1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Resolved] IEXPLORE VIRUS

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by Mikeal05, Jun 7, 2014.

  1. Mikeal05

    Mikeal05 Established Techie7 Member

    I am at my wits end. I cannot get this to go away. I have already run Combo Fix, Adware & SpyHunter and nothing works.

    I am running Windows 7
     

    Attached Files:

  2. Mikeal05

    Mikeal05 Established Techie7 Member

    Not any better after FRST scan and fix
     
  3. Mikeal05

    Mikeal05 Established Techie7 Member

    I could not run RogueKiller so I ran tdss and removed what was there and then ran it again and there was nothing. I then ran Malwarebytes and posted the log. It found nothing as well.
     
  4. Mikeal05

    Mikeal05 Established Techie7 Member

     
  5. broni

    broni Malware Annihilator Techie7 Moderator Head Security

  6. Mikeal05

    Mikeal05 Established Techie7 Member

    I'm confused are you asking for an explanation of why I abandoned the previous post or about the new problem?
     
  7. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Yes.
     
  8. Mikeal05

    Mikeal05 Established Techie7 Member

    It wasn't on purpose. I'm sure I missed the notification in my overloaded yahoo email inbox. At the time I didn't realize there was a 5 day time period or the thread would be closed. I do believe after I did what you instructed the problem went away so that is appreciated and I apologize for not replying.
     
  9. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    We can continue but if it happens again then my ban stays.

    Please, complete all steps listed HERE

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    You're not saying what your computer issues are.
     
  10. Mikeal05

    Mikeal05 Established Techie7 Member

    Ok. So the problem all started with the iexplore.exe having multiple instances running most 100k kb all the way up to 1.2million kb. This was causing the cpu usage to be at 100% almost all the time except after a restart. I also have multiple svchost.exe one of them is over 100k kb. I followed a post on the malwarebytes website https://forums.malwarebytes.org/index.php?showtopic=149176

    This got rid of the iexplore.exe virus but I'm still stuck with the svchost.exe problem. The PC is running almost back to normal now but I want to make sure everything is cleaned up. I will be following the steps listed above and will reply once that is done.
     
  11. Mikeal05

    Mikeal05 Established Techie7 Member

    Ok. So the problem all started with the iexplore.exe having multiple instances running most 100k kb all the way up to 1.2million kb. This was causing the cpu usage to be at 100% almost all the time except after a restart. I also have multiple svchost.exe one of them is over 100k kb. I followed a post on the malwarebytes website https://forums.malwarebytes.org/index.php?showtopic=149176

    This got rid of the iexplore.exe virus but I'm still stuck with the svchost.exe problem. The PC is running almost back to normal now but I want to make sure everything is cleaned up. I will be following the steps listed above and will reply once that is done.

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.06.08.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16618
    Mike :: MIKE-PC [administrator]

    6/7/2014 9:56:38 PM
    mbam-log-2014-06-07 (21-56-38).txt

    Scan type: Full scan (C:\|E:\|)
    Scan options enabled: Memory | Startup | Registry | PUP | PUM
    Scan options disabled: File System | Heuristics/Extra | Heuristics/Shuriken | P2P
    Objects scanned: 25142
    Time elapsed: 39 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    ******DDS********

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16618 BrowserJavaVersion: 10.60.2
    Run by Mike at 22:40:26 on 2014-06-07
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6142.4707 [GMT -7:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
    C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Task Killer\TaskKiller.exe
    C:\Program Files\Start Menu X\StartMenuX.exe
    C:\Program Files\Immunet\3.0.8\iptray.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Windows\explorer.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [Task Killer] C:\Program Files (x86)\Task Killer\taskkiller.exe
    uRun: [StartMenuX] C:\Program Files\Start Menu X\StartMenuX.exe
    uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
    mRun: [Immunet Protect] "C:\Program Files\Immunet\3.0.8\iptray.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mRunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-D3SR5.exe" /REG /REGSVRMODE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: SynchronousMachineGroupPolicy = dword:1
    mPolicies-System: SynchronousUserGroupPolicy = dword:1
    mPolicies-Windows\System: AllowBlockingAppsAtShutdown = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{84294CEB-1B81-4F60-B6D5-BE983715797E} : DHCPNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    SSODL: WebCheck - <orphaned>
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 ImmunetProtectDriver;ImmunetProtectDriver;C:\Windows\System32\drivers\ImmunetProtect.sys [2013-7-7 57672]
    R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;C:\Windows\System32\drivers\ImmunetSelfProtect.sys [2013-7-7 32584]
    R2 ImmunetNetworkMonitorDriver;ImmunetNetworkMonitorDriver;C:\Windows\System32\drivers\ImmunetNetworkMonitor.sys [2013-7-7 98632]
    R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-12-7 202328]
    R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-7-6 5093216]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
    S3 esgiguard;esgiguard;C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
    S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-6 59392]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-6 1255736]
    S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-4-17 239616]
    S4 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\BitRaider\BRSptSvc.exe [2013-8-3 476936]
    S4 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2013-1-14 769920]
    .
    =============== Created Last 30 ================
    .
    2014-06-08 04:54:06 712264 ----a-w- C:\Windows\is-D3SR5.exe
    2014-06-07 20:11:33 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5B680B9B-B937-46BA-BCFF-E2ACACEDF370}\offreg.dll
    2014-06-07 20:06:43 -------- d-----w- C:\ProgramData\Kaspersky Lab
    2014-06-07 20:06:43 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
    2014-06-07 20:02:58 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-06-07 18:31:51 -------- d-----w- C:\Program Files (x86)\ESET
    2014-06-07 03:54:38 -------- d-----w- C:\TDSSKiller_Quarantine
    2014-06-07 03:24:33 -------- d-----w- C:\ProgramData\RogueKiller
    2014-06-07 03:14:20 -------- d-----w- C:\FRST
    2014-06-07 02:54:10 388096 ----a-r- C:\Users\Mike\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2014-06-07 02:54:10 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2014-06-06 12:42:58 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2014-06-06 12:42:54 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5B680B9B-B937-46BA-BCFF-E2ACACEDF370}\mpengine.dll
    2014-06-06 05:17:07 -------- d-----w- C:\Users\Mike\AppData\Local\SniperV2
    2014-06-05 15:50:47 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
    2014-06-04 07:45:17 -------- d-----w- C:\$RECYCLE.BIN
    2014-06-04 07:26:51 98816 ----a-w- C:\Windows\sed.exe
    2014-06-04 07:26:51 256000 ----a-w- C:\Windows\PEV.exe
    2014-06-04 07:26:51 208896 ----a-w- C:\Windows\MBR.exe
    2014-06-04 05:36:06 -------- d-----w- C:\AdwCleaner
    2014-06-04 02:10:24 -------- d-----w- C:\Users\Mike\AppData\Roaming\Malwarebytes
    2014-06-04 02:08:31 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2014-06-04 02:08:29 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-06-04 02:08:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-06-04 02:08:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-06-04 01:51:43 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
    2014-06-04 01:51:43 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
    2014-06-03 02:53:14 -------- d-----w- C:\Users\Mike\AppData\Local\Efmktion
    2014-05-26 14:26:03 -------- d-----w- C:\Users\Mike\AppData\Roaming\6DE8
    2014-05-24 22:24:53 -------- d-----w- C:\Windows\System32\MRT
    2014-05-24 22:08:40 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
    2014-05-24 22:08:40 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2014-05-24 19:26:55 -------- d-----w- C:\Users\Mike\AppData\Local\ATI
    2014-05-24 19:24:01 0 ----a-w- C:\Windows\ativpsrm.bin
    2014-05-24 19:21:11 -------- d-----w- C:\Program Files\AMD
    2014-05-24 19:14:21 -------- d-----w- C:\ProgramData\AMD
    2014-05-24 19:14:20 -------- d-----w- C:\Program Files (x86)\AMD AVT
    2014-05-24 19:14:18 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
    2014-05-24 19:13:03 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
    2014-05-24 19:12:56 -------- d-----w- C:\Program Files (x86)\ATI Technologies
    2014-05-24 19:12:38 -------- d-----w- C:\Program Files\ATI Technologies
    2014-05-24 19:12:35 -------- d-----w- C:\Program Files\ATI
    2014-05-24 19:11:17 -------- d-----w- C:\AMD
    2014-05-24 09:53:20 209972 ----a-w- C:\ProgramData\Microsoft\{e6c79609-2463-4c7f-4fd0-22967e5d41e8}\{e6c79609-2463-4c7f-4fd0-22967e5d41e8}.exe
    2014-05-17 02:44:26 -------- d-----w- C:\Users\Mike\AppData\Roaming\Mumble
    2014-05-17 02:43:11 -------- d-----w- C:\Program Files (x86)\Mumble
    .
    ==================== Find3M ====================
    .
    2014-06-07 04:11:24 512000 ----a-w- C:\Windows\System32\rpcss.dll
    2014-05-18 22:30:17 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2014-05-18 22:30:17 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2014-05-18 00:42:53 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2014-05-03 15:45:55 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2014-05-03 09:37:01 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe
    2014-04-18 05:33:02 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
    2014-04-18 05:28:30 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
    2014-04-18 02:43:06 78432 ----a-w- C:\Windows\System32\atimpc64.dll
    2014-04-18 02:43:06 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
    2014-04-18 02:43:04 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2014-04-18 02:43:04 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2014-04-18 02:43:00 143304 ----a-w- C:\Windows\System32\atiuxp64.dll
    2014-04-18 02:42:58 126336 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2014-04-18 02:42:58 117584 ----a-w- C:\Windows\System32\atiu9p64.dll
    2014-04-18 02:42:56 99520 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2014-04-18 02:42:54 1343272 ----a-w- C:\Windows\System32\aticfx64.dll
    2014-04-18 02:42:52 1117184 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2014-04-18 02:42:48 10335208 ----a-w- C:\Windows\System32\atidxx64.dll
    2014-04-18 02:42:46 8866928 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2014-04-18 02:42:40 6796592 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2014-04-18 02:42:36 6799688 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2014-04-18 02:42:30 7520200 ----a-w- C:\Windows\System32\atiumd6a.dll
    2014-04-18 02:42:28 8010968 ----a-w- C:\Windows\System32\atiumd64.dll
    2014-04-18 02:39:06 274656 ----a-w- C:\Windows\System32\drivers\amdacpksd.sys
    2014-04-18 02:36:46 15376384 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2014-04-18 02:23:08 231424 ----a-w- C:\Windows\System32\clinfo.exe
    2014-04-18 02:22:58 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
    2014-04-18 02:22:58 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
    2014-04-18 02:22:56 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
    2014-04-18 02:22:56 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
    2014-04-18 02:22:54 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2014-04-18 02:22:48 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2014-04-18 02:22:42 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
    2014-04-18 02:22:38 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2014-04-18 02:22:32 28685824 ----a-w- C:\Windows\System32\amdocl64.dll
    2014-04-18 02:19:54 24107520 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2014-04-18 02:17:28 65024 ----a-w- C:\Windows\System32\OpenCL.dll
    2014-04-18 02:17:24 58880 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2014-04-18 02:13:30 127488 ----a-w- C:\Windows\System32\mantle64.dll
    2014-04-18 02:13:10 113664 ----a-w- C:\Windows\SysWow64\mantle32.dll
    2014-04-18 02:12:54 27907584 ----a-w- C:\Windows\System32\atio6axx.dll
    2014-04-18 02:12:48 5442048 ----a-w- C:\Windows\System32\amdmantle64.dll
    2014-04-18 01:58:32 4358656 ----a-w- C:\Windows\SysWow64\amdmantle32.dll
    2014-04-18 01:51:44 23409152 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2014-04-18 01:46:34 368128 ----a-w- C:\Windows\System32\atiapfxx.exe
    2014-04-18 01:46:26 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
    2014-04-18 01:46:24 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2014-04-18 01:46:18 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
    2014-04-18 01:46:18 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2014-04-18 01:46:04 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
    2014-04-18 01:45:56 91136 ----a-w- C:\Windows\System32\mantleaxl64.dll
    2014-04-18 01:45:46 85504 ----a-w- C:\Windows\SysWow64\mantleaxl32.dll
    2014-04-18 01:42:52 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2014-04-18 01:33:06 48128 ----a-w- C:\Windows\System32\amdmmcl6.dll
    2014-04-18 01:33:02 37888 ----a-w- C:\Windows\SysWow64\amdmmcl.dll
    2014-04-18 01:30:14 442368 ----a-w- C:\Windows\System32\atidemgy.dll
    2014-04-18 01:30:02 31232 ----a-w- C:\Windows\System32\atimuixx.dll
    2014-04-18 01:29:54 586240 ----a-w- C:\Windows\System32\atieclxx.exe
    2014-04-18 01:29:24 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
    2014-04-18 01:28:30 190976 ----a-w- C:\Windows\System32\atitmm64.dll
    2014-04-18 01:21:30 806912 ----a-w- C:\Windows\System32\coinst_14.100.dll
    2014-04-18 01:09:20 1177600 ----a-w- C:\Windows\System32\atiadlxx.dll
    2014-04-18 01:09:00 848896 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2014-04-18 01:07:54 75264 ----a-w- C:\Windows\System32\atig6pxx.dll
    2014-04-18 01:07:46 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2014-04-18 01:07:46 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
    2014-04-18 01:07:36 146944 ----a-w- C:\Windows\System32\atig6txx.dll
    2014-04-18 01:07:20 133632 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2014-04-18 01:07:06 638976 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2014-04-18 01:04:24 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2014-03-31 16:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
    .
    ============= FINISH: 22:41:13.45 ===============



    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/6/2013 11:35:30 AM
    System Uptime: 6/7/2014 12:43:15 PM (10 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | EP43-DS3LR
    Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz | Socket 775 | 1700/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 466 GiB total, 102.145 GiB free.
    D: is CDROM (UDF)
    E: is FIXED (NTFS) - 466 GiB total, 360.599 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 12 Plugin
    Adobe Reader XI (11.0.07)
    Adobe Shockwave Player 12.0
    Advanced Tactics Gold
    AMD Accelerated Video Transcoding
    AMD Catalyst Control Center
    AMD Catalyst Install Manager
    AMD Drag and Drop Transcoding
    AMD Wireless Display v3.0
    America's Army: Proving Grounds Beta
    Auslogics BoostSpeed
    Auslogics Disk Defrag
    Batman: Arkham Asylum GOTY Edition
    Batman: Arkham City GOTY
    Batman™: Arkham Origins
    Battlefield 2
    Battlefield: Bad Company 2
    BitRaider Web Client
    Blacklight: Retribution
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    Chivalry: Medieval Warfare
    CloudReading
    Copy
    Counter-Strike: Global Offensive
    Crysis
    Crysis® 2
    Crysis®3
    Deus Ex: Human Revolution
    Dual-Core Optimizer
    ESET Online Scanner v3
    Foxit Reader
    GameSpy Comrade
    Google Chrome
    Google Update Helper
    Half-Life 2: Deathmatch
    HAWKEN
    HiJackThis
    ICP 9.0
    ImageConverter Plus 8.0
    Immunet 3.0
    Java 7 Update 25 (64-bit)
    Java 7 Update 60
    Java Auto Updater
    Kaspersky Security Scan
    League of Legends
    Left 4 Dead
    Left 4 Dead 2
    Magic 2014
    Magic: The Gathering - Duels of the Planeswalkers 2013
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4.5
    Microsoft Chart Controls for Microsoft .NET Framework 3.5
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Mouse and Keyboard Center
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
    Mumble 1.2.6
    NVIDIA PhysX
    OpenAL
    Origin
    Pando Media Booster
    Path of Exile
    Portal
    Portal 2
    Prototype
    PROTOTYPE 2
    PunkBuster Services
    Raptr
    Revo Uninstaller 1.95
    Rise of the Triad
    Rising Storm/Red Orchestra 2 Multiplayer
    Sansa Updater
    Security Update for Microsoft .NET Framework 4.5 (KB2737083)
    Security Update for Microsoft .NET Framework 4.5 (KB2742613)
    Security Update for Microsoft .NET Framework 4.5 (KB2789648)
    Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
    Security Update for Microsoft .NET Framework 4.5 (KB2861208)
    Security Update for Microsoft .NET Framework 4.5 (KB2898864)
    Security Update for Microsoft .NET Framework 4.5 (KB2901118)
    Security Update for Microsoft .NET Framework 4.5 (KB2931368)
    Serious Sam HD: The First Encounter
    Serious Sam HD: The Second Encounter
    Sniper Elite V2
    Sniper Ghost Warrior 2
    Sniper: Ghost Warrior
    SpyHunter
    SpywareBlaster 4.4
    Star Wars The Old Republic
    Star Wars: The Force Unleashed 2
    Star Wars: The Old Republic
    Start Menu X version 4.53
    Steam
    SUABnR
    swMSM
    Task Killer (remove only)
    TeamViewer 8
    TeraCopy 2.27
    Tom Clancy's H.A.W.X.
    Unity Web Player
    Uplay
    VS10Runtimex64
    Warframe
    Windows 7 Manager
    Windows Live ID Sign-in Assistant
    WinRAR 4.20 (64-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/7/2014 8:31:26 AM, Error: Service Control Manager [7000] - The EsgScanner service failed to start due to the following error: This driver has been blocked from loading
    6/7/2014 8:31:26 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\DRIVERS\EsgScanner.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    6/7/2014 11:22:02 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/7/2014 11:22:02 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/7/2014 11:22:02 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/7/2014 11:22:02 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/7/2014 11:22:02 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    6/7/2014 11:22:02 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/7/2014 11:22:02 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/7/2014 11:22:02 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/6/2014 8:43:08 PM, Error: Service Control Manager [7023] - The Power service terminated with the following error: The WMI request could not be completed and should be retried.
    6/6/2014 8:40:40 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled.
    6/6/2014 8:40:39 PM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    6/6/2014 8:40:39 PM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    6/6/2014 8:39:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    6/6/2014 8:39:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    6/6/2014 8:39:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/6/2014 8:39:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    6/6/2014 8:38:58 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    6/6/2014 8:38:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ImmunetProtectDriver ImmunetSelfProtectDriver spldr Wanarpv6
    6/6/2014 8:16:21 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/6/2014 8:16:21 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/6/2014 8:16:21 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/6/2014 8:16:21 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    6/6/2014 8:16:21 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    6/6/2014 4:31:42 AM, Error: Service Control Manager [7031] - The RPC Endpoint Mapper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/6/2014 4:31:42 AM, Error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    6/6/2014 11:44:54 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
    6/4/2014 12:43:14 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    6/4/2014 12:43:14 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    6/4/2014 12:39:36 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    6/4/2014 12:39:00 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    6/4/2014 12:27:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
    6/4/2014 10:03:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    6/3/2014 9:57:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
    6/3/2014 9:42:25 PM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/3/2014 7:46:07 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    6/3/2014 7:44:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    6/3/2014 7:37:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    6/3/2014 7:37:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    6/3/2014 7:36:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache ImmunetProtectDriver ImmunetSelfProtectDriver NetBIOS NetBT nsiproxy rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    6/3/2014 7:36:39 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/3/2014 7:36:39 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    6/3/2014 7:36:39 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    6/3/2014 7:36:39 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    6/3/2014 7:36:39 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    6/3/2014 7:36:39 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    6/3/2014 7:36:39 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/3/2014 7:36:39 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/3/2014 7:36:39 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    .
    ==== End Of File ===========================
     
    Last edited: Jun 8, 2014
  12. broni

    broni Malware Annihilator Techie7 Moderator Head Security

  13. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    [​IMG] Do NOT create new topic just to post new logs.
    Continue in this very topic.
    This time I merged both topics.

    [​IMG] Step 1 in our preliminaries calls for installing one of proposed AV programs.
    I don't see any running.
    What's up with that?
     
  14. Mikeal05

    Mikeal05 Established Techie7 Member

    Comodo scan run and up and running.
     
  15. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    When done let me know if it found anything.

    Next...

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  16. Mikeal05

    Mikeal05 Established Techie7 Member

    21:28:30.0136 0x0f14 TDSS rootkit removing tool 3.0.0.39 Jun 5 2014 20:35:54
    21:28:37.0234 0x0f14 ============================================================
    21:28:37.0234 0x0f14 Current date / time: 2014/06/09 21:28:37.0234
    21:28:37.0234 0x0f14 SystemInfo:
    21:28:37.0234 0x0f14
    21:28:37.0234 0x0f14 OS Version: 6.1.7601 ServicePack: 1.0
    21:28:37.0234 0x0f14 Product type: Workstation
    21:28:37.0234 0x0f14 ComputerName: MIKE-PC
    21:28:37.0234 0x0f14 UserName: Mike
    21:28:37.0234 0x0f14 Windows directory: C:\Windows
    21:28:37.0234 0x0f14 System windows directory: C:\Windows
    21:28:37.0234 0x0f14 Running under WOW64
    21:28:37.0234 0x0f14 Processor architecture: Intel x64
    21:28:37.0234 0x0f14 Number of processors: 2
    21:28:37.0234 0x0f14 Page size: 0x1000
    21:28:37.0234 0x0f14 Boot type: Normal boot
    21:28:37.0234 0x0f14 ============================================================
    21:28:38.0622 0x0f14 KLMD registered as C:\Windows\system32\drivers\90826149.sys
    21:28:39.0277 0x0f14 System UUID: {74683DA5-EA5C-2D33-D3AF-1181469DFBED}
    21:28:47.0093 0x0f14 Drive \Device\Harddisk1\DR1 - Size: 0x7470AFDE00 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    21:28:47.0109 0x0f14 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
    21:28:47.0109 0x0f14 ============================================================
    21:28:47.0109 0x0f14 \Device\Harddisk1\DR1:
    21:28:47.0109 0x0f14 MBR partitions:
    21:28:47.0109 0x0f14 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
    21:28:47.0109 0x0f14 \Device\Harddisk0\DR0:
    21:28:47.0109 0x0f14 MBR partitions:
    21:28:47.0109 0x0f14 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    21:28:47.0109 0x0f14 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A352000
    21:28:47.0109 0x0f14 ============================================================
    21:28:47.0124 0x0f14 C: <-> \Device\Harddisk0\DR0\Partition2
    21:28:47.0124 0x0f14 E: <-> \Device\Harddisk1\DR1\Partition1
    21:28:47.0124 0x0f14 ============================================================
    21:28:47.0124 0x0f14 Initialize success
    21:28:47.0124 0x0f14 ============================================================
    21:28:58.0154 0x0ef4 ============================================================
    21:28:58.0154 0x0ef4 Scan started
    21:28:58.0154 0x0ef4 Mode: Manual;
    21:28:58.0154 0x0ef4 ============================================================
    21:28:58.0154 0x0ef4 KSN ping started
    21:29:03.0052 0x0ef4 KSN ping finished: true
    21:29:05.0002 0x0ef4 ================ Scan system memory ========================
    21:29:05.0002 0x0ef4 System memory - ok
    21:29:05.0018 0x0ef4 ================ Scan services =============================
    21:29:05.0267 0x0ef4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    21:29:05.0267 0x0ef4 1394ohci - ok
    21:29:05.0345 0x0ef4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    21:29:05.0361 0x0ef4 ACPI - ok
    21:29:05.0376 0x0ef4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    21:29:05.0392 0x0ef4 AcpiPmi - ok
    21:29:05.0470 0x0ef4 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    21:29:05.0470 0x0ef4 AdobeARMservice - ok
    21:29:05.0532 0x0ef4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    21:29:05.0564 0x0ef4 adp94xx - ok
    21:29:05.0579 0x0ef4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    21:29:05.0595 0x0ef4 adpahci - ok
    21:29:05.0610 0x0ef4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    21:29:05.0610 0x0ef4 adpu320 - ok
    21:29:05.0642 0x0ef4 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    21:29:05.0642 0x0ef4 AeLookupSvc - ok
    21:29:05.0688 0x0ef4 [ 1C7857B62DE5994A75B054A9FD4C3825, 83F963D7E636532B1AD30B1E727EC429317CA540F6EB3BB268FCC0B163B67767 ] AFD C:\Windows\system32\drivers\afd.sys
    21:29:05.0704 0x0ef4 AFD - ok
    21:29:05.0735 0x0ef4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
    21:29:05.0735 0x0ef4 agp440 - ok
    21:29:05.0751 0x0ef4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
    21:29:05.0751 0x0ef4 ALG - ok
    21:29:05.0766 0x0ef4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
    21:29:05.0766 0x0ef4 aliide - ok
    21:29:05.0798 0x0ef4 [ E7BDC2E7D885A65031C6B93D5A80B019, B37B05CA81A200A0C303946A21901ED382468761AB8BB8F7F310700A060E813F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    21:29:05.0813 0x0ef4 AMD External Events Utility - ok
    21:29:05.0813 0x0ef4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
    21:29:05.0813 0x0ef4 amdide - ok
    21:29:05.0844 0x0ef4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    21:29:05.0844 0x0ef4 AmdK8 - ok
    21:29:06.0437 0x0ef4 [ 342156AF1FED5ED3A5D3FBB3D87F48E8, 119C85492EDCA82731E23A261DE39A72783713B01B89D8FA2F47400EB03C7C57 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    21:29:06.0827 0x0ef4 amdkmdag - ok
    21:29:06.0936 0x0ef4 [ 9DCA2AFEABF1D109FB2C229491C9F293, F020F4FDD29897C656287A2D01D51B4AE45AA604E4291BCE05FB7D994242EC04 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    21:29:06.0952 0x0ef4 amdkmdap - ok
    21:29:06.0968 0x0ef4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    21:29:06.0968 0x0ef4 AmdPPM - ok
    21:29:06.0999 0x0ef4 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    21:29:06.0999 0x0ef4 amdsata - ok
    21:29:07.0030 0x0ef4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    21:29:07.0046 0x0ef4 amdsbs - ok
    21:29:07.0061 0x0ef4 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
    21:29:07.0061 0x0ef4 amdxata - ok
    21:29:07.0092 0x0ef4 [ 4DE0D5D747A73797C95A97DCCE5018B5, 17EC669675C2E43515EFE2D8BCC9DDFFBE64F99EBFB9A6DAB429F65A2B504560 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
    21:29:07.0092 0x0ef4 androidusb - ok
    21:29:07.0124 0x0ef4 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
    21:29:07.0139 0x0ef4 AppID - ok
    21:29:07.0170 0x0ef4 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    21:29:07.0170 0x0ef4 AppIDSvc - ok
    21:29:07.0248 0x0ef4 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
    21:29:07.0248 0x0ef4 Appinfo - ok
    21:29:07.0311 0x0ef4 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
    21:29:07.0326 0x0ef4 AppMgmt - ok
    21:29:07.0326 0x0ef4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
    21:29:07.0326 0x0ef4 arc - ok
    21:29:07.0342 0x0ef4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    21:29:07.0342 0x0ef4 arcsas - ok
    21:29:07.0467 0x0ef4 [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    21:29:07.0467 0x0ef4 aspnet_state - ok
    21:29:07.0482 0x0ef4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    21:29:07.0482 0x0ef4 AsyncMac - ok
    21:29:07.0498 0x0ef4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
    21:29:07.0498 0x0ef4 atapi - ok
    21:29:07.0576 0x0ef4 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    21:29:07.0607 0x0ef4 AudioEndpointBuilder - ok
    21:29:07.0638 0x0ef4 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    21:29:07.0670 0x0ef4 AudioSrv - ok
    21:29:07.0716 0x0ef4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
    21:29:07.0716 0x0ef4 AxInstSV - ok
    21:29:07.0779 0x0ef4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    21:29:07.0794 0x0ef4 b06bdrv - ok
    21:29:07.0857 0x0ef4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    21:29:07.0872 0x0ef4 b57nd60a - ok
    21:29:07.0919 0x0ef4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
    21:29:07.0919 0x0ef4 BDESVC - ok
    21:29:07.0935 0x0ef4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
    21:29:07.0935 0x0ef4 Beep - ok
    21:29:08.0013 0x0ef4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
    21:29:08.0044 0x0ef4 BFE - ok
    21:29:08.0091 0x0ef4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
    21:29:08.0138 0x0ef4 BITS - ok
    21:29:08.0153 0x0ef4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    21:29:08.0153 0x0ef4 blbdrive - ok
    21:29:08.0184 0x0ef4 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    21:29:08.0184 0x0ef4 bowser - ok
    21:29:08.0247 0x0ef4 BRDriver64 - ok
    21:29:08.0262 0x0ef4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    21:29:08.0262 0x0ef4 BrFiltLo - ok
    21:29:08.0262 0x0ef4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    21:29:08.0262 0x0ef4 BrFiltUp - ok
    21:29:08.0278 0x0ef4 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    21:29:08.0278 0x0ef4 BridgeMP - ok
    21:29:08.0309 0x0ef4 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
    21:29:08.0325 0x0ef4 Browser - ok
    21:29:08.0340 0x0ef4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    21:29:08.0340 0x0ef4 Brserid - ok
    21:29:08.0356 0x0ef4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    21:29:08.0356 0x0ef4 BrSerWdm - ok
    21:29:08.0387 0x0ef4 [ 10813741F5DED490D989602E8EAFD305, 599ACC097E11A65524DA98A2FF36E212664A5EB7C7AB8BC2586A957EDF4BC4AC ] BRSptSvc C:\ProgramData\BitRaider\BRSptSvc.exe
    21:29:08.0403 0x0ef4 BRSptSvc - ok
    21:29:08.0403 0x0ef4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    21:29:08.0403 0x0ef4 BrUsbMdm - ok
    21:29:08.0418 0x0ef4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    21:29:08.0418 0x0ef4 BrUsbSer - ok
    21:29:08.0418 0x0ef4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    21:29:08.0434 0x0ef4 BTHMODEM - ok
    21:29:08.0450 0x0ef4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
    21:29:08.0465 0x0ef4 bthserv - ok
    21:29:08.0465 0x0ef4 catchme - ok
    21:29:08.0512 0x0ef4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    21:29:08.0512 0x0ef4 cdfs - ok
    21:29:08.0590 0x0ef4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    21:29:08.0590 0x0ef4 cdrom - ok
    21:29:08.0652 0x0ef4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
    21:29:08.0652 0x0ef4 CertPropSvc - ok
    21:29:08.0699 0x0ef4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    21:29:08.0699 0x0ef4 circlass - ok
    21:29:08.0746 0x0ef4 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
    21:29:08.0762 0x0ef4 CLFS - ok
    21:29:08.0808 0x0ef4 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    21:29:08.0808 0x0ef4 clr_optimization_v2.0.50727_32 - ok
    21:29:08.0840 0x0ef4 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    21:29:08.0840 0x0ef4 clr_optimization_v2.0.50727_64 - ok
    21:29:08.0918 0x0ef4 [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    21:29:08.0918 0x0ef4 clr_optimization_v4.0.30319_32 - ok
    21:29:08.0949 0x0ef4 [ 86329C35FF23CFEF0FB6C0023BA06BCE, D915CE7AD564F97A1C3B047D5248B7EF67ADDC59687FBC90F1776C21DAA0D3FD ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    21:29:08.0949 0x0ef4 clr_optimization_v4.0.30319_64 - ok
    21:29:08.0964 0x0ef4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    21:29:08.0964 0x0ef4 CmBatt - ok
    21:29:09.0354 0x0ef4 [ 5B33C08DE574DA58606B61CFCCD3F082, F88D7BD25D32C2A59AD602DBFED8CA061635B8FEF98CFF93715260B1925D1C4E ] CmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    21:29:09.0620 0x0ef4 CmdAgent - ok
    21:29:09.0682 0x0ef4 [ 348A7FDDF0D7354ED6308AF96EEF4F54, CB3631315429E3187E77C5799EF7AABE68320D29370DE2992F644D07975BD7A6 ] cmderd C:\Windows\system32\DRIVERS\cmderd.sys
    21:29:09.0682 0x0ef4 cmderd - ok
    21:29:09.0729 0x0ef4 [ 923659525ADAC632EA6F94570CCE1561, 375571DAC5A13160295E10EDE571B1A05500FD4136EAF4C48BD664D7D427E069 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
    21:29:09.0760 0x0ef4 cmdGuard - ok
    21:29:09.0807 0x0ef4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
    21:29:09.0807 0x0ef4 cmdide - ok
    21:29:09.0963 0x0ef4 [ E621EC50B1A85D875904CC0741F03D16, 644077BC4560DA3E8EEAD93170A0E1B7D67293338280A34315BED4A684D42EEB ] cmdvirth C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
    21:29:10.0072 0x0ef4 cmdvirth - ok
    21:29:10.0150 0x0ef4 [ 9AC4F97C2D3E93367E2148EA940CD2CD, 530E089E5CF868AECDB2B5548EBE76E0CA98FC74A72897292AB2485734402E3B ] CNG C:\Windows\system32\Drivers\cng.sys
    21:29:10.0166 0x0ef4 CNG - ok
    21:29:10.0197 0x0ef4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    21:29:10.0197 0x0ef4 Compbatt - ok
    21:29:10.0244 0x0ef4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    21:29:10.0244 0x0ef4 CompositeBus - ok
    21:29:10.0275 0x0ef4 COMSysApp - ok
    21:29:10.0290 0x0ef4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    21:29:10.0290 0x0ef4 crcdisk - ok
    21:29:10.0337 0x0ef4 [ D8129C49798CBBFB2E4351D4B7B8EF9C, 7C125DBA3F88E7C6D98AE0869EDB7995360904A913923528ABD0429B2608C313 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    21:29:10.0353 0x0ef4 CryptSvc - ok
    21:29:10.0400 0x0ef4 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
    21:29:10.0415 0x0ef4 CSC - ok
    21:29:10.0462 0x0ef4 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
    21:29:10.0478 0x0ef4 CscService - ok
    21:29:10.0509 0x0ef4 [ C6E1C081C0849E08FECEC18DF73B10C4, B5E552F4744C91836CBAF3F62CB861C1D9422721870D11B5CCE21B45E384985A ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
    21:29:10.0524 0x0ef4 dc3d - ok
    21:29:10.0587 0x0ef4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
    21:29:10.0587 0x0ef4 DcomLaunch - ok
    21:29:10.0634 0x0ef4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
    21:29:10.0649 0x0ef4 defragsvc - ok
    21:29:10.0680 0x0ef4 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    21:29:10.0696 0x0ef4 DfsC - ok
    21:29:10.0743 0x0ef4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
    21:29:10.0743 0x0ef4 Dhcp - ok
    21:29:10.0774 0x0ef4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
    21:29:10.0774 0x0ef4 discache - ok
    21:29:10.0805 0x0ef4 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
    21:29:10.0805 0x0ef4 Disk - ok
    21:29:10.0852 0x0ef4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    21:29:10.0868 0x0ef4 Dnscache - ok
    21:29:10.0899 0x0ef4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
    21:29:10.0899 0x0ef4 dot3svc - ok
    21:29:10.0946 0x0ef4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
    21:29:10.0946 0x0ef4 DPS - ok
    21:29:10.0992 0x0ef4 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    21:29:10.0992 0x0ef4 drmkaud - ok
    21:29:11.0070 0x0ef4 [ AF2E16242AA723F68F461B6EAE2EAD3D, 3973633C6D231DB8D92DE310D3A0836C64639B9A20C6C56385FB218A707C1BC3 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    21:29:11.0102 0x0ef4 DXGKrnl - ok
    21:29:11.0133 0x0ef4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
    21:29:11.0133 0x0ef4 EapHost - ok
    21:29:11.0273 0x0ef4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    21:29:11.0429 0x0ef4 ebdrv - ok
    21:29:11.0476 0x0ef4 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] EFS C:\Windows\System32\lsass.exe
    21:29:11.0476 0x0ef4 EFS - ok
    21:29:11.0554 0x0ef4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    21:29:11.0585 0x0ef4 ehRecvr - ok
    21:29:11.0616 0x0ef4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
    21:29:11.0632 0x0ef4 ehSched - ok
    21:29:11.0663 0x0ef4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    21:29:11.0679 0x0ef4 elxstor - ok
    21:29:11.0710 0x0ef4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    21:29:11.0710 0x0ef4 ErrDev - ok
    21:29:11.0788 0x0ef4 [ DF96C3CD6AE15F6D0A6BCB70F9C1E88D, 4D9E779684D19137D43472CA18C8A955AD29C82C5F9D7C7E248A1400EE40EE59 ] esgiguard C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys
    21:29:11.0788 0x0ef4 esgiguard - ok
    21:29:11.0788 0x0ef4 EsgScanner - ok
    21:29:11.0835 0x0ef4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
    21:29:11.0866 0x0ef4 EventSystem - ok
    21:29:11.0882 0x0ef4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
    21:29:11.0882 0x0ef4 exfat - ok
    21:29:11.0913 0x0ef4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    21:29:11.0913 0x0ef4 fastfat - ok
    21:29:11.0960 0x0ef4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
    21:29:12.0006 0x0ef4 Fax - ok
    21:29:12.0006 0x0ef4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    21:29:12.0006 0x0ef4 fdc - ok
    21:29:12.0022 0x0ef4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
    21:29:12.0022 0x0ef4 fdPHost - ok
    21:29:12.0053 0x0ef4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
    21:29:12.0053 0x0ef4 FDResPub - ok
    21:29:12.0069 0x0ef4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    21:29:12.0084 0x0ef4 FileInfo - ok
    21:29:12.0084 0x0ef4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    21:29:12.0084 0x0ef4 Filetrace - ok
    21:29:12.0100 0x0ef4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    21:29:12.0100 0x0ef4 flpydisk - ok
    21:29:12.0131 0x0ef4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    21:29:12.0147 0x0ef4 FltMgr - ok
    21:29:12.0240 0x0ef4 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
    21:29:12.0287 0x0ef4 FontCache - ok
    21:29:12.0334 0x0ef4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    21:29:12.0334 0x0ef4 FontCache3.0.0.0 - ok
    21:29:12.0350 0x0ef4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    21:29:12.0350 0x0ef4 FsDepends - ok
    21:29:12.0396 0x0ef4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    21:29:12.0396 0x0ef4 Fs_Rec - ok
    21:29:12.0428 0x0ef4 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    21:29:12.0428 0x0ef4 fvevol - ok
    21:29:12.0459 0x0ef4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    21:29:12.0459 0x0ef4 gagp30kx - ok
    21:29:12.0537 0x0ef4 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
    21:29:12.0568 0x0ef4 gpsvc - ok
    21:29:12.0615 0x0ef4 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    21:29:12.0630 0x0ef4 gupdate - ok
    21:29:12.0630 0x0ef4 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    21:29:12.0630 0x0ef4 gupdatem - ok
    21:29:12.0662 0x0ef4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    21:29:12.0662 0x0ef4 hcw85cir - ok
    21:29:12.0740 0x0ef4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    21:29:12.0755 0x0ef4 HdAudAddService - ok
    21:29:12.0786 0x0ef4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    21:29:12.0786 0x0ef4 HDAudBus - ok
    21:29:12.0802 0x0ef4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    21:29:12.0802 0x0ef4 HidBatt - ok
    21:29:12.0818 0x0ef4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    21:29:12.0818 0x0ef4 HidBth - ok
    21:29:12.0833 0x0ef4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    21:29:12.0833 0x0ef4 HidIr - ok
    21:29:12.0896 0x0ef4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
    21:29:12.0896 0x0ef4 hidserv - ok
    21:29:12.0927 0x0ef4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    21:29:12.0927 0x0ef4 HidUsb - ok
    21:29:12.0974 0x0ef4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
    21:29:12.0974 0x0ef4 hkmsvc - ok
    21:29:13.0020 0x0ef4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    21:29:13.0020 0x0ef4 HomeGroupListener - ok
    21:29:13.0067 0x0ef4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    21:29:13.0067 0x0ef4 HomeGroupProvider - ok
    21:29:13.0098 0x0ef4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    21:29:13.0098 0x0ef4 HpSAMD - ok
    21:29:13.0161 0x0ef4 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    21:29:13.0192 0x0ef4 HTTP - ok
    21:29:13.0223 0x0ef4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    21:29:13.0223 0x0ef4 hwpolicy - ok
    21:29:13.0239 0x0ef4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    21:29:13.0239 0x0ef4 i8042prt - ok
    21:29:13.0270 0x0ef4 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    21:29:13.0286 0x0ef4 iaStorV - ok
    21:29:13.0348 0x0ef4 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    21:29:13.0410 0x0ef4 idsvc - ok
    21:29:13.0457 0x0ef4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    21:29:13.0457 0x0ef4 iirsp - ok
    21:29:13.0504 0x0ef4 [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT C:\Windows\System32\ikeext.dll
    21:29:13.0551 0x0ef4 IKEEXT - ok
    21:29:13.0566 0x0ef4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
    21:29:13.0566 0x0ef4 intelide - ok
    21:29:13.0598 0x0ef4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    21:29:13.0613 0x0ef4 intelppm - ok
    21:29:13.0644 0x0ef4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    21:29:13.0644 0x0ef4 IPBusEnum - ok
    21:29:13.0676 0x0ef4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:29:13.0691 0x0ef4 IpFilterDriver - ok
    21:29:13.0738 0x0ef4 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    21:29:13.0769 0x0ef4 iphlpsvc - ok
    21:29:13.0800 0x0ef4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    21:29:13.0800 0x0ef4 IPMIDRV - ok
    21:29:13.0816 0x0ef4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    21:29:13.0816 0x0ef4 IPNAT - ok
    21:29:13.0832 0x0ef4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
    21:29:13.0832 0x0ef4 IRENUM - ok
    21:29:13.0847 0x0ef4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    21:29:13.0847 0x0ef4 isapnp - ok
    21:29:13.0878 0x0ef4 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    21:29:13.0878 0x0ef4 iScsiPrt - ok
    21:29:13.0925 0x0ef4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    21:29:13.0925 0x0ef4 kbdclass - ok
    21:29:13.0956 0x0ef4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    21:29:13.0956 0x0ef4 kbdhid - ok
    21:29:13.0972 0x0ef4 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] KeyIso C:\Windows\system32\lsass.exe
    21:29:13.0972 0x0ef4 KeyIso - ok
    21:29:14.0003 0x0ef4 [ 97A7070AEA4C058B6418519E869A63B4, 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    21:29:14.0019 0x0ef4 KSecDD - ok
    21:29:14.0019 0x0ef4 [ 26C43A7C2862447EC59DEDA188D1DA07, 5363BF87E650FE2010ACA9417D6920FF4ED752256FF47732882E9B2BA1ED154B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    21:29:14.0034 0x0ef4 KSecPkg - ok
    21:29:14.0112 0x0ef4 [ 6EFBC82722D0F7B35283993189ECE9D0, C992072A3248C35C5C46E0CCD463C60C6376E7E17AA67BAFF8260C200DC47900 ] KSS C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
    21:29:14.0128 0x0ef4 KSS - ok
    21:29:14.0144 0x0ef4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    21:29:14.0144 0x0ef4 ksthunk - ok
    21:29:14.0190 0x0ef4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
    21:29:14.0206 0x0ef4 KtmRm - ok
    21:29:14.0237 0x0ef4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
    21:29:14.0237 0x0ef4 LanmanServer - ok
    21:29:14.0284 0x0ef4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    21:29:14.0284 0x0ef4 LanmanWorkstation - ok
    21:29:14.0331 0x0ef4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    21:29:14.0346 0x0ef4 lltdsvc - ok
    21:29:14.0378 0x0ef4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
    21:29:14.0378 0x0ef4 lmhosts - ok
    21:29:14.0409 0x0ef4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    21:29:14.0409 0x0ef4 LSI_FC - ok
    21:29:14.0409 0x0ef4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    21:29:14.0424 0x0ef4 LSI_SAS - ok
    21:29:14.0424 0x0ef4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    21:29:14.0424 0x0ef4 LSI_SAS2 - ok
    21:29:14.0440 0x0ef4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    21:29:14.0440 0x0ef4 LSI_SCSI - ok
    21:29:14.0471 0x0ef4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
    21:29:14.0471 0x0ef4 luafv - ok
    21:29:14.0518 0x0ef4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    21:29:14.0518 0x0ef4 Mcx2Svc - ok
    21:29:14.0518 0x0ef4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    21:29:14.0534 0x0ef4 megasas - ok
    21:29:14.0549 0x0ef4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    21:29:14.0565 0x0ef4 MegaSR - ok
    21:29:14.0580 0x0ef4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
    21:29:14.0580 0x0ef4 MMCSS - ok
    21:29:14.0596 0x0ef4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
    21:29:14.0596 0x0ef4 Modem - ok
    21:29:14.0612 0x0ef4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    21:29:14.0612 0x0ef4 monitor - ok
    21:29:14.0643 0x0ef4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    21:29:14.0643 0x0ef4 mouclass - ok
    21:29:14.0674 0x0ef4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    21:29:14.0674 0x0ef4 mouhid - ok
    21:29:14.0705 0x0ef4 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    21:29:14.0721 0x0ef4 mountmgr - ok
    21:29:14.0752 0x0ef4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
    21:29:14.0752 0x0ef4 mpio - ok
    21:29:14.0799 0x0ef4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    21:29:14.0799 0x0ef4 mpsdrv - ok
    21:29:14.0861 0x0ef4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
    21:29:14.0892 0x0ef4 MpsSvc - ok
    21:29:14.0939 0x0ef4 [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    21:29:14.0939 0x0ef4 MRxDAV - ok
    21:29:14.0970 0x0ef4 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:29:14.0970 0x0ef4 mrxsmb - ok
    21:29:15.0002 0x0ef4 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:29:15.0017 0x0ef4 mrxsmb10 - ok
    21:29:15.0048 0x0ef4 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:29:15.0048 0x0ef4 mrxsmb20 - ok
    21:29:15.0080 0x0ef4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
    21:29:15.0080 0x0ef4 msahci - ok
    21:29:15.0111 0x0ef4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    21:29:15.0111 0x0ef4 msdsm - ok
    21:29:15.0142 0x0ef4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
    21:29:15.0142 0x0ef4 MSDTC - ok
    21:29:15.0189 0x0ef4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    21:29:15.0189 0x0ef4 Msfs - ok
    21:29:15.0204 0x0ef4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    21:29:15.0204 0x0ef4 mshidkmdf - ok
    21:29:15.0236 0x0ef4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    21:29:15.0236 0x0ef4 msisadrv - ok
    21:29:15.0282 0x0ef4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    21:29:15.0282 0x0ef4 MSiSCSI - ok
    21:29:15.0298 0x0ef4 msiserver - ok
    21:29:15.0314 0x0ef4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    21:29:15.0314 0x0ef4 MSKSSRV - ok
    21:29:15.0314 0x0ef4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    21:29:15.0329 0x0ef4 MSPCLOCK - ok
    21:29:15.0329 0x0ef4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    21:29:15.0329 0x0ef4 MSPQM - ok
    21:29:15.0376 0x0ef4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    21:29:15.0392 0x0ef4 MsRPC - ok
    21:29:15.0423 0x0ef4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    21:29:15.0423 0x0ef4 mssmbios - ok
    21:29:15.0438 0x0ef4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    21:29:15.0438 0x0ef4 MSTEE - ok
    21:29:15.0454 0x0ef4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    21:29:15.0454 0x0ef4 MTConfig - ok
    21:29:15.0470 0x0ef4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
    21:29:15.0485 0x0ef4 Mup - ok
    21:29:15.0548 0x0ef4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
    21:29:15.0563 0x0ef4 napagent - ok
    21:29:15.0610 0x0ef4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    21:29:15.0610 0x0ef4 NativeWifiP - ok
    21:29:15.0704 0x0ef4 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
    21:29:15.0750 0x0ef4 NDIS - ok
    21:29:15.0766 0x0ef4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    21:29:15.0766 0x0ef4 NdisCap - ok
    21:29:15.0797 0x0ef4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    21:29:15.0797 0x0ef4 NdisTapi - ok
    21:29:15.0828 0x0ef4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    21:29:15.0828 0x0ef4 Ndisuio - ok
    21:29:15.0875 0x0ef4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    21:29:15.0875 0x0ef4 NdisWan - ok
    21:29:15.0906 0x0ef4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    21:29:15.0906 0x0ef4 NDProxy - ok
    21:29:15.0922 0x0ef4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    21:29:15.0922 0x0ef4 NetBIOS - ok
    21:29:15.0953 0x0ef4 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    21:29:15.0969 0x0ef4 NetBT - ok
    21:29:15.0984 0x0ef4 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] Netlogon C:\Windows\system32\lsass.exe
    21:29:15.0984 0x0ef4 Netlogon - ok
    21:29:16.0016 0x0ef4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
    21:29:16.0031 0x0ef4 Netman - ok
    21:29:16.0094 0x0ef4 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:29:16.0094 0x0ef4 NetMsmqActivator - ok
    21:29:16.0109 0x0ef4 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:29:16.0109 0x0ef4 NetPipeActivator - ok
    21:29:16.0140 0x0ef4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
    21:29:16.0156 0x0ef4 netprofm - ok
    21:29:16.0234 0x0ef4 [ 618C55B392238B9467F9113E13525C49, 304A77EF3E1E7A1738E5A4F6A911B4DF736CEF4867C6F07CA71E227048E90370 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
    21:29:16.0265 0x0ef4 netr28ux - ok
    21:29:16.0296 0x0ef4 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:29:16.0296 0x0ef4 NetTcpActivator - ok
    21:29:16.0312 0x0ef4 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:29:16.0312 0x0ef4 NetTcpPortSharing - ok
    21:29:16.0328 0x0ef4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    21:29:16.0328 0x0ef4 nfrd960 - ok
    21:29:16.0359 0x0ef4 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
    21:29:16.0374 0x0ef4 NlaSvc - ok
    21:29:16.0390 0x0ef4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
    21:29:16.0390 0x0ef4 Npfs - ok
    21:29:16.0406 0x0ef4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
    21:29:16.0406 0x0ef4 nsi - ok
    21:29:16.0406 0x0ef4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    21:29:16.0406 0x0ef4 nsiproxy - ok
    21:29:16.0515 0x0ef4 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    21:29:16.0577 0x0ef4 Ntfs - ok
    21:29:16.0593 0x0ef4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
    21:29:16.0593 0x0ef4 Null - ok
    21:29:16.0640 0x0ef4 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    21:29:16.0640 0x0ef4 nvraid - ok
    21:29:16.0655 0x0ef4 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    21:29:16.0655 0x0ef4 nvstor - ok
    21:29:16.0671 0x0ef4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    21:29:16.0686 0x0ef4 nv_agp - ok
    21:29:16.0702 0x0ef4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    21:29:16.0702 0x0ef4 ohci1394 - ok
    21:29:16.0780 0x0ef4 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    21:29:16.0796 0x0ef4 ose - ok
    21:29:17.0045 0x0ef4 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    21:29:17.0248 0x0ef4 osppsvc - ok
    21:29:17.0295 0x0ef4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    21:29:17.0310 0x0ef4 p2pimsvc - ok
    21:29:17.0342 0x0ef4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
    21:29:17.0357 0x0ef4 p2psvc - ok
    21:29:17.0388 0x0ef4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    21:29:17.0388 0x0ef4 Parport - ok
    21:29:17.0404 0x0ef4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    21:29:17.0420 0x0ef4 partmgr - ok
    21:29:17.0451 0x0ef4 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
    21:29:17.0451 0x0ef4 PcaSvc - ok
    21:29:17.0482 0x0ef4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
    21:29:17.0482 0x0ef4 pci - ok
    21:29:17.0498 0x0ef4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
    21:29:17.0498 0x0ef4 pciide - ok
    21:29:17.0513 0x0ef4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    21:29:17.0513 0x0ef4 pcmcia - ok
    21:29:17.0529 0x0ef4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
    21:29:17.0544 0x0ef4 pcw - ok
    21:29:17.0576 0x0ef4 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    21:29:17.0607 0x0ef4 PEAUTH - ok
    21:29:17.0700 0x0ef4 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    21:29:17.0747 0x0ef4 PeerDistSvc - ok
    21:29:17.0825 0x0ef4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
    21:29:17.0825 0x0ef4 PerfHost - ok
    21:29:17.0903 0x0ef4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
    21:29:17.0966 0x0ef4 pla - ok
    21:29:18.0028 0x0ef4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    21:29:18.0044 0x0ef4 PlugPlay - ok
    21:29:18.0059 0x0ef4 PnkBstrA - ok
    21:29:18.0090 0x0ef4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    21:29:18.0106 0x0ef4 PNRPAutoReg - ok
    21:29:18.0122 0x0ef4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    21:29:18.0137 0x0ef4 PNRPsvc - ok
    21:29:18.0184 0x0ef4 [ 520D48ECB54A33821C95EE496A4235AF, 3C7984E480F134E303E6AD03A3837515F3E03A4727F1AD184BD1D8C71D68FFEF ] Point64 C:\Windows\system32\DRIVERS\point64.sys
    21:29:18.0184 0x0ef4 Point64 - ok
    21:29:18.0246 0x0ef4 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    21:29:18.0278 0x0ef4 PolicyAgent - ok
    21:29:18.0309 0x0ef4 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
    21:29:18.0309 0x0ef4 Power - ok
    21:29:18.0340 0x0ef4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    21:29:18.0340 0x0ef4 PptpMiniport - ok
    21:29:18.0371 0x0ef4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
    21:29:18.0371 0x0ef4 Processor - ok
    21:29:18.0418 0x0ef4 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
    21:29:18.0434 0x0ef4 ProfSvc - ok
    21:29:18.0449 0x0ef4 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] ProtectedStorage C:\Windows\system32\lsass.exe
    21:29:18.0449 0x0ef4 ProtectedStorage - ok
    21:29:18.0527 0x0ef4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    21:29:18.0590 0x0ef4 ql2300 - ok
    21:29:18.0605 0x0ef4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    21:29:18.0605 0x0ef4 ql40xx - ok
    21:29:18.0621 0x0ef4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
    21:29:18.0636 0x0ef4 QWAVE - ok
    21:29:18.0652 0x0ef4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    21:29:18.0652 0x0ef4 QWAVEdrv - ok
    21:29:18.0652 0x0ef4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    21:29:18.0652 0x0ef4 RasAcd - ok
    21:29:18.0683 0x0ef4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    21:29:18.0683 0x0ef4 RasAgileVpn - ok
    21:29:18.0699 0x0ef4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
    21:29:18.0714 0x0ef4 RasAuto - ok
    21:29:18.0746 0x0ef4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:29:18.0746 0x0ef4 Rasl2tp - ok
    21:29:18.0792 0x0ef4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
    21:29:18.0808 0x0ef4 RasMan - ok
    21:29:18.0808 0x0ef4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    21:29:18.0808 0x0ef4 RasPppoe - ok
    21:29:18.0824 0x0ef4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    21:29:18.0824 0x0ef4 RasSstp - ok
    21:29:18.0870 0x0ef4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    21:29:18.0870 0x0ef4 rdbss - ok
    21:29:18.0886 0x0ef4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    21:29:18.0886 0x0ef4 rdpbus - ok
    21:29:18.0886 0x0ef4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:29:18.0886 0x0ef4 RDPCDD - ok
    21:29:18.0933 0x0ef4 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    21:29:18.0948 0x0ef4 RDPDR - ok
    21:29:18.0964 0x0ef4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    21:29:18.0964 0x0ef4 RDPENCDD - ok
    21:29:18.0980 0x0ef4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    21:29:18.0980 0x0ef4 RDPREFMP - ok
    21:29:19.0026 0x0ef4 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    21:29:19.0042 0x0ef4 RDPWD - ok
    21:29:19.0089 0x0ef4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    21:29:19.0089 0x0ef4 rdyboost - ok
    21:29:19.0120 0x0ef4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
    21:29:19.0120 0x0ef4 RemoteAccess - ok
    21:29:19.0167 0x0ef4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    21:29:19.0167 0x0ef4 RemoteRegistry - ok
    21:29:19.0198 0x0ef4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    21:29:19.0198 0x0ef4 RpcEptMapper - ok
    21:29:19.0229 0x0ef4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
    21:29:19.0229 0x0ef4 RpcLocator - ok
    21:29:19.0292 0x0ef4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
    21:29:19.0307 0x0ef4 RpcSs - ok
    21:29:19.0354 0x0ef4 [ BAEFEE35D27A5440D35092CE10267BEC, FB550D38C01E07B1170C52C1441874B56DD3BECB10CBE8E132EE3276A05C796E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    21:29:19.0370 0x0ef4 RTL8167 - ok
    21:29:19.0401 0x0ef4 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    21:29:19.0401 0x0ef4 s3cap - ok
    21:29:19.0416 0x0ef4 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] SamSs C:\Windows\system32\lsass.exe
    21:29:19.0432 0x0ef4 SamSs - ok
    21:29:19.0448 0x0ef4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    21:29:19.0448 0x0ef4 sbp2port - ok
    21:29:19.0463 0x0ef4 scan - ok
    21:29:19.0494 0x0ef4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    21:29:19.0510 0x0ef4 SCardSvr - ok
    21:29:19.0541 0x0ef4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    21:29:19.0541 0x0ef4 scfilter - ok
    21:29:19.0619 0x0ef4 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
    21:29:19.0682 0x0ef4 Schedule - ok
    21:29:19.0791 0x0ef4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
    21:29:19.0791 0x0ef4 SCPolicySvc - ok
    21:29:19.0838 0x0ef4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    21:29:19.0838 0x0ef4 SDRSVC - ok
    21:29:19.0869 0x0ef4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
    21:29:19.0869 0x0ef4 secdrv - ok
    21:29:19.0900 0x0ef4 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
    21:29:19.0900 0x0ef4 seclogon - ok
    21:29:19.0931 0x0ef4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
    21:29:19.0931 0x0ef4 SENS - ok
    21:29:19.0947 0x0ef4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
    21:29:19.0962 0x0ef4 SensrSvc - ok
    21:29:19.0978 0x0ef4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    21:29:19.0978 0x0ef4 Serenum - ok
    21:29:19.0978 0x0ef4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
    21:29:19.0978 0x0ef4 Serial - ok
    21:29:20.0009 0x0ef4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    21:29:20.0009 0x0ef4 sermouse - ok
    21:29:20.0056 0x0ef4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
    21:29:20.0056 0x0ef4 SessionEnv - ok
    21:29:20.0087 0x0ef4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    21:29:20.0087 0x0ef4 sffdisk - ok
    21:29:20.0103 0x0ef4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    21:29:20.0103 0x0ef4 sffp_mmc - ok
    21:29:20.0103 0x0ef4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    21:29:20.0103 0x0ef4 sffp_sd - ok
    21:29:20.0118 0x0ef4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    21:29:20.0118 0x0ef4 sfloppy - ok
    21:29:20.0165 0x0ef4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    21:29:20.0165 0x0ef4 SharedAccess - ok
    21:29:20.0212 0x0ef4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    21:29:20.0228 0x0ef4 ShellHWDetection - ok
    21:29:20.0243 0x0ef4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    21:29:20.0243 0x0ef4 SiSRaid2 - ok
    21:29:20.0243 0x0ef4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    21:29:20.0243 0x0ef4 SiSRaid4 - ok
    21:29:20.0259 0x0ef4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    21:29:20.0259 0x0ef4 Smb - ok
    21:29:20.0290 0x0ef4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    21:29:20.0290 0x0ef4 SNMPTRAP - ok
    21:29:20.0306 0x0ef4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
    21:29:20.0306 0x0ef4 spldr - ok
    21:29:20.0368 0x0ef4 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
    21:29:20.0399 0x0ef4 Spooler - ok
    21:29:20.0555 0x0ef4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
    21:29:20.0633 0x0ef4 sppsvc - ok
    21:29:20.0680 0x0ef4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    21:29:20.0680 0x0ef4 sppuinotify - ok
    21:29:20.0774 0x0ef4 [ 48AAE4C5E13611ED49C68F06857FF930, 1CEB55995F3CDE56159EB67006DF7AC9254B83EA8D8D06C200997DD9D89E10CC ] SpyHunter 4 Service C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
    21:29:20.0805 0x0ef4 SpyHunter 4 Service - ok
    21:29:20.0836 0x0ef4 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
    21:29:20.0852 0x0ef4 srv - ok
    21:29:20.0883 0x0ef4 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    21:29:20.0898 0x0ef4 srv2 - ok
    21:29:20.0914 0x0ef4 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    21:29:20.0930 0x0ef4 srvnet - ok
    21:29:20.0992 0x0ef4 [ 8F8324ED1DE63FFC7B1A02CD2D963C72, E58603F81DEAFF1D45CB83FB6E625E6A13868741B833B1C9E60D672179D18EE0 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
    21:29:20.0992 0x0ef4 ssadbus - ok
    21:29:21.0023 0x0ef4 [ 58221EFCB74167B73667F0024C661CE0, D9B67A8897B4DC3E4729187F17ABEB4710CF57440D718E17ED828439198D34DB ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
    21:29:21.0023 0x0ef4 ssadmdfl - ok
    21:29:21.0054 0x0ef4 [ 4DA7C71BFAC5AD71255B7E4CAB980163, 4CC0F9C8E96ECEF36EEB021E448A9734B63512D030516DC38B1A2EEAA1043AEC ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
    21:29:21.0054 0x0ef4 ssadmdm - ok
    21:29:21.0101 0x0ef4 [ D33D1BD3EC0E766211A234F56A12726D, 53EEAA94865554F8422D111D717B548DF553B5B8647D2A45F3718BF4AEEBEC27 ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
    21:29:21.0101 0x0ef4 ssadserd - ok
    21:29:21.0132 0x0ef4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    21:29:21.0132 0x0ef4 SSDPSRV - ok
    21:29:21.0164 0x0ef4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
    21:29:21.0164 0x0ef4 SstpSvc - ok
    21:29:21.0210 0x0ef4 [ 706080AD43599D4AB04F1676A3A62CC1, BD9A645163501E2234CAB2B99DB297A634526786D2CDC55FE1C18F5019623E34 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    21:29:21.0226 0x0ef4 Steam Client Service - ok
    21:29:21.0288 0x0ef4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    21:29:21.0288 0x0ef4 stexstor - ok
    21:29:21.0366 0x0ef4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
    21:29:21.0398 0x0ef4 stisvc - ok
    21:29:21.0444 0x0ef4 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    21:29:21.0444 0x0ef4 storflt - ok
    21:29:21.0476 0x0ef4 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
    21:29:21.0491 0x0ef4 StorSvc - ok
    21:29:21.0507 0x0ef4 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
    21:29:21.0507 0x0ef4 storvsc - ok
    21:29:21.0522 0x0ef4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
    21:29:21.0522 0x0ef4 swenum - ok
    21:29:21.0554 0x0ef4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
    21:29:21.0569 0x0ef4 swprv - ok
    21:29:21.0678 0x0ef4 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
    21:29:21.0772 0x0ef4 SysMain - ok
    21:29:21.0803 0x0ef4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
    21:29:21.0819 0x0ef4 TabletInputService - ok
    21:29:21.0850 0x0ef4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
    21:29:21.0850 0x0ef4 TapiSrv - ok
    21:29:21.0881 0x0ef4 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
    21:29:21.0881 0x0ef4 TBS - ok
    21:29:21.0990 0x0ef4 [ 9849EA3843A2ADBDD1497E97A85D8CAE, 71984DB2555989A0934E158281EA5F966109EC925B064B2045469A0E77971A7C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    21:29:22.0068 0x0ef4 Tcpip - ok
    21:29:22.0146 0x0ef4 [ 9849EA3843A2ADBDD1497E97A85D8CAE, 71984DB2555989A0934E158281EA5F966109EC925B064B2045469A0E77971A7C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    21:29:22.0193 0x0ef4 TCPIP6 - ok
    21:29:22.0224 0x0ef4 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    21:29:22.0240 0x0ef4 tcpipreg - ok
    21:29:22.0256 0x0ef4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    21:29:22.0256 0x0ef4 TDPIPE - ok
    21:29:22.0287 0x0ef4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    21:29:22.0287 0x0ef4 TDTCP - ok
    21:29:22.0334 0x0ef4 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    21:29:22.0349 0x0ef4 tdx - ok
    21:29:22.0614 0x0ef4 [ 775A7C4B689C0F112A12AD62064E57D1, C9E9B0F89AEA660CA80F8CC1C9E7116E199B267700265BB47640B0A9341C52FF ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    21:29:22.0739 0x0ef4 TeamViewer8 - ok
    21:29:22.0786 0x0ef4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
    21:29:22.0786 0x0ef4 TermDD - ok
    21:29:22.0833 0x0ef4 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
    21:29:22.0864 0x0ef4 TermService - ok
    21:29:22.0880 0x0ef4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
    21:29:22.0895 0x0ef4 Themes - ok
    21:29:22.0926 0x0ef4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
    21:29:22.0926 0x0ef4 THREADORDER - ok
    21:29:22.0942 0x0ef4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
    21:29:22.0958 0x0ef4 TrkWks - ok
    21:29:23.0004 0x0ef4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    21:29:23.0004 0x0ef4 TrustedInstaller - ok
    21:29:23.0051 0x0ef4 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:29:23.0051 0x0ef4 tssecsrv - ok
    21:29:23.0114 0x0ef4 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    21:29:23.0114 0x0ef4 TsUsbFlt - ok
    21:29:23.0176 0x0ef4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    21:29:23.0192 0x0ef4 tunnel - ok
    21:29:23.0207 0x0ef4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    21:29:23.0223 0x0ef4 uagp35 - ok
    21:29:23.0254 0x0ef4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    21:29:23.0270 0x0ef4 udfs - ok
    21:29:23.0332 0x0ef4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
    21:29:23.0332 0x0ef4 UI0Detect - ok
    21:29:23.0363 0x0ef4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    21:29:23.0363 0x0ef4 uliagpkx - ok
    21:29:23.0394 0x0ef4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    21:29:23.0394 0x0ef4 umbus - ok
    21:29:23.0410 0x0ef4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    21:29:23.0410 0x0ef4 UmPass - ok
    21:29:23.0441 0x0ef4 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
    21:29:23.0441 0x0ef4 UmRdpService - ok
    21:29:23.0472 0x0ef4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
    21:29:23.0488 0x0ef4 upnphost - ok
    21:29:23.0535 0x0ef4 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A, DE1CDDEEF2285CC8387E88ACB13C000576DC8819DF6DC648C988068B5C83BB15 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    21:29:23.0550 0x0ef4 usbaudio - ok
    21:29:23.0566 0x0ef4 [ 6F1A3157A1C89435352CEB543CDB359C, 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    21:29:23.0566 0x0ef4 usbccgp - ok
    21:29:23.0613 0x0ef4 [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    21:29:23.0613 0x0ef4 usbcir - ok
    21:29:23.0628 0x0ef4 [ C025055FE7B87701EB042095DF1A2D7B, D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    21:29:23.0628 0x0ef4 usbehci - ok
    21:29:23.0644 0x0ef4 [ 287C6C9410B111B68B52CA298F7B8C24, 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    21:29:23.0660 0x0ef4 usbhub - ok
    21:29:23.0660 0x0ef4 [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    21:29:23.0660 0x0ef4 usbohci - ok
    21:29:23.0675 0x0ef4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    21:29:23.0675 0x0ef4 usbprint - ok
    21:29:23.0691 0x0ef4 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:29:23.0706 0x0ef4 USBSTOR - ok
    21:29:23.0706 0x0ef4 [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    21:29:23.0706 0x0ef4 usbuhci - ok
    21:29:23.0738 0x0ef4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
    21:29:23.0738 0x0ef4 UxSms - ok
    21:29:23.0738 0x0ef4 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] VaultSvc C:\Windows\system32\lsass.exe
    21:29:23.0738 0x0ef4 VaultSvc - ok
    21:29:23.0769 0x0ef4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    21:29:23.0769 0x0ef4 vdrvroot - ok
    21:29:23.0831 0x0ef4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
    21:29:23.0862 0x0ef4 vds - ok
    21:29:23.0878 0x0ef4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    21:29:23.0878 0x0ef4 vga - ok
    21:29:23.0894 0x0ef4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
    21:29:23.0894 0x0ef4 VgaSave - ok
    21:29:23.0925 0x0ef4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    21:29:23.0925 0x0ef4 vhdmp - ok
    21:29:23.0940 0x0ef4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
    21:29:23.0940 0x0ef4 viaide - ok
    21:29:23.0972 0x0ef4 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
    21:29:23.0972 0x0ef4 vmbus - ok
    21:29:23.0987 0x0ef4 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    21:29:23.0987 0x0ef4 VMBusHID - ok
    21:29:24.0003 0x0ef4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    21:29:24.0003 0x0ef4 volmgr - ok
    21:29:24.0050 0x0ef4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    21:29:24.0065 0x0ef4 volmgrx - ok
    21:29:24.0096 0x0ef4 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
    21:29:24.0112 0x0ef4 volsnap - ok
    21:29:24.0128 0x0ef4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    21:29:24.0128 0x0ef4 vsmraid - ok
    21:29:24.0206 0x0ef4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
    21:29:24.0268 0x0ef4 VSS - ok
    21:29:24.0284 0x0ef4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    21:29:24.0284 0x0ef4 vwifibus - ok
    21:29:24.0299 0x0ef4 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    21:29:24.0299 0x0ef4 vwififlt - ok
    21:29:24.0346 0x0ef4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
    21:29:24.0346 0x0ef4 W32Time - ok
    21:29:24.0362 0x0ef4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    21:29:24.0362 0x0ef4 WacomPen - ok
    21:29:24.0408 0x0ef4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    21:29:24.0408 0x0ef4 WANARP - ok
    21:29:24.0424 0x0ef4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    21:29:24.0424 0x0ef4 Wanarpv6 - ok
    21:29:24.0518 0x0ef4 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    21:29:24.0564 0x0ef4 WatAdminSvc - ok
    21:29:24.0674 0x0ef4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
    21:29:24.0720 0x0ef4 wbengine - ok
    21:29:24.0752 0x0ef4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    21:29:24.0767 0x0ef4 WbioSrvc - ok
    21:29:24.0798 0x0ef4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    21:29:24.0814 0x0ef4 wcncsvc - ok
    21:29:24.0830 0x0ef4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    21:29:24.0845 0x0ef4 WcsPlugInService - ok
    21:29:24.0845 0x0ef4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
    21:29:24.0845 0x0ef4 Wd - ok
    21:29:24.0908 0x0ef4 [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    21:29:24.0939 0x0ef4 Wdf01000 - ok
    21:29:24.0954 0x0ef4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
    21:29:24.0970 0x0ef4 WdiServiceHost - ok
    21:29:24.0970 0x0ef4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
    21:29:24.0970 0x0ef4 WdiSystemHost - ok
    21:29:25.0017 0x0ef4 [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient C:\Windows\System32\webclnt.dll
    21:29:25.0017 0x0ef4 WebClient - ok
    21:29:25.0048 0x0ef4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
    21:29:25.0064 0x0ef4 Wecsvc - ok
    21:29:25.0079 0x0ef4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    21:29:25.0095 0x0ef4 wercplsupport - ok
    21:29:25.0126 0x0ef4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
    21:29:25.0126 0x0ef4 WerSvc - ok
    21:29:25.0157 0x0ef4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    21:29:25.0157 0x0ef4 WfpLwf - ok
    21:29:25.0173 0x0ef4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    21:29:25.0173 0x0ef4 WIMMount - ok
    21:29:25.0188 0x0ef4 WinDefend - ok
    21:29:25.0204 0x0ef4 WinHttpAutoProxySvc - ok
    21:29:25.0266 0x0ef4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    21:29:25.0282 0x0ef4 Winmgmt - ok
    21:29:25.0391 0x0ef4 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
    21:29:25.0500 0x0ef4 WinRM - ok
    21:29:25.0563 0x0ef4 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    21:29:25.0563 0x0ef4 WinUsb - ok
    21:29:25.0610 0x0ef4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
    21:29:25.0641 0x0ef4 Wlansvc - ok
    21:29:25.0797 0x0ef4 [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    21:29:25.0890 0x0ef4 wlidsvc - ok
    21:29:25.0922 0x0ef4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    21:29:25.0922 0x0ef4 WmiAcpi - ok
    21:29:25.0968 0x0ef4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    21:29:25.0968 0x0ef4 wmiApSrv - ok
    21:29:26.0000 0x0ef4 WMPNetworkSvc - ok
    21:29:26.0031 0x0ef4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
    21:29:26.0031 0x0ef4 WPCSvc - ok
    21:29:26.0062 0x0ef4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    21:29:26.0062 0x0ef4 WPDBusEnum - ok
    21:29:26.0093 0x0ef4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    21:29:26.0093 0x0ef4 ws2ifsl - ok
    21:29:26.0109 0x0ef4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
    21:29:26.0109 0x0ef4 wscsvc - ok
    21:29:26.0124 0x0ef4 WSearch - ok
    21:29:26.0234 0x0ef4 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
    21:29:26.0327 0x0ef4 wuauserv - ok
    21:29:26.0358 0x0ef4 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    21:29:26.0358 0x0ef4 WudfPf - ok
    21:29:26.0405 0x0ef4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:29:26.0405 0x0ef4 WUDFRd - ok
    21:29:26.0421 0x0ef4 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    21:29:26.0436 0x0ef4 wudfsvc - ok
    21:29:26.0499 0x0ef4 [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc C:\Windows\System32\wwansvc.dll
    21:29:26.0514 0x0ef4 WwanSvc - ok
    21:29:26.0530 0x0ef4 ================ Scan global ===============================
    21:29:26.0561 0x0ef4 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
    21:29:26.0608 0x0ef4 [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
    21:29:26.0655 0x0ef4 [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
    21:29:26.0686 0x0ef4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
    21:29:26.0717 0x0ef4 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
    21:29:26.0733 0x0ef4 [ Global ] - ok
    21:29:26.0733 0x0ef4 ================ Scan MBR ==================================
    21:29:26.0733 0x0ef4 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
    21:29:26.0842 0x0ef4 \Device\Harddisk1\DR1 - ok
    21:29:26.0858 0x0ef4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    21:29:27.0060 0x0ef4 \Device\Harddisk0\DR0 - ok
    21:29:27.0060 0x0ef4 ================ Scan VBR ==================================
    21:29:27.0060 0x0ef4 [ 2EB79372861B3F69399A85F6653E5654 ] \Device\Harddisk1\DR1\Partition1
    21:29:27.0076 0x0ef4 \Device\Harddisk1\DR1\Partition1 - ok
    21:29:27.0092 0x0ef4 [ 90572C7945A12677169F0B68E20B3B20 ] \Device\Harddisk0\DR0\Partition1
    21:29:27.0107 0x0ef4 \Device\Harddisk0\DR0\Partition1 - ok
    21:29:27.0107 0x0ef4 [ DE36E055D557149730AD77DA141D5E8E ] \Device\Harddisk0\DR0\Partition2
    21:29:27.0107 0x0ef4 \Device\Harddisk0\DR0\Partition2 - ok
    21:29:27.0107 0x0ef4 ================ Scan generic autorun ======================
    21:29:27.0294 0x0ef4 [ D67C4C1BAE2B6236F21A115E8316D16C, 29E99052F7B4B66610861DCE71A397D8DBBB4B33C2CDF8292E46AAAAAE3ED6A3 ] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    21:29:27.0326 0x0ef4 COMODO Internet Security - ok
    21:29:27.0419 0x0ef4 [ EDAD4A8A1D46AFCF9E76B996D55116EB, 937549E6FBF5D7282E56866C705539646F2CB6839FD74BF7AA8FB2BA5CCEE940 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    21:29:27.0419 0x0ef4 SunJavaUpdateSched - ok
    21:29:27.0466 0x0ef4 [ E93E0320B7FF8CE79017ACEFE763B6C4, 45EBADA89907B68A57147AE01F8FC2CB8E7F76C9E3C548D250034AC71880098F ] C:\Program Files (x86)\Task Killer\taskkiller.exe
    21:29:27.0466 0x0ef4 Task Killer - ok
    21:29:27.0716 0x0ef4 [ 37E75B9863067D92BBE24ECE544B770A, 936FD6231D60BEFEB5B38B74EC7DFEF6E322126A093EA8787C2D5907199824CF ] C:\Program Files\Start Menu X\StartMenuX.exe
    21:29:27.0840 0x0ef4 StartMenuX - ok
    21:29:27.0934 0x0ef4 [ 6EFBC82722D0F7B35283993189ECE9D0, C992072A3248C35C5C46E0CCD463C60C6376E7E17AA67BAFF8260C200DC47900 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
    21:29:27.0950 0x0ef4 KSS - ok
    21:29:27.0950 0x0ef4 Waiting for KSN requests completion. In queue: 45
    21:29:28.0964 0x0ef4 Waiting for KSN requests completion. In queue: 45
    21:29:29.0978 0x0ef4 Waiting for KSN requests completion. In queue: 45
    21:29:31.0023 0x0ef4 AV detected via SS2: COMODO Antivirus, C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ( 7.0.55655.4142 ), 0x61000 ( enabled : updated )
    21:29:31.0038 0x0ef4 Win FW state via NFP2: enabled
    21:29:33.0909 0x0ef4 ============================================================
    21:29:33.0909 0x0ef4 Scan finished
    21:29:33.0909 0x0ef4 ============================================================
    21:29:33.0924 0x08a8 Detected object count: 0
    21:29:33.0924 0x08a8 Actual detected object count: 0
     
  17. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  18. Mikeal05

    Mikeal05 Established Techie7 Member

    RogueKiller V9.0.2.0 [Jun 3 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Mike [Admin rights]
    Mode : Scan -- Date : 06/11/2014 00:10:16

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 10 ¤¤¤
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3800401921-1045840808-2767021593-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3800401921-1045840808-2767021593-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND

    ¤¤¤ Scheduled tasks : 1 ¤¤¤
    [Suspicious.Path] \\Time Trigger Test Task -- C:\Users\Mike\AppData\Local\Temp\amxtbpy.exe -> FOUND

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ HOSTS File : 1 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

    ¤¤¤ Antirootkit : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD5000AADS-00S9B0 ATA Device +++++
    --- User ---
    [MBR] dd797ce055a2806706eab08fff5831e7
    [BSP] c863043336997aa4f0b65974e701edac : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476836 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: ST3500320AS ATA Device +++++
    --- User ---
    [MBR] 70ae508e3c3dfde98cbefb40b417e312
    [BSP] 2f007927862b3acfade6295238e0df04 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_06062014_220606.log
     
  19. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Go on...
     
  20. Mikeal05

    Mikeal05 Established Techie7 Member

    Ok. So system restore was turned off. Which option do I want?

    1. Restore system settings and previous versions of files or..
    2. Only restore previous versions of files