324 0x00cc  AppID - ok
10:29:36.0370 0x00cc  [ CE2BEAD7F31816FF0AC490D048C969F9, 7D24C5A9E8F7C21CC6D8BF2CA29A8B79DDE7EEDE2F37D36B9071ECE1CF61371F ] AppIDSvc        C:\windows\System32\appidsvc.dll
10:29:36.0386 0x00cc  AppIDSvc - ok
10:29:36.0402 0x00cc  [ 4F750B7EFCB6520AE01E01D082D7D476, AD2A67D727A1D4DD0BBACC6B4BB432FA9A14D50D8BA292B95A4747CEC9F85728 ] Appinfo         C:\windows\System32\appinfo.dll
10:29:36.0417 0x00cc  Appinfo - ok
10:29:36.0433 0x00cc  [ E933401B392387F4BE34DE8BAF1722A7, 57CC6DE31E2C82D2B12509F0A5EC9EC70DD2EF6A1F31A66ADF62DC6AE0A67323 ] arc             C:\windows\system32\drivers\arc.sys
10:29:36.0449 0x00cc  arc - ok
10:29:36.0449 0x00cc  [ 07CA323EF2E8247A568AB0F3662AD644, 1224B41193F0E9B164732BA5BF707A13427C82C1D8C3EDC2AAE5C5C75454B9F6 ] arcsas          C:\windows\system32\drivers\arcsas.sys
10:29:36.0464 0x00cc  arcsas - ok
10:29:36.0464 0x00cc  [ 74DBAEC35366C4EE7670428808715A6A, 3B3A7A81CD8038C4750560B94A9247C4409410780B312BA71EDF2E393DCA7474 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
10:29:36.0480 0x00cc  AsyncMac - ok
10:29:36.0480 0x00cc  [ A721FF570C2387E383BDDEA9632863C9, 45DD7787F44A2C742560FEB03AB66910C2F0002D95BB02C55EEDE973AA92AD24 ] atapi           C:\windows\system32\drivers\atapi.sys
10:29:36.0495 0x00cc  atapi - ok
10:29:36.0495 0x00cc  [ 8FB10919E1283FD108334FDBFB173574, EAD11C6FA884AAC9E8534C267E9B1D2EAB1F2A396EACC900525465A2AEAB84D3 ] AudioEndpointBuilder C:\windows\System32\AudioEndpointBuilder.dll
10:29:36.0511 0x00cc  AudioEndpointBuilder - ok
10:29:36.0542 0x00cc  [ 37B2C3BFD6E259A5CBC0053100908157, BB2103C67ED00D2A6C19D97BDFC8D7695F1957910743CA406038262DB1BB9339 ] Audiosrv        C:\windows\System32\Audiosrv.dll
10:29:36.0558 0x00cc  Audiosrv - ok
10:29:36.0589 0x00cc  [ 89491EF71D5EA011127832C588002853, 05620E4235956D8446FB9604F930738C8AA97E3A74C907E37F7CC08B8EDA0461 ] AxInstSV        C:\windows\System32\AxInstSV.dll
10:29:36.0589 0x00cc  AxInstSV - ok
10:29:36.0605 0x00cc  [ 87AB5BB072A3F128541D5B815F82FFDD, 186AF33D3DE90638C3E165CAC3DA17295E8A80CDB523F9BE4AF7D38CA6954905 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
10:29:36.0636 0x00cc  b06bdrv - ok
10:29:36.0636 0x00cc  [ 81703BC5D68DEDBB086C2368FBE7B334, CFD4A55C8045C482F8D410514F3211AEFA00097AB395F5A04BFE983ED6254F6B ] BasicDisplay    C:\windows\System32\drivers\BasicDisplay.sys
10:29:36.0652 0x00cc  BasicDisplay - ok
10:29:36.0652 0x00cc  [ 5EC68164E14D25675C98BBB5F09E8606, 1D7EDB21C87039FC5F39F46460AD852BC4EC6B179B1C205D189DD3C397343435 ] BasicRender     C:\windows\System32\drivers\BasicRender.sys
10:29:36.0652 0x00cc  BasicRender - ok
10:29:36.0667 0x00cc  [ 89143A7BA7850F5C7E61B43BB44B6418, 00BB781DF87D4FF1BAFD318AFE237296B4F5925023BA4486405EC0A384C88D8F ] BDESVC          C:\windows\System32\bdesvc.dll
10:29:36.0683 0x00cc  BDESVC - ok
10:29:36.0699 0x00cc  [ 9E7AEA59776D904607985AFFE7E5E183, C3DB745A9F4DA7CB9628A7913DD52B2444B14FEB9D588FF6558CF52CEB8955EB ] Beep            C:\windows\system32\drivers\Beep.sys
10:29:36.0699 0x00cc  Beep - ok
10:29:36.0714 0x00cc  [ 53AA55632B94622F2DC3695E86EF9363, 9B5BB8EDA48A37AE97BCD42D83B25A6D10AA6231EABE745DCCE6D60E19094A6F ] BFE             C:\windows\System32\bfe.dll
10:29:36.0745 0x00cc  BFE - ok
10:29:36.0777 0x00cc  [ D598C44A7072D3108D8D8102EC5E07F7, D7472E9BAAB7B6E1D30F4E153412E2A16EE5C08DE2BF8BFF4D65089825226FE0 ] BITS            C:\windows\System32\qmgr.dll
10:29:36.0808 0x00cc  BITS - ok
10:29:36.0808 0x00cc  [ B17AC10B47C7FCB44D22A1F06415840E, 990D6F629D93F4F913D218ACE5187A26DCB762BAFB2BB279CCE8CAF2755D85A5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
10:29:36.0824 0x00cc  bowser - ok
10:29:36.0824 0x00cc  [ 038FA1B55531E7020DB705B42FCCE373, 023E87E3204D64890D6FEA78E762E5BC5BD0A59325EBC264834727779EEEDBC5 ] BrokerInfrastructure C:\windows\System32\bisrv.dll
10:29:36.0839 0x00cc  BrokerInfrastructure - ok
10:29:36.0855 0x00cc  [ 310068BDA80B1D55C36580FD8A873FAF, A75412FF1F483461F526E9A359DCEECA5E683441514464D5ED82D1A9740D583E ] Browser         C:\windows\System32\browser.dll
10:29:36.0870 0x00cc  Browser - ok
10:29:36.0870 0x00cc  [ D4FA5A33E345CFB6D635579A8EE02399, F87E622575D495AA458683C99C427508FCF14349EDBE0FE03F6AA0155E77C111 ] BthA2DP         C:\windows\system32\drivers\BthA2DP.sys
10:29:36.0886 0x00cc  BthA2DP - ok
10:29:36.0886 0x00cc  [ F17DEEAC7D51D44CF1BFF8DD4F0A2B6D, 2EA75F8D7D3BDDDE19B48D71D09C797BBACD40800BF557F6FD9047CA62FF2B9F ] BthAvrcpTg      C:\windows\System32\drivers\BthAvrcpTg.sys
10:29:36.0902 0x00cc  BthAvrcpTg - ok
10:29:36.0902 0x00cc  [ A8B20D852B07AE19A13B5D47EC4E4C3B, 86571C9E2BA15BB169CAB2D24C4D0598154C02FD173638CAFC685A7F6B09472D ] BthEnum         C:\windows\System32\drivers\BthEnum.sys
10:29:36.0917 0x00cc  BthEnum - ok
10:29:36.0933 0x00cc  [ 616EB8748C988AEE98D93DA141C3D3B4, 15A055B0496BDB29CBCF6EEBF112D4BA1C7A2FF39124728830D0FD1FD7A404CB ] BthHFEnum       C:\windows\System32\drivers\bthhfenum.sys
10:29:36.0964 0x00cc  BthHFEnum - ok
10:29:36.0964 0x00cc  [ DCB4EBD928A6FB368BE6CAE522412DE1, 9E1345F29467054689B9F48B5CCB567760D36610A4EA9AF41B829EAD60347269 ] bthhfhid        C:\windows\System32\drivers\BthHFHid.sys
10:29:36.0980 0x00cc  bthhfhid - ok
10:29:36.0980 0x00cc  [ 033916CE8784A848B9A3D686B7F66D97, B4D0514D59646CF6B70D4FA488CF95C38EA38CC5C509329CC8753E897C640AFA ] BTHMODEM        C:\windows\System32\drivers\bthmodem.sys
10:29:36.0996 0x00cc  BTHMODEM - ok
10:29:37.0011 0x00cc  [ 091BB978E9504D0AD14586929431A957, ACED02B879026A228E35F40847C210BC30A5AFC948FFE922DB21663E4A8DFF1D ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
10:29:37.0027 0x00cc  BthPan - ok
10:29:37.0042 0x00cc  [ 13795CAA34239D97A7211E7F9D96E012, C4F3402B063A7CFCE386D1AE9255975A199164BA9E7DCDB6129725213A0642B1 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
10:29:37.0089 0x00cc  BTHPORT - ok
10:29:37.0089 0x00cc  [ A4387C3D271959313E2577DB7BE8BA7A, C71474802102102EBE04DF036EEB2F5FB3380BE288E3842F19F234EFAE977D70 ] bthserv         C:\windows\system32\bthserv.dll
10:29:37.0105 0x00cc  bthserv - ok
10:29:37.0105 0x00cc  [ 1F715957F5236D30B6020A19A4271F6A, C06B637C2C6919E2DE1055AE249AE3EAF7B4890799F22BF5757CC10CEF145043 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
10:29:37.0121 0x00cc  BTHUSB - ok
10:29:37.0121 0x00cc  [ 990B1BABE6E81FB18E65A87EBEFB1772, 1820D4AC57E1D4B7FB5AA89C277B16910ED73712878D2B43FE542CE16DFE16C3 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
10:29:37.0136 0x00cc  cdfs - ok
10:29:37.0152 0x00cc  [ 339BFF85D788268752DA8C9644B188EE, C2279F1A39AED39865A5027D2FD087F8E82F3ED8C94BA4D922855B98E792AFC5 ] cdrom           C:\windows\System32\drivers\cdrom.sys
10:29:37.0152 0x00cc  cdrom - ok
10:29:37.0167 0x00cc  [ 11F35C8E745ADF8BF595E3EC2B390972, 754ACDF6226A142D753C136D7C0A2461705B05A0C2251287ABC06D89D78F81A8 ] CeKbFilter      C:\windows\system32\DRIVERS\CeKbFilter.sys
10:29:37.0167 0x00cc  CeKbFilter - ok
10:29:37.0199 0x00cc  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] CertPropSvc     C:\windows\System32\certprop.dll
10:29:37.0199 0x00cc  CertPropSvc - ok
10:29:37.0214 0x00cc  [ F64B7D1A37CC1D5F421D5359EEC81E2E, 2B4879DD32B2C20B94847755E22B1BCBE2B567B3989C57A9BA2DD783307EFFDB ] circlass        C:\windows\System32\drivers\circlass.sys
10:29:37.0230 0x00cc  circlass - ok
10:29:37.0246 0x00cc  [ 9905168708DB68849B879B5548F68AB3, B7A495E57B9398704988DC472126CBC5B8D76761A34F51732FBF6CC88E3AB79A ] CLFS            C:\windows\system32\drivers\CLFS.sys
10:29:37.0261 0x00cc  CLFS - ok
10:29:37.0277 0x00cc  [ 2DC8538A2260647484A6C921CA837313, 094059DD66B0C50A1CAE288F920107B0B6AD1AA5758284E35B92C131EDEA30EA ] CmBatt          C:\windows\System32\drivers\CmBatt.sys
10:29:37.0277 0x00cc  CmBatt - ok
10:29:37.0308 0x00cc  [ DBF9E5346431557BF56F41E7F8EC0DC1, D5FA34C873DA9BE40301D53198355556506AB5145B78B14D0AA88570A0058589 ] CNG             C:\windows\system32\Drivers\cng.sys
10:29:37.0339 0x00cc  CNG - ok
10:29:37.0339 0x00cc  [ 0E5B1E9E7122EDAAF1F6CE047965CA92, 803E585B92D1E2E5B6BF67BE511E88DC2629A12407C3E30F7AEFB544D390A9B8 ] CompositeBus    C:\windows\System32\drivers\CompositeBus.sys
10:29:37.0355 0x00cc  CompositeBus - ok
10:29:37.0371 0x00cc  COMSysApp - ok
10:29:37.0371 0x00cc  [ D9CB0782AF819548072AA45B70F8B22D, 04796F39ABB88759A534DE3D0C51F684BF2A8DE1F4028B657CCFDBDD39A6618C ] condrv          C:\windows\system32\drivers\condrv.sys
10:29:37.0386 0x00cc  condrv - ok
10:29:37.0433 0x00cc  [ 9C2838A9F02BE7F3A1493498602448EE, 2A8338C41FDF2C5F2B4271F5B960502731DFECC7D3DE8312BD66CF0D7154BD76 ] cphs            C:\windows\SysWow64\IntelCpHeciSvc.exe
10:29:37.0449 0x00cc  cphs - ok
10:29:37.0449 0x00cc  [ 5CE2742F063731EC10C1B2EE386A2C08, 309919BDDD4649AFB95A99DCF8AFC3BAE10F9BC1E2819C0794CFD0F80682C223 ] CryptSvc        C:\windows\system32\cryptsvc.dll
10:29:37.0464 0x00cc  CryptSvc - ok
10:29:37.0464 0x00cc  [ FAEF4C245BE832DB41B15DAAC336AFB7, 1F8C98AB0DF4327FCB01FE0356025488E19B48A45FFFA50576B49A8587FAC42B ] dam             C:\windows\system32\drivers\dam.sys
10:29:37.0480 0x00cc  dam - ok
10:29:37.0511 0x00cc  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] DcomLaunch      C:\windows\system32\rpcss.dll
10:29:37.0542 0x00cc  DcomLaunch - ok
10:29:37.0558 0x00cc  [ FC1569B5705887D74FE7C8A39BE1C71C, 7DEB8FE472C72C439A2F54B6277C0A87AC2083869BD9AF8226071B7AA33B09FF ] defragsvc       C:\windows\System32\defragsvc.dll
10:29:37.0574 0x00cc  defragsvc - ok
10:29:37.0589 0x00cc  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16, ADAC7FD6AC12B50F4998C5EB0BD770DD4B80A94C4CC1B9376AD77648E48D012D ] DeviceAssociationService C:\windows\system32\das.dll
10:29:37.0621 0x00cc  DeviceAssociationService - ok
10:29:37.0621 0x00cc  [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] DeviceInstall   C:\windows\system32\umpnpmgr.dll
10:29:37.0636 0x00cc  DeviceInstall - ok
10:29:37.0652 0x00cc  [ 431141C6859990824D17F71C30A78728, 448B3DC20C8FDD5B66217E0E01DBCC4904F94BDA0826F109D139DDD2C2D7FBF2 ] Dfsc            C:\windows\system32\Drivers\dfsc.sys
10:29:37.0652 0x00cc  Dfsc - ok
10:29:37.0667 0x00cc  [ 9E0E72222264745ADEB0E5AC680B0ED6, 576AFC8741695396A3B8E9DBDD3703E9D70370437D09D162262E47A140D101B4 ] Dhcp            C:\windows\system32\dhcpcore.dll
10:29:37.0683 0x00cc  Dhcp - ok
10:29:37.0683 0x00cc  [ 3C736FAE17BA6F91BA37594AAB139CD0, 34304A194105B19E7ADD80108DC85C3B7AA9E942C84A7EF93C475CE1D9AE4615 ] discache        C:\windows\system32\drivers\discache.sys
10:29:37.0699 0x00cc  discache - ok
10:29:37.0714 0x00cc  [ AE3786294CC246A5403783E1B86A0168, 29A7B4B490CBB16DAEF5D67D0A58A2577CF3FEE8F889484DB867F6913D9D2A28 ] disk            C:\windows\system32\drivers\disk.sys
10:29:37.0714 0x00cc  disk - ok
10:29:37.0730 0x00cc  [ 82A7C72593793FE1EADA7A305BD1567A, 75F432E4C75AE9EFF553BD860B3B250853BDDA85C17DBD9B7242D74593506A86 ] dmvsc           C:\windows\System32\drivers\dmvsc.sys
10:29:37.0730 0x00cc  dmvsc - ok
10:29:37.0746 0x00cc  [ B9450BC3F1820A99D010D7426BCA60E9, FC7C35A0C522E5DA52B0616CF99F4903EAC14946180A18A8D8A0FF555BAA87C5 ] Dnscache        C:\windows\System32\dnsrslvr.dll
10:29:37.0761 0x00cc  Dnscache - ok
10:29:37.0777 0x00cc  [ 9949AD2ABA168A618D46C799D6CC898C, DFAC86A0AEE83C9EFE1BEE9EC15C8CAF1D619D55AF3ACC3986057A5AC985D06A ] dot3svc         C:\windows\System32\dot3svc.dll
10:29:37.0792 0x00cc  dot3svc - ok
10:29:37.0792 0x00cc  [ 109FC3F80BF4F4DC5A071058074F13C1, F30736F45BA1811D59E9CB1C172D8D1EA9F5A7D36DCFFBFC9E7E02448C1CF851 ] DPS             C:\windows\system32\dps.dll
10:29:37.0808 0x00cc  DPS - ok
10:29:37.0824 0x00cc  [ 9C7C183F937951AE17C5B8B3259CF3FF, 8ED607139F15D08B4835ACF864421BA4C08C88FE90B9AAF707F5D8514D7731B1 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
10:29:37.0824 0x00cc  drmkaud - ok
10:29:37.0839 0x00cc  [ F87F4AAAF6664906248D11D5E579A53B, F283932F68ED93891EEF00C18724359AB7057E922A3CDC8BC6F33F84D2B0BEE5 ] DsmSvc          C:\windows\System32\DeviceSetupManager.dll
10:29:37.0855 0x00cc  DsmSvc - ok
10:29:37.0886 0x00cc  [ 2BB5627EB587FA995086C3D8C21B6D3F, 871E35BBE66180781324D38823B74263B660CF9254EE348A15421FAC5667F294 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
10:29:37.0933 0x00cc  DXGKrnl - ok
10:29:37.0933 0x00cc  [ 58BA473DD88F5FC1932282BA683AA03E, B8A4407D3006D91BE88F9C5389AC1CACC73BEBF6F66433A1E5EB8E58E8836C12 ] Eaphost         C:\windows\System32\eapsvc.dll
10:29:37.0949 0x00cc  Eaphost - ok
10:29:38.0027 0x00cc  [ 5AB97B3282D7D6114949D1EB5C8598E4, FB9449CC1CDC12C12AA0469BB6ACC770CB011250EDFD86E9600E754610608EFD ] ebdrv           C:\windows\system32\drivers\evbda.sys
10:29:38.0121 0x00cc  ebdrv - ok
10:29:38.0136 0x00cc  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] EFS             C:\windows\System32\lsass.exe
10:29:38.0136 0x00cc  EFS - ok
10:29:38.0152 0x00cc  [ 66D60BD9A4C05616ABECA2A901475098, 8111550DB03FFD72F1822F47B16F075DA92874B64F19342D7CF60B0EE648AFEF ] EhStorClass     C:\windows\system32\drivers\EhStorClass.sys
10:29:38.0152 0x00cc  EhStorClass - ok
10:29:38.0167 0x00cc  [ A61D0F543024E458C0FE32352E1978E2, BDE6BC140300EAF790F16466C28897CE0BD7D94DCED13FDE20AA4AACA0F6A4FD ] EhStorTcgDrv    C:\windows\system32\drivers\EhStorTcgDrv.sys
10:29:38.0167 0x00cc  EhStorTcgDrv - ok
10:29:38.0183 0x00cc  [ D790D058D67582DB9C84C2D33695FE6B, A5763D7F6D191EA4B290B3E92D842AC36FD46DF598472E70B46E45D8CCD2F912 ] ErrDev          C:\windows\System32\drivers\errdev.sys
10:29:38.0183 0x00cc  ErrDev - ok
10:29:38.0199 0x00cc  [ F9E01C2D9F8BC049E04CF5DC24A5F638, CB6CCB59C77D4A59DDA846608AABEF1DFEC24C8422712AB8D59E27C13D731D2E ] EventSystem     C:\windows\system32\es.dll
10:29:38.0230 0x00cc  EventSystem - ok
10:29:38.0246 0x00cc  [ 21FFB87A70019E9B39C5A8469695ACBA, B41BEDB737CFD33707181DA0B69FC47C01C897AF8B42211A46B54A9FDB2B9004 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
10:29:38.0261 0x00cc  EvtEng - ok
10:29:38.0277 0x00cc  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03, 6B0146A4C9AD32DCDC2DEE8E8C5A29F687665458486449E0D37B151ED63B8ADC ] exfat           C:\windows\system32\drivers\exfat.sys
10:29:38.0292 0x00cc  exfat - ok
10:29:38.0308 0x00cc  [ 60996602A7111FD2D086E803F33E4282, E62A91C90F8542990BEA4E6A5D9DD3D070F4EB23B4C13414C5DA2B0219509749 ] fastfat         C:\windows\system32\drivers\fastfat.sys
10:29:38.0308 0x00cc  fastfat - ok
10:29:38.0339 0x00cc  [ F0E7F8382ED5E138B0DFA4CB5058BCFE, 6247C7B75F975F5AB080FFB9881EF58A6F360219F7AF2DE871F38E80CAF3B62C ] Fax             C:\windows\system32\fxssvc.exe
10:29:38.0371 0x00cc  Fax - ok
10:29:38.0371 0x00cc  [ 73B2D11DF0B6E03A0CB0323218ACB3E4, BA9256919BAA2E0760F6A658B557FDC389ACE8F9820D1A41FD995FC5613F5AA6 ] fdc             C:\windows\System32\drivers\fdc.sys
10:29:38.0386 0x00cc  fdc - ok
10:29:38.0386 0x00cc  [ 0828E3E7BD77C89149EAD3232BFD38DB, A6A296647A4EDBFF59124E3A9C0AB48759AA1738615ACFA5A454FF6BD3C31BA2 ] fdPHost         C:\windows\system32\fdPHost.dll
10:29:38.0402 0x00cc  fdPHost - ok
10:29:38.0402 0x00cc  [ 872506AAB591E8908DF4461475AF92DF, 772F2D08CB95775E438822B9EA005CBA92ED4071ADAB2C0101156A7D037D4704 ] FDResPub        C:\windows\system32\fdrespub.dll
10:29:38.0417 0x00cc  FDResPub - ok
10:29:38.0433 0x00cc  [ 0588950D93A426F97C7AAADB1A9B0458, ABCB3619BD58CAC438FC032495AE45A7B6FFDD4BD33C1B3D1BC7F9F13FCB727A ] fhsvc           C:\windows\system32\fhsvc.dll
10:29:38.0449 0x00cc  fhsvc - ok
10:29:38.0449 0x00cc  [ 88A9EBACD1058ABB237A6B4E96E7F397, 263D25D33B679EB01D97763701347C31B2F72E28CE2C7EC8013EA77756D98BE1 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
10:29:38.0464 0x00cc  FileInfo - ok
10:29:38.0480 0x00cc  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02, 1D7BFB00D74A28AC13ECBA1E0036D50EE79266AC02CEDB2632466BF9DD46F211 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
10:29:38.0496 0x00cc  Filetrace - ok
10:29:38.0496 0x00cc  [ B1D4C168FF7B8579E3745888658FFB1D, 1A5C13E902A0C788A8B995ADD2FBC3303005911C0AA3F3F4497D3016AA0EF583 ] flpydisk        C:\windows\System32\drivers\flpydisk.sys
10:29:38.0496 0x00cc  flpydisk - ok
10:29:38.0511 0x00cc  [ B33EC133AE4E6C1881D2302D93D2467D, 77E3A16257EA3698B3FCD947D004144E8D1EEE48EF5C82DF49B1B9B2B3C61DB2 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
10:29:38.0527 0x00cc  FltMgr - ok
10:29:38.0558 0x00cc  [ 0BCDC0FF11B984162B0CF0FF6E9E0146, D44A3CECBA36B7A64854E244FA6B5E65047896BF9983D20B431410FBBA36697A ] FontCache       C:\windows\system32\FntCache.dll
10:29:38.0605 0x00cc  FontCache - ok
10:29:38.0621 0x00cc  [ 0B56259F5611787222A04A8F254E51D4, F77AEC0ACBFAF9154E32223B84B613229DACCD953AEBC3E96C27570F9AB10FD0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:29:38.0636 0x00cc  FontCache3.0.0.0 - ok
10:29:38.0636 0x00cc  [ A5F7873A39E4E9FAAAE59B7E9E36B705, 32036109F5A50E9F3BEF97C5B28AE8179B3A5E22517868A83CADE4671FF90DEC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
10:29:38.0652 0x00cc  FsDepends - ok
10:29:38.0652 0x00cc  [ A6DD7D491F587F4BC13FB972977DC8E8, B86F97F17F6F443EC16DEF67CCA4EF78AFE56078D2877838A982FECB19557C87 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
10:29:38.0667 0x00cc  Fs_Rec - ok
10:29:38.0683 0x00cc  [ C1646A95EAC515F60CDB2A7A8A013C1E, F559B83C02B17265EDE95DD497C1A94E402F07EC251FC47449F789907AFFED14 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
10:29:38.0699 0x00cc  fvevol - ok
10:29:38.0699 0x00cc  [ A969D92973DFA895E7776B4BFE36DBB2, 7528E6983ECC59291A7A386E4E459B19D1593ABDDFFD276E2F01B0EA21693E20 ] FxPPM           C:\windows\System32\drivers\fxppm.sys
10:29:38.0714 0x00cc  FxPPM - ok
10:29:38.0714 0x00cc  [ 52BC441E07A827EBAB70CDC7EAEDB28D, 8DECBD8E12EA52039742599CFBBF0D3B6610B57EF8D9DAEEEA33D202A478D286 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
10:29:38.0730 0x00cc  gagp30kx - ok
10:29:38.0730 0x00cc  [ 721F8EEF5E9747F32670DEFF7FB92541, E0A8EF70753E260C2C7D93D316B5EF9589DB086FDF829BDA2958C6A09CE471A6 ] gencounter      C:\windows\System32\drivers\vmgencounter.sys
10:29:38.0746 0x00cc  gencounter - ok
10:29:38.0746 0x00cc  [ FC2B8B06BDBD3B6457F5A3DA9AD2410E, 4BF196E1CAC94E9265EBEB68F41C3E29F0C709ECFF9420B5B1C9C82680D5D6A8 ] GPIOClx0101     C:\windows\system32\Drivers\msgpioclx.sys
10:29:38.0761 0x00cc  GPIOClx0101 - ok
10:29:38.0792 0x00cc  [ 5358678C6370F2ADC5291849F6503262, 841633D7A936C3889690C67E189BAD4C6B294C196FFFE5B564FCECDFE46A9E52 ] gpsvc           C:\windows\System32\gpsvc.dll
10:29:38.0839 0x00cc  gpsvc - ok
10:29:38.0855 0x00cc  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:29:38.0855 0x00cc  gupdate - ok
10:29:38.0871 0x00cc  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:29:38.0871 0x00cc  gupdatem - ok
10:29:38.0886 0x00cc  [ 630555943E5A3FE21010CE91EC7FC84F, 20D7247A4363EE9E851501D89A466564ADCAEC304DE42280E4E09AD8499436A9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
10:29:38.0902 0x00cc  HdAudAddService - ok
10:29:38.0917 0x00cc  [ 58CC013EFA9893057160EDA018D8ADCE, BE8AA220CFBD90202C1B130DF349C3198E3447F3C2DC7BC5FC8816F57F78BA00 ] HDAudBus        C:\windows\System32\drivers\HDAudBus.sys
10:29:38.0917 0x00cc  HDAudBus - ok
10:29:38.0933 0x00cc  [ 3F76BBA53D65E85A7F53E7A71082082C, D1E18815BB19CD11007C4A66162C76F55D4FE6B09B34ED45969C7ECC29D394AD ] HidBatt         C:\windows\System32\drivers\HidBatt.sys
10:29:38.0933 0x00cc  HidBatt - ok
10:29:38.0949 0x00cc  [ 085F150D002B7F0153D3C06DDF33A143, 41847FD02608ECFE3A6B4B38CBDE8416B0EF17491868511FD704B0BCC280338E ] HidBth          C:\windows\System32\drivers\hidbth.sys
10:29:38.0949 0x00cc  HidBth - ok
10:29:38.0964 0x00cc  [ CC4A07E51D89575CAB6F4EB590D87CD4, DFB4EAF0923EF9FF6C42EDD1EA5E4025F243C9BE2D03D5423FE8A897DC01D657 ] hidi2c          C:\windows\System32\drivers\hidi2c.sys
10:29:38.0964 0x00cc  hidi2c - ok
10:29:38.0980 0x00cc  [ DC96F7DACB777CDEAEF9958A50BFDA06, 7CE79F32D5EE65C0178CFF56523825D3EE01095B2CE8C67634A6604A821A9086 ] HidIr           C:\windows\System32\drivers\hidir.sys
10:29:38.0996 0x00cc  HidIr - ok
10:29:38.0996 0x00cc  [ FAC37D7B3D6354A5A5E19A45B50B4008, 2962B552A1DA545DFDEF0886582E82596FE8A3A19AAF989B025AFDA84D16D4EC ] hidserv         C:\windows\system32\hidserv.dll
10:29:39.0011 0x00cc  hidserv - ok
10:29:39.0011 0x00cc  [ 012C354B4AB48E9A7A657DF39E3A2073, B15D0089CE509FF1CF73DFE095425C1C99FC3971622DCAAD9CAEB989A12A4FDB ] HidUsb          C:\windows\System32\drivers\hidusb.sys
10:29:39.0027 0x00cc  HidUsb - ok
10:29:39.0042 0x00cc  [ 43F884B61A24377567CD0FEB35236334, B3BA36B527C8D6D83DE2FBCD8D503B87FD2611BF15B07A7BC138DC8BAE6A50C1 ] hkmsvc          C:\windows\system32\kmsvc.dll
10:29:39.0042 0x00cc  hkmsvc - ok
10:29:39.0058 0x00cc  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF, E6967F3F465C6E903221BC0FCBAE7D05FD18C0BF110D929335F5935364B3C1BC ] HomeGroupListener C:\windows\system32\ListSvc.dll
10:29:39.0074 0x00cc  HomeGroupListener - ok
10:29:39.0089 0x00cc  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E, B965DCC72625188F3B896CB447B7696F22687266EAFC5AA270E2AD53DD9F324D ] HomeGroupProvider C:\windows\system32\provsvc.dll
10:29:39.0105 0x00cc  HomeGroupProvider - ok
10:29:39.0105 0x00cc  [ 64DB7A8D97CA53DCCF93D0A1E08342CF, 02CAB7F28D3830C482683425C60044239C6F1562556688A274CA2C237C846E76 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
10:29:39.0121 0x00cc  HpSAMD - ok
10:29:39.0152 0x00cc  [ F4A91D985EB9D1D2717D538F3424603C, 454AD2FF3A7963B9835AEF300F6672F92D0CCF59593BA2CCC83F0EC1446BB659 ] HTTP            C:\windows\system32\drivers\HTTP.sys
10:29:39.0167 0x00cc  HTTP - ok
10:29:39.0183 0x00cc  [ 2A98301068801700906C06649860FE94, 664394A52326289DCA0828B0041A105653F4FEF3E3DCCC3787AAE0F6FDC73A14 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
10:29:39.0183 0x00cc  hwpolicy - ok
10:29:39.0183 0x00cc  [ DC76901D82097C9E297F20C287CB9A27, 01A412D0D8A65050BE4250A7C4B9F98A4C43FD891827761E0C830369A5F9F09C ] hyperkbd        C:\windows\System32\drivers\hyperkbd.sys
10:29:39.0199 0x00cc  hyperkbd - ok
10:29:39.0199 0x00cc  [ 716413AB3CA12DE0A7222D28C1C9352C, B82B586BD9DBD70DDA19A02504E8CB00DA53677703AB848B53387601C5BAD3D3 ] HyperVideo      C:\windows\system32\DRIVERS\HyperVideo.sys
10:29:39.0214 0x00cc  HyperVideo - ok
10:29:39.0214 0x00cc  [ C9E9CBF73AFFBFE3E801EFB516787BA3, 1A850D614BDA6AA4195CC657702BC6242BA51B90131717743182AA160F65E72C ] i8042prt        C:\windows\System32\drivers\i8042prt.sys
10:29:39.0230 0x00cc  i8042prt - ok
10:29:39.0246 0x00cc  [ 050F2539E14F9D5E90A4B61738EC29BD, 0E65468B9F452FA7DB6DF2C1B2B2E9439C79031E27054FBDBDFE28A9F98721D7 ] iaStorA         C:\windows\system32\drivers\iaStorA.sys
10:29:39.0261 0x00cc  iaStorA - ok
10:29:39.0277 0x00cc  [ 5E394EBD26FD68AA9300332C46BEDD62, 56A5DA7CE08C07B519E55D0A46AA9D10B640349808EFE02B3278267B75B5F603 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
10:29:39.0292 0x00cc  iaStorV - ok
10:29:39.0496 0x00cc  [ 11A31FC2481BFE69B0507ED8C80215F4, 8A1E90611F749E8F04B6D86E835E981CAC16D0841305CADB19E58682DA006698 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
10:29:39.0714 0x00cc  igfx - ok
10:29:39.0730 0x00cc  [ 24847A06B84339FEEDE5CABF3D27D320, 7727B1DAD0D4A1D474FBBEFCEBDF36A1F07D1AA300869AE57A24ED91BF84B6B4 ] iirsp           C:\windows\system32\drivers\iirsp.sys
10:29:39.0730 0x00cc  iirsp - ok
10:29:39.0808 0x00cc  [ E455C83E029121270BED73CDAC381F37, 433D525C19DBF26FAC28853C606C872D973104842B0EF1B2BF2EAC85457E2953 ] IKEEXT          C:\windows\System32\ikeext.dll
10:29:39.0839 0x00cc  IKEEXT - ok
10:29:39.0855 0x00cc  [ FD2032D2EAE8D7F3381EBA5FA3E7FEEA, 46D1DC6A44E20339AD9195EE7CC719DC9BC99C78F8C74E730B671F0D78B9C683 ] intaud_WaveExtensible C:\windows\system32\drivers\intelaud.sys
10:29:39.0855 0x00cc  intaud_WaveExtensible - ok
10:29:39.0949 0x00cc  [ 6BDCC85422817FA53CD705ADE312CE6A, 2EBEDF34493B4AE34442A89ACBCDB2C39447F21FBB015BDD7935DE95DD217CD0 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
10:29:40.0043 0x00cc  IntcAzAudAddService - ok
10:29:40.0058 0x00cc  [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
10:29:40.0074 0x00cc  IntcDAud - ok
10:29:40.0089 0x00cc  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
10:29:40.0121 0x00cc  Intel(R) Capability Licensing Service Interface - ok
10:29:40.0121 0x00cc  [ 30E9FAC23E2537D82F2836CB81AEE186, 03E5072D43ECED70EF004D2E6E654B4CCCE059825CC3C641C0534E4C0BC0C7E8 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
10:29:40.0136 0x00cc  Intel(R) ME Service - ok
10:29:40.0136 0x00cc  [ 4F37726CF764CA18A8A84F85EF3A7F24, 6212B23917526E127CE641A11A58DA93651FFE70829C4079FE465DBDC81CF470 ] intelide        C:\windows\system32\drivers\intelide.sys
10:29:40.0136 0x00cc  intelide - ok
10:29:40.0152 0x00cc  [ E15CDF68DD73423F15D4AC404793AF0D, E2D0136AF68D1A73EB3A63C83284B4661222CB0A4AFACCF276CB57CBD4850287 ] intelppm        C:\windows\System32\drivers\intelppm.sys
10:29:40.0152 0x00cc  intelppm - ok
10:29:40.0168 0x00cc  [ 8FCA66234A0933D796BB780B7953BAB9, 7DD677F5EE09A8D7A75C9E475B5E6B3DCA49D1E846C7D160B839D7029B1C5B6D ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
10:29:40.0183 0x00cc  IpFilterDriver - ok
10:29:40.0199 0x00cc  [ C217B8D2E58C57A319B16125C3D4B69C, 905BB858E1782BD08FF080A4A604CE662440A15601B178FBD30269C306C04CCF ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
10:29:40.0230 0x00cc  iphlpsvc - ok
10:29:40.0246 0x00cc  [ A4071DA3AE419F9694BFCB267C7DB8D7, 392DEE1DA51606C29418A98D2861F115E9F67C688B4281C53E87BA73A98809FB ] IPMIDRV         C:\windows\System32\drivers\IPMIDrv.sys
10:29:40.0246 0x00cc  IPMIDRV - ok
10:29:40.0261 0x00cc  [ 3969B9C218DD3FAA9F4ED2FFC3651C02, 93447F124CC55FB17055126432194153E1BB8F0FD95A47608494B6834A5F7089 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
10:29:40.0277 0x00cc  IPNAT - ok
10:29:40.0293 0x00cc  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C, 4099BAA2DB4ADB93B878D71E241B7D9EB7E0EE7ED0FE2450CCB9E4718B3726EB ] IRENUM          C:\windows\system32\drivers\irenum.sys
10:29:40.0293 0x00cc  IRENUM - ok
10:29:40.0308 0x00cc  [ 4D9B9A794F22415B8C3E0CCFBE61BC7A, 4CF01BC95F0AD7DC42AF8A0FCE032DF00610524A98CF52F531E9DE93137E7B87 ] irstrtdv        C:\windows\System32\drivers\irstrtdv.sys
10:29:40.0308 0x00cc  irstrtdv - ok
10:29:40.0339 0x00cc  [ E145E934392E7A49FDC6775AC3A347F8, 8E5DBC8C34FB3B68851489E0860BA3ACE6CDF46BB5E2AEFD1DEF6E895566068B ] irstrtsv        C:\windows\SysWOW64\irstrtsv.exe
10:29:40.0355 0x00cc  irstrtsv - ok
10:29:40.0371 0x00cc  [ D940C5BB9DC92E588533C19ABCC3D2C2, D1442854CEDE86F2C187A35851E74C873D34B772C60BC118FA1577F79C03364D ] isapnp          C:\windows\system32\drivers\isapnp.sys
10:29:40.0386 0x00cc  isapnp - ok
10:29:40.0386 0x00cc  [ E6530FD4F61B40F338BF4355A21B9A09, FE9BF039B9901BEC260A69F7C49ACFA9881AD470DCCBA70C7EC36F518DA71702 ] iScsiPrt        C:\windows\System32\drivers\msiscsi.sys
10:29:40.0402 0x00cc  iScsiPrt - ok
10:29:40.0418 0x00cc  [ C59B9CE2855E667809F9E63C20FC44A5, 36C71CDAB84296E408F29588E1993B6E2016841435C6F2CABBB716A2E2947BA8 ] iwdbus          C:\windows\System32\drivers\iwdbus.sys
10:29:40.0418 0x00cc  iwdbus - ok
10:29:40.0418 0x00cc  [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
10:29:40.0433 0x00cc  jhi_service - ok
10:29:40.0433 0x00cc  [ 8FBD94B69D6423E20ABCD59D86368B21, 218EF992095E365EC917413749856A64D55D8129D77098E24D670843233377F4 ] kbdclass        C:\windows\System32\drivers\kbdclass.sys
10:29:40.0449 0x00cc  kbdclass - ok
10:29:40.0449 0x00cc  [ E88C932ABDF8185A62C8F2FC7B051FB6, 67F9AF58237A11F0BF3D15AA5B32E5CE66B7AA039B999D938F7F6E63DCEA7A6E ] kbdhid          C:\windows\System32\drivers\kbdhid.sys
10:29:40.0464 0x00cc  kbdhid - ok
10:29:40.0464 0x00cc  [ FB6C185092E18011EF49989425C2AA87, 043524409E0A764201DD221C48B7DEEA0D161945EB37D4B88313BAB2299949DF ] kdnic           C:\windows\system32\DRIVERS\kdnic.sys
10:29:40.0464 0x00cc  kdnic - ok
10:29:40.0480 0x00cc  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] KeyIso          C:\windows\system32\lsass.exe
10:29:40.0480 0x00cc  KeyIso - ok
10:29:40.0480 0x00cc  KromtechAccountService - ok
10:29:40.0496 0x00cc  [ 8B3EB6372436195B8EA8AE09A184BCE2, 9AFB7A9D6AEEBF5994C85B355155024768116E2D537C9FA169BC3F4594ECD35C ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
10:29:40.0511 0x00cc  KSecDD - ok
10:29:40.0527 0x00cc  [ 0EB535ADDC065F2D0CBFC089630A6065, F6DD544227A5B7A0C80E401EB5461963567A24834C60AF520FBABC1A9FB4E631 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
10:29:40.0543 0x00cc  KSecPkg - ok
10:29:40.0543 0x00cc  [ 81492FEEBF2F26455B00EE8DBAE8A1B0, E33AA2DFB2D3BB30B02CDADA2EC290F86329DA3198327A653F39A843D86390B9 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
10:29:40.0558 0x00cc  ksthunk - ok
10:29:40.0574 0x00cc  [ 5825DBACEDC3812B5CF8D40B997BF210, 1C2997BCC707C1029B21876E093038CE3BBF6E6694B4CCF7EEDD47172ED9A541 ] KtmRm           C:\windows\system32\msdtckrm.dll
10:29:40.0589 0x00cc  KtmRm - ok
10:29:40.0589 0x00cc  [ 05A5B36592BB5F371B6AB020A2691E42, 384230A10EA0394E260282509B7D8EFCBFF8814611F6EFAB2DD346B97963EC55 ] LanmanServer    C:\windows\system32\srvsvc.dll
10:29:40.0621 0x00cc  LanmanServer - ok
10:29:40.0621 0x00cc  [ 16650912BE5A94B40E0B3B4C39652B56, 908C2C9367AE0AC9AECB5D91514BB33ACD746D99F19C1A8DD6A9550E9CAD9E00 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
10:29:40.0636 0x00cc  LanmanWorkstation - ok
10:29:40.0636 0x00cc  [ CEEFD29FC551F289810B0B9381B321DC, 900F206B487B2190D9363F28AA4BA0CD7DCFE1D005BE05A48AF74B1B81194691 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
10:29:40.0652 0x00cc  lltdio - ok
10:29:40.0668 0x00cc  [ BCF53485E0A94722CDE3C4A93CD8EB8C, D24E1066EB102245A89A5D17D608DB9DF6B71C99F1C77E070B95EFD17D268141 ] lltdsvc         C:\windows\System32\lltdsvc.dll
10:29:40.0683 0x00cc  lltdsvc - ok
10:29:40.0683 0x00cc  [ 5A2F7F1CBC2E631A497DAD16164E06D2, 35274FC6C386380B01B5E8F467E71A2C4E2FB2AD701554F9B1A9B036B0340142 ] lmhosts         C:\windows\System32\lmhsvc.dll
10:29:40.0699 0x00cc  lmhosts - ok
10:29:40.0714 0x00cc  [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:29:40.0714 0x00cc  LMS - ok
10:29:40.0730 0x00cc  [ 36077028C32E25E69645CCA02F55E1DE, 34E23BC6441B46638F9C80331FCCFEF360D520D9B4B4077BE4C1DE7B9BD3EA50 ] LPCFilter       C:\windows\system32\drivers\LPCFilter.sys
10:29:40.0730 0x00cc  LPCFilter - ok
10:29:40.0730 0x00cc  [ 022CDD12161B063D7852B1075BF3FFF2, E21267243AF2FC208D27E67827B1264A762C99AECEDB7AD2C48A04F421A6B2F0 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
10:29:40.0746 0x00cc  LSI_SAS - ok
10:29:40.0746 0x00cc  [ 07AD59D669B996F29F91817F0ECFA34F, 026F332F862D142BFFC9D169CCD17A35BFB6B301EEC72AA13E16369B3520919C ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
10:29:40.0761 0x00cc  LSI_SAS2 - ok
10:29:40.0761 0x00cc  [ 216FB796AA4E252ACCE93B1BCB80B5EC, 5B1E49B5F7B9C7A778198D27F8EE500FE35DC32D40B22A3D6ED67560BEB04212 ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
10:29:40.0777 0x00cc  LSI_SCSI - ok
10:29:40.0777 0x00cc  [ 5E80530AF37102488EE980B4A92AF99F, 364E18EAD9AC22F8A306B24C6C43E58224F6BE2744EFEAA2484696B8D9880851 ] LSI_SSS         C:\windows\system32\drivers\lsi_sss.sys
10:29:40.0793 0x00cc  LSI_SSS - ok
10:29:40.0808 0x00cc  [ 1DC9B701F8EB7D67774035AC9C3104F6, 77371267CDA605F78674BF8FA14B134B22299CD96EADA60A68762207595F0B46 ] LSM             C:\windows\System32\lsm.dll
10:29:40.0824 0x00cc  LSM - ok
10:29:40.0839 0x00cc  [ 2BDC5D711FA61307CE6190D47C956368, 6BCDC6CBB9783F1ABE8957BDA94AF977DFB2A310BB6D19085EFC8609C97FD180 ] luafv           C:\windows\system32\drivers\luafv.sys
10:29:40.0855 0x00cc  luafv - ok
10:29:40.0855 0x00cc  [ 9B0D829C3BE4E7472DB9DD2B79908E3C, ACED5806FFF39E84007B5A3DCB16315329DC53007F46B1BEEDC391CC659F7DD3 ] megasas         C:\windows\system32\drivers\megasas.sys
10:29:40.0871 0x00cc  megasas - ok
10:29:40.0871 0x00cc  [ ECC3F54C7AFC318271C4F0B4606D8DB0, FD1ACB18B8C912C7A57DABCD5460800DD0721A82E09C8D79C47B3392D61CBEA6 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
10:29:40.0886 0x00cc  MegaSR - ok
10:29:40.0902 0x00cc  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\windows\System32\drivers\HECIx64.sys
10:29:40.0902 0x00cc  MEIx64 - ok
10:29:40.0918 0x00cc  Microsoft SharePoint Workspace Audit Service - ok
10:29:40.0918 0x00cc  [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] MMCSS           C:\windows\system32\mmcss.dll
10:29:40.0933 0x00cc  MMCSS - ok
10:29:40.0933 0x00cc  [ 780098AD5DA8A4822E2563984C85EF7B, 29312970774E944B5ED388316CF3D350DCABF721F9695737B0AC56BE878B0446 ] Modem           C:\windows\system32\drivers\modem.sys
10:29:40.0949 0x00cc  Modem - ok
10:29:40.0949 0x00cc  [ EA8EAD3F5B762F889CC7F3966625B48B, B701A42E5E08B7BC6601560446146803182E5DC631AB73E9408F19CB6432F121 ] monitor         C:\windows\System32\drivers\monitor.sys
10:29:40.0949 0x00cc  monitor - ok
10:29:40.0964 0x00cc  [ 618446B98C79776654340CE27C73485E, EFE7169FDD545933B5949DA2D09266971C0C3E6894E7BD8AFE29E41567C72B16 ] mouclass        C:\windows\System32\drivers\mouclass.sys
10:29:40.0964 0x00cc  mouclass - ok
10:29:40.0980 0x00cc  [ C0ADEBED913295803B579ED288936CBB, 58F71541166D1DA07C18FBD27458D55E3F8AD7291CB7496B3A2F01372A5B0CAE ] mouhid          C:\windows\System32\drivers\mouhid.sys
10:29:40.0980 0x00cc  mouhid - ok
10:29:40.0996 0x00cc  [ E7E9DBFDD3F25ED0C05B99AE9FA18BDE, 6D0204BA271FD3262DAE6E6BF9C12C0D49E3C9AF40EB1E072BD5CA5E2B8598D5 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
10:29:40.0996 0x00cc  mountmgr - ok
10:29:41.0011 0x00cc  [ 4CCBBD4944777CA100B9A6C2F149A46F, 7FC172FAF8266BFBBBBAD94FD67EA3C1872F5927DC3900A9A54DB2DFE34E7415 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
10:29:41.0011 0x00cc  mpsdrv - ok
10:29:41.0043 0x00cc  [ 9DE3341BD4E14BC5FADFCAD3019F2D0D, 37E0531EADABC6D4BCC496826651D4D14CF0D10156FF13C11BDE466084B44FF4 ] MpsSvc          C:\windows\system32\mpssvc.dll
10:29:41.0074 0x00cc  MpsSvc - ok
10:29:41.0074 0x00cc  [ 3D70147F55F1EC84EB9139ED7FFE48BC, 12429C2FDDDA13815F0E18F9009011AA5360955759A23A38175543F480CB92EF ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
10:29:41.0089 0x00cc  MRxDAV - ok
10:29:41.0105 0x00cc  [ 14EE56050E1637926F5CFA65B1F4209B, C654280B4BB461898B43DF350B5BB76C2FDEBD6B49A19D08B2F28D92E2FA3D0D ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
10:29:41.0121 0x00cc  mrxsmb - ok
10:29:41.0136 0x00cc  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3, C665B7896501D42C73955F4EAF4FA3C6B2C9286957D6023C235AFBF9BFB761C6 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
10:29:41.0152 0x00cc  mrxsmb10 - ok
10:29:41.0152 0x00cc  [ 0AA400AB21745F1153ECE75E0186509A, E26696A00008BB8D88ABED6F379FFFAE21ACE9AA7108D9E89A7D99CAF2F23FEF ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
10:29:41.0168 0x00cc  mrxsmb20 - ok
10:29:41.0168 0x00cc  [ 98487487D6B3797CA927E9D7B030AE13, 05840AF0DD2E3CB596DA768DBD0728B52210EC05B55AB5921E697AD8956938DD ] MsBridge        C:\windows\system32\DRIVERS\bridge.sys
10:29:41.0183 0x00cc  MsBridge - ok
10:29:41.0199 0x00cc  [ 4A07458EB4F17573BD39F22029A991C1, 74D7A1882EA4D19B8F090C2813489E5D3F759BF4AF2D88AE852EC6510C405B5E ] MSDTC           C:\windows\System32\msdtc.exe
10:29:41.0199 0x00cc  MSDTC - ok
10:29:41.0214 0x00cc  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2, ECCA22985838A914EDC866C491DEB64B9FF5110EFA9BEE541F634AC5EC3081F9 ] Msfs            C:\windows\system32\drivers\Msfs.sys
10:29:41.0214 0x00cc  Msfs - ok
10:29:41.0230 0x00cc  [ C32A7A39B960A42BA9D4FBE47213CA03, 4DA48587138972DA5E95AEDBBBE73BA8CCADC8172C6654427ABEAC8047B27E95 ] msgpiowin32     C:\windows\System32\drivers\msgpiowin32.sys
10:29:41.0230 0x00cc  msgpiowin32 - ok
10:29:41.0246 0x00cc  [ D3857A767B91A061B408CCAB02DA4F40, A4D780772086AD8717EE6DC2B6189F796939FB5E5AA08FD9D1984101998FBECF ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
10:29:41.0246 0x00cc  mshidkmdf - ok
10:29:41.0246 0x00cc  [ 839B48910FB1E887635C48F3EC11A05E, F8CFD99911500CC1B6A90C8E2A1697BD5A6E5776A62A62FE5B342FE204C936B1 ] mshidumdf       C:\windows\System32\drivers\mshidumdf.sys
10:29:41.0261 0x00cc  mshidumdf - ok
10:29:41.0261 0x00cc  [ 55C0DB741E3AB7463242B185B1C2997C, D2E2A5B48A64EA0EC2A6566C08E65A38D11CEA64BCA7B57793BA0D009E4D974A ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
10:29:41.0277 0x00cc  msisadrv - ok
10:29:41.0277 0x00cc  [ 216C6B035A4BA5560E1255BD8E5BB89F, A14E038604B9A5506DB145A4D9F51E2751AC825240D2744924F39C332B5DE00B ] MSiSCSI         C:\windows\system32\iscsiexe.dll
10:29:41.0293 0x00cc  MSiSCSI - ok
10:29:41.0293 0x00cc  msiserver - ok
10:29:41.0293 0x00cc  [ 509809566E49F4411055864EA8D437CD, 70F37BF9C759E8BCA1C6AC8FB9805950925E1C648ED37E8561A0F7A407DFDC28 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
10:29:41.0308 0x00cc  MSKSSRV - ok
10:29:41.0308 0x00cc  [ 63145201D6458E4958E572E7D6FC2604, EDD4A8A3BBE94B983554B1117734E66A2647B867269C5F0567C47EDE6F3FACCB ] MsLldp          C:\windows\system32\DRIVERS\mslldp.sys
10:29:41.0324 0x00cc  MsLldp - ok
10:29:41.0324 0x00cc  [ 99D526E803DB6D7FF290FD98B6204641, 4AFAA3B1186621AEAD19E12D3DBE104DD8FCD5C106F9EC3ADA4AD1BC7093E61F ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
10:29:41.0339 0x00cc  MSPCLOCK - ok
10:29:41.0339 0x00cc  [ 06FA77C3E2A491ADCD704C5E73006269, 465A7EE5387E6C11398A554F73437278F5BF110356E7F49F315905C1F2459278 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
10:29:41.0355 0x00cc  MSPQM - ok
10:29:41.0355 0x00cc  [ E134EC4DE11CF78CB01432D180710D84, BB111F97AEEFDCA5866B157E9957599CD7A4952B5BCCA0B0BCA9EDFCD17E61FE ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
10:29:41.0371 0x00cc  MsRPC - ok
10:29:41.0386 0x00cc  [ B5AECF12F09DEE97C9FCAA5BA016CE1E, F5305C4CE6C93A3A3481BD13BE0C23FE26571E11029ACFFE75FB78913681FCFC ] mssmbios        C:\windows\System32\drivers\mssmbios.sys
10:29:41.0386 0x00cc  mssmbios - ok
10:29:41.0402 0x00cc  [ 72D66A05E0F99F2528F6C6204FD22AA1, B14D433BC5795F1DC4C672302285E665DC012693E75574F60664AAD8874DE562 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
10:29:41.0402 0x00cc  MSTEE - ok
10:29:41.0418 0x00cc  [ 8AAAE399FC255FA105D4158CBA289001, 2F55C02605B4A3406B289FF9D46C76260B9138E3DE96AFAEA0E0522E5A2A746C ] MTConfig        C:\windows\System32\drivers\MTConfig.sys
10:29:41.0418 0x00cc  MTConfig - ok
10:29:41.0418 0x00cc  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A, 00D33A4AB3E7C5F65F59C63F8E2FD27EF38D5484595F785D5632E9414E29352C ] Mup             C:\windows\system32\Drivers\mup.sys
10:29:41.0433 0x00cc  Mup - ok
10:29:41.0433 0x00cc  [ 3A1E095277BBD406CEA8EA6B76950664, 47838F307A6354E77C19A7B1F3F3E22726EF60403B611F358AD6FFE81D7214E7 ] mvumis          C:\windows\system32\drivers\mvumis.sys
10:29:41.0449 0x00cc  mvumis - ok
10:29:41.0464 0x00cc  [ 53EE034F83E9A7A8E421572E385F67CD, 29F718B95B9D6CBDA49D5DE14FEC46DA64D7977131D585C975B3D703559D0988 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
10:29:41.0464 0x00cc  MyWiFiDHCPDNS - ok
10:29:41.0480 0x00cc  [ 4B18840511D720BA118D3017E8165875, 724458A69269A5AE57E8DAB74FF3C198A79B6F7A9602BF38A70B4A40543ED167 ] napagent        C:\windows\system32\qagentRT.dll
10:29:41.0511 0x00cc  napagent - ok
10:29:41.0527 0x00cc  [ 43D7388A90A4C6EA346A4D6FF0377479, DFDCFA448B49C8A577056070AF516F08CD2E452706A3CF9173195ABA4256F35D ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
10:29:41.0543 0x00cc  NativeWifiP - ok
10:29:41.0543 0x00cc  [ 6A0C3996DA7DAE6D6939676D786EEEC4, 6E8A4C6234FD3040BC889E92016A4D5AC7BCAF5059521E50C733966163A546A0 ] NcaSvc          C:\windows\System32\ncasvc.dll
10:29:41.0558 0x00cc  NcaSvc - ok
10:29:41.0558 0x00cc  [ C982FE4CC91DECE2259F494FCEB4030F, 4C285407E6F9FBBA92180F4063AEFB736ED142D802F0151002F0CC20AB7BB4E5 ] NcdAutoSetup    C:\windows\System32\NcdAutoSetup.dll
10:29:41.0574 0x00cc  NcdAutoSetup - ok
10:29:41.0605 0x00cc  [ A10E176F3B2BF83EDE7B5C4658C93B66, 42F2FAEB4A29BBC6727D7E159D3E7E2E66D33785E5C98496EEB44D281601A23E ] NDIS            C:\windows\system32\drivers\ndis.sys
10:29:41.0636 0x00cc  NDIS - ok
10:29:41.0636 0x00cc  [ 39C8A1D9D46F5E83A016BCAB72455284, 80DBED610E0818C2C7122FBC5BC8C15BCE981538AE48DC48F464A86389AF3F68 ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
10:29:41.0652 0x00cc  NdisCap - ok
10:29:41.0683 0x00cc  [ 762941932B7E4C588E48A577BA9D6440, 71FA1870E398CB848D8294FEF6C60E0499CAB9A16EC3F487564C41072590E4F3 ] NdisImPlatform  C:\windows\system32\DRIVERS\NdisImPlatform.sys
10:29:41.0699 0x00cc  NdisImPlatform - ok
10:29:41.0714 0x00cc  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7, D902AE15194A9F8A2198914FC76184FE7E2B589747275952A04A52853128FDB8 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
10:29:41.0714 0x00cc  NdisTapi - ok
10:29:41.0730 0x00cc  [ 79AB68BB3FFF974AD4F41FA559F4EC67, 1745EC6520B48E325C56D98A1F4DB9CE135FE3E097B3D66E6598791132CAD7BD ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
10:29:41.0746 0x00cc  Ndisuio - ok
10:29:41.0746 0x00cc  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
10:29:41.0777 0x00cc  NdisWan - ok
10:29:41.0777 0x00cc  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NDISWANLEGACY   C:\windows\system32\DRIVERS\ndiswan.sys
10:29:41.0793 0x00cc  NDISWANLEGACY - ok
10:29:41.0808 0x00cc  [ 3730942D7DB2F8BB5F84542B7FF6F650, 89C9D7D7305205BDB304CE6DA7D1A57EDE86A9D77429698802A39D75EB78CAAB ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
10:29:41.0808 0x00cc  NDProxy - ok
10:29:41.0824 0x00cc  [ D3F60A4345FCA9C1BE68AD7D0D6DE770, 214AF09F4B021C2F8655FBC8AC8C801E89CD9115CDE690FAEBDA69D63D660EDD ] Ndu             C:\windows\system32\drivers\Ndu.sys
10:29:41.0824 0x00cc  Ndu - ok
10:29:41.0840 0x00cc  [ 7C203A76394F9AE68F69EEE5F9612C4A, 2222654915913BDC9367A2075714906A10CF22C047A7494CD59CB71834ED1B62 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
10:29:41.0855 0x00cc  NetBIOS - ok
10:29:41.0855 0x00cc  [ 7CEC25C682D319D484630B3952C31A11, 025C46B367E0570E9E3F9DF1564C3E47B1524E9E9A180BBDF0E9C684838F5E42 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
10:29:41.0871 0x00cc  NetBT - ok
10:29:41.0886 0x00cc  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] Netlogon        C:\windows\system32\lsass.exe
10:29:41.0886 0x00cc  Netlogon - ok
10:29:41.0918 0x00cc  [ 89519D29CBEC2121CA65CC29C4D345E0, F3BA7BCAFEC8DD8B29837458D1B2B1DEE748AEAAAE0575FD3AAE65CFC72A04CD ] Netman          C:\windows\System32\netman.dll
10:29:42.0011 0x00cc  Netman - ok
10:29:42.0027 0x00cc  [ 79FA9393C67EBBF92A56923592CF7A7C, A8AB8A6346B97B68810CC632F425085BE9E63ACAED0F119A7BFD03F2DA4AA5F6 ] netprofm        C:\windows\System32\netprofmsvc.dll
10:29:42.0058 0x00cc  netprofm - ok
10:29:42.0074 0x00cc  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:29:42.0074 0x00cc  NetTcpPortSharing - ok
10:29:42.0152 0x00cc  [ 75B9B86878CC159FBC40C4F9202ADBE3, 80D9176112BAFB42E6568E723781E5C03BD5472AB382496C1BD784DB9B2FB6E6 ] NETwNe64        C:\windows\system32\DRIVERS\NETwew00.sys
10:29:42.0246 0x00cc  NETwNe64 - ok
10:29:42.0246 0x00cc  [ 12DD2800E4EEA37DC9AE256AD62423B4, 34740469EEA8740CBACD881CB232C9ABB9AB180DE5F45336BC6DBE154259F29B ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
10:29:42.0261 0x00cc  nfrd960 - ok
10:29:42.0277 0x00cc  [ 80ABCD4C2DE9FD832477303AE0CA3BE5, 98F3958E650CEB1006D92980503E1B176D2CA55D2A6742C1C27CDE829D137DA9 ] NlaSvc          C:\windows\System32\nlasvc.dll
10:29:42.0293 0x00cc  NlaSvc - ok
10:29:42.0293 0x00cc  [ 17E19A742FB30C002F8B43575451DBE1, 59D226A4A5B5281C399BE96C694915E38EEAF335D31F346B0C65D8F469D7C9C3 ] Npfs            C:\windows\system32\drivers\Npfs.sys
10:29:42.0308 0x00cc  Npfs - ok
10:29:42.0308 0x00cc  [ 8ED299C30792544264E558BEA79F0947, 8A03FDA9AADB79ECBCBCDC988B7D8CF0672689C9DF673A2ECFE0D2D88A9C6A6B ] npsvctrig       C:\windows\System32\drivers\npsvctrig.sys
10:29:42.0324 0x00cc  npsvctrig - ok
10:29:42.0324 0x00cc  [ 832B5FDF0B5577713FD7F2465FCD0ACE, 4A551CDBACED47DD781EC59F8B59A13D66EFD85DCF636BCFCBACFE5972A78E93 ] nsi             C:\windows\system32\nsisvc.dll
10:29:42.0340 0x00cc  nsi - ok
10:29:42.0340 0x00cc  [ 689B3B1E95C70ABF7AFF29F9406EF1E0, 8B62D8AE53E1B3218158FADC0075682AB06D18998CF5DE82C920A9CD91C0652F ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
10:29:42.0355 0x00cc  nsiproxy - ok
10:29:42.0418 0x00cc  [ 7BE3EDFFA3216F989A6BDCB14795DD08, 19A2D0120C46CA9BCFBC16DC3E65687ACDDCBA33B79128188652BA2AFAA2EE2F ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
10:29:42.0496 0x00cc  Ntfs - ok
10:29:42.0496 0x00cc  [ 4163ADE07DB51843AE31F65B94F5398D, 4349E7EF1EE1E71E1F436BA42F5B58871D82B987D513BA2D6E1CEB8A21BD1B20 ] Null            C:\windows\system32\drivers\Null.sys
10:29:42.0511 0x00cc  Null - ok
10:29:42.0511 0x00cc  [ D6D34118263412D3AAA8348A9572B7F2, 66106A25BC5A4CA7697A23ED67CEDB5C0BF678EA70FD967A405D2DF76F4CA3A4 ] nvraid          C:\windows\system32\drivers\nvraid.sys
10:29:42.0527 0x00cc  nvraid - ok
10:29:42.0543 0x00cc  [ 27AFC428D1D32ABD04A86763A4EDDEA9, 0920866013A8C8CFEE00E6AECDD41736F5501C49837E2D785998734F087F6B98 ] nvstor          C:\windows\system32\drivers\nvstor.sys
10:29:42.0558 0x00cc  nvstor - ok
10:29:42.0558 0x00cc  [ 051CFB5107BAAE510419BDC41F8C4036, 9990906F17A3886EF301D2AA6556263B52A1C0554C6BD18331AF44ECECAEE4B5 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
10:29:42.0574 0x00cc  nv_agp - ok
10:29:42.0574 0x00cc  nxdeviced - ok
10:29:42.0590 0x00cc  [ 6A2E10A6043F73A8309779CB4A530DC1, 9841C6CA9BB2CF6E1CB00664F13D35E7D244C104968A517277CE9F9B4F1AE405 ] nxfs            C:\Program Files (x86)\NoMachine Enterprise Client\bin\drivers\nxdisk\amd64\nxfs.sys
10:29:42.0590 0x00cc  nxfs - ok
10:29:42.0605 0x00cc  [ 4EED96FC0E7A700046EB5FFC7E3ACA5A, DF0E3FCA0CC15F6BABA62A958AF798944DA3205B78E16FFC9996B6CB583B2553 ] nxfsd           C:\Program Files (x86)\NoMachine Enterprise Client\bin\nxfsd.exe
10:29:42.0605 0x00cc  nxfsd - ok
10:29:42.0652 0x00cc  [ 4EDF298290F22EC78F5D9710156C6821, 12F2D00C38DDF99F4F3EE2278D2DCCF3059470868652584B7BB8AAE5B4B1247B ] nxusbd          C:\Program Files (x86)\NoMachine Enterprise Client\bin\nxusbd64.exe
10:29:42.0683 0x00cc  nxusbd - ok
10:29:42.0699 0x00cc  [ 45DE6DACF90B1666D351673B18DCF0D1, D88CBB27AF2614DAAE59E6BC0573B156DE4E206D0BA7DB66C8FF5BE95D0A5E11 ] nxusbf          C:\Program Files (x86)\NoMachine Enterprise Client\bin\drivers\nxusb\NT6\amd64\nxusbf.sys
10:29:42.0699 0x00cc  nxusbf - ok
10:29:42.0715 0x00cc  [ FCDC4636F5C44D5A481A6245C7EA2CB7, FC3C94343FCDAA1D02DEFE5D0A17257B76A3AE0F410FEA0AAAD4EF39135BFA45 ] nxusbh          C:\windows\System32\drivers\nxusbh.sys
10:29:42.0730 0x00cc  nxusbh - ok
10:29:42.0730 0x00cc  [ 4D1F5FE87C61D593FA5E6EAFB0C11C06, F23AF84B112FA8655943021C3F2E9D21BF2EB3BF243881C0E7EB74980AE927FA ] nxusbs          C:\windows\System32\drivers\nxusbs.sys
10:29:42.0746 0x00cc  nxusbs - ok
10:29:42.0761 0x00cc  [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:29:42.0777 0x00cc  ose64 - ok
10:29:42.0918 0x00cc  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:29:43.0092 0x00cc  osppsvc - ok
10:29:43.0112 0x00cc  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
10:29:43.0138 0x00cc  p2pimsvc - ok
10:29:43.0154 0x00cc  [ 4319FD931DCD796435ECB5DB4A04FBA5, 20185B2F359EEC202B37019A4E4F5B914ADCF78B97AF0CBD91EECED2259FC6DE ] p2psvc          C:\windows\system32\p2psvc.dll
10:29:43.0170 0x00cc  p2psvc - ok
10:29:43.0170 0x00cc  [ 4563DAF8C6A740AD7F501E219BD10766, 7A1212DDAE2D66A9C2041262796904E36036CDC4C5B75C2F66B8DF9D89F7C25D ] Parport         C:\windows\System32\drivers\parport.sys
10:29:43.0185 0x00cc  Parport - ok
10:29:43.0185 0x00cc  [ D6ACCF9F2EEEEA711C14EFD976E573F3, 60D2A81832A8D24F91C3EF134440D5026354917F59462BACBCE7A01D84767D91 ] partmgr         C:\windows\system32\drivers\partmgr.sys
10:29:43.0201 0x00cc  partmgr - ok
10:29:43.0217 0x00cc  [ 19E41F140A6ADBD38943710DA7FF0E38, AF9FDBEB0E519B7EA034C76077E514FE27138204E9874F4DDEA0B1CB26A45BA0 ] PcaSvc          C:\windows\System32\pcasvc.dll
10:29:43.0248 0x00cc  PcaSvc - ok
10:29:43.0248 0x00cc  [ 4A003E8F718C1E6A2050CA98CD53E3E2, BCC3BE1EC3FA4967353371D85094D096940A7B5944A6FFCA31E8FBE83D92CC6C ] pci             C:\windows\system32\drivers\pci.sys
10:29:43.0264 0x00cc  pci - ok
10:29:43.0264 0x00cc  [ F9908D274D458220F91E89B54D78D837, 1E89ABFA6B375383E0297CEE5AF66E37F90E16DD21ABA5C91777A86CDF013B4D ] pciide          C:\windows\system32\drivers\pciide.sys
10:29:43.0279 0x00cc  pciide - ok
10:29:43.0279 0x00cc  [ 84D19CB6102627932DCB5DFDF89FE269, 2F9C47E076645B35877D9ACA77968EFFCDA8794D76265CD9A4AAA239C4B33C5F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
10:29:43.0295 0x00cc  pcmcia - ok
10:29:43.0310 0x00cc  [ CEBBAD5391C2644560C55628A40BFD27, 8AAA6EBD8D89FC91AECCCF1452F53C5650A1A17027FF4E64D224371404CE4C8B ] pcw             C:\windows\system32\drivers\pcw.sys
10:29:43.0310 0x00cc  pcw - ok
10:29:43.0310 0x00cc  [ 0698DEDEAD6A00AD0D468C687D830FBF, B9DCA1A61F2EF80DB26380F390F2E9A17114D33129D61CF465B949B6A7916CAA ] pdc             C:\windows\system32\drivers\pdc.sys
10:29:43.0326 0x00cc  pdc - ok
10:29:43.0342 0x00cc  [ 61FE70659CD43E07F94DA4DC31DEC493, 3739B6670B440173FD81DE3D47B0B90FAF296802AD4F57C05BF5CF191BF16022 ] PEAUTH          C:\windows\system32\drivers\peauth.sys
10:29:43.0373 0x00cc  PEAUTH - ok
10:29:43.0420 0x00cc  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A, 459CF99D5243C4ACAA38C7B426ADC52F1044C759D06A925D475DF6213AEB85CD ] PerfHost        C:\windows\SysWow64\perfhost.exe
10:29:43.0420 0x00cc  PerfHost - ok
10:29:43.0498 0x00cc  [ 6E84BFF58F7643499277F29DFA2F8C8D, 401CCF137F35D9690C7B56B2BFEDB2DB72709EBE38626D787904B67640EF6F14 ] pla             C:\windows\system32\pla.dll
10:29:43.0545 0x00cc  pla - ok
10:29:43.0560 0x00cc  [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
10:29:43.0560 0x00cc  PlugPlay - ok
10:29:43.0576 0x00cc  [ 8E2414E818C26C4A9C70CB2B8567F04F, A16B22AE143BA070C562FBE5DEF32F7E228F50B302B66E46B46C44C0F50A4461 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
10:29:43.0576 0x00cc  PNRPAutoReg - ok
10:29:43.0592 0x00cc  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
10:29:43.0607 0x00cc  PNRPsvc - ok
10:29:43.0623 0x00cc  [ 0108C8E5176D590F242701EF5A62CC26, 3A72F5D4402663B7445F6B3C55F01E83A619B6192F7D3CC2DE3C57F9F50D5A2D ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
10:29:43.0639 0x00cc  PolicyAgent - ok
10:29:43.0654 0x00cc  [ F1E067F56373F11EA4B785CAE823740A, 69BD30E64DA17595FF29C9C9FF9AD4F2F4BE29B688FBAC9DABB2FA9D13A47FF0 ] Power           C:\windows\system32\umpo.dll
10:29:43.0670 0x00cc  Power - ok
10:29:43.0670 0x00cc  [ 362D47E5B4D67270DE4B8606036F4ADD, 716E229C68D91AEA5B5629F60133D5CBDC0C95ABA54D9DC6264E923CAF4DC6C0 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
10:29:43.0685 0x00cc  PptpMiniport - ok
10:29:43.0779 0x00cc  [ EE553F62E81D7F7F3718DB960A1EF2C0, 84A8C79B4F51D606F567A038280007F278D57BE06AB0F060E4D43AC1347AB459 ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
10:29:43.0856 0x00cc  PrintNotify - ok
10:29:43.0856 0x00cc  [ DD979EB6A7212F60E4AFBE96EDC7AE6D, BC681D64C5B8F08FD4613D71111853FCD5B05E4BD127D2C6258BAED7627105BE ] Processor       C:\windows\System32\drivers\processr.sys
10:29:43.0872 0x00cc  Processor - ok
10:29:43.0887 0x00cc  [ 7319B31138CF508E0C4502946657A4B4, 03C57F90F673012B983720D1477822AABA6D6D54F700AB2248CAED6451B37CA3 ] ProfSvc         C:\windows\system32\profsvc.dll
10:29:43.0887 0x00cc  ProfSvc - ok
10:29:43.0903 0x00cc  [ EB8034147D4820CD31BFCB11A2A652DF, B10B5E16B7A05D2DB2D5D1945B6146DE15EEDE2C778772A59F104706B5145E46 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
10:29:43.0919 0x00cc  Psched - ok
10:29:43.0919 0x00cc  [ 0AFBF333B6F87A2F598EAB379AF100B8, D11F3A4D7E4463B62E2DBDE5FC61425B1FDFB07DD1A19BC001D479CA1F554510 ] QWAVE           C:\windows\system32\qwave.dll
10:29:43.0950 0x00cc  QWAVE - ok
10:29:43.0965 0x00cc  [ 13D47BB0CCA2FC51BD15F8E85C6A078E, EA832A9511007C9E8599C3066E1FA66BE869E8A27886D9A9AC590BD4DFBD1A15 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
10:29:43.0965 0x00cc  QWAVEdrv - ok
10:29:43.0965 0x00cc  [ 873C60F8178100557740A832FCE10B5F, 400EF60CB2C98E2AFE122AF3D01CCE56A1548AF865345EE2194AB74DBCBF4C48 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
10:29:43.0981 0x00cc  RasAcd - ok
10:29:43.0997 0x00cc  [ 69B93F623B130976243ECA3D84CC99CA, F27617E651EADFAEE479619AAB01CDAA98111BA63E204D5C44A1256732CB0100 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
10:29:43.0997 0x00cc  RasAgileVpn - ok
10:29:44.0012 0x00cc  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0, 2F3C90A04964D4D906238BD557D90F7AC05DF86FE9729C4378B39431F54DDAE3 ] RasAuto         C:\windows\System32\rasauto.dll
10:29:44.0028 0x00cc  RasAuto - ok
10:29:44.0028 0x00cc  [ A14D625C5AEE5FFE0F47D1A1D419FAAE, 1229B81C23340AD5B436B1FD227876EB41715CE6BD270BA367F18879D26B8F04 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
10:29:44.0044 0x00cc  Rasl2tp - ok
10:29:44.0075 0x00cc  [ C923C785A2DE0B396AD6D13ACAFF2DE9, 4F950DA776FBABEC7D546983D6F3018733F61268A4BF95C01D4836AD000BD073 ] RasMan          C:\windows\System32\rasmans.dll
10:29:44.0090 0x00cc  RasMan - ok
10:29:44.0106 0x00cc  [ 00695B9C2DB6111064499C529E90C042, 3CD4DF4D8001C2BBF52EEEB1F0D587209878BEAC339D268892477AD840D490F1 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
10:29:44.0106 0x00cc  RasPppoe - ok
10:29:44.0122 0x00cc  [ A7F24D8CD1956B0A1FDCB86CC5114DE4, 30489D235362DF62B105378597168B13F4BAC74A8EDDBDA25237E3C017B69FEE ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
10:29:44.0137 0x00cc  RasSstp - ok
10:29:44.0153 0x00cc  [ CA03D642ACE58E1BA54E4B383F91CD69, 39BB942603801CF11FBEA28E24F8C8D1EF2AF615D1FABF951683A015D6A6EF37 ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
10:29:44.0169 0x00cc  rdbss - ok
10:29:44.0169 0x00cc  [ CA7DF5EC95D8DE0DD24BE7FF97369F68, 153E6F716CA935DBCACB8FF1BB8DE5F5551CE3D18878225470E45893CA69BDB8 ] rdpbus          C:\windows\System32\drivers\rdpbus.sys
10:29:44.0184 0x00cc  rdpbus - ok
10:29:44.0184 0x00cc  [ B2A3AD74FF2E2FFA73AF2567108231B3, DF8CEA6215F75C634D56F6B8AE11ECCEEB5F8CBC091AC3D6D9F7DE214B00A439 ] RDPDR           C:\windows\system32\drivers\rdpdr.sys
10:29:44.0200 0x00cc  RDPDR - ok
10:29:44.0215 0x00cc  [ 57F4787E4602A3FCA719C0A33137C6DA, D03AE59A184EB5D126F8EAB9D36EE406ABB8B9ED834F2D2496DDB1349FF56F89 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
10:29:44.0231 0x00cc  RdpVideoMiniport - ok
10:29:44.0247 0x00cc  [ B3CB0721E81E30419CE7D837EF4EA151, EC9410818661BF77E4A19694E3A3030E1D983B36F49C72E27F92A1424E0729C2 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
10:29:44.0262 0x00cc  RDPWD - ok
10:29:44.0278 0x00cc  [ 62C1F8A0685FE07E998AA296C4F697C4, C636AB2D0F139003A6AD7A12E9DC13EE4485A62F30DA59AF842FF02FE07442EE ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
10:29:44.0294 0x00cc  rdyboost - ok
10:29:44.0309 0x00cc  [ 1791B1C8C72E13D193ADE659E7DB87C1, F0C1EA05283BB89ACBE721D0CDBB30FD8F1E75D5545158D29D6EC11E41B145BA ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
10:29:44.0309 0x00cc  RegSrvc - ok
10:29:44.0325 0x00cc  [ 3663CCF243EE0C04E9F6F91ED1737273, 31D06445996F99A7F6B32004D1BA63A21C61DE125373F860BA9A9DE5278E8293 ] RemoteAccess    C:\windows\System32\mprdim.dll
10:29:44.0340 0x00cc  RemoteAccess - ok
10:29:44.0340 0x00cc  [ E80DD61E52EDFFF9DA1ED7260A68855B, 97909F42AE35E28B8F98C01A1D8BAD80A949CDCA0C88FB4ACF0A655DC7C10E45 ] RemoteRegistry  C:\windows\system32\regsvc.dll
10:29:44.0356 0x00cc  RemoteRegistry - ok
10:29:44.0372 0x00cc  [ CCBFCABDFE2BC22F0645CEAADDB36004, 279EA9075079F91165027CEFD4FBC61A213CA602EE7DE106F7D2D243468706AA ] RFCOMM          C:\windows\System32\drivers\rfcomm.sys
10:29:44.0387 0x00cc  RFCOMM - ok
10:29:44.0387 0x00cc  [ 73F2E030B5C24E4E41401B5F0D59E6FD, FAA8B5E3159684E0836900C6EAF63857B445F7F180169B56D5790F097EDAA38B ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
10:29:44.0403 0x00cc  RpcEptMapper - ok
10:29:44.0403 0x00cc  [ 10B21284B3D964AB3DC45490E57D422E, 12D5E3A7785F21C99C5EAD14A88EB7A86A058E26C091991339356D99D196CC13 ] RpcLocator      C:\windows\system32\locator.exe
10:29:44.0419 0x00cc  RpcLocator - ok
10:29:44.0450 0x00cc  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] RpcSs           C:\windows\system32\rpcss.dll
10:29:44.0497 0x00cc  RpcSs - ok
10:29:44.0497 0x00cc  [ E04E770DD198B9399640717145E79EBF, 2F9BECB7E4B0A522C6370FD39CFD7DFD3FB5D0A779AECCED2EE855629FA3C952 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
10:29:44.0512 0x00cc  rspndr - ok
10:29:44.0528 0x00cc  [ 0E32A8922DCFD28EA00AAEC07CB3F331, 27F329C6A66DB01C291E1EDCEB7781A05658520B12FF8ECD1FBD3B86EF78DF30 ] RSUSBSTOR       C:\windows\System32\Drivers\RtsUStor.sys
10:29:44.0544 0x00cc  RSUSBSTOR - ok
10:29:44.0559 0x00cc  [ 34DA0D14F5C3F1883A331AFB975AB434, BB5D580C1DCAE59CC1DB75C411A5A4DDF435931469E7EBFF5DFDADBFE07ADEBF ] RTL8168         C:\windows\system32\DRIVERS\Rt630x64.sys
10:29:44.0590 0x00cc  RTL8168 - ok
10:29:44.0590 0x00cc  [ 752EC7DCD2F96871A3857EEE6AFE965A, 1D0640966B9147A06ED0E733711773E6B4AB8AC6D962D5B369ECB04170D18AD8 ] s3cap           C:\windows\System32\drivers\vms3cap.sys
10:29:44.0606 0x00cc  s3cap - ok
10:29:44.0606 0x00cc  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] SamSs           C:\windows\system32\lsass.exe
10:29:44.0622 0x00cc  SamSs - ok
10:29:44.0622 0x00cc  [ 9C7B28CE0D136DB226E24DB3BC817F92, E9DE55D6432ADD08EC75F99F2B5D2BD1F553F4EE55991B1767B1578351EE0BF2 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
10:29:44.0637 0x00cc  sbp2port - ok
10:29:44.0669 0x00cc  [ 14316954FCE79C9DE5A0AFF9D42C83AA, B60FB1FAC0299F9560761411711E86EDFA2F8D27B58230E2E4BB37736FAB2287 ] SCardSvr        C:\windows\System32\SCardSvr.dll
10:29:44.0684 0x00cc  SCardSvr - ok
10:29:44.0684 0x00cc  [ 5D7733A12756B267FCA021672B26BC9E, 01CE5B5F49914B9E099BD909A66296F3A40644AE47BA1D5EBFFB30CD33C70A4A ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
10:29:44.0715 0x00cc  scfilter - ok
10:29:44.0747 0x00cc  [ 201C397A73DFEE109490F4BA1168CFC2, 74FC2A30CBF2E2197E75860A3B308CDCBEB3C28794ABED388B493505A2D84BAA ] Schedule        C:\windows\system32\schedsvc.dll
10:29:44.0794 0x00cc  Schedule - ok
10:29:44.0794 0x00cc  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] SCPolicySvc     C:\windows\System32\certprop.dll
10:29:44.0809 0x00cc  SCPolicySvc - ok
10:29:44.0809 0x00cc  [ F58B030A0664385C707B8C1C63682041, E46AADAA2CD687B9A4B564DC5B002493C8480542588E660BC3DF89EAF9DB0427 ] sdbus           C:\windows\System32\drivers\sdbus.sys
10:29:44.0825 0x00cc  sdbus - ok
10:29:44.0840 0x00cc  [ 92968277ED491E4B3DDA361E3952361E, 71C50853BB2126A34C7CD014EE44D4B8B39F589E2E8E8E8F4C982E07498E3899 ] SDRSVC          C:\windows\System32\SDRSVC.dll
10:29:44.0856 0x00cc  SDRSVC - ok
10:29:44.0856 0x00cc  [ BB107AA9980B0DA4E19A3A90C3BD4460, BCB4CF0FFF1FD57302557B68044A88C8EEAAE57C2FEAE8EAD1F410F960298B6D ] sdstor          C:\windows\System32\drivers\sdstor.sys
10:29:44.0856 0x00cc  sdstor - ok
10:29:44.0872 0x00cc  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
10:29:44.0872 0x00cc  secdrv - ok
10:29:44.0887 0x00cc  [ CD282626738B6BC92B6E7CD0AAE95B63, 1A56567C781786C85C63E24E79186EE5C82D3EB2679061B21BA0571A3A6CB7F5 ] seclogon        C:\windows\system32\seclogon.dll
10:29:44.0903 0x00cc  seclogon - ok
10:29:44.0903 0x00cc  [ 9C51620998F0763039DFA6BF68E475ED, 9E496ADE7CE9A446BE8A2C2FC61B462D966778A94A4C147AABBD25C4821C2BCE ] SENS            C:\windows\System32\sens.dll
10:29:44.0919 0x00cc  SENS - ok
10:29:44.0934 0x00cc  [ 0D50B4B860DAB65241628D04CD33ACAE, 2AA897C3F9ED076AB9244A32745D18489B076F3ED28A35B868C472131C5B5B46 ] SensrSvc        C:\windows\system32\sensrsvc.dll
10:29:44.0950 0x00cc  SensrSvc - ok
10:29:44.0965 0x00cc  [ 87C46B239A7EEF30FDFDD5E9BD46130C, F36FB5B20AC58FBD31F7E636059D2D865B751E178E51A03B94ABE0BBD1AB1EC9 ] SerCx           C:\windows\system32\drivers\SerCx.sys
10:29:44.0965 0x00cc  SerCx - ok
10:29:44.0981 0x00cc  [ 7A1F9347C85FD55E39B8A76B3A25C5AD, 03AF3B23285278A38F4CBEAB7FD326A48FA1EC7F8D044C059CE5403C6D225639 ] Serenum         C:\windows\System32\drivers\serenum.sys
10:29:44.0981 0x00cc  Serenum - ok
10:29:44.0997 0x00cc  [ F640A0A218BBF857F1D04A15D7D939F6, 948C13886281FE7947E10FB7B34D5CCFE512FB632F1132B6062AC85149F79950 ] Serial          C:\windows\System32\drivers\serial.sys
10:29:44.0997 0x00cc  Serial - ok
10:29:45.0012 0x00cc  [ F1A5F56B2620B862CC28FF96A0A6DAAB, E5367212B2CADF3820D657CFC27CD961547E28DAB950C68E1380CF97FB68F3F4 ] sermouse        C:\windows\System32\drivers\sermouse.sys
10:29:45.0012 0x00cc  sermouse - ok
10:29:45.0044 0x00cc  [ CB60A60340788C8D6DE2A269D28086AB, 2D8948E59BB9B00E16D20E425F80E7B862957DBAC9A4D1484E5191FAF333B60D ] SessionEnv      C:\windows\system32\sessenv.dll
10:29:45.0059 0x00cc  SessionEnv - ok
10:29:45.0059 0x00cc  [ 7EE65419B29302C795714FF8073969A1, E28D89A5423E3A5062030EB2418E9435DD5D8B9D16570046E782D3FCFDA2E79A ] sfloppy         C:\windows\System32\drivers\sfloppy.sys
10:29:45.0075 0x00cc  sfloppy - ok
10:29:45.0090 0x00cc  [ 090AE16F79C8EAD04E6031F863DA85F3, 3F27BE46DF602B53940414A6E9FEB23B36CFFB8E9A7F41440C3315B8E27D0029 ] SharedAccess    C:\windows\System32\ipnathlp.dll
10:29:45.0106 0x00cc  SharedAccess - ok
10:29:45.0137 0x00cc  [ A77F3ABE13FCC698511E5DEC7ACEBD5F, 78A43FDA9F770FD8BA107605DB44BC71D8B89D7E75560DA783AA6356C1873C15 ] ShellHWDetection C:\windows\System32\shsvcs.dll
10:29:45.0169 0x00cc  ShellHWDetection - ok
10:29:45.0184 0x00cc  [ 2560721D6F16D5B611C36A3A9D28C1B2, 15C30404902654ABA5DB5367FC5BD31343B12A3FC22B4BC5A26B09016447B5ED ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
10:29:45.0200 0x00cc  SiSRaid2 - ok
10:29:45.0200 0x00cc  [ 3AA8FDE1DBF65BB8B88B053529554A0D, 8060D946344D043D336F4735363C23C37C91A6DB3F81E575C267B2EC2BECB0EC ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
10:29:45.0215 0x00cc  SiSRaid4 - ok
10:29:45.0215 0x00cc  [ B6B41B70132DFCB257131C21649F8D67, 643001E839B9C478AA71985237C3230A5240F9EB6683B9D2A1B8BD0551FCA539 ] SmbDrvI         C:\windows\system32\DRIVERS\Smb_driver_Intel.sys
10:29:45.0215 0x00cc  SmbDrvI - ok
10:29:45.0231 0x00cc  [ E660156A4588A84305CB772FD2C0DB21, 9492EB6578D4A689945E1FC2440EFA77D461049CDB2D00A645969A71B7DA68E1 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
10:29:45.0247 0x00cc  SNMPTRAP - ok
10:29:45.0262 0x00cc  [ 9110193D93960E38B8692E4519C75D72, 789381B4CCC056EE431E78E2339AC9802264A1CE4B378DDA9769649664C9A7A0 ] spaceport       C:\windows\system32\drivers\spaceport.sys
10:29:45.0294 0x00cc  spaceport - ok
10:29:45.0294 0x00cc  [ 3D8679C8DF52EB26EB7583A4E0A29202, DCD9B69299275857712AB200C014AE820C8A9F7E53C4A335A84518FBE4BB56BB ] SpbCx           C:\windows\system32\drivers\SpbCx.sys
10:29:45.0309 0x00cc  SpbCx - ok
10:29:45.0340 0x00cc  [ 3F215BF2D4D8D6756298B25B579772C2, 744192D1635E5D296BFD399E870B70592202CEAF95C31C2D2B226A868D33A3FD ] Spooler         C:\windows\System32\spoolsv.exe
10:29:45.0387 0x00cc  Spooler - ok
10:29:45.0512 0x00cc  [ 061A977C920FBE4BF71FF47C966DDDCA, 746516396B72E4ADB05D978C819CD45FE44EE194756F6DA50121D755439CA590 ] sppsvc          C:\windows\system32\sppsvc.exe
10:29:45.0684 0x00cc  sppsvc - ok
10:29:45.0715 0x00cc  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6, 61EEB1349489CB85204F1B4E398BE24EDC01FB914120C9DD0487F8EE1EDA055E ] srv             C:\windows\system32\DRIVERS\srv.sys
10:29:45.0733 0x00cc  srv - ok
10:29:45.0752 0x00cc  [ B56A855B23676CCE05B626C6037FD02F, 3C0DCB16A96BD6A002A4FAF1AF939AF470D95137CB745F5DAD039B5D8C956E30 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
10:29:45.0777 0x00cc  srv2 - ok
10:29:45.0787 0x00cc  [ 78E9665C8DC59106D133CBEF0F0C3DE3, 380FD51EE00CEF3FFEF9BFB5E14538E084F1DDF8D8F8BCDF4EC23CB8C3A40D2F ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
10:29:45.0800 0x00cc  srvnet - ok
10:29:45.0811 0x00cc  [ 7A20882D76D4A78240A5AC9F2C2EBA21, ACA05211EE542999A118BBD2CD051038A7DC8C40C4B8971DC6514BA90E90EC61 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
10:29:45.0829 0x00cc  SSDPSRV - ok
10:29:45.0834 0x00cc  [ D233B16999A8E626F6004BD7814C57EC, 5BBFE5DDF1269617ABD1BDBED85A79D99BB52EA29C2BB3A8F4A1827BFAA1A747 ] SstpSvc         C:\windows\system32\sstpsvc.dll
10:29:45.0849 0x00cc  SstpSvc - ok
10:29:45.0854 0x00cc  [ 4E85355B94CFCB67C135F6521A4895A7, AC4FC65C1E62A54B3834E7FE0A2B1ECC48A2AA563AE5BD508326EE68FFFBBEEE ] stexstor        C:\windows\system32\drivers\stexstor.sys
10:29:45.0863 0x00cc  stexstor - ok
10:29:45.0879 0x00cc  [ BAC8A721736AECC55A4F71523AEAB65F, B52E1303B13A961A5FC190829E55B6F28ACA409A6EEF44B358D1D210558FE1D8 ] stisvc          C:\windows\System32\wiaservc.dll
10:29:45.0903 0x00cc  stisvc - ok
10:29:45.0908 0x00cc  [ B240874B2CA0CD02E8CD11E140B14C57, 0FDBEE3DB644175A30065CAF020F375703ADC45A33221788C010F3111707FC25 ] storahci        C:\windows\system32\drivers\storahci.sys
10:29:45.0918 0x00cc  storahci - ok
10:29:45.0922 0x00cc  [ F74DBC95A57B1EE866D3732EB5F79BE2, E4FE9D5CD0A385ACB60D5D5E8D969F26C3A6BC0C08FF0838DBE9CA106229C8DE ] storflt         C:\windows\system32\DRIVERS\vmstorfl.sys
10:29:45.0931 0x00cc  storflt - ok
10:29:45.0945 0x00cc  [ 5337E138B49ED1F44CCBA4073BC35C20, 2B296973215E3865A56C46DC3D27F1460D96BC321558CE7A911B05B0E7BF397F ] StorSvc         C:\windows\system32\storsvc.dll
10:29:45.0956 0x00cc  StorSvc - ok
10:29:45.0960 0x00cc  [ 543CD3CC0E05B8D8815E0D4F040B6F59, 4B57C9534E94A0A67FC82DBD4FAECACA180BEC281FB477550A37C0A04777E09E ] storvsc         C:\windows\system32\drivers\storvsc.sys
10:29:45.0968 0x00cc  storvsc - ok
10:29:45.0972 0x00cc  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A, 82CC77030D23013572B4A64A64B6156789F253BF56268B790093CE3D345410A0 ] svsvc           C:\windows\system32\svsvc.dll
10:29:45.0987 0x00cc  svsvc - ok
10:29:45.0991 0x00cc  [ 4AFD66AAE74FFB5986BC240744DC5FC9, 0C9347614E3FD3B4D3B29FA4A5DA23FF6EE4CD9A1FFC378B855B8DE61B2876CF ] swenum          C:\windows\System32\drivers\swenum.sys
10:29:45.0999 0x00cc  swenum - ok
10:29:46.0013 0x00cc  [ 502F9488540051F3E6C39889ECFA76BB, 22ABD681BE4CF8A1F484C6363C1334B1EF7A6C074D837B0121DE1896887B84C6 ] swprv           C:\windows\System32\swprv.dll
10:29:46.0040 0x00cc  swprv - ok
10:29:46.0054 0x00cc  [ 2F7F23CE1138C87518FF13D9BEF6192F, 1896D078845DC3C04EFF2CC81D5125E59E11C0197E37B361E5A39B3A2FE73CF5 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
10:29:46.0070 0x00cc  SynTP - ok
10:29:46.0117 0x00cc  [ A06CB9269D29EE3D0F3F5630ABB660B8, 519A01FC7D9414B26CCBC23E7FB1CEAF1C91CD173B4F4A4025F8316B7460C584 ] SysMain         C:\windows\system32\sysmain.dll
10:29:46.0157 0x00cc  SysMain - ok
10:29:46.0166 0x00cc  [ 6FB88606C4A71E1BFAF97D63A676C673, D72F93A482E989ACA50F9647B7AD699A4656AEAACF377BB2B8CEBB094B748852 ] SystemEventsBroker C:\windows\System32\SystemEventsBrokerServer.dll
10:29:46.0180 0x00cc  SystemEventsBroker - ok
10:29:46.0185 0x00cc  [ A6C06C45C44AD06C70AF8899AEC15BDC, AC2CCCDBA6B94BA85A6D41B47343193D175786D4ECF71AE9C7766ADD63A1273F ] TabletInputService C:\windows\System32\TabSvc.dll
10:29:46.0197 0x00cc  TabletInputService - ok
10:29:46.0214 0x00cc  [ 88B7721AB551C4325036B25A34A2BF7B, 2817CC6294542524EC373A674535F913440736BEBE81233CA91D5ECD93620B02 ] TapiSrv         C:\windows\System32\tapisrv.dll
10:29:46.0232 0x00cc  TapiSrv - ok
10:29:46.0288 0x00cc  [ 2AE9136724568DB4F08BC04F131CFC54, 11AA017AE39D0A63233D01A8AE33FD53D5302683E037D29B73366D6233764080 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
10:29:46.0356 0x00cc  Tcpip - ok
10:29:46.0409 0x00cc  [ 2AE9136724568DB4F08BC04F131CFC54, 11AA017AE39D0A63233D01A8AE33FD53D5302683E037D29B73366D6233764080 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
10:29:46.0471 0x00cc  TCPIP6 - ok
10:29:46.0481 0x00cc  [ 8F2A13A5DF99D72FDDE87F502A66F989, 2228C62ACDB4CBBFDD2BE705E604E0B9A8AEA7146F65F2D8B9B2A2FB49ACFAE1 ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
10:29:46.0493 0x00cc  tcpipreg - ok
10:29:46.0499 0x00cc  [ 58480A57ACF2671C343FD1D4BA990E34, 24AD9C808D06FABFE8E81242CAC8B5A91829F7D951B245865EF77B79BB795E3D ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
10:29:46.0505 0x00cc  tdcmdpst - ok
10:29:46.0511 0x00cc  [ 73DC722CE5DF26D7638CE2446F2655C7, 9B8E6F6DEA5E0C2AEAC24A31897D2E73F86EF44F1C25FEF82D2C860353793817 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
10:29:46.0522 0x00cc  tdx - ok
10:29:46.0645 0x00cc  [ C0C121B537DA3AD87481C0502CACE462, E0FC2AC71B60C796DCD03217A510C47425FB7783713FCCC477130E69715D2B8D ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
10:29:46.0764 0x00cc  TeamViewer - ok
10:29:46.0775 0x00cc  [ F7C8AB5D8AFFAA318D6A21093D139BF4, 0A35052EF7DC8615783A23897358D8C579BE694363615C9563FF629E7B719991 ] terminpt        C:\windows\System32\drivers\terminpt.sys
10:29:46.0785 0x00cc  terminpt - ok
10:29:46.0811 0x00cc  [ 2B3D2FDF50EDABEBE0A9E6F741C81858, F0C3A1DC968C5D28EF68BE4352577B4F8D4B4FB6274268DCCCD8A5C132DEC2F9 ] TermService     C:\windows\System32\termsrv.dll
10:29:46.0838 0x00cc  TermService - ok
10:29:46.0844 0x00cc  [ 519A6F672FFF56B7D8EE8C730CEC8ECD, 2B36F10C0AE16A261DC0887B1050808BA1F0568F3879E4ABC3D370F08C3FADB7 ] Themes          C:\windows\system32\themeservice.dll
10:29:46.0860 0x00cc  Themes - ok
10:29:46.0864 0x00cc  [ 16E745743BABAF480B7718442F38B076, 4FF6C7CFB976BF24F2215DCAE4DCCA546A6758B1DE1F36C78251AFFE4D9CE249 ] Thotkey         C:\windows\System32\drivers\Thotkey.sys
10:29:46.0869 0x00cc  Thotkey - ok
10:29:46.0874 0x00cc  [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] THREADORDER     C:\windows\system32\mmcss.dll
10:29:46.0884 0x00cc  THREADORDER - ok
10:29:46.0892 0x00cc  [ 4515B9E4140F04FB3907692DF89FCA87, F68EC56524BDA877646E987BE7414C1D622BD9FF05A5AEADCA39030FDC2B0115 ] TimeBroker      C:\windows\System32\TimeBrokerServer.dll
10:29:46.0906 0x00cc  TimeBroker - ok
10:29:46.0911 0x00cc  [ 5201342394DD42848027CE96A37043DB, 7D230994799CC608AA7C116A34508ED6321AEB5DF848EBFE022C38EA33F4166B ] TMachInfo       C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
10:29:46.0917 0x00cc  TMachInfo - ok
10:29:46.0924 0x00cc  [ ED32035BDFECED1AD66D459FD9CC1140, B82A15FAB4CBB5A633B9BF722441D5B20D946B63DD10BBE2A89D3A8BA3BE3339 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
10:29:46.0933 0x00cc  TODDSrv - ok
10:29:46.0944 0x00cc  [ 4D7977197C3EC8C65F533E8A84DE229C, 2B91272E015EDB4E489179F791B9B67C9A89CAB2F45030C89FC7F6513F24200F ] TOSHIBA eco Utility Service C:\Program Files\Toshiba\Teco\TecoService.exe
10:29:46.0959 0x00cc  TOSHIBA eco Utility Service - ok
10:29:46.0964 0x00cc  [ A884A627C0B6E8B238759FC73C1AAAAF, 5D6E38664B6175F5F541D838675429CEE9FA1492A7E25B48E98794B5EB8B6973 ] tosrfec         C:\windows\System32\drivers\tosrfec.sys
10:29:46.0971 0x00cc  tosrfec - ok
10:29:47.0002 0x00cc  [ 36391C3953D191A2AF4556D5D706C641, 5191A35C86B6C98F2CBDDC23B5311ED62310345CEDE084A54BBF70CCF0F84C50 ] tos_sps64       C:\windows\system32\drivers\tos_sps64.sys
10:29:47.0025 0x00cc  tos_sps64 - ok
10:29:47.0053 0x00cc  [ 8608681DC6E2975815A593209A6432CD, 10DF382AABB97DD70900DD4D6D388A34614A67E762D956861C8D4D036947BFDA ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
10:29:47.0071 0x00cc  TPCHSrv - ok
10:29:47.0080 0x00cc  [ E94F7A7B48C7638D1F3F8089344C97B7, 276CDE59614D563A52529BCC4BFC726E5F5BE131C9C4142558A644D79328C810 ] TPM             C:\windows\system32\drivers\tpm.sys
10:29:47.0094 0x00cc  TPM - ok
10:29:47.0106 0x00cc  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA, A6846478B9E7B0A509E5A28C6C7B66ED39F0247F9AFF01E3C3CADC0DBEF3CA00 ] TrkWks          C:\windows\System32\trkwks.dll
10:29:47.0118 0x00cc  TrkWks - ok
10:29:47.0124 0x00cc  [ 8ABBB5CE0C62E0A6D28F32F44B7F865C, 4C78FE2A4A25A758D5191C4EDB2A6FE691FF82E7C16C0F146DC96DAD87D4F64E ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
10:29:47.0136 0x00cc  TrustedInstaller - ok
10:29:47.0143 0x00cc  [ 4E7C5FB10A50435523DE0CAA37DE2BD3, D6206DF61950F2541FB754E57C4D9EF9FA0CC1EDD6F6FA4E45F02B47958493F7 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
10:29:47.0155 0x00cc  TsUsbFlt - ok
10:29:47.0161 0x00cc  [ 16D684A820872EE54F6370703AC0B513, 795E20484358424CE9FA766937DD99413025A8AF967D03490392E8E02A382D0B ] TsUsbGD         C:\windows\System32\drivers\TsUsbGD.sys
10:29:47.0172 0x00cc  TsUsbGD - ok
10:29:47.0179 0x00cc  [ 78C9EE193AC2B4CBDBC48B620314D740, 41523E47D321BFF5778F5E453545B928C0A469C3BBA51578E74D6721D7DF9273 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
10:29:47.0196 0x00cc  tunnel - ok
10:29:47.0200 0x00cc  [ 54BDBF3D4DED58DA78B702471C68D4CA, D12F9F09FFE7D38A5EE6BF79DB74D775A9861C3C87E06D7C23259E47247B1782 ] TVALZ           C:\windows\system32\drivers\TVALZ_O.SYS
10:29:47.0207 0x00cc  TVALZ - ok
10:29:47.0213 0x00cc  [ 55A9A23DD64EB7781FCAB565B028CD0E, 44CE0C8244F9AE6CCCDB49C29F6D35FE4CE8C92DE5B5D44D22DBD088DE83AA10 ] TVALZFL         C:\windows\system32\DRIVERS\TVALZFL.sys
10:29:47.0220 0x00cc  TVALZFL - ok
10:29:47.0225 0x00cc  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A, AA7DA2207C0236F47859A4791F9D7301E7ADB50A59D831DC859ECC7CA70D3E1D ] uagp35          C:\windows\system32\drivers\uagp35.sys
10:29:47.0234 0x00cc  uagp35 - ok
10:29:47.0241 0x00cc  [ 6FD6D03B7752C78712E5CFF29A305026, F09C5188AAFCF4C77B05BA1E604F9912782A9F1371F72F959288EBC2725407ED ] UASPStor        C:\windows\System32\drivers\uaspstor.sys
10:29:47.0254 0x00cc  UASPStor - ok
10:29:47.0263 0x00cc  [ 061BA3EE0D2BE17944990544008CF190, C9236D368EC2281B545E8C008BC2801F21A9716ED3D4DAEDB0751A5008346E81 ] UCX01000        C:\windows\System32\drivers\ucx01000.sys
10:29:47.0282 0x00cc  UCX01000 - ok
10:29:47.0296 0x00cc  [ 25C50F4EDF70D0A831E0566BD181CCF2, F2F9E86FB5617C16077D2073EC0AA747F76F1EB5148BA110347A84F3C3569F83 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
10:29:47.0317 0x00cc  udfs - ok
10:29:47.0331 0x00cc  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D, 16DE6E0894C356A58AF12BEC2FE9B188F147DD4B16CB2414DE600CE4127F929D ] UI0Detect       C:\windows\system32\UI0Detect.exe
10:29:47.0350 0x00cc  UI0Detect - ok
10:29:47.0355 0x00cc  [ 07FEBCDF24FABA0D47B635D85A0FFB7A, 452C04B14681EBCE8B1B25B75A1B7CC978722B7DDE54D624E17841B14ACCF65D ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
10:29:47.0366 0x00cc  uliagpkx - ok
10:29:47.0371 0x00cc  [ 02CEB3FE6152668A7BA420B93B664860, 613F27540FD1EFE2442E326F507DACD5A25691C8481937022B7E1104F3E6E9E2 ] umbus           C:\windows\System32\drivers\umbus.sys
10:29:47.0381 0x00cc  umbus - ok
10:29:47.0385 0x00cc  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09, 30AAD7D18FF5962CEC7180359D148EED5A1BF193DDB2B34508897FC3EBA692C3 ] UmPass          C:\windows\System32\drivers\umpass.sys
10:29:47.0394 0x00cc  UmPass - ok
10:29:47.0406 0x00cc  [ 43FEFB040A0CC30F795FBF544169594D, F2A730C0F7C883321C378D4564120A40428D7F8E393F02C8D6A08934795A35C7 ] UmRdpService    C:\windows\System32\umrdp.dll
10:29:47.0424 0x00cc  UmRdpService - ok
10:29:47.0438 0x00cc  [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:29:47.0453 0x00cc  UNS - ok
10:29:47.0485 0x00cc  [ 14D22C411854AA2560AFC94CD2D5E61F, BB376734733671C02319E6DB1800D41212694446FD65465498C92D4ECBFE7458 ] upnphost        C:\windows\System32\upnphost.dll
10:29:47.0510 0x00cc  upnphost - ok
10:29:47.0516 0x00cc  [ 30F02F642C2D141CAABD412B48A29D76, E94610E0CB46A9DD811AC03B028310D91E13B63A57A39749EEAC70FB5E729EE3 ] usb3Hub         C:\windows\System32\drivers\usb3Hub.sys
10:29:47.0524 0x00cc  usb3Hub - ok
10:29:47.0531 0x00cc  [ C976C4306F9AE133D6BBD47FDFC3BF92, 820413D92D6A89055A7F26523BF5CC4B668610C4A06E8B0D163FBF929B1DFA9A ] usbccgp         C:\windows\System32\drivers\usbccgp.sys
10:29:47.0546 0x00cc  usbccgp - ok
10:29:47.0552 0x00cc  [ 427B6DB8C05A5A977E8C3525370A2595, C67222CA9123AE12D953995326B3B582C146CEA89594B7209DB0B1F628A0118D ] usbcir          C:\windows\System32\drivers\usbcir.sys
10:29:47.0566 0x00cc  usbcir - ok
10:29:47.0572 0x00cc  [ B24FDEB1B18496F1B463782235AA3AF1, 3F5036F36987C8007D03DAFC3EC30615515BE96D9A1DF879BCD4EB0E66CD50B1 ] usbehci         C:\windows\System32\drivers\usbehci.sys
10:29:47.0585 0x00cc  usbehci - ok
10:29:47.0610 0x00cc  [ F8C2A832DF9403F5EA8080CBDBDA95FB, 50E9455465672BC13EB945BEC132D2F30BA2EB25C68928D2B4C256F2DB292A83 ] usbhub          C:\windows\System32\drivers\usbhub.sys
10:29:47.0647 0x00cc  usbhub - ok
10:29:47.0671 0x00cc  [ FAAB461D5AEB21EE5FC5C0DBD6648223, 187EB7AC6CDE39621C587EB1551DBC358DE2BC7C8A4265DB817C9D6F5ADE54A3 ] USBHUB3         C:\windows\System32\drivers\UsbHub3.sys
10:29:47.0692 0x00cc  USBHUB3 - ok
10:29:47.0698 0x00cc  [ 325F6179009B5A7F6118951A5BA422AB, 756CB2893530485E8C3ACFF5A40F4C6EB446E72B2296E8772058E407A5E066DE ] usbohci         C:\windows\System32\drivers\usbohci.sys
10:29:47.0711 0x00cc  usbohci - ok
10:29:47.0716 0x00cc  [ 9FDBA6982582A6F2354144980F641E7B, 054A65412CB22C5BE970FD3A266E140110D869B614B9F9894628D553CE82C991 ] usbprint        C:\windows\System32\drivers\usbprint.sys
10:29:47.0725 0x00cc  usbprint - ok
10:29:47.0732 0x00cc  [ BFC7FE4AAEB61317A921871B4085EF4B, CBC3FBAEAD6C82A437CC87A97007EF807C64053AB8FA5C3233C2A0CF6FC8D019 ] USBSTOR         C:\windows\System32\drivers\USBSTOR.SYS
10:29:47.0745 0x00cc  USBSTOR - ok
10:29:47.0751 0x00cc  [ 1ABF657259DB57F7E5558E4DF1357C0C, 34EAF5DEA3293CFA96BA81B036305FD90ABAE05B9CB73D4F54FB236448C1978C ] usbuhci         C:\windows\System32\drivers\usbuhci.sys
10:29:47.0764 0x00cc  usbuhci - ok
10:29:47.0773 0x00cc  [ 9EF7C01D3ACCBC243B5CB1A95865B2FF, 367A7640B4992E68EB3E1BBD78D3014742F4CC4056750E389048C653251DAD33 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
10:29:47.0789 0x00cc  usbvideo - ok
10:29:47.0805 0x00cc  [ 8DC398D7B8E02C929A2096E74A170970, 87B3CE84D05F50C33935B28F0AFF1CB15DAA4530768BA1FB25C311609CD4B0A5 ] USBXHCI         C:\windows\System32\drivers\USBXHCI.SYS
10:29:47.0826 0x00cc  USBXHCI - ok
10:29:47.0831 0x00cc  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] VaultSvc        C:\windows\system32\lsass.exe
10:29:47.0841 0x00cc  VaultSvc - ok
10:29:47.0847 0x00cc  [ BACECBFF9C97F7627A60B0E0F1FE7EE8, DC82F767D066B93A48A090DC7146EBCCDC54B43C6CD9DF29A160E09E3A531DC8 ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
10:29:47.0858 0x00cc  vdrvroot - ok
10:29:47.0882 0x00cc  [ 1B4488988E5E7512E6C5CD1255E9E973, B82C26E767A8895CFFD76C11D07D5C945C38E1BD32CC27D20A6C0FA7F6064FC5 ] vds             C:\windows\System32\vds.exe
10:29:47.0914 0x00cc  vds - ok
10:29:47.0932 0x00cc  [ 74FA2D4368DE6F6CE14393EDF1F342BE, C5CE4164B2C3D583A7FB8687ADEADCDB08D36A5AB1965E5FC6949AEED15881C8 ] VerifierExt     C:\windows\system32\drivers\VerifierExt.sys
10:29:47.0946 0x00cc  VerifierExt - ok
10:29:47.0966 0x00cc  [ 500BE6B2E49883720D0AE8BB859ED7A3, 4606B02A3E8123510676E554635EB5ECF9DC5F2B83928710C8563787C52CC102 ] vhdmp           C:\windows\System32\drivers\vhdmp.sys
10:29:47.0994 0x00cc  vhdmp - ok
10:29:48.0000 0x00cc  [ F5B4A14B00E89250C50982AC762DDD1D, 581CD97DD42E74A82F06BFB827DFC82618B4A8667ACA7E93C628BB0D056CE8F0 ] viaide          C:\windows\system32\drivers\viaide.sys
10:29:48.0011 0x00cc  viaide - ok
10:29:48.0019 0x00cc  [ 78DB50F7329F6D1311658DABFFFC8BE0, 8CB0C831608033C4BC1D2DA7FAA7D429333A3654E76A989F7AF85BFC5F086BE9 ] vmbus           C:\windows\system32\drivers\vmbus.sys
10:29:48.0032 0x00cc  vmbus - ok
10:29:48.0038 0x00cc  [ ECFEE2F2BA3932C7880D1A8F67D68F91, 57DCD55A518A9FBDEF72B511C643B1062C3F7BD339F4B0FC19E9D84C615B968D ] VMBusHID        C:\windows\System32\drivers\VMBusHID.sys
10:29:48.0048 0x00cc  VMBusHID - ok
10:29:48.0064 0x00cc  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicheartbeat   C:\windows\System32\ICSvc.dll
10:29:48.0082 0x00cc  vmicheartbeat - ok
10:29:48.0095 0x00cc  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmickvpexchange C:\windows\System32\ICSvc.dll
10:29:48.0113 0x00cc  vmickvpexchange - ok
10:29:48.0127 0x00cc  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicrdv         C:\windows\System32\ICSvc.dll
10:29:48.0148 0x00cc  vmicrdv - ok
10:29:48.0159 0x00cc  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicshutdown    C:\windows\System32\ICSvc.dll
10:29:48.0176 0x00cc  vmicshutdown - ok
10:29:48.0186 0x00cc  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmictimesync    C:\windows\System32\ICSvc.dll
10:29:48.0208 0x00cc  vmictimesync - ok
10:29:48.0218 0x00cc  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicvss         C:\windows\System32\ICSvc.dll
10:29:48.0241 0x00cc  vmicvss - ok
10:29:48.0248 0x00cc  [ CB60FAAED8B49B812EBBF77EB87D9B18, ADA7C68D4C4981555ED48981E8B7ACBEEF5C39F902EB98782FC3DFF495FE0C33 ] volmgr          C:\windows\system32\drivers\volmgr.sys
10:29:48.0261 0x00cc  volmgr - ok
10:29:48.0274 0x00cc  [ A74101DA9809251BCD0E5A26BAE0F824, 15A3A7CC31A13C5882812C344D0937A8A4503D12DB07B9F7F2A8191B739CDBF7 ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
10:29:48.0294 0x00cc  volmgrx - ok
10:29:48.0306 0x00cc  [ AA37946941ED3805AB3A924965907147, 11BD8FA585F193EED050458E93679D730FC2C09D19237DA40B0190132D328CB2 ] volsnap         C:\windows\system32\drivers\volsnap.sys
10:29:48.0328 0x00cc  volsnap - ok
10:29:48.0335 0x00cc  [ A8DA1C1B52ECEA3726DEBED4FF1B700D, 75C024EC3858DF24FB82FE105BDD1E37900D53EFE9D72F42CDDFFD0742525586 ] vpci            C:\windows\System32\drivers\vpci.sys
10:29:48.0349 0x00cc  vpci - ok
10:29:48.0372 0x00cc  [ 19AFBA7191A78EDCA6D235456D65E002, CBB56944B293CEC430560E00BF7D8D18E69555602C5FD1E6B1A7913D8EDC9F14 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
10:29:48.0393 0x00cc  vpnagent - ok
10:29:48.0401 0x00cc  [ A917DBAF037606248F89D710C9D2AC91, 7F2B2DF49873BDF5D318CF6E6A99438BFBA2C302CB11E6D65EF71E44F6180014 ] vpnva           C:\windows\system32\DRIVERS\vpnva64-6.sys
10:29:48.0410 0x00cc  vpnva - ok
10:29:48.0421 0x00cc  [ 38A60CD9C009C55C6D3B5586F8E6A353, 7F7E2AE39F1A0A5245650911E310E0948BC22A18262A16FA76B44A042D66312D ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
10:29:48.0439 0x00cc  vsmraid - ok
10:29:48.0496 0x00cc  [ FE37051171F3B90B18037FDBAC5B9D76, F220D71512E059F298F3CD958D69BE7225A8E8D492387347E75A0E615159782A ] VSS             C:\windows\system32\vssvc.exe
10:29:48.0556 0x00cc  VSS - ok
10:29:48.0572 0x00cc  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC, AC2F3C70EDCA0AFBB2606267DFE6D3E8E7B0772140153BAD6B0A9EDE6A1D2F29 ] VSTXRAID        C:\windows\system32\drivers\vstxraid.sys
10:29:48.0591 0x00cc  VSTXRAID - ok
10:29:48.0597 0x00cc  [ 62460A45435A26A334907E3F2EA45611, FEF86E05117CC0AAB8211CA1542776EB620BD4699BD590D91F16621ED35B9824 ] vwifibus        C:\windows\System32\drivers\vwifibus.sys
10:29:48.0607 0x00cc  vwifibus - ok
10:29:48.0613 0x00cc  [ 095E943D27025E4D588AF0A72CC2318F, 3CE406A202F93EF8C4BC7317621A672670D734C69166393CA7256D5E5E667041 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
10:29:48.0625 0x00cc  vwififlt - ok
10:29:48.0630 0x00cc  [ 73FA1A41A97A5C34ADC03B3577FF1A86, CBA4BC0DA837C163587BBB4BF2AC1549C72440307C984D3CDF8995023718136C ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
10:29:48.0644 0x00cc  vwifimp - ok
10:29:48.0659 0x00cc  [ F690B6EEAA94576727B24376D7ED3601, A61EE96024C8FC4058481DFB1E7F0AD746565368672FA3B6BA8F9E23D0F47E4C ] W32Time         C:\windows\system32\w32time.dll
10:29:48.0683 0x00cc  W32Time - ok
10:29:48.0689 0x00cc  [ 6B806E893714019969E2B50D7EF6A4D9, 38FE2B01082DC4C2A0C11A292016A727F48C3DF1293DC3A0216B2254A452263F ] WacomPen        C:\windows\System32\drivers\wacompen.sys
10:29:48.0702 0x00cc  WacomPen - ok
10:29:48.0709 0x00cc  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarp          C:\windows\system32\DRIVERS\wanarp.sys
10:29:48.0720 0x00cc  Wanarp - ok
10:29:48.0725 0x00cc  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
10:29:48.0736 0x00cc  Wanarpv6 - ok
10:29:48.0782 0x00cc  [ 42DF22F8C448E7CD219F6D63743505E2, 063F4280C7BD20CE1360436B76A17DFE17FF611F75337A47373D098CC6C263BF ] wbengine        C:\windows\system32\wbengine.exe
10:29:48.0837 0x00cc  wbengine - ok
10:29:48.0877 0x00cc  [ 31D37B2F6069C631EF0557D322924812, 6E18A1060F3C8F4BF220E286C44327866A8F9109E74928AA2D8C2DA9C452038B ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
10:29:48.0902 0x00cc  WbioSrvc - ok
10:29:48.0914 0x00cc  [ F43314B83101DEBF7D7CCD42493CFC60, F4B70372559F2FD9A74FB87422EC6EF024F925AE4D838473E04E6B48AB7255AF ] Wcmsvc          C:\windows\System32\wcmsvc.dll
10:29:48.0931 0x00cc  Wcmsvc - ok
10:29:48.0961 0x00cc  [ 5B5FEAB51172F5513C2CF7B39CFA6A01, 4FDAC5168E00D44781C6F5D98ECD4977A12663C5CE6FFDFF9DBC89A28D6212D8 ] wcncsvc         C:\windows\System32\wcncsvc.dll
10:29:48.0989 0x00cc  wcncsvc - ok
10:29:48.0996 0x00cc  [ E19556D414332E2BEBA1F368229006B4, AB3454EC85D7B6E62D44C4510C1547AE7F736558588E54B0E265F7B3A5810E15 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
10:29:49.0010 0x00cc  WcsPlugInService - ok
10:29:49.0015 0x00cc  [ B3A4D918DAB90505B6BC7B70632913CB, ECC19DCD7902C29D0682C70B9546CF8B82477A32147EE30EB6750D8499605B46 ] Wd              C:\windows\system32\drivers\wd.sys
10:29:49.0024 0x00cc  Wd - ok
10:29:49.0029 0x00cc  [ B7FD627AAE8E95848BFEC437C923A87E, 26188FC7E86AD9B92FB732DD3EC5E8EAB18EB52B21E854B27798EC08C49167D8 ] WdBoot          C:\windows\system32\drivers\WdBoot.sys
10:29:49.0041 0x00cc  WdBoot - ok
10:29:49.0047 0x00cc  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\windows\System32\drivers\wdcsam64.sys
10:29:49.0057 0x00cc  WDC_SAM - ok
10:29:49.0084 0x00cc  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
10:29:49.0117 0x00cc  Wdf01000 - ok
10:29:49.0134 0x00cc  [ FAC362ED29713A535C6E2EEFFA5B4733, C4AF6C5A74389F9F51668433D4478806016C4913CB241F77513601803D532EC0 ] WdFilter        C:\windows\system32\drivers\WdFilter.sys
10:29:49.0152 0x00cc  WdFilter - ok
10:29:49.0161 0x00cc  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiServiceHost  C:\windows\system32\wdi.dll
10:29:49.0186 0x00cc  WdiServiceHost - ok
10:29:49.0192 0x00cc  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiSystemHost   C:\windows\system32\wdi.dll
10:29:49.0212 0x00cc  WdiSystemHost - ok
10:29:49.0231 0x00cc  [ 9B1384CE8E681D2D77BB3524B8E86311, BDEF9D0A79A7C26A88088A306F91632F300E587736CDD2C64717EC54DD6E89FF ] WebClient       C:\windows\System32\webclnt.dll
10:29:49.0248 0x00cc  WebClient - ok
10:29:49.0273 0x00cc  [ 35FD720943D4FCD75C3275BF062FF140, 9D8345E6DE1AE23F93AD0B52D27D1CCFD69EF7EE50654F92CA999BEC4570A773 ] Wecsvc          C:\windows\system32\wecsvc.dll
10:29:49.0295 0x00cc  Wecsvc - ok
10:29:49.0302 0x00cc  [ 4D2612E3C462B68F499D840B1133263E, 4DDAEB4480AEC31A8184838588E0D3DFA31CE6D2FA6E906926860C75F52DC7B7 ] wercplsupport   C:\windows\System32\wercplsupport.dll
10:29:49.0341 0x00cc  wercplsupport - ok
10:29:49.0348 0x00cc  [ 5F70EBFC1F75B487DE79501E3CCBDB54, 2FCA57BF60A43B03BB42FBF22BBFC19AD2266FBBD818494AD114125E6E433321 ] WerSvc          C:\windows\System32\WerSvc.dll
10:29:49.0371 0x00cc  WerSvc - ok
10:29:49.0377 0x00cc  [ 44BB9C31E6242C4BD1CE7C2B440C2533, E603BB001028918B687818E930340008C752679B133037367A8A8E41DA559FFE ] WFPLWFS         C:\windows\system32\DRIVERS\wfplwfs.sys
10:29:49.0388 0x00cc  WFPLWFS - ok
10:29:49.0393 0x00cc  [ 60E0C220593DA4F7C289CB909D2DBAE0, 057CA7727F748600CC155043081AB9E3244763CF4913F317D13226A515F6FDB6 ] WiaRpc          C:\windows\System32\wiarpc.dll
10:29:49.0408 0x00cc  WiaRpc - ok
10:29:49.0414 0x00cc  [ A3C7624A42A3447EF5EDD1ED37FE4E60, BD8BDF0A571873FA8277878AF7AED11196CFF1B4DF1EA6BA13BD4887D7B63B94 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
10:29:49.0427 0x00cc  WIMMount - ok
10:29:49.0431 0x00cc  WinDefend - ok
10:29:49.0461 0x00cc  [ 7911470B6018059A880469A63B65700A, 4B6131491A028FBCA54AC261112D183EFD42E98160545C8E8DFBDA01C87B3FB5 ] WinHttpAutoProxySvc C:\windows\system32\winhttp.dll
10:29:49.0490 0x00cc  WinHttpAutoProxySvc - ok
10:29:49.0503 0x00cc  [ 3D6B518B71C75C8FA4115A33615C107A, ED7A266013D29D3B1A462464735C3632BEA121D1B32553907AEAA0B00595C3DF ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
10:29:49.0518 0x00cc  Winmgmt - ok
10:29:49.0616 0x00cc  [ 89DA335401D956F2696E35A38817BE19, D5A8D5C0BE285564AB0DF1B4594FE612359C72BE3B64063C3460BB73AA34F413 ] WinRM           C:\windows\system32\WsmSvc.dll
10:29:49.0694 0x00cc  WinRM - ok
10:29:49.0707 0x00cc  [ BB20956C424531003F7FA6CD36F11D5D, 2C55F1C7553A527A7C4C34E730BE943269AE23928731C64D3DC945E07AE1771E ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
10:29:49.0736 0x00cc  WinUsb - ok
10:29:49.0777 0x00cc  [ 6351724B8FA0255C2DBD970297F00B93, A02F274479F9F32E30C75A5BD991B008B3CCB47D380D5870563EF918DAC5730E ] WlanSvc         C:\windows\System32\wlansvc.dll
10:29:49.0820 0x00cc  WlanSvc - ok
10:29:49.0877 0x00cc  [ B330CE47FB74A6BE9A3FFFF4B3F64D9B, B76226808406D8B38DE2D3A8CCE633BB507022C8BAAA6C3DAD34204CC6CE1284 ] wlidsvc         C:\windows\system32\wlidsvc.dll
10:29:49.0942 0x00cc  wlidsvc - ok
10:29:49.0949 0x00cc  [ E2A596CACFC6504306CDB7B593B90084, DF89CF57249553CE922C841F18B99A213185FA1099C053B9BB8C0F6E5BC3FEC0 ] WmiAcpi         C:\windows\System32\drivers\wmiacpi.sys
10:29:49.0957 0x00cc  WmiAcpi - ok
10:29:49.0967 0x00cc  [ D113499052C5E541906B727779F0F959, 05FB51086C0A0CE3812A7E6098C5A454ECCFE8553669CFA715153564F2226DB0 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
10:29:49.0981 0x00cc  wmiApSrv - ok
10:29:49.0984 0x00cc  WMPNetworkSvc - ok
10:29:49.0991 0x00cc  [ C6FF953D5D6F2EAE3B8883474D5076B3, 001CBB7FBC30209C892869258E5ABD3F0932886E156ECB10DCA599F6D32648BE ] wpcfltr         C:\windows\system32\DRIVERS\wpcfltr.sys
10:29:50.0001 0x00cc  wpcfltr - ok
10:29:50.0005 0x00cc  [ A6ED163169876BFD2437E872FE2F1509, C13E8676800EEEF690F51C4DEA660B36C8734AE2CCAAC48054E10D74B98949B8 ] WPCSvc          C:\windows\System32\wpcsvc.dll
10:29:50.0014 0x00cc  WPCSvc - ok
10:29:50.0020 0x00cc  [ 3013658A4D327854BEEC4A08D9655194, C4CF5AA6A47CC55E7037B0BFE20AE0A6442ADDC5DEB89D6861C98C61851FA821 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
10:29:50.0032 0x00cc  WPDBusEnum - ok
10:29:50.0035 0x00cc  [ 0346CAFC181C91C6E2330332EB332ED6, D46F44C339399CAAE13CD71C53A169E95065208E07E5420DE00A4509D6CB056F ] WpdUpFltr       C:\windows\system32\drivers\WpdUpFltr.sys
10:29:50.0044 0x00cc  WpdUpFltr - ok
10:29:50.0048 0x00cc  [ BC8B5CB336E63BB25EAD1CE8EDD34B81, A42759956EDCCC6D0688240AA4F833FB9CA132D42D2D901CDCBB24DCE1788C1D ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
10:29:50.0056 0x00cc  ws2ifsl - ok
10:29:50.0063 0x00cc  [ 012CFE7F0F95266F554EE3B91EE2128A, 866312F6BF7369BE686F1BA9F01311C99E95E268C6E63BE37C841F54F5AA0DB8 ] wscsvc          C:\windows\System32\wscsvc.dll
10:29:50.0075 0x00cc  wscsvc - ok
10:29:50.0078 0x00cc  WSearch - ok
10:29:50.0165 0x00cc  [ D4D04839F3DFAF09D94BAB1016F7A297, 944A41D251F522EE87189C1D01CF7EEE2C70BF4353BA4005C44F03DB485F843F ] WSService       C:\windows\System32\WSService.dll
10:29:50.0242 0x00cc  WSService - ok
10:29:50.0322 0x00cc  [ 10EA2DBD2820A504D98D19F5EDAAFC04, 5B84D7C169CBAEBCE4A03BB89426E74DBF5AFCA1F8FDE2A5BC1006A8464D7E24 ] wuauserv        C:\windows\system32\wuaueng.dll
10:29:50.0411 0x00cc  wuauserv - ok
10:29:50.0429 0x00cc  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
10:29:50.0441 0x00cc  WudfPf - ok
10:29:50.0449 0x00cc  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\System32\drivers\WUDFRd.sys
10:29:50.0462 0x00cc  WUDFRd - ok
10:29:50.0468 0x00cc  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
10:29:50.0480 0x00cc  wudfsvc - ok
10:29:50.0488 0x00cc  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdFs       C:\windows\system32\DRIVERS\WUDFRd.sys
10:29:50.0500 0x00cc  WUDFWpdFs - ok
10:29:50.0506 0x00cc  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdMtp      C:\windows\system32\DRIVERS\WUDFRd.sys
10:29:50.0518 0x00cc  WUDFWpdMtp - ok
10:29:50.0543 0x00cc  [ 6D9E07436B6646EC8F7EFFD39B6BA288, 82C1CEA93ECEF17D221AD0F87C5BD96F3FD8143841C16BD9608BD4D58D90B8E0 ] WwanSvc         C:\windows\System32\wwansvc.dll
10:29:50.0565 0x00cc  WwanSvc - ok
10:29:50.0576 0x00cc  [ 6FDEE5E0741A3FFA5E5772C6C94E3F64, 859EBC7F8FF3CE9F3301B5BF93CF0C84C2A4271F205B67D9B8DC463DC67DE661 ] XHCIPort        C:\windows\System32\drivers\XHCIPort.sys
10:29:50.0590 0x00cc  XHCIPort - ok
10:29:50.0675 0x00cc  [ 2AC426C57AC3D6A226D66E5A03223C90, 45AD44153D280E4066BA62260CE7733AC3DC23D59951BBCC0F8D4F5226F97203 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
10:29:50.0758 0x00cc  ZeroConfigService - ok
10:29:50.0773 0x00cc  ================ Scan global ===============================
10:29:50.0779 0x00cc  [ DDC1AFBF9DDF880CE9BD3896114D8DED, E2406231EA4D2689A5EDFA9BD1A1BC064359D8D23B37F113A18B5EAE3E2D4050 ] C:\windows\system32\basesrv.dll
10:29:50.0788 0x00cc  [ E9343076AE704D20BB0D01F3AF3EFFEF, FF2CE4146945976F9480690505CECD3C7C719BAF0F633E6192C8272C75EF295D ] C:\windows\system32\winsrv.dll
10:29:50.0796 0x00cc  [ BD7C6949984D19AAA609896B675E7357, 5B46538B27BC70F5A3805AA63F6AACDC780C7168468FB535F2D35CF26B9DEE06 ] C:\windows\system32\sxssrv.dll
10:29:50.0811 0x00cc  [ 8F226143046435C75C033B0C52E90FFE, 54FA316485B57D7B8104FE621F5F40DEC35E3D57C3DF46B5F7EACF57445FE7CA ] C:\windows\system32\services.exe
10:29:50.0820 0x00cc  [ Global ] - ok
10:29:50.0820 0x00cc  ================ Scan MBR ==================================
10:29:50.0830 0x00cc  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
10:29:50.0895 0x00cc  \Device\Harddisk0\DR0 - ok
10:29:50.0898 0x00cc  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
10:29:50.0907 0x00cc  \Device\Harddisk1\DR1 - ok
10:29:50.0908 0x00cc  ================ Scan VBR ==================================
10:29:50.0909 0x00cc  [ CF067D6876C854712EF053AF707DA4C0 ] \Device\Harddisk0\DR0\Partition1
10:29:50.0934 0x00cc  \Device\Harddisk0\DR0\Partition1 - ok
10:29:50.0937 0x00cc  [ 56CB9FE34ECABCD1517FA41555A6BFCB ] \Device\Harddisk0\DR0\Partition2
10:29:50.0945 0x00cc  \Device\Harddisk0\DR0\Partition2 - ok
10:29:50.0948 0x00cc  [ 226D53F119DC177FEAE076E5F8135642 ] \Device\Harddisk0\DR0\Partition3
10:29:50.0950 0x00cc  \Device\Harddisk0\DR0\Partition3 - ok
10:29:50.0952 0x00cc  [ 58426894694CF06C1F2E7FD16EB8F087 ] \Device\Harddisk0\DR0\Partition4
10:29:50.0954 0x00cc  \Device\Harddisk0\DR0\Partition4 - ok
10:29:50.0958 0x00cc  [ 7AC6D00340677D887C2349597007C6A9 ] \Device\Harddisk0\DR0\Partition5
10:29:50.0973 0x00cc  \Device\Harddisk0\DR0\Partition5 - ok
10:29:50.0976 0x00cc  [ 0D45395E9893E4A0A2891F6CBADE5F5C ] \Device\Harddisk0\DR0\Partition6
10:29:50.0995 0x00cc  \Device\Harddisk0\DR0\Partition6 - ok
10:29:50.0998 0x00cc  [ D3360B5D592F8447074A31A9D6E655DD ] \Device\Harddisk0\DR0\Partition7
10:29:50.0999 0x00cc  \Device\Harddisk0\DR0\Partition7 - ok
10:29:51.0002 0x00cc  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
10:29:51.0002 0x00cc  \Device\Harddisk1\DR1\Partition1 - ok
10:29:51.0004 0x00cc  ================ Scan generic autorun ======================
10:29:51.0019 0x00cc  [ 2A08D5DD658D85E2D4AD9D9CCF180030, 7E62FC592F8E6A4D33341C781AC3F9F52F872D54D6F170136F6F154B9DE75A22 ] C:\windows\system32\hkcmd.exe
10:29:51.0036 0x00cc  HotKeysCmds - ok
10:29:51.0335 0x00cc  [ 9AC062437035B077C0F3B1BD738EC82A, DAC42AA903C3A6F7CB196D3D738FFDDADC8BD2138F0703F1DB035337540D53B7 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
10:29:51.0691 0x00cc  RtHDVCpl - ok
10:29:51.0752 0x00cc  [ 4DF11CDE53A5AF536178AEC3D4A053B1, 63CE411CB93F7058B6126FB80D20978AEBD13B0B36CDE7DD5194BC0DACB88CE8 ] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
10:29:51.0806 0x00cc  SRS Premium Sound 3D - ok
10:29:51.0870 0x00cc  [ BF978AA60B5156C3DCA4FE408C52DAF1, 89C940B1869BE5BA49D84095F19EB04B24E86E744F3A5E035AD18693FC64090D ] C:\Program Files\TOSHIBA\PasswordUtility\TosPU.exe
10:29:51.0937 0x00cc  TosPU - ok
10:29:51.0940 0x00cc  TCrdMain - ok
10:29:51.0979 0x00cc  [ CF74C5BE20CD4DE1299F6C92A738A2DF, A74FBB2E50F9AEB9CA11347EE464D34F234DD837FCDD6A43CFDA4664CB2BF9FB ] C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
10:29:52.0018 0x00cc  TSleepSrv - ok
10:29:52.0026 0x00cc  [ 57C4B4289DAB34CBAEEB92865C6BC022, A1AD75E8D988FBA512454DA99FCE8F32EC6A80B46B87A517DF5C7B7DF86E3CA8 ] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
10:29:52.0034 0x00cc  TecoResident - ok
10:29:52.0035 0x00cc  TosWaitSrv - ok
10:29:52.0043 0x00cc  [ 1FAD6ACA65366E1AFF10EC6B02F47A84, 2DA16D06F553FC081E374F1699EC240D7FFFDD39D42774F044AE3DE09F2C8619 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
10:29:52.0050 0x00cc  BCSSync - ok
10:29:52.0067 0x00cc  [ 906B344BA5AEA12301FCAC7A0E688CF7, 6A4FDA538E6393A58F4215F253DFC4205E7B157BA8BDDB93512E47585394AD49 ] C:\Program Files (x86)\UniKey Vista 2.0\UniKeyVista2.0.exe
10:29:52.0086 0x00cc  UniKey - detected UnsignedFile.Multi.Generic ( 1 )
10:29:55.0884 0x00cc  Detect skipped due to KSN trusted
10:29:55.0884 0x00cc  UniKey - ok
10:29:55.0886 0x00cc  Waiting for KSN requests completion. In queue: 328
10:29:56.0887 0x00cc  Waiting for KSN requests completion. In queue: 328
10:29:57.0888 0x00cc  Waiting for KSN requests completion. In queue: 19
10:29:58.0889 0x00cc  Waiting for KSN requests completion. In queue: 19
10:29:59.0918 0x00cc  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.6.305.0 ), 0x60100 ( disabled : updated )
10:29:59.0928 0x00cc  Win FW state via NFP2: enabled
10:30:12.0962 0x00cc  ============================================================
10:30:12.0962 0x00cc  Scan finished
10:30:12.0962 0x00cc  ============================================================
10:30:12.0984 0x0eb4  Detected object count: 0
10:30:12.0984 0x0eb4  Actual detected object count: 0


  • 0

#10
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi :) Please copy and paste the logs into the replies, no need for the code boxes.

Those logs look good, and the TDSSKiller log shows no rootkits hiding. Let's run a sweep for orphans and remnants.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

Advertisements


#11
axxon007

axxon007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

ESET Log

 

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK


  • 0

#12
axxon007

axxon007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

MBAM Log

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/01/2015
Scan Time: 10:27:41 AM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.05.13
Rootkit Database: v2014.12.30.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: ThanhUTS

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 320612
Time Elapsed: 4 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 3
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{C8DD6D7A-85E3-4E7F-9AE5-B79C27859EEA}|NameServer, 31.168.224.106,5.135.12.52, Good: (), Bad: (31.168.224.106,5.135.12.52),Replaced,[6c9570f94339c37326fedfada2631be5]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{F2A2FAE7-1702-4F3E-A020-6161C96E7F13}|NameServer, 31.168.224.106,5.135.12.52, Good: (), Bad: (31.168.224.106,5.135.12.52),Replaced,[cc35cf9adba1fa3c4cd8d5b7dc29926e]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{F947CB68-5D5A-46FE-A594-1BCCE3DCECC1}|NameServer, 31.168.224.106,5.135.12.52, Good: (), Bad: (31.168.224.106,5.135.12.52),Replaced,[24dd7cedadcfd06677ad4745f90c837d]

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.CloudScout.A, C:\Users\ThanhUTS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cloudscout.utop.it_0.localstorage, Quarantined, [f30e0762631979bdb5bcdd8d35ce718f],

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#13
axxon007

axxon007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Securitycheck log

Results of screen317's Security Check version 0.99.93
x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 8
Java version 32-bit out of Date!
Adobe Reader XI
Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
  • 0

#14
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Great news, your logs are CLEAN! :thumbsup: :) but we still have a few things we need to address namely:
  • I need to remove the tools we installed on your machine.
  • We also have some programs on your machine that need updating to help protect you in the future.
Step 1: Tool Removal with Delfix and Creation of a clean restore point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can uninstall ESET Online Scanner at this time.

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.


Step 2: Java Warning and Update


A word about Java

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.

If you do have software that requires it, then disable it until such time as it's needed by those programs.

Please click the link below for instructions to disable Java.

How to Disable Java in your Web Browser


If you wish to continue to use Java on your machine, please be sure to keep it updated by following the instructions below.
  • Click on this link Java Website and click Do I Have Java?
  • Then click the Verify Java Version button. It will scan your current version and show you if you have the most current version.
You can find instructions for manually removing older versions for Windows XP, Vista, and 7 by clicking the link below:

Instructions for manually removing old versions of Java


Step 3: Tips, Information, and Optional Installation of Unchecky
  • Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
  • Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.
  • Be careful of the websites you visit.
  • When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take your time and read each screen as you go. :)
To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

Click here to be taken to Unchecky.com

Click the very large Download button.

Click Save

Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)

Once open, click the Install button.


unchecky1_zps667e512d.jpg


Then click Finish

unchecky2_zpsca4e7d0d.jpg


Unchecky is now installed and will help you keep unwanted check boxes unchecked. :thumbsup:


Things I need to see in your next post:

Delfix Log

  • 0

#15
axxon007

axxon007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi pystryker,

# DelFix v10.8 - Logfile created 07/01/2015 at 19:32:32
# Updated 29/07/2014 by Xplode
# Username : ThanhUTS - THANH
# Operating System : Windows 8 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\TDSSKiller.3.0.0.42_04.01.2015_10.28.52_log.txt
Deleted : C:\Users\ThanhUTS\Desktop\log.txt
Deleted : C:\Users\ThanhUTS\Desktop\SecurityCheck.exe
Deleted : C:\Users\ThanhUTS\Downloads\Extras.Txt
Deleted : C:\Users\ThanhUTS\Downloads\JRT.exe
Deleted : C:\Users\ThanhUTS\Downloads\OTL.Txt
Deleted : C:\Users\ThanhUTS\Downloads\OTL.exe
Deleted : C:\Users\ThanhUTS\Downloads\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

########## - EOF - ##########

Thank you so much for your help, Pystryker.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP