Results 1 to 10 of 10

Thread: computer acting as if it's a 200 baud modem; I.E. very, very, very slowly

  1. #1
    Member
    Join Date
    Jun 2013
    Posts
    31

    Default computer acting as if it's a 200 baud modem; I.E. very, very, very slowly

    Hi there. Yep even opening the explorer window to try and run farbar had not finished opening up after about 5 minutes, so I have had to run it and aswMBR from safe mode with networking switched on, so if the log reports do not show all the services that would run normally, I apologise. Yes, the computer is running very slow. The start up programs haven't even loaded up after about half an hour. I also thought there might be a problem with spybot updates as the log said files were missing and would be installed on the next update, but it later says "is missing and will be installed on next update (version xxxxxx)". it later says it has downloaded and extracted the files, so I think spybot is fully and properly updated, but again I could only run it under safe mode, so it may not have captured everything. I have got it down to about 8 malware.

    I am running windows vista home basic edition. As we speak I am just running a full scan with aswMBR in the hope that it might pick something up. I have already done a full scan with Bullguard and it picked up about 6 malware cookie txts which I removed. But afterwards I did a sytem restore and didn't know whether the files had been put back, so I did another full scan, after doing an update, just in case the system restore had put it back to the state it was in at the point of backup. Does system restore do this?

    I'm wondering if this is a specific rogue program that hasn't been got by you or other virus checker vendors, as I did find an .exe file with a very long number in the startup menu as the computer was reporting a dll missing. There's also a couple of other actions that are dubious: I had not initialised a copy command, but a dialouge came up saying "the c:\users\luciomags\appdata\roaming\macromedia\flash p...\setting.sol folder does not exist the file may have been moved or deleted. Also windows blocks a program called search results cleaner from running but a command prompt directory search with search*.exe reveals nothing. Could there possibly be hidden files in the startup, or indeed, anywhere else that are malicious? I have never seen this blocker program before. Isn't that the whole point of vista asking whether you want to run a program or not? Windows defender threw up an error but after research this is down to the virus checker; although I have tried to disable windows defender service with msconfig to no avail. Last of all a program (a tool to aid in the developing services for windowsNT) starts on the taskbar requesting permission to run, but you have to click the program icon in order for windows to ask whether you want it to run or not.

    It's a mystery and any help would be greatly appreciated. Logs in next post

    I have just tried to post this from the infected computer and it suddenly came up with connection problems/couldn't connect. My friend that I'm fixing the computer for said that he had that problem quite often himself; particularly on username/password webpages. Anyway here are the logs, posted from a decent machine; I.E. Linux based.

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-10-2014
    Ran by LucioMags (administrator) on LUCIOMAGS-PC on 23-10-2014 15:21:51
    Running from C:\Users\LucioMags\Downloads
    Loaded Profile: LucioMags (Available profiles: LucioMags)
    Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: English (United States)
    Internet Explorer Version 9
    Boot Mode: Safe Mode (with Networking)
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
    (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3810304 2008-11-17] (Dell Inc.)
    HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
    HKLM\...\Run: [DellSupportCenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
    HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [1735760 2009-01-09] (Dell Inc.)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [288040 2010-04-05] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [ApnUpdater] => "C:\Program Files\Ask.com\Updater\Updater.exe"
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [1118544 2014-10-23] (BullGuard Ltd.)
    HKLM\...\Run: [BullGuardUpdate2] => c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [2325328 2014-10-23] (BullGuard Ltd.)
    HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre7\bin\jusched.exe"
    HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\S-1-5-21-2387892739-269016217-2709116024-1000\...\Run: [DellSupportCenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
    HKU\S-1-5-21-2387892739-269016217-2709116024-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [25623336 2009-10-09] (Skype Technologies S.A.)
    HKU\S-1-5-21-2387892739-269016217-2709116024-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-30] (Garmin Ltd or its subsidiaries)
    HKU\S-1-5-21-2387892739-269016217-2709116024-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
    HKU\S-1-5-21-2387892739-269016217-2709116024-1000\...\MountPoints2: {70f5aeff-4192-11df-af5e-0023ae29e258} - E:\AutoRun.exe
    HKU\S-1-5-21-2387892739-269016217-2709116024-1000\...\MountPoints2: {bd9c3e7e-3ce9-11df-854b-0023ae29e258} - E:\AutoRun.exe
    HKU\S-1-5-21-2387892739-269016217-2709116024-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION!
    AppInit_DLLs: c:\PROGRA~1\BULLGU~1\BULLGU~1\BgAgent.dll => c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll [86712 2014-10-23] (BullGuard Ltd.)
    ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
    ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
    ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
    BootExecute: autocheck autochk * sdnclean.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm167^YYA^gb&si=MDUK13&ptb=4E00FDAF-0D29-4C12-82F1-8BAC207FC96D&ind=2014061514&n=780c23ca&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKCU - DefaultScope {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm167^YYA^gb&si=MDUK13&ptb=4E00FDAF-0D29-4C12-82F1-8BAC207FC96D&ind=2014061514&n=780c23ca&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKCU - {3729F2E5-EF82-43F3-A5DA-0654CB94E9FE} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=%5EU3&apn_dtid=%5EOSJ000%5EYY%5EGB&apn_uid=00F02D99-9361-4B22-8A4D-6E8C8DD3AB6E&apn_sauid=703DD0B0-69A8-42F9-8DF5-63EA6DA640A5
    SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm167^YYA^gb&si=MDUK13&ptb=4E00FDAF-0D29-4C12-82F1-8BAC207FC96D&ind=2014061514&n=780c23ca&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yahoo.com/search?fr=mcafee&p={searchTerms}
    SearchScopes: HKCU - {FA923E8B-A06E-4ACC-8729-D52EE8E386AA} URL = http://www.google.com/search?q={searchTerms}
    BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
    BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll No File
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Winsock: Catalog9 01 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
    Winsock: Catalog9 02 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
    Winsock: Catalog9 03 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
    Winsock: Catalog9 04 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
    Winsock: Catalog9 05 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
    Winsock: Catalog9 06 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
    Winsock: Catalog9 07 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
    Winsock: Catalog9 08 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
    Winsock: Catalog9 09 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
    Winsock: Catalog9 10 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
    Winsock: Catalog9 21 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

    FireFox:
    ========
    FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-02-08]
    FF HKLM\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard
    FF Extension: BullGuard Safe Browsing - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard [2014-03-12]

    Chrome:
    =======
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\gcswf32.dll No File
    CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll No File
    CHR Plugin: (McAfee SiteAdvisor) - C:\Users\LucioMags\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll No File
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
    CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Plugin: (Default Plug-in) - default_plugin No File
    CHR Profile: C:\Users\LucioMags\AppData\Local\Google\Chrome\User Data\Default

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [624464 2014-10-23] (BullGuard Ltd.)
    S2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [513360 2014-10-23] (BullGuard Ltd.)
    S2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [130896 2014-10-23] (BullGuard Ltd.)
    S2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [356176 2014-10-23] (BullGuard Ltd.)
    S2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [634192 2014-10-23] (BullGuard Ltd.)
    S2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [589648 2014-10-23] (BullGuard Ltd.)
    R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [436048 2014-10-23] (BullGuard Ltd.)
    R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [239952 2014-10-23] (BullGuard Ltd.)
    R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [330576 2014-10-23] (BullGuard Ltd.)
    S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-30] (Garmin Ltd or its subsidiaries)
    S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-14] (SupportSoft, Inc.)
    S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-11-17] (Dell Inc.) [File not signed]
    S2 Websteroids; "C:\ProgramData\Websteroids\WebsteroidsService.exe" "C:\ProgramData\Websteroids\Websteroids.exe"
    S2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [35024 2014-09-08] (Agnitum Ltd.)
    S3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [340688 2014-09-08] (Agnitum Ltd.)
    S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-11-17] (Broadcom Corporation)
    S1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [98608 2014-06-18] (BullGuard Ltd.)
    S1 BdSpy; C:\Windows\System32\drivers\BdSpy.sys [63584 2013-11-06] (BullGuard Ltd.)
    S1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [261360 2014-10-13] (BullGuard Ltd.)
    S1 NovaShieldTDIDriver; C:\Windows\System32\DRIVERS\NSNetmon.sys [21888 2014-10-13] (BullGuard Ltd.)
    S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [343456 2013-12-18] (BitDefender S.R.L.)
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-23 15:21 - 2014-10-23 15:22 - 00015577 _____ () C:\Users\LucioMags\Downloads\FRST.txt
    2014-10-23 15:21 - 2014-10-23 15:21 - 00000512 _____ () C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
    2014-10-23 15:21 - 2014-10-23 15:21 - 00000000 ____D () C:\FRST
    2014-10-23 15:05 - 2014-10-23 15:05 - 01103360 _____ (Farbar) C:\Users\LucioMags\Downloads\FRST.exe
    2014-10-23 14:59 - 2014-10-23 14:59 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LUCIOMAGS-PC-Microsoft®-Windows-Vista™-Home-Basic-(32-bit).dat
    2014-10-23 14:58 - 2014-10-23 14:58 - 00000000 ____D () C:\RegBackup
    2014-10-23 14:56 - 2014-10-23 14:56 - 00001976 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2014-10-23 14:56 - 2014-10-23 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-10-23 14:56 - 2014-10-23 14:56 - 00000000 ____D () C:\Program Files\Tweaking.com
    2014-10-23 14:55 - 2014-10-23 14:55 - 04215584 _____ () C:\Users\LucioMags\Downloads\tweaking.com_registry_backup_setup.exe
    2014-10-22 13:45 - 2014-10-22 13:45 - 00000000 _____ () C:\Users\LucioMags\AppData\Local\{1F03DFAB-CC2F-4F2B-9055-8E5F4C324CBA}
    2014-10-19 18:37 - 2014-10-19 18:37 - 00000000 _____ () C:\Windows\setuperr.log
    2014-10-19 18:37 - 2014-10-19 18:37 - 00000000 _____ () C:\Windows\setupact.log
    2014-10-19 16:24 - 2014-10-19 16:24 - 00000000 ____D () C:\Users\LucioMags\AppData\Roaming\SpeedMaxPc
    2014-10-19 16:22 - 2014-10-22 11:34 - 00000000 ____D () C:\ProgramData\SpeedMaxPc
    2014-10-19 10:12 - 2014-10-19 10:26 - 06000640 _____ () C:\Program Files\GUT1BCA.tmp
    2014-10-18 09:37 - 2014-10-18 09:37 - 00000000 ____D () C:\Users\LucioMags\AppData\Roaming\ParetoLogic
    2014-10-18 09:35 - 2014-10-18 11:26 - 00000394 _____ () C:\Windows\Tasks\RegCure Pro.job
    2014-10-18 09:35 - 2014-10-18 10:07 - 00000000 ____D () C:\ProgramData\ParetoLogic
    2014-10-18 09:35 - 2014-10-18 09:35 - 00000000 ____D () C:\Program Files\ParetoLogic
    2014-10-17 19:14 - 2014-10-17 19:14 - 00000107 _____ () C:\Windows\wininit.ini
    2014-10-17 17:51 - 2014-10-17 20:55 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
    2014-10-17 17:50 - 2014-10-23 15:08 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
    2014-10-17 17:50 - 2014-10-17 20:55 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    2014-10-17 17:50 - 2014-10-17 17:50 - 00001930 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2014-10-17 17:50 - 2014-10-17 17:50 - 00001918 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2014-10-17 17:50 - 2014-10-17 17:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2014-10-17 17:49 - 2014-10-17 17:55 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
    2014-10-17 17:49 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
    2014-10-17 17:25 - 2014-10-23 11:53 - 00001656 _____ () C:\Windows\PFRO.log
    2014-10-15 08:13 - 2014-06-15 23:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
    2014-10-15 08:13 - 2014-06-13 19:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
    2014-10-15 08:13 - 2014-06-13 19:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
    2014-10-15 08:03 - 2014-09-28 00:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-10-15 03:11 - 2014-10-15 03:12 - 00000000 ____D () C:\005afd5fb2bcdc987e
    2014-10-15 03:11 - 2014-09-05 00:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
    2014-10-15 03:05 - 2014-10-15 03:11 - 00000000 ____D () C:\2d5f852583b292c82e2aaad67c63
    2014-10-15 03:04 - 2014-09-16 17:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-10-14 22:03 - 2014-09-19 23:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-10-14 22:03 - 2014-09-19 23:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-10-14 22:03 - 2014-09-19 23:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-10-14 22:03 - 2014-09-19 23:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-10-14 22:03 - 2014-09-19 23:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-10-14 22:03 - 2014-09-19 23:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-10-14 22:03 - 2014-09-19 23:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2014-10-14 22:03 - 2014-09-19 23:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-10-14 22:03 - 2014-09-19 23:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-10-14 22:03 - 2014-09-19 23:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-10-14 22:03 - 2014-09-19 23:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-10-14 22:03 - 2014-09-19 23:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-10-14 22:03 - 2014-09-19 23:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-10-14 22:03 - 2014-09-19 23:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2014-10-14 22:03 - 2014-09-19 23:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-10-14 22:03 - 2014-09-19 23:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-10-14 22:03 - 2014-09-19 23:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-10-14 22:03 - 2014-09-19 23:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-10-14 22:03 - 2014-09-19 23:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2014-10-14 22:03 - 2014-09-19 23:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2014-10-14 22:03 - 2014-09-19 23:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-09-25 03:04 - 2014-09-09 07:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-23 15:20 - 2012-03-08 08:13 - 00000000 ____D () C:\ProgramData\BullGuard
    2014-10-23 15:09 - 2010-02-14 12:06 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-10-23 15:08 - 2012-03-08 08:26 - 00000268 _____ () C:\Windows\system32\config\afw_hm.conf
    2014-10-23 15:08 - 2012-03-08 08:26 - 00000004 _____ () C:\Windows\system32\config\afw_db.conf
    2014-10-23 15:08 - 2006-11-02 13:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-10-23 15:08 - 2006-11-02 13:45 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2014-10-23 15:08 - 2006-11-02 13:45 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2014-10-23 14:30 - 2008-01-21 02:38 - 01055954 _____ () C:\Windows\WindowsUpdate.log
    2014-10-23 14:30 - 2006-11-02 13:58 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-10-23 14:04 - 2013-05-18 22:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-10-23 12:41 - 2006-11-02 13:44 - 00228936 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-10-23 11:21 - 2014-01-22 12:40 - 00140280 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll
    2014-10-23 11:21 - 2013-11-18 12:17 - 00064336 _____ (BullGuard Ltd.) C:\Windows\system32\BGLsp.dll
    2014-10-22 13:42 - 2010-02-06 20:10 - 00000000 ____D () C:\Users\LucioMags
    2014-10-22 13:42 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
    2014-10-22 13:42 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
    2014-10-22 13:42 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
    2014-10-22 13:42 - 2006-11-02 11:22 - 41943040 _____ () C:\Windows\system32\config\components_previous
    2014-10-22 13:42 - 2006-11-02 11:22 - 36700160 _____ () C:\Windows\system32\config\software_previous
    2014-10-22 13:42 - 2006-11-02 11:22 - 20447232 _____ () C:\Windows\system32\config\system_previous
    2014-10-22 13:42 - 2006-11-02 11:22 - 04980736 _____ () C:\Windows\system32\config\default_previous
    2014-10-22 13:42 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
    2014-10-22 13:42 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
    2014-10-22 10:40 - 2010-02-19 16:21 - 00000000 ____D () C:\Users\LucioMags\AppData\Roaming\Skype
    2014-10-19 10:32 - 2010-02-14 12:06 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-10-17 19:14 - 2011-11-28 14:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-10-17 17:25 - 2011-11-28 14:32 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
    2014-10-15 09:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
    2014-10-15 03:25 - 2013-07-16 12:41 - 00000000 ____D () C:\Windows\system32\MRT
    2014-10-15 03:12 - 2006-11-02 11:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2014-10-13 23:19 - 2013-11-28 14:23 - 00261360 _____ (BullGuard Ltd.) C:\Windows\system32\Drivers\NSKernel.sys
    2014-10-13 23:19 - 2013-11-28 14:23 - 00021888 _____ (BullGuard Ltd.) C:\Windows\system32\Drivers\NSNetmon.sys
    2014-09-25 11:23 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
    2014-09-24 09:03 - 2013-05-18 22:57 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2014-09-24 09:03 - 2013-05-18 22:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

    Some content of TEMP:
    ====================
    C:\Users\LucioMags\AppData\Local\Temp\DataCard_Setup.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-10-23 14:22

    ==================== End Of Log ============================
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-10-2014
    Ran by LucioMags at 2014-10-23 15:23:16
    Running from C:\Users\LucioMags\Downloads
    Boot Mode: Safe Mode (with Networking)
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: BullGuard Antivirus (Enabled - Up to date) {EDBB5818-2352-E06B-028A-4E6873B92CC5}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: BullGuard Antispyware (Enabled - Up to date) {56DAB9FC-0568-EFE5-383A-751A083E6678}
    FW: BullGuard Firewall (Disabled) {D580D93D-693D-E133-29D5-E75D8D6A6BBE}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
    Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.25.0 - Ask.com) <==== ATTENTION
    Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.6.36191 - Ask.com) <==== ATTENTION
    BullGuard Internet Security (HKLM\...\BullGuard) (Version: 14.0 - BullGuard Ltd.)
    Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
    Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.0.0.0 - Dell Inc.)
    Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
    Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell)
    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1007.115.102 - ALPS ELECTRIC CO., LTD.)
    Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
    Elevated Installer (Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express (HKLM\...\{0904cc72-1b29-426a-b0f0-228d2744a4f6}) (Version: 2.3.18.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
    Garmin WebUpdater (HKLM\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
    Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
    Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.510 - Oracle)
    Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 10.63.3.3 - Marvell)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
    QuickSet (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 9.2.17 - Dell Inc.)
    Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20113 - Realtek Semiconductor Corp.)
    Skype Toolbars (HKLM\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
    Skype™ 4.1 (HKLM\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.1.179 - Skype Technologies S.A.)
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
    CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
    CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
    CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
    CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
    CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{9E385F0A-0BA2-430C-96AA-4399C5E40F6C}\localserver32 -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
    CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
    CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
    CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
    CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
    CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{DCA74850-096D-40CD-BB81-17034E51ACB6}\localserver32 -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
    CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)

    ==================== Restore Points =========================

    07-10-2014 08:19:21 Scheduled Checkpoint
    07-10-2014 22:58:03 Scheduled Checkpoint
    08-10-2014 20:58:31 Scheduled Checkpoint
    10-10-2014 17:39:36 Scheduled Checkpoint
    11-10-2014 09:03:12 Scheduled Checkpoint
    12-10-2014 00:46:12 Scheduled Checkpoint
    13-10-2014 21:07:19 Scheduled Checkpoint
    14-10-2014 23:09:27 Scheduled Checkpoint
    15-10-2014 02:02:08 Windows Update
    15-10-2014 06:58:30 Windows Update
    15-10-2014 22:14:54 Scheduled Checkpoint
    16-10-2014 13:34:30 Scheduled Checkpoint
    17-10-2014 20:54:01 Scheduled Checkpoint
    19-10-2014 10:17:36 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 11:23 - 2011-11-28 15:05 - 00438691 ____R C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {1028AC08-DF1F-4CAD-9061-859E60CB5949} - System32\Tasks\Foresight Software Update3 => C:\Program Files\Common Files\Foresight Software\UUS3\Update3.exe
    Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
    Task: {29903ACF-87C4-464D-B58F-6D699677B78B} - System32\Tasks\{B396E731-7D20-4CDE-BB89-A62509736AFA} => C:\Program Files\Skype\Phone\Skype.exe [2009-10-09] (Skype Technologies S.A.)
    Task: {40E8453A-48F3-49C0-92F7-3C8944948675} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
    Task: {51AAAB3F-252A-49F5-AE09-772AF2FB073B} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
    Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
    Task: {5C25A634-7539-4A84-9460-518B16A1B42B} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
    Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
    Task: {89598E38-AA49-42F9-9DEC-014210DB848B} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
    Task: {899C572A-9D41-47B9-ADB6-6C9156FB18C1} - System32\Tasks\RegCure Pro => C:\Program Files\ParetoLogic\RegCure Pro\RegCurePro.exe [2012-10-22] (ParetoLogic, Inc.)
    Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
    Task: {8EFB6D16-5CF2-4E22-8E44-61F5731D12F2} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
    Task: {900B69D2-8C96-4E98-BCAE-48412DB4E78E} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
    Task: {9A6405EB-A69A-416B-9890-6CBA381E67D9} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe <==== ATTENTION
    Task: {9B656C5D-B5A3-4F24-ABDD-2EB6987F7027} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
    Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
    Task: {9F390455-BBC7-43BE-B928-C164FAB3A7F7} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
    Task: {A6D6CB0D-9D60-4B27-8AEC-2C4591EBA869} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
    Task: {C70E1EA0-24DC-489A-8691-7081F960E0E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
    Task: {E2332E14-7E28-45C8-8290-131397E2AEE6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
    Task: C:\Windows\Tasks\RegCure Pro.job => C:\Program Files\ParetoLogic\RegCure Pro\RegCurePro.exe
    Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-10-02 16:48 - 2014-10-23 11:21 - 00491344 _____ () c:\program files\bullguard ltd\bullguard\SQLite.dll
    2013-10-02 16:48 - 2014-10-23 11:21 - 00074064 _____ () c:\program files\bullguard ltd\bullguard\zlib1.dll
    2013-10-02 16:48 - 2014-10-23 11:21 - 00560464 _____ () c:\program files\bullguard ltd\bullguard\LibXml2.dll
    2013-10-02 16:48 - 2014-10-23 11:21 - 00056656 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
    2013-10-02 16:48 - 2014-10-23 11:21 - 00074064 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
    2013-10-02 16:48 - 2014-10-23 11:21 - 00560464 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-2387892739-269016217-2709116024-500 - Administrator - Disabled)
    Guest (S-1-5-21-2387892739-269016217-2709116024-501 - Limited - Disabled)
    LucioMags (S-1-5-21-2387892739-269016217-2709116024-1000 - Administrator - Enabled) => C:\Users\LucioMags

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/23/2014 03:21:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (10/23/2014 03:20:21 PM) (Source: EventSystem) (EventID: 4609) (User: )
    Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

    Error: (10/23/2014 03:16:01 PM) (Source: PerfDisk) (EventID: 1000) (User: )
    Description:

    Error: (10/23/2014 03:15:55 PM) (Source: PerfDisk) (EventID: 1000) (User: )
    Description:

    Error: (10/23/2014 03:15:50 PM) (Source: PerfDisk) (EventID: 1000) (User: )
    Description:

    Error: (10/23/2014 03:15:40 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: PerfDiskC:\Windows\System32\perfdisk.dll4

    Error: (10/23/2014 03:15:36 PM) (Source: PerfDisk) (EventID: 1000) (User: )
    Description:

    Error: (10/23/2014 02:51:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (10/23/2014 02:50:50 PM) (Source: EventSystem) (EventID: 4609) (User: )
    Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

    Error: (10/23/2014 02:28:23 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application SDScan.exe, version 2.4.40.181, time stamp 0x535a5179, faulting module SDScanLibrary.dll_unloaded, version 0.0.0.0, time stamp 0x535a510a, exception code 0xc0000005, fault offset 0x04c3f6e2,
    process id 0x1780, application start time 0xSDScan.exe0.


    System errors:
    =============
    Error: (10/23/2014 03:21:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: BdAgent
    BdSpy
    NovaShieldFilterDriver
    NovaShieldTDIDriver
    spldr
    Wanarpv6

    Error: (10/23/2014 03:21:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Computer BrowserServer%%1068

    Error: (10/23/2014 03:20:24 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error: (10/23/2014 03:20:24 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

    Error: (10/23/2014 03:20:21 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error: (10/23/2014 03:20:14 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (10/23/2014 03:07:54 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 2) (User: NT AUTHORITY)
    Description: 0

    Error: (10/23/2014 02:51:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: BdAgent
    BdSpy
    NovaShieldFilterDriver
    NovaShieldTDIDriver
    spldr
    Wanarpv6

    Error: (10/23/2014 02:51:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Computer BrowserServer%%1068

    Error: (10/23/2014 02:51:18 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084wcncsvc{375FF001-DD27-11D9-8F9C-0002B3988E81}


    Microsoft Office Sessions:
    =========================
    Error: (10/23/2014 03:21:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (10/23/2014 03:20:21 PM) (Source: EventSystem) (EventID: 4609) (User: )
    Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

    Error: (10/23/2014 03:16:01 PM) (Source: PerfDisk) (EventID: 1000) (User: )
    Description:

    Error: (10/23/2014 03:15:55 PM) (Source: PerfDisk) (EventID: 1000) (User: )
    Description:

    Error: (10/23/2014 03:15:50 PM) (Source: PerfDisk) (EventID: 1000) (User: )
    Description:

    Error: (10/23/2014 03:15:40 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: PerfDiskC:\Windows\System32\perfdisk.dll4

    Error: (10/23/2014 03:15:36 PM) (Source: PerfDisk) (EventID: 1000) (User: )
    Description:

    Error: (10/23/2014 02:51:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (10/23/2014 02:50:50 PM) (Source: EventSystem) (EventID: 4609) (User: )
    Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

    Error: (10/23/2014 02:28:23 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: SDScan.exe2.4.40.181535a5179SDScanLibrary.dll_unloaded0.0.0.0535a510ac000000504c3f6e2178001cfeec3f29a7a5c


    CodeIntegrity Errors:
    ===================================
    Date: 2014-05-11 22:46:14.990
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BullGuard Ltd\BullGuard\BgWsc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2014-05-04 09:36:26.104
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BullGuard Ltd\BullGuard\BgWsc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2014-05-03 09:52:09.519
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BullGuard Ltd\BullGuard\BgWsc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2014-04-28 08:30:23.380
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BullGuard Ltd\BullGuard\BgWsc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2014-04-23 20:50:11.020
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BullGuard Ltd\BullGuard\BgWsc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2014-04-23 08:36:19.096
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BullGuard Ltd\BullGuard\BgWsc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2014-04-21 09:01:08.709
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BullGuard Ltd\BullGuard\BgWsc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2014-04-16 17:21:59.147
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BullGuard Ltd\BullGuard\BgWsc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2014-03-25 06:42:20.034
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BullGuard Ltd\BullGuard\BgWsc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2014-03-17 07:31:09.100
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BullGuard Ltd\BullGuard\BgWsc.exe because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Genuine Intel(R) CPU 585 @ 2.16GHz
    Percentage of memory in use: 55%
    Total physical RAM: 985.63 MB
    Available physical RAM: 439.48 MB
    Total Pagefile: 2241.6 MB
    Available Pagefile: 1782.36 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1909.27 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:149.01 GB) (Free:104.55 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: E3641CF3)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
    aswMBR version 1.0.1.2161 Copyright(c) 2014 AVAST Software
    Run date: 2014-10-23 15:32:32
    -----------------------------
    15:32:32.367 OS Version: Windows 6.0.6002 Service Pack 2
    15:32:32.367 Number of processors: 1 586 0xF0D
    15:32:32.367 ComputerName: LUCIOMAGS-PC UserName: LucioMags
    15:32:35.268 Initialize success
    15:32:35.284 VM: driver load error: 2
    15:35:12.579 AVAST engine defs: 14102300
    15:35:26.744 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    15:35:26.744 Disk 0 Vendor: FUJITSU_MHZ2160BH_G2 00850009 Size: 152627MB BusType: 3
    15:35:26.853 Disk 0 MBR read successfully
    15:35:26.868 Disk 0 MBR scan
    15:35:27.071 Disk 0 Windows VISTA default MBR code
    15:35:27.071 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    15:35:27.118 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152586 MB offset 81920
    15:35:27.212 Disk 0 scanning sectors +312578048
    15:35:27.524 Disk 0 scanning C:\Windows\system32\drivers
    15:35:47.679 Service scanning
    15:36:20.423 Modules scanning
    15:36:31.062 Disk 0 trace - called modules:
    15:36:31.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
    15:36:31.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x845f0320]
    15:36:31.140 3 CLASSPNP.SYS[863a28b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83b1db98]
    15:36:33.184 AVAST engine scan C:\Windows
    15:36:37.318 AVAST engine scan C:\Windows\system32
    15:40:40.148 AVAST engine scan C:\Windows\system32\drivers
    15:40:56.060 AVAST engine scan C:\Users\LucioMags
    15:42:49.721 AVAST engine scan C:\ProgramData
    15:45:24.130 Disk 0 statistics 2444897/0/0 @ 3.24 MB/s
    15:45:24.146 Scan finished successfully
    15:46:24.206 Disk 0 MBR has been saved successfully to "C:\Users\LucioMags\Downloads\MBR.dat"
    15:46:24.252 The log file has been saved successfully to "C:\Users\LucioMags\Downloads\aswMBR.txt"
    Last edited by tashi; 2014-10-23 at 22:01. Reason: Merged two posts

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi doubleoseverin2,

    Lets start with this:

    Download TDSSkiller.exe and save it to the Desktop. Run it in safe mode then reboot normally and run it again if possible.

    Right-click the .exe and select run as admin or allow the UAC prompt.

    When the TDSSKiller console opens, click on: Change Parameters
    Under Additional Options, place a check in the box next to: Detect TDLFS File System

    Click: OK
    Press: Start Scan

    If a suspicious object is detected, the default action is Skip, leave it as is, and click on: Continue

    If malicious objects are found, they show in the Scan results.

    Ensure Cure (the default) is selected, then click: Continue > Reboot now, to finish the cleaning process.

    (Note: If Cure is not available, select Skip, >>Do not select: Delete<<)

    When done, the log can be found in your root drive which by default is C:\

    Logs are named like this:
    C:\TDSSKiller.X.X.X_10.04.2014_12.25.23_log.txt
    TDSSKiller.[Version]_[Date]_[Time]_log.txt


    Please post the TDSSKiller log in your reply.
    How Can I Reduce My Risk?

  3. #3
    Member
    Join Date
    Jun 2013
    Posts
    31

    Default tdsskiller logs

    Hi there shelf life. Sorry I have taken so long to reply, but i've been busy with other stuff. I have run tdsskiller twice (one in safe mode and normal) both times I ran it as administrator and with the detect tdlfs checkbox ticked. Unfortunately no threats were found, but the computer seems to be behaving slightly better (it seems to come and go; there's no accounting for it!) although when I first ran it in normal mode; i.e. not safe mode it did come back saying "the operation returned because the timeout period expired" so there's definetly something up. I can't remember whether I mentioned it in the previous post, but even in safe mode it was blocking me from getting to this spybot site, so I have had to use my linux machine to download tdsskiller onto usb stick and copy it across to the infected machine in question and, obviously, also copied the logs back onto usb stick on the linux machine.

    Anyway, here are the logs for both runs:

    13:54:00.0780 0x07a4 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
    13:54:13.0104 0x07a4 ============================================================
    13:54:13.0104 0x07a4 Current date / time: 2014/11/12 13:54:13.0104
    13:54:13.0104 0x07a4 SystemInfo:
    13:54:13.0104 0x07a4
    13:54:13.0104 0x07a4 OS Version: 6.0.6002 ServicePack: 2.0
    13:54:13.0104 0x07a4 Product type: Workstation
    13:54:13.0104 0x07a4 ComputerName: LUCIOMAGS-PC
    13:54:13.0104 0x07a4 UserName: LucioMags
    13:54:13.0104 0x07a4 Windows directory: C:\Windows
    13:54:13.0104 0x07a4 System windows directory: C:\Windows
    13:54:13.0104 0x07a4 Processor architecture: Intel x86
    13:54:13.0104 0x07a4 Number of processors: 1
    13:54:13.0104 0x07a4 Page size: 0x1000
    13:54:13.0104 0x07a4 Boot type: Safe boot with network
    13:54:13.0104 0x07a4 ============================================================
    13:54:15.0662 0x07a4 KLMD registered as C:\Windows\system32\drivers\56013310.sys
    13:54:15.0787 0x07a4 System UUID: {2F9AFD6A-B675-5C49-57AE-C2557F554E85}
    13:54:16.0380 0x07a4 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    13:54:16.0380 0x07a4 Drive \Device\Harddisk1\DR1 - Size: 0x3BD800000 ( 14.96 Gb ), SectorSize: 0x200, Cylinders: 0x7A1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    13:54:16.0380 0x07a4 ============================================================
    13:54:16.0380 0x07a4 \Device\Harddisk0\DR0:
    13:54:16.0380 0x07a4 MBR partitions:
    13:54:16.0380 0x07a4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x12A05000
    13:54:16.0380 0x07a4 \Device\Harddisk1\DR1:
    13:54:16.0380 0x07a4 MBR partitions:
    13:54:16.0380 0x07a4 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1DEBFE0
    13:54:16.0380 0x07a4 ============================================================
    13:54:16.0411 0x07a4 C: <-> \Device\Harddisk0\DR0\Partition1
    13:54:16.0411 0x07a4 ============================================================
    13:54:16.0411 0x07a4 Initialize success
    13:54:16.0411 0x07a4 ============================================================
    13:56:13.0973 0x0288 ============================================================
    13:56:13.0973 0x0288 Scan started
    13:56:13.0973 0x0288 Mode: Manual; TDLFS;
    13:56:13.0973 0x0288 ============================================================
    13:56:13.0973 0x0288 KSN ping started
    13:56:27.0779 0x0288 KSN ping finished: true
    13:56:29.0900 0x0288 ================ Scan system memory ========================
    13:56:29.0900 0x0288 System memory - ok
    13:56:29.0900 0x0288 ================ Scan services =============================
    13:56:30.0103 0x0288 [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI C:\Windows\system32\drivers\acpi.sys
    13:56:30.0119 0x0288 ACPI - ok
    13:56:30.0337 0x0288 [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    13:56:30.0337 0x0288 AdobeARMservice - ok
    13:56:30.0478 0x0288 [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    13:56:30.0493 0x0288 AdobeFlashPlayerUpdateSvc - ok
    13:56:30.0540 0x0288 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    13:56:30.0556 0x0288 adp94xx - ok
    13:56:30.0587 0x0288 [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    13:56:30.0618 0x0288 adpahci - ok
    13:56:30.0634 0x0288 [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
    13:56:30.0634 0x0288 adpu160m - ok
    13:56:30.0649 0x0288 [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    13:56:30.0665 0x0288 adpu320 - ok
    13:56:30.0712 0x0288 [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    13:56:30.0727 0x0288 AeLookupSvc - ok
    13:56:30.0805 0x0288 [ F5272A105F59A7B3B345D9D6D87DA7AD, 9E84776994D04240BF2537330DBB555EDE16DFCFC59DEDCBA05A44ED7F70BEFA ] AFD C:\Windows\system32\drivers\afd.sys
    13:56:30.0883 0x0288 AFD - ok
    13:56:30.0946 0x0288 [ 68DD1D7A0783D184054184AEED5A779B, 873E72777FF27D95D94C186604936751B461E3046A4061872FEFBAFAC957F0C8 ] AFW C:\Windows\system32\DRIVERS\afw.sys
    13:56:30.0946 0x0288 AFW - ok
    13:56:30.0992 0x0288 [ 851D40AD98DCB7FF408CDB61983C4C3A, 5D1D0FF1BCB76E7690EB445538C8E9829B320767DB45B269AB390541D5C9AD20 ] afwcore C:\Windows\system32\DRIVERS\afwcore.sys
    13:56:31.0024 0x0288 afwcore - ok
    13:56:31.0102 0x0288 [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440 C:\Windows\system32\drivers\agp440.sys
    13:56:31.0102 0x0288 agp440 - ok
    13:56:31.0180 0x0288 [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
    13:56:31.0195 0x0288 aic78xx - ok
    13:56:31.0211 0x0288 [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe
    13:56:31.0211 0x0288 ALG - ok
    13:56:31.0226 0x0288 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide C:\Windows\system32\drivers\aliide.sys
    13:56:31.0226 0x0288 aliide - ok
    13:56:31.0258 0x0288 [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    13:56:31.0258 0x0288 amdagp - ok
    13:56:31.0320 0x0288 [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide C:\Windows\system32\drivers\amdide.sys
    13:56:31.0320 0x0288 amdide - ok
    13:56:31.0336 0x0288 [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
    13:56:31.0336 0x0288 AmdK7 - ok
    13:56:31.0351 0x0288 [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    13:56:31.0367 0x0288 AmdK8 - ok
    13:56:31.0445 0x0288 [ 448DA519F3B6FFA158C513156053181E, AA37D1F9CAE0D92A381F2F95E980C5ABD688DB115DD79F9B3DBBCCF9715BEF7A ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
    13:56:31.0460 0x0288 ApfiltrService - ok
    13:56:31.0554 0x0288 [ 8F7D200717A58E9800D391F4C2101577, F07CF0F5636F46D8F3D5133284943E991E8739E5A644BCA5F18BB896B374620D ] Appinfo C:\Windows\System32\appinfo.dll
    13:56:31.0554 0x0288 Appinfo - ok
    13:56:31.0616 0x0288 [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc C:\Windows\system32\drivers\arc.sys
    13:56:31.0616 0x0288 arc - ok
    13:56:31.0663 0x0288 [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas C:\Windows\system32\drivers\arcsas.sys
    13:56:31.0663 0x0288 arcsas - ok
    13:56:31.0772 0x0288 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    13:56:31.0804 0x0288 aspnet_state - ok
    13:56:31.0866 0x0288 [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    13:56:31.0866 0x0288 AsyncMac - ok
    13:56:31.0897 0x0288 [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi C:\Windows\system32\drivers\atapi.sys
    13:56:31.0897 0x0288 atapi - ok
    13:56:31.0975 0x0288 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    13:56:32.0006 0x0288 AudioEndpointBuilder - ok
    13:56:32.0022 0x0288 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv C:\Windows\System32\Audiosrv.dll
    13:56:32.0038 0x0288 Audiosrv - ok
    13:56:32.0069 0x0288 [ 423C7B87E886AC93D22936EA82665F83, 98B807D855A746E68525AEEBB6D45AF418861C2111D7F8493A8A6FB59F6C6F8E ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
    13:56:32.0069 0x0288 BCM42RLY - ok
    13:56:32.0209 0x0288 [ B56999BE8F22BA3071E4CEAFA9E82E26, 9130E93495738A16DA83DDBC077C153D1E24FACD203DABF299DBEE45DD326A64 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
    13:56:32.0256 0x0288 BCM43XX - ok
    13:56:32.0381 0x0288 [ 809F903D456C24142ACDD90ACB7EF6E8, 973C386D5EF3417424A17038F67AEE719D9AC83D43D17A2FE564AE9CB923C4DB ] BdAgent C:\Windows\system32\DRIVERS\BdAgent.sys
    13:56:32.0381 0x0288 BdAgent - ok
    13:56:32.0474 0x0288 [ 4952053742AE6305F6E4E165A7FAA10D, 5B34495086D1EC5558AC29718DB366C4FA8C6AFC39BB623832222A5B099F2945 ] BdSpy C:\Windows\system32\drivers\BdSpy.sys
    13:56:32.0474 0x0288 BdSpy - ok
    13:56:32.0537 0x0288 [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys
    13:56:32.0537 0x0288 Beep - ok
    13:56:32.0646 0x0288 [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE C:\Windows\System32\bfe.dll
    13:56:32.0677 0x0288 BFE - ok
    13:56:32.0771 0x0288 [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS C:\Windows\System32\qmgr.dll
    13:56:32.0864 0x0288 BITS - ok
    13:56:32.0896 0x0288 [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    13:56:32.0896 0x0288 blbdrive - ok
    13:56:32.0927 0x0288 [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    13:56:32.0927 0x0288 bowser - ok
    13:56:33.0005 0x0288 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
    13:56:33.0005 0x0288 BrFiltLo - ok
    13:56:33.0020 0x0288 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
    13:56:33.0020 0x0288 BrFiltUp - ok
    13:56:33.0036 0x0288 [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll
    13:56:33.0052 0x0288 Browser - ok
    13:56:33.0114 0x0288 [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys
    13:56:33.0114 0x0288 Brserid - ok
    13:56:33.0145 0x0288 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
    13:56:33.0145 0x0288 BrSerWdm - ok
    13:56:33.0161 0x0288 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
    13:56:33.0161 0x0288 BrUsbMdm - ok
    13:56:33.0176 0x0288 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
    13:56:33.0176 0x0288 BrUsbSer - ok
    13:56:33.0457 0x0288 [ 43817F28790F2F038EE933F8788F98EB, 62F2B236EA8CBB89031AE558490D034FFA5FDCFC8BA45BDE2662461B9ECE84C4 ] BsBackup C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll
    13:56:33.0473 0x0288 BsBackup - ok
    13:56:33.0598 0x0288 [ C4587FFFA74221B588B7771CFA64E122, 41E2FBE8F5936EC89EADC9B2ACD09E5456EACE508EDB532C7D9AA9ECE3A6E441 ] BsBhvScan C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
    13:56:33.0613 0x0288 BsBhvScan - ok
    13:56:33.0660 0x0288 [ 3F66A33278FD3331F3C2BBC19B942E49, 60C265970CE427AB3A00DECB48BD15C98F346C708ECA337F00FE3789EB43A7E7 ] BsCache C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll
    13:56:33.0660 0x0288 BsCache - ok
    13:56:33.0754 0x0288 [ BA4B2E0691E5C5BFF886536EE02A2FF3, 9ADE7C9A8630DE5E5F6BFFE49A0BB327376751B33D07790E4B0DFBB84AF28F32 ] BsFileScan c:\program files\bullguard ltd\bullguard\BsFileScan.dll
    13:56:33.0769 0x0288 BsFileScan - ok
    13:56:33.0863 0x0288 [ 70B7127E88CACB235BA221BE8000CFF5, D4057DBF2181C530094A5D88A885A8D9184AA8177482DB6F72D4EF3E88BBB6A2 ] BsFire c:\program files\bullguard ltd\bullguard\BsFire.dll
    13:56:33.0878 0x0288 BsFire - ok
    13:56:34.0081 0x0288 [ 4C846909CCD026BC4C136D0F547B6203, 77E06F544667A5FBA72EEF461F5E072705AAC718D57550ADD90FEE6D2AC81988 ] BsMailProxy c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll
    13:56:34.0097 0x0288 BsMailProxy - ok
    13:56:34.0206 0x0288 [ 3FF1705ED1002C2D6801E0C204D1B27C, D905CC006D519AB82F695C5718B6F2229B7E4C458925973C00B4F0855652C1B6 ] BsMain C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll
    13:56:34.0206 0x0288 BsMain - ok
    13:56:34.0268 0x0288 [ 97589179D89BF668A1BE6DDC33F7327F, 41EA609B528C323ECF1572F5A67DF2C4244FFD6C44DE2DC10739C2E31F62602B ] BsScanner C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
    13:56:34.0268 0x0288 BsScanner - ok
    13:56:34.0362 0x0288 [ B5D0156C54A8391388DE772610EB4DC0, 9352B04674D0122F610FCD0596D2499E714F5428B03C1A8A4B73424CB2AA5746 ] BsUpdate C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
    13:56:34.0362 0x0288 BsUpdate - ok
    13:56:34.0456 0x0288 [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    13:56:34.0456 0x0288 BTHMODEM - ok
    13:56:34.0518 0x0288 [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    13:56:34.0518 0x0288 cdfs - ok
    13:56:34.0549 0x0288 [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    13:56:34.0549 0x0288 cdrom - ok
    13:56:34.0690 0x0288 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc C:\Windows\System32\certprop.dll
    13:56:34.0690 0x0288 CertPropSvc - ok
    13:56:34.0721 0x0288 [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass C:\Windows\system32\drivers\circlass.sys
    13:56:34.0721 0x0288 circlass - ok
    13:56:34.0752 0x0288 [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS C:\Windows\system32\CLFS.sys
    13:56:34.0768 0x0288 CLFS - ok
    13:56:34.0877 0x0288 [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    13:56:34.0877 0x0288 clr_optimization_v2.0.50727_32 - ok
    13:56:35.0002 0x0288 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    13:56:35.0095 0x0288 clr_optimization_v4.0.30319_32 - ok
    13:56:35.0173 0x0288 [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    13:56:35.0173 0x0288 CmBatt - ok
    13:56:35.0236 0x0288 [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    13:56:35.0236 0x0288 cmdide - ok
    13:56:35.0314 0x0288 [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    13:56:35.0314 0x0288 Compbatt - ok
    13:56:35.0329 0x0288 COMSysApp - ok
    13:56:35.0392 0x0288 [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    13:56:35.0392 0x0288 crcdisk - ok
    13:56:35.0407 0x0288 [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe C:\Windows\system32\drivers\crusoe.sys
    13:56:35.0407 0x0288 Crusoe - ok
    13:56:35.0501 0x0288 [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    13:56:35.0516 0x0288 CryptSvc - ok
    13:56:35.0626 0x0288 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch C:\Windows\system32\rpcss.dll
    13:56:35.0704 0x0288 DcomLaunch - ok
    13:56:35.0735 0x0288 [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    13:56:35.0735 0x0288 DfsC - ok
    13:56:35.0891 0x0288 [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR C:\Windows\system32\DFSR.exe
    13:56:35.0984 0x0288 DFSR - ok
    13:56:36.0078 0x0288 [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
    13:56:36.0094 0x0288 Dhcp - ok
    13:56:36.0172 0x0288 [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk C:\Windows\system32\drivers\disk.sys
    13:56:36.0187 0x0288 disk - ok
    13:56:36.0281 0x0288 [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache C:\Windows\System32\dnsrslvr.dll
    13:56:36.0281 0x0288 Dnscache - ok
    13:56:36.0312 0x0288 [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc C:\Windows\System32\dot3svc.dll
    13:56:36.0328 0x0288 dot3svc - ok
    13:56:36.0390 0x0288 [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll
    13:56:36.0390 0x0288 DPS - ok
    13:56:36.0484 0x0288 [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    13:56:36.0484 0x0288 drmkaud - ok
    13:56:36.0593 0x0288 [ 5C2C209CDEFBC51D83D66E8A53B2BE89, 7AE68672A6BEEF601017BE28AA0BF3673318EFE97AA08E70F58A9391C54DF71F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    13:56:36.0671 0x0288 DXGKrnl - ok
    13:56:36.0718 0x0288 [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
    13:56:36.0718 0x0288 E1G60 - ok
    13:56:36.0780 0x0288 [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll
    13:56:36.0780 0x0288 EapHost - ok
    13:56:36.0858 0x0288 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache C:\Windows\system32\drivers\ecache.sys
    13:56:36.0874 0x0288 Ecache - ok
    13:56:36.0967 0x0288 [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    13:56:36.0998 0x0288 elxstor - ok
    13:56:37.0061 0x0288 [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
    13:56:37.0092 0x0288 EMDMgmt - ok
    13:56:37.0108 0x0288 [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev C:\Windows\system32\drivers\errdev.sys
    13:56:37.0108 0x0288 ErrDev - ok
    13:56:37.0154 0x0288 [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem C:\Windows\system32\es.dll
    13:56:37.0186 0x0288 EventSystem - ok
    13:56:37.0264 0x0288 [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat C:\Windows\system32\drivers\exfat.sys
    13:56:37.0264 0x0288 exfat - ok
    13:56:37.0326 0x0288 [ 4E404505B3F62ECFBDBCBBCF0A72DBC5, 9F446ED06A31BFE52C4F1E8ACC400B8E3F47A3CC02FFC950DB861B2B3BA4C5B9 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    13:56:37.0342 0x0288 fastfat - ok
    13:56:37.0420 0x0288 [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    13:56:37.0435 0x0288 fdc - ok
    13:56:37.0466 0x0288 [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll
    13:56:37.0466 0x0288 fdPHost - ok
    13:56:37.0482 0x0288 [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll
    13:56:37.0482 0x0288 FDResPub - ok
    13:56:37.0498 0x0288 [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    13:56:37.0513 0x0288 FileInfo - ok
    13:56:37.0529 0x0288 [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    13:56:37.0529 0x0288 Filetrace - ok
    13:56:37.0544 0x0288 [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    13:56:37.0544 0x0288 flpydisk - ok
    13:56:37.0591 0x0288 [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    13:56:37.0607 0x0288 FltMgr - ok
    13:56:37.0716 0x0288 [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache C:\Windows\system32\FntCache.dll
    13:56:37.0747 0x0288 FontCache - ok
    13:56:37.0825 0x0288 [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    13:56:37.0825 0x0288 FontCache3.0.0.0 - ok
    13:56:37.0872 0x0288 [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    13:56:37.0872 0x0288 Fs_Rec - ok
    13:56:37.0903 0x0288 [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    13:56:37.0903 0x0288 gagp30kx - ok
    13:56:37.0997 0x0288 [ F84E17EEFC2EC0614265D2B204FEEE55, 59B7DE977A7E7B8B516706A4C1D6F2FA9F7894C527142B6579498C1724B5A3CF ] Garmin Core Update Service C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    13:56:37.0997 0x0288 Garmin Core Update Service - ok
    13:56:38.0106 0x0288 [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc C:\Windows\System32\gpsvc.dll
    13:56:38.0184 0x0288 gpsvc - ok
    13:56:38.0278 0x0288 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    13:56:38.0293 0x0288 gupdate - ok
    13:56:38.0340 0x0288 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    13:56:38.0340 0x0288 gupdatem - ok
    13:56:38.0449 0x0288 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    13:56:38.0449 0x0288 gusvc - ok
    13:56:38.0574 0x0288 [ 3F90E001369A07243763BD5A523D8722, 25907F85787D879E75C3FE74C93567382AFB2D528BEEC61D71E3A6BE2D71DFBE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    13:56:38.0574 0x0288 HdAudAddService - ok
    13:56:38.0652 0x0288 [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    13:56:38.0683 0x0288 HDAudBus - ok
    13:56:38.0714 0x0288 [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys
    13:56:38.0714 0x0288 HidBth - ok
    13:56:38.0746 0x0288 [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr C:\Windows\system32\drivers\hidir.sys
    13:56:38.0746 0x0288 HidIr - ok
    13:56:38.0777 0x0288 [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv C:\Windows\system32\hidserv.dll
    13:56:38.0777 0x0288 hidserv - ok
    13:56:38.0808 0x0288 [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    13:56:38.0808 0x0288 HidUsb - ok
    13:56:38.0839 0x0288 [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll
    13:56:38.0855 0x0288 hkmsvc - ok
    13:56:38.0886 0x0288 [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
    13:56:38.0917 0x0288 HpCISSs - ok
    13:56:38.0948 0x0288 [ 0EEECA26C8D4BDE2A4664DB058A81937, 6F88567A116B1420BE1C9C8888F34D05F51378092C805EF4E489635CF92D416B ] HTTP C:\Windows\system32\drivers\HTTP.sys
    13:56:38.0980 0x0288 HTTP - ok
    13:56:39.0026 0x0288 hwdatacard - ok
    13:56:39.0042 0x0288 hwusbfake - ok
    13:56:39.0104 0x0288 [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
    13:56:39.0104 0x0288 i2omp - ok
    13:56:39.0182 0x0288 [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    13:56:39.0198 0x0288 i8042prt - ok
    13:56:39.0245 0x0288 [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
    13:56:39.0260 0x0288 iaStorV - ok
    13:56:39.0385 0x0288 [ DD386C45D2B5863740166783448A2E7A, 10B912BA70306644BE73A53AF4DCDFF63880C4C5860FF6DBA92B0914EB566718 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    13:56:39.0416 0x0288 idsvc - ok
    13:56:39.0572 0x0288 [ 8DAD27DD28A4274866767C89C0BF154F, E2E285DE595E2DC0E3A38AD79AF2605759B211BA06AE2904A3F0062F7F5ACB5E ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
    13:56:39.0682 0x0288 igfx - ok
    13:56:39.0744 0x0288 [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys
    13:56:39.0744 0x0288 iirsp - ok
    13:56:39.0838 0x0288 [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT C:\Windows\System32\ikeext.dll
    13:56:39.0884 0x0288 IKEEXT - ok
    13:56:39.0978 0x0288 [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide C:\Windows\system32\drivers\intelide.sys
    13:56:39.0978 0x0288 intelide - ok
    13:56:40.0025 0x0288 [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    13:56:40.0025 0x0288 intelppm - ok
    13:56:40.0056 0x0288 [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    13:56:40.0056 0x0288 IPBusEnum - ok
    13:56:40.0087 0x0288 [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    13:56:40.0087 0x0288 IpFilterDriver - ok
    13:56:40.0134 0x0288 [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    13:56:40.0150 0x0288 iphlpsvc - ok
    13:56:40.0165 0x0288 IpInIp - ok
    13:56:40.0196 0x0288 [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
    13:56:40.0196 0x0288 IPMIDRV - ok
    13:56:40.0228 0x0288 [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
    13:56:40.0243 0x0288 IPNAT - ok
    13:56:40.0290 0x0288 [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    13:56:40.0290 0x0288 IRENUM - ok
    13:56:40.0368 0x0288 [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    13:56:40.0368 0x0288 isapnp - ok
    13:56:40.0415 0x0288 [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    13:56:40.0415 0x0288 iScsiPrt - ok
    13:56:40.0493 0x0288 [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
    13:56:40.0493 0x0288 iteatapi - ok
    13:56:40.0555 0x0288 [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys
    13:56:40.0555 0x0288 iteraid - ok
    13:56:40.0618 0x0288 [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    13:56:40.0618 0x0288 kbdclass - ok
    13:56:40.0711 0x0288 [ 18247836959BA67E3511B62846B9C2E0, 9623FF990A1C11A707C358CC9FDD4306C2992A8C766A50DAFC9534A283AA011D ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    13:56:40.0711 0x0288 kbdhid - ok
    13:56:40.0758 0x0288 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso C:\Windows\system32\lsass.exe
    13:56:40.0758 0x0288 KeyIso - ok
    13:56:40.0820 0x0288 [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    13:56:40.0836 0x0288 KSecDD - ok
    13:56:40.0930 0x0288 [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll
    13:56:40.0961 0x0288 KtmRm - ok
    13:56:40.0992 0x0288 [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer C:\Windows\system32\srvsvc.dll
    13:56:41.0023 0x0288 LanmanServer - ok
    13:56:41.0101 0x0288 [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    13:56:41.0117 0x0288 LanmanWorkstation - ok
    13:56:41.0164 0x0288 [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    13:56:41.0164 0x0288 lltdio - ok
    13:56:41.0210 0x0288 [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    13:56:41.0210 0x0288 lltdsvc - ok
    13:56:41.0242 0x0288 [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll
    13:56:41.0242 0x0288 lmhosts - ok
    13:56:41.0288 0x0288 [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    13:56:41.0304 0x0288 LSI_FC - ok
    13:56:41.0335 0x0288 [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    13:56:41.0335 0x0288 LSI_SAS - ok
    13:56:41.0382 0x0288 [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    13:56:41.0382 0x0288 LSI_SCSI - ok
    13:56:41.0429 0x0288 [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys
    13:56:41.0429 0x0288 luafv - ok
    13:56:41.0507 0x0288 [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas C:\Windows\system32\drivers\megasas.sys
    13:56:41.0507 0x0288 megasas - ok
    13:56:41.0569 0x0288 [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR C:\Windows\system32\drivers\megasr.sys
    13:56:41.0616 0x0288 MegaSR - ok
    13:56:41.0663 0x0288 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll
    13:56:41.0678 0x0288 MMCSS - ok
    13:56:41.0694 0x0288 [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys
    13:56:41.0694 0x0288 Modem - ok
    13:56:41.0756 0x0288 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    13:56:41.0772 0x0288 monitor - ok
    13:56:41.0788 0x0288 [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    13:56:41.0788 0x0288 mouclass - ok
    13:56:41.0819 0x0288 [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    13:56:41.0819 0x0288 mouhid - ok
    13:56:41.0834 0x0288 [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
    13:56:41.0834 0x0288 MountMgr - ok
    13:56:41.0897 0x0288 [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio C:\Windows\system32\drivers\mpio.sys
    13:56:41.0912 0x0288 mpio - ok
    13:56:41.0944 0x0288 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    13:56:41.0959 0x0288 mpsdrv - ok
    13:56:42.0006 0x0288 [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc C:\Windows\system32\mpssvc.dll
    13:56:42.0037 0x0288 MpsSvc - ok
    13:56:42.0068 0x0288 [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
    13:56:42.0068 0x0288 Mraid35x - ok
    13:56:42.0115 0x0288 [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    13:56:42.0115 0x0288 MRxDAV - ok
    13:56:42.0162 0x0288 [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    13:56:42.0162 0x0288 mrxsmb - ok
    13:56:42.0271 0x0288 [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    13:56:42.0271 0x0288 mrxsmb10 - ok
    13:56:42.0334 0x0288 [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    13:56:42.0334 0x0288 mrxsmb20 - ok
    13:56:42.0412 0x0288 [ 5457DCFA7C0DA43522F4D9D4049C1472, C8B0FD8F96E4FC5CB4B74D5968E808F44B4371F0A797B1D368E6A6080CB862FD ] msahci C:\Windows\system32\drivers\msahci.sys
    13:56:42.0412 0x0288 msahci - ok
    13:56:42.0474 0x0288 [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    13:56:42.0490 0x0288 msdsm - ok
    13:56:42.0552 0x0288 [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe
    13:56:42.0568 0x0288 MSDTC - ok
    13:56:42.0583 0x0288 [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    13:56:42.0583 0x0288 Msfs - ok
    13:56:42.0646 0x0288 [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    13:56:42.0646 0x0288 msisadrv - ok
    13:56:42.0692 0x0288 [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    13:56:42.0692 0x0288 MSiSCSI - ok
    13:56:42.0708 0x0288 msiserver - ok
    13:56:42.0770 0x0288 [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    13:56:42.0770 0x0288 MSKSSRV - ok
    13:56:42.0833 0x0288 [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    13:56:42.0833 0x0288 MSPCLOCK - ok
    13:56:42.0895 0x0288 [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    13:56:42.0895 0x0288 MSPQM - ok
    13:56:42.0958 0x0288 [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    13:56:42.0958 0x0288 MsRPC - ok
    13:56:43.0036 0x0288 [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    13:56:43.0036 0x0288 mssmbios - ok
    13:56:43.0082 0x0288 [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    13:56:43.0082 0x0288 MSTEE - ok
    13:56:43.0129 0x0288 [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup C:\Windows\system32\Drivers\mup.sys
    13:56:43.0129 0x0288 Mup - ok
    13:56:43.0176 0x0288 [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent C:\Windows\system32\qagentRT.dll
    13:56:43.0254 0x0288 napagent - ok
    13:56:43.0285 0x0288 [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    13:56:43.0301 0x0288 NativeWifiP - ok
    13:56:43.0394 0x0288 [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS C:\Windows\system32\drivers\ndis.sys
    13:56:43.0410 0x0288 NDIS - ok
    13:56:43.0457 0x0288 [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    13:56:43.0457 0x0288 NdisTapi - ok
    13:56:43.0472 0x0288 [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    13:56:43.0472 0x0288 Ndisuio - ok
    13:56:43.0504 0x0288 [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    13:56:43.0519 0x0288 NdisWan - ok
    13:56:43.0535 0x0288 [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    13:56:43.0535 0x0288 NDProxy - ok
    13:56:43.0566 0x0288 [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    13:56:43.0566 0x0288 NetBIOS - ok
    13:56:43.0597 0x0288 [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
    13:56:43.0613 0x0288 netbt - ok
    13:56:43.0660 0x0288 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon C:\Windows\system32\lsass.exe
    13:56:43.0660 0x0288 Netlogon - ok
    13:56:43.0753 0x0288 [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll
    13:56:43.0831 0x0288 Netman - ok
    13:56:43.0909 0x0288 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    13:56:43.0972 0x0288 NetMsmqActivator - ok
    13:56:43.0972 0x0288 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    13:56:43.0987 0x0288 NetPipeActivator - ok
    13:56:44.0034 0x0288 [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll
    13:56:44.0050 0x0288 netprofm - ok
    13:56:44.0065 0x0288 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    13:56:44.0081 0x0288 NetTcpActivator - ok
    13:56:44.0081 0x0288 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    13:56:44.0096 0x0288 NetTcpPortSharing - ok
    13:56:44.0159 0x0288 [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    13:56:44.0159 0x0288 nfrd960 - ok
    13:56:44.0206 0x0288 [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc C:\Windows\System32\nlasvc.dll
    13:56:44.0221 0x0288 NlaSvc - ok
    13:56:44.0330 0x0288 [ CA01A33633E45D122752581A4F19E161, FA98ED6E9953CE2D255E8A7C22944A68CD691104DEDEC3928CDB59CB04E5FA9B ] NovaShieldFilterDriver C:\Windows\system32\DRIVERS\NSKernel.sys
    13:56:44.0330 0x0288 NovaShieldFilterDriver - ok
    13:56:44.0377 0x0288 [ 3EFA383638F87788AD17EAEB2562C084, BD5CC8EF57862D41FB026EE498708B93EE95A629AA48E54AD930F03F1557075E ] NovaShieldTDIDriver C:\Windows\system32\DRIVERS\NSNetmon.sys
    13:56:44.0377 0x0288 NovaShieldTDIDriver - ok
    13:56:44.0455 0x0288 [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    13:56:44.0455 0x0288 Npfs - ok
    13:56:44.0502 0x0288 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll
    13:56:44.0502 0x0288 nsi - ok
    13:56:44.0518 0x0288 [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    13:56:44.0518 0x0288 nsiproxy - ok
    13:56:44.0596 0x0288 [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    13:56:44.0642 0x0288 Ntfs - ok
    13:56:44.0674 0x0288 [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
    13:56:44.0674 0x0288 ntrigdigi - ok
    13:56:44.0705 0x0288 [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys
    13:56:44.0705 0x0288 Null - ok
    13:56:44.0736 0x0288 [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid C:\Windows\system32\drivers\nvraid.sys
    13:56:44.0752 0x0288 nvraid - ok
    13:56:44.0783 0x0288 [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    13:56:44.0783 0x0288 nvstor - ok
    13:56:44.0814 0x0288 [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    13:56:44.0814 0x0288 nv_agp - ok
    13:56:44.0830 0x0288 NwlnkFlt - ok
    13:56:44.0845 0x0288 NwlnkFwd - ok
    13:56:44.0861 0x0288 [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    13:56:44.0861 0x0288 ohci1394 - ok
    13:56:44.0939 0x0288 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc C:\Windows\system32\p2psvc.dll
    13:56:45.0017 0x0288 p2pimsvc - ok
    13:56:45.0064 0x0288 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc C:\Windows\system32\p2psvc.dll
    13:56:45.0110 0x0288 p2psvc - ok
    13:56:45.0188 0x0288 [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport C:\Windows\system32\drivers\parport.sys
    13:56:45.0204 0x0288 Parport - ok
    13:56:45.0266 0x0288 [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr C:\Windows\system32\drivers\partmgr.sys
    13:56:45.0266 0x0288 partmgr - ok
    13:56:45.0344 0x0288 [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
    13:56:45.0344 0x0288 Parvdm - ok
    13:56:45.0438 0x0288 [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll
    13:56:45.0438 0x0288 PcaSvc - ok
    13:56:45.0516 0x0288 [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci C:\Windows\system32\drivers\pci.sys
    13:56:45.0516 0x0288 pci - ok
    13:56:45.0563 0x0288 [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide C:\Windows\system32\drivers\pciide.sys
    13:56:45.0563 0x0288 pciide - ok
    13:56:45.0578 0x0288 [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    13:56:45.0594 0x0288 pcmcia - ok
    13:56:45.0719 0x0288 [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    13:56:45.0812 0x0288 PEAUTH - ok
    13:56:46.0000 0x0288 [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll
    13:56:46.0093 0x0288 pla - ok
    13:56:46.0140 0x0288 [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    13:56:46.0156 0x0288 PlugPlay - ok
    13:56:46.0249 0x0288 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
    13:56:46.0280 0x0288 PNRPAutoReg - ok
    13:56:46.0374 0x0288 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc C:\Windows\system32\p2psvc.dll
    13:56:46.0405 0x0288 PNRPsvc - ok
    13:56:46.0499 0x0288 [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    13:56:46.0561 0x0288 PolicyAgent - ok
    13:56:46.0608 0x0288 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    13:56:46.0608 0x0288 PptpMiniport - ok
    13:56:46.0670 0x0288 [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor C:\Windows\system32\drivers\processr.sys
    13:56:46.0670 0x0288 Processor - ok
    13:56:46.0748 0x0288 [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc C:\Windows\system32\profsvc.dll
    13:56:46.0748 0x0288 ProfSvc - ok
    13:56:46.0811 0x0288 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
    13:56:46.0811 0x0288 ProtectedStorage - ok
    13:56:46.0889 0x0288 [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
    13:56:46.0889 0x0288 PSched - ok
    13:56:46.0998 0x0288 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    13:56:47.0045 0x0288 ql2300 - ok
    13:56:47.0076 0x0288 [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    13:56:47.0092 0x0288 ql40xx - ok
    13:56:47.0138 0x0288 [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll
    13:56:47.0154 0x0288 QWAVE - ok
    13:56:47.0232 0x0288 [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    13:56:47.0232 0x0288 QWAVEdrv - ok
    13:56:47.0248 0x0288 [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    13:56:47.0248 0x0288 RasAcd - ok
    13:56:47.0279 0x0288 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll
    13:56:47.0279 0x0288 RasAuto - ok
    13:56:47.0357 0x0288 [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    13:56:47.0357 0x0288 Rasl2tp - ok
    13:56:47.0450 0x0288 [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan C:\Windows\System32\rasmans.dll
    13:56:47.0466 0x0288 RasMan - ok
    13:56:47.0528 0x0288 [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    13:56:47.0528 0x0288 RasPppoe - ok
    13:56:47.0560 0x0288 [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    13:56:47.0560 0x0288 RasSstp - ok
    13:56:47.0591 0x0288 [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    13:56:47.0591 0x0288 rdbss - ok
    13:56:47.0653 0x0288 [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    13:56:47.0669 0x0288 RDPCDD - ok
    13:56:47.0747 0x0288 [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
    13:56:47.0747 0x0288 rdpdr - ok
    13:56:47.0762 0x0288 [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    13:56:47.0762 0x0288 RDPENCDD - ok
    13:56:47.0809 0x0288 [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    13:56:47.0809 0x0288 RDPWD - ok
    13:56:47.0903 0x0288 [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll
    13:56:47.0903 0x0288 RemoteAccess - ok
    13:56:47.0965 0x0288 [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    13:56:47.0981 0x0288 RemoteRegistry - ok
    13:56:48.0043 0x0288 [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe
    13:56:48.0043 0x0288 RpcLocator - ok
    13:56:48.0074 0x0288 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs C:\Windows\system32\rpcss.dll
    13:56:48.0090 0x0288 RpcSs - ok
    13:56:48.0152 0x0288 [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    13:56:48.0152 0x0288 rspndr - ok
    13:56:48.0215 0x0288 [ 9B09F336DE36A7A6CA871DE8A7847B65, 1F99D1F3298F0C66E93287E269EAB001140A9F2A6E867E11B30F21B04B720AB9 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
    13:56:48.0215 0x0288 RTSTOR - ok
    13:56:48.0277 0x0288 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs C:\Windows\system32\lsass.exe
    13:56:48.0277 0x0288 SamSs - ok
    13:56:48.0324 0x0288 [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    13:56:48.0324 0x0288 sbp2port - ok
    13:56:48.0418 0x0288 [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    13:56:48.0433 0x0288 SCardSvr - ok
    13:56:48.0527 0x0288 [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule C:\Windows\system32\schedsvc.dll
    13:56:48.0605 0x0288 Schedule - ok
    13:56:48.0620 0x0288 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc C:\Windows\System32\certprop.dll
    13:56:48.0620 0x0288 SCPolicySvc - ok
    13:56:48.0667 0x0288 [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    13:56:48.0683 0x0288 SDRSVC - ok
    13:56:48.0948 0x0288 [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    13:56:49.0057 0x0288 SDScannerService - ok
    13:56:49.0166 0x0288 [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    13:56:49.0244 0x0288 SDUpdateService - ok
    13:56:49.0291 0x0288 [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    13:56:49.0307 0x0288 SDWSCService - ok
    13:56:49.0369 0x0288 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    13:56:49.0369 0x0288 secdrv - ok
    13:56:49.0400 0x0288 [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll
    13:56:49.0400 0x0288 seclogon - ok
    13:56:49.0463 0x0288 [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\System32\sens.dll
    13:56:49.0494 0x0288 SENS - ok
    13:56:49.0525 0x0288 [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum C:\Windows\system32\drivers\serenum.sys
    13:56:49.0525 0x0288 Serenum - ok
    13:56:49.0588 0x0288 [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial C:\Windows\system32\drivers\serial.sys
    13:56:49.0588 0x0288 Serial - ok
    13:56:49.0603 0x0288 [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    13:56:49.0619 0x0288 sermouse - ok
    13:56:49.0650 0x0288 [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll
    13:56:49.0650 0x0288 SessionEnv - ok
    13:56:49.0712 0x0288 [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    13:56:49.0712 0x0288 sffdisk - ok
    13:56:49.0775 0x0288 [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    13:56:49.0775 0x0288 sffp_mmc - ok
    13:56:49.0790 0x0288 [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    13:56:49.0790 0x0288 sffp_sd - ok
    13:56:49.0837 0x0288 [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    13:56:49.0837 0x0288 sfloppy - ok
    13:56:49.0931 0x0288 [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    13:56:49.0946 0x0288 SharedAccess - ok
    13:56:50.0024 0x0288 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    13:56:50.0040 0x0288 ShellHWDetection - ok
    13:56:50.0102 0x0288 [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp C:\Windows\system32\drivers\sisagp.sys
    13:56:50.0102 0x0288 sisagp - ok
    13:56:50.0165 0x0288 [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
    13:56:50.0165 0x0288 SiSRaid2 - ok
    13:56:50.0227 0x0288 [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    13:56:50.0227 0x0288 SiSRaid4 - ok
    13:56:50.0477 0x0288 [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc C:\Windows\system32\SLsvc.exe
    13:56:50.0664 0x0288 slsvc - ok
    13:56:50.0742 0x0288 [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify C:\Windows\system32\SLUINotify.dll
    13:56:50.0742 0x0288 SLUINotify - ok
    13:56:50.0820 0x0288 [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb C:\Windows\system32\DRIVERS\smb.sys
    13:56:50.0836 0x0288 Smb - ok
    13:56:50.0898 0x0288 [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    13:56:50.0898 0x0288 SNMPTRAP - ok
    13:56:50.0976 0x0288 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys
    13:56:50.0976 0x0288 spldr - ok
    13:56:51.0054 0x0288 [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler C:\Windows\System32\spoolsv.exe
    13:56:51.0070 0x0288 Spooler - ok
    13:56:51.0132 0x0288 sprtsvc_dellsupportcenter - ok
    13:56:51.0179 0x0288 [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv C:\Windows\system32\DRIVERS\srv.sys
    13:56:51.0194 0x0288 srv - ok
    13:56:51.0226 0x0288 [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    13:56:51.0241 0x0288 srv2 - ok
    13:56:51.0257 0x0288 [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    13:56:51.0272 0x0288 srvnet - ok
    13:56:51.0288 0x0288 [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    13:56:51.0304 0x0288 SSDPSRV - ok
    13:56:51.0397 0x0288 [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc C:\Windows\system32\sstpsvc.dll
    13:56:51.0397 0x0288 SstpSvc - ok
    13:56:51.0506 0x0288 [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc C:\Windows\System32\wiaservc.dll
    13:56:51.0584 0x0288 stisvc - ok
    13:56:51.0631 0x0288 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    13:56:51.0631 0x0288 swenum - ok
    13:56:51.0678 0x0288 [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv C:\Windows\System32\swprv.dll
    13:56:51.0694 0x0288 swprv - ok
    13:56:51.0725 0x0288 [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
    13:56:51.0725 0x0288 Symc8xx - ok
    13:56:51.0772 0x0288 [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
    13:56:51.0772 0x0288 Sym_hi - ok
    13:56:51.0850 0x0288 [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
    13:56:51.0850 0x0288 Sym_u3 - ok
    13:56:51.0943 0x0288 [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain C:\Windows\system32\sysmain.dll
    13:56:52.0021 0x0288 SysMain - ok
    13:56:52.0052 0x0288 [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
    13:56:52.0052 0x0288 TabletInputService - ok
    13:56:52.0099 0x0288 [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv C:\Windows\System32\tapisrv.dll
    13:56:52.0115 0x0288 TapiSrv - ok
    13:56:52.0177 0x0288 [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS C:\Windows\System32\tbssvc.dll
    13:56:52.0177 0x0288 TBS - ok
    13:56:52.0255 0x0288 [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    13:56:52.0286 0x0288 Tcpip - ok
    13:56:52.0349 0x0288 [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
    13:56:52.0380 0x0288 Tcpip6 - ok
    13:56:52.0427 0x0288 [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    13:56:52.0442 0x0288 tcpipreg - ok
    13:56:52.0474 0x0288 [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    13:56:52.0474 0x0288 TDPIPE - ok
    13:56:52.0520 0x0288 [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    13:56:52.0520 0x0288 TDTCP - ok
    13:56:52.0614 0x0288 [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    13:56:52.0614 0x0288 tdx - ok
    13:56:52.0692 0x0288 [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    13:56:52.0692 0x0288 TermDD - ok
    13:56:52.0770 0x0288 [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService C:\Windows\System32\termsrv.dll
    13:56:52.0801 0x0288 TermService - ok
    13:56:52.0817 0x0288 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes C:\Windows\system32\shsvcs.dll
    13:56:52.0832 0x0288 Themes - ok
    13:56:52.0848 0x0288 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER C:\Windows\system32\mmcss.dll
    13:56:52.0848 0x0288 THREADORDER - ok
    13:56:52.0879 0x0288 [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks C:\Windows\System32\trkwks.dll
    13:56:52.0895 0x0288 TrkWks - ok
    13:56:52.0957 0x0288 [ F2AEE22231046CAD8D2F94D2C0F9BEFB, 6D4068DD104EB80BA87C142276FA25F71336000ECD2679EE985C0436C162C1B0 ] Trufos C:\Windows\system32\DRIVERS\Trufos.sys
    13:56:52.0973 0x0288 Trufos - ok
    13:56:53.0035 0x0288 [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    13:56:53.0035 0x0288 TrustedInstaller - ok
    13:56:53.0129 0x0288 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    13:56:53.0129 0x0288 tssecsrv - ok
    13:56:53.0207 0x0288 [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
    13:56:53.0222 0x0288 tunmp - ok
    13:56:53.0254 0x0288 [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    13:56:53.0254 0x0288 tunnel - ok
    13:56:53.0285 0x0288 [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    13:56:53.0285 0x0288 uagp35 - ok
    13:56:53.0378 0x0288 [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    13:56:53.0378 0x0288 udfs - ok
    13:56:53.0456 0x0288 [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    13:56:53.0456 0x0288 UI0Detect - ok
    13:56:53.0519 0x0288 [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    13:56:53.0519 0x0288 uliagpkx - ok
    13:56:53.0612 0x0288 [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci C:\Windows\system32\drivers\uliahci.sys
    13:56:53.0612 0x0288 uliahci - ok
    13:56:53.0644 0x0288 [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata C:\Windows\system32\drivers\ulsata.sys
    13:56:53.0659 0x0288 UlSata - ok
    13:56:53.0737 0x0288 [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
    13:56:53.0737 0x0288 ulsata2 - ok
    13:56:53.0800 0x0288 [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    13:56:53.0800 0x0288 umbus - ok
    13:56:53.0893 0x0288 [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost C:\Windows\System32\upnphost.dll
    13:56:53.0909 0x0288 upnphost - ok
    13:56:53.0987 0x0288 [ CAF811AE4C147FFCD5B51750C7F09142, BD670CF88D8F932AD1C6BA91FB68A7204BC473657C6A057C92AFB84D164D393C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    13:56:53.0987 0x0288 usbccgp - ok
    13:56:54.0049 0x0288 [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    13:56:54.0049 0x0288 usbcir - ok
    13:56:54.0143 0x0288 [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    13:56:54.0143 0x0288 usbehci - ok
    13:56:54.0205 0x0288 [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    13:56:54.0205 0x0288 usbhub - ok
    13:56:54.0252 0x0288 [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci C:\Windows\system32\drivers\usbohci.sys
    13:56:54.0252 0x0288 usbohci - ok
    13:56:54.0283 0x0288 [ B51E52ACF758BE00EF3A58EA452FE360, 79E629EC5DE8AB7F31B0EE9AE94C71E8F703FED5C09A816228726974F7790C85 ] usbprint C:\Windows\system32\drivers\usbprint.sys
    13:56:54.0283 0x0288 usbprint - ok
    13:56:54.0314 0x0288 [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    13:56:54.0314 0x0288 USBSTOR - ok
    13:56:54.0330 0x0288 [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    13:56:54.0330 0x0288 usbuhci - ok
    13:56:54.0377 0x0288 [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms C:\Windows\System32\uxsms.dll
    13:56:54.0377 0x0288 UxSms - ok
    13:56:54.0424 0x0288 [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds C:\Windows\System32\vds.exe
    13:56:54.0486 0x0288 vds - ok
    13:56:54.0517 0x0288 [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    13:56:54.0517 0x0288 vga - ok
    13:56:54.0533 0x0288 [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave C:\Windows\System32\drivers\vga.sys
    13:56:54.0533 0x0288 VgaSave - ok
    13:56:54.0580 0x0288 [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp C:\Windows\system32\drivers\viaagp.sys
    13:56:54.0595 0x0288 viaagp - ok
    13:56:54.0626 0x0288 [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
    13:56:54.0626 0x0288 ViaC7 - ok
    13:56:54.0658 0x0288 [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide C:\Windows\system32\drivers\viaide.sys
    13:56:54.0673 0x0288 viaide - ok
    13:56:54.0689 0x0288 [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    13:56:54.0704 0x0288 volmgr - ok
    13:56:54.0736 0x0288 [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    13:56:54.0767 0x0288 volmgrx - ok
    13:56:54.0798 0x0288 [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    13:56:54.0814 0x0288 volsnap - ok
    13:56:54.0860 0x0288 [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    13:56:54.0860 0x0288 vsmraid - ok
    13:56:54.0970 0x0288 [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS C:\Windows\system32\vssvc.exe
    13:56:55.0079 0x0288 VSS - ok
    13:56:55.0110 0x0288 [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time C:\Windows\system32\w32time.dll
    13:56:55.0126 0x0288 W32Time - ok
    13:56:55.0172 0x0288 [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    13:56:55.0172 0x0288 WacomPen - ok
    13:56:55.0188 0x0288 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
    13:56:55.0188 0x0288 Wanarp - ok
    13:56:55.0204 0x0288 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    13:56:55.0204 0x0288 Wanarpv6 - ok
    13:56:55.0297 0x0288 [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    13:56:55.0375 0x0288 wcncsvc - ok
    13:56:55.0422 0x0288 [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    13:56:55.0422 0x0288 WcsPlugInService - ok
    13:56:55.0438 0x0288 [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd C:\Windows\system32\drivers\wd.sys
    13:56:55.0438 0x0288 Wd - ok
    13:56:55.0484 0x0288 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    13:56:55.0516 0x0288 Wdf01000 - ok
    13:56:55.0547 0x0288 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll
    13:56:55.0547 0x0288 WdiServiceHost - ok
    13:56:55.0562 0x0288 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost C:\Windows\system32\wdi.dll
    13:56:55.0562 0x0288 WdiSystemHost - ok
    13:56:55.0640 0x0288 [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient C:\Windows\System32\webclnt.dll
    13:56:55.0656 0x0288 WebClient - ok
    13:56:55.0750 0x0288 Websteroids - ok
    13:56:55.0796 0x0288 [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc C:\Windows\system32\wecsvc.dll
    13:56:55.0828 0x0288 Wecsvc - ok
    13:56:55.0890 0x0288 [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport C:\Windows\System32\wercplsupport.dll
    13:56:55.0890 0x0288 wercplsupport - ok
    13:56:55.0952 0x0288 [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc C:\Windows\System32\WerSvc.dll
    13:56:55.0968 0x0288 WerSvc - ok
    13:56:55.0984 0x0288 WinHttpAutoProxySvc - ok
    13:56:56.0062 0x0288 [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    13:56:56.0077 0x0288 Winmgmt - ok
    13:56:56.0186 0x0288 [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM C:\Windows\system32\WsmSvc.dll
    13:56:56.0233 0x0288 WinRM - ok
    13:56:56.0311 0x0288 [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc C:\Windows\System32\wlansvc.dll
    13:56:56.0342 0x0288 Wlansvc - ok
    13:56:56.0358 0x0288 wltrysvc - ok
    13:56:56.0389 0x0288 [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    13:56:56.0389 0x0288 WmiAcpi - ok
    13:56:56.0452 0x0288 [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    13:56:56.0467 0x0288 wmiApSrv - ok
    13:56:56.0623 0x0288 [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    13:56:56.0670 0x0288 WMPNetworkSvc - ok
    13:56:56.0717 0x0288 [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc C:\Windows\System32\wpcsvc.dll
    13:56:56.0732 0x0288 WPCSvc - ok
    13:56:56.0810 0x0288 [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    13:56:56.0810 0x0288 WPDBusEnum - ok
    13:56:56.0888 0x0288 [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
    13:56:56.0888 0x0288 WpdUsb - ok
    13:56:57.0029 0x0288 [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    13:56:57.0122 0x0288 WPFFontCache_v0400 - ok
    13:56:57.0138 0x0288 [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    13:56:57.0138 0x0288 ws2ifsl - ok
    13:56:57.0185 0x0288 [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc C:\Windows\System32\wscsvc.dll
    13:56:57.0185 0x0288 wscsvc - ok
    13:56:57.0200 0x0288 WSearch - ok
    13:56:57.0356 0x0288 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
    13:56:57.0434 0x0288 wuauserv - ok
    13:56:57.0528 0x0288 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    13:56:57.0528 0x0288 WudfPf - ok
    13:56:57.0575 0x0288 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    13:56:57.0590 0x0288 WUDFRd - ok
    13:56:57.0653 0x0288 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    13:56:57.0668 0x0288 wudfsvc - ok
    13:56:57.0731 0x0288 yksvc - ok
    13:56:57.0809 0x0288 [ 1A51DF1A5C658D534ED980D18F7982DE, ACC33646033D43B8FBCAA1C03CC8307B89FEE40ACFE4630D2A226CFB56B9D992 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
    13:56:57.0824 0x0288 yukonwlh - ok
    13:56:57.0840 0x0288 ================ Scan global ===============================
    13:56:57.0871 0x0288 [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
    13:56:57.0918 0x0288 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
    13:56:57.0965 0x0288 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
    13:56:58.0012 0x0288 [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
    13:56:58.0090 0x0288 [ Global ] - ok
    13:56:58.0090 0x0288 ================ Scan MBR ==================================
    13:56:58.0152 0x0288 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
    13:56:59.0322 0x0288 \Device\Harddisk0\DR0 - ok
    13:56:59.0338 0x0288 [ 8CB37AFC263A219EBB7586F9C495114E ] \Device\Harddisk1\DR1
    13:56:59.0494 0x0288 \Device\Harddisk1\DR1 - ok
    13:56:59.0509 0x0288 ================ Scan VBR ==================================
    13:56:59.0540 0x0288 [ 2FE44946F159A4AEF2212D1D8C92385D ] \Device\Harddisk0\DR0\Partition1
    13:56:59.0587 0x0288 \Device\Harddisk0\DR0\Partition1 - ok
    13:56:59.0603 0x0288 [ 1996C6A9818AAA78E4A51BF862515C78 ] \Device\Harddisk1\DR1\Partition1
    13:56:59.0603 0x0288 \Device\Harddisk1\DR1\Partition1 - ok
    13:56:59.0603 0x0288 ================ Scan generic autorun ======================
    13:56:59.0930 0x0288 [ 4B36C7D9710C60EA7725685753BBFA5C, 818AECC62445090CC336E06736B9B803CB96CFDB2E680F1AA1ED1CD25911D7EC ] C:\Windows\system32\WLTRAY.exe
    13:57:00.0118 0x0288 Broadcom Wireless Manager UI - ok
    13:57:00.0211 0x0288 [ 43E3F9C0F3BC940F2D6DA1A72B177E42, DA910F256A762045136DD271B399620EBD45B72D316788E83A37BEA600D186E1 ] C:\Windows\system32\igfxtray.exe
    13:57:00.0227 0x0288 IgfxTray - ok
    13:57:00.0305 0x0288 [ 2413EC683C216B8A96E1BBC9CD1E01A2, ECD770B15F2F55A72DECA4DAA398EC881CD572B71FB6CA625F45EECD09A7421B ] C:\Windows\system32\hkcmd.exe
    13:57:00.0320 0x0288 HotKeysCmds - ok
    13:57:00.0383 0x0288 [ 953E9E1A9A2D0E862BB75FBFDEDB58F4, 79ACD5F8B444AA1C0C627253859E4D569C2A7980EB5FA81634339A5903777171 ] C:\Windows\system32\igfxpers.exe
    13:57:00.0383 0x0288 Persistence - ok
    13:57:00.0476 0x0288 [ 186C9D39541CC0DFFCC454F79AA0B0BF, 71D333B9037362650E5E4DBF4EFA3CFD49034C53F27C7FFDE8DE6149ADB6471D ] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    13:57:00.0476 0x0288 PDVDDXSrv - ok
    13:57:00.0601 0x0288 [ 00D1FB0073B4A8BD2989EA8FF4CC792B, 001A26FF51BF6BABF6325983F512CF8D84CADEE1CA36F166A41702D94C1B0841 ] C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    13:57:00.0617 0x0288 DellSupportCenter - ok
    13:57:00.0851 0x0288 [ F21E12716F97300532E6CD9EB7CEC280, 958B27E49E23AF3538A9B4442C28C630A40300D76FE3411634E388DE40435259 ] C:\Program Files\Dell\QuickSet\QuickSet.exe
    13:57:00.0960 0x0288 QuickSet - ok
    13:57:01.0085 0x0288 [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
    13:57:01.0132 0x0288 Sidebar - ok
    13:57:01.0147 0x0288 WindowsWelcomeCenter - ok
    13:57:01.0210 0x0288 [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
    13:57:01.0272 0x0288 Sidebar - ok
    13:57:01.0288 0x0288 WindowsWelcomeCenter - ok
    13:57:01.0334 0x0288 [ 00D1FB0073B4A8BD2989EA8FF4CC792B, 001A26FF51BF6BABF6325983F512CF8D84CADEE1CA36F166A41702D94C1B0841 ] C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    13:57:01.0350 0x0288 DellSupportCenter - ok
    13:57:01.0366 0x0288 Skype - ok
    13:57:01.0522 0x0288 [ 10FA625F8AD264545358A2575190A6DD, E16340234FEFE27D9EEB31D239D1288A0A6C80F4B91B7E82566B0BBEC0FAFF3D ] C:\Program Files\Garmin\Express Tray\ExpressTray.exe
    13:57:01.0662 0x0288 GarminExpressTrayApp - ok
    13:57:01.0927 0x0288 [ B1949628130F192DA27FDBAEA516BB6E, 13E5A2EBF0FDAB29CEA1E7FAEB3141233198D9A28353BDBB6FDB03602BE32AC6 ] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe
    13:57:02.0114 0x0288 Spybot-S&D Cleaning - ok
    13:57:02.0130 0x0288 Waiting for KSN requests completion. In queue: 323
    13:57:03.0144 0x0288 Waiting for KSN requests completion. In queue: 8
    13:57:04.0158 0x0288 Waiting for KSN requests completion. In queue: 8
    13:57:05.0406 0x0288 AV detected via SS2: BullGuard Antivirus, c:\program files\bullguard ltd\bullguard\BullGuard.exe ( 14.1.0.0 ), 0x41000 ( enabled : updated )
    13:57:05.0406 0x0288 FW detected via SS2: BullGuard Firewall, c:\program files\bullguard ltd\bullguard\BullGuard.exe ( 14.1.0.0 ), 0x40010 ( disabled )
    13:57:05.0453 0x0288 Win FW state via NFP2: enabled
    13:57:07.0871 0x0288 ============================================================
    13:57:07.0871 0x0288 Scan finished
    13:57:07.0871 0x0288 ============================================================
    13:57:07.0871 0x05fc Detected object count: 0
    13:57:07.0871 0x05fc Actual detected object count: 0
    13:58:00.0131 0x0448 Deinitialize success

    15:04:46.0904 0x17e0 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
    15:04:56.0623 0x17e0 ============================================================
    15:04:56.0623 0x17e0 Current date / time: 2014/11/12 15:04:56.0623
    15:04:56.0623 0x17e0 SystemInfo:
    15:04:56.0623 0x17e0
    15:04:56.0623 0x17e0 OS Version: 6.0.6002 ServicePack: 2.0
    15:04:56.0623 0x17e0 Product type: Workstation
    15:04:56.0623 0x17e0 ComputerName: LUCIOMAGS-PC
    15:04:56.0623 0x17e0 UserName: LucioMags
    15:04:56.0623 0x17e0 Windows directory: C:\Windows
    15:04:56.0623 0x17e0 System windows directory: C:\Windows
    15:04:56.0623 0x17e0 Processor architecture: Intel x86
    15:04:56.0623 0x17e0 Number of processors: 1
    15:04:56.0623 0x17e0 Page size: 0x1000
    15:04:56.0623 0x17e0 Boot type: Normal boot
    15:04:56.0623 0x17e0 ============================================================
    15:05:04.0516 0x17e0 KLMD registered as C:\Windows\system32\drivers\63805772.sys
    15:05:05.0733 0x17e0 System UUID: {2F9AFD6A-B675-5C49-57AE-C2557F554E85}
    15:05:09.0758 0x17e0 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    15:05:09.0945 0x17e0 Drive \Device\Harddisk1\DR2 - Size: 0x3BD800000 ( 14.96 Gb ), SectorSize: 0x200, Cylinders: 0x7A1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    15:05:09.0945 0x17e0 ============================================================
    15:05:09.0945 0x17e0 \Device\Harddisk0\DR0:
    15:05:09.0992 0x17e0 MBR partitions:
    15:05:09.0992 0x17e0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x12A05000
    15:05:09.0992 0x17e0 \Device\Harddisk1\DR2:
    15:05:09.0992 0x17e0 MBR partitions:
    15:05:09.0992 0x17e0 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1DEBFE0
    15:05:09.0992 0x17e0 ============================================================
    15:05:10.0070 0x17e0 C: <-> \Device\Harddisk0\DR0\Partition1
    15:05:10.0070 0x17e0 ============================================================
    15:05:10.0070 0x17e0 Initialize success
    15:05:10.0070 0x17e0 ============================================================
    15:05:31.0486 0x11cc ============================================================
    15:05:31.0486 0x11cc Scan started
    15:05:31.0486 0x11cc Mode: Manual; TDLFS;
    15:05:31.0486 0x11cc ============================================================
    15:05:31.0486 0x11cc KSN ping started
    15:05:58.0221 0x11cc KSN ping finished: true
    15:06:08.0611 0x11cc ================ Scan system memory ========================
    15:06:08.0611 0x11cc System memory - ok
    15:06:08.0611 0x11cc ================ Scan services =============================
    15:06:09.0328 0x11cc [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI C:\Windows\system32\drivers\acpi.sys
    15:06:09.0360 0x11cc ACPI - ok
    15:06:09.0828 0x11cc [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    15:06:10.0155 0x11cc AdobeARMservice - ok
    15:06:10.0467 0x11cc [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    15:06:10.0467 0x11cc AdobeFlashPlayerUpdateSvc - ok
    15:06:10.0514 0x11cc [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    15:06:10.0873 0x11cc adp94xx - ok
    15:06:11.0263 0x11cc [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    15:06:11.0949 0x11cc adpahci - ok
    15:06:12.0604 0x11cc [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
    15:06:13.0010 0x11cc adpu160m - ok
    15:06:13.0135 0x11cc [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    15:06:13.0291 0x11cc adpu320 - ok
    15:06:13.0603 0x11cc [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    15:06:13.0634 0x11cc AeLookupSvc - ok
    15:06:13.0806 0x11cc [ F5272A105F59A7B3B345D9D6D87DA7AD, 9E84776994D04240BF2537330DBB555EDE16DFCFC59DEDCBA05A44ED7F70BEFA ] AFD C:\Windows\system32\drivers\afd.sys
    15:06:14.0133 0x11cc AFD - ok
    15:06:14.0211 0x11cc [ 68DD1D7A0783D184054184AEED5A779B, 873E72777FF27D95D94C186604936751B461E3046A4061872FEFBAFAC957F0C8 ] AFW C:\Windows\system32\DRIVERS\afw.sys
    15:06:14.0352 0x11cc AFW - ok
    15:06:14.0476 0x11cc [ 851D40AD98DCB7FF408CDB61983C4C3A, 5D1D0FF1BCB76E7690EB445538C8E9829B320767DB45B269AB390541D5C9AD20 ] afwcore C:\Windows\system32\DRIVERS\afwcore.sys
    15:06:14.0898 0x11cc afwcore - ok
    15:06:15.0100 0x11cc [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440 C:\Windows\system32\drivers\agp440.sys
    15:06:15.0225 0x11cc agp440 - ok
    15:06:15.0303 0x11cc [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
    15:06:15.0615 0x11cc aic78xx - ok
    15:06:15.0662 0x11cc [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe
    15:06:15.0709 0x11cc ALG - ok
    15:06:15.0740 0x11cc [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide C:\Windows\system32\drivers\aliide.sys
    15:06:15.0834 0x11cc aliide - ok
    15:06:15.0943 0x11cc [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    15:06:16.0068 0x11cc amdagp - ok
    15:06:16.0114 0x11cc [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide C:\Windows\system32\drivers\amdide.sys
    15:06:16.0177 0x11cc amdide - ok
    15:06:16.0302 0x11cc [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
    15:06:16.0426 0x11cc AmdK7 - ok
    15:06:16.0473 0x11cc [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    15:06:16.0504 0x11cc AmdK8 - ok
    15:06:16.0660 0x11cc [ 448DA519F3B6FFA158C513156053181E, AA37D1F9CAE0D92A381F2F95E980C5ABD688DB115DD79F9B3DBBCCF9715BEF7A ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
    15:06:17.0160 0x11cc ApfiltrService - ok
    15:06:17.0331 0x11cc [ 8F7D200717A58E9800D391F4C2101577, F07CF0F5636F46D8F3D5133284943E991E8739E5A644BCA5F18BB896B374620D ] Appinfo C:\Windows\System32\appinfo.dll
    15:06:17.0394 0x11cc Appinfo - ok
    15:06:17.0518 0x11cc [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc C:\Windows\system32\drivers\arc.sys
    15:06:17.0643 0x11cc arc - ok
    15:06:17.0752 0x11cc [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas C:\Windows\system32\drivers\arcsas.sys
    15:06:17.0846 0x11cc arcsas - ok
    15:06:19.0702 0x11cc [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    15:06:20.0654 0x11cc aspnet_state - ok
    15:06:21.0793 0x11cc [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    15:06:21.0855 0x11cc AsyncMac - ok
    15:06:21.0964 0x11cc [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi C:\Windows\system32\drivers\atapi.sys
    15:06:21.0996 0x11cc atapi - ok
    15:06:22.0167 0x11cc [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    15:06:22.0276 0x11cc AudioEndpointBuilder - ok
    15:06:22.0401 0x11cc [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv C:\Windows\System32\Audiosrv.dll
    15:06:22.0401 0x11cc Audiosrv - ok
    15:06:22.0573 0x11cc [ 423C7B87E886AC93D22936EA82665F83, 98B807D855A746E68525AEEBB6D45AF418861C2111D7F8493A8A6FB59F6C6F8E ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
    15:06:22.0588 0x11cc BCM42RLY - ok
    15:06:23.0290 0x11cc [ B56999BE8F22BA3071E4CEAFA9E82E26, 9130E93495738A16DA83DDBC077C153D1E24FACD203DABF299DBEE45DD326A64 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
    15:06:24.0351 0x11cc BCM43XX - ok
    15:06:24.0523 0x11cc [ 809F903D456C24142ACDD90ACB7EF6E8, 973C386D5EF3417424A17038F67AEE719D9AC83D43D17A2FE564AE9CB923C4DB ] BdAgent C:\Windows\system32\DRIVERS\BdAgent.sys
    15:06:24.0757 0x11cc BdAgent - ok
    15:06:24.0866 0x11cc [ 4952053742AE6305F6E4E165A7FAA10D, 5B34495086D1EC5558AC29718DB366C4FA8C6AFC39BB623832222A5B099F2945 ] BdSpy C:\Windows\system32\drivers\BdSpy.sys
    15:06:25.0116 0x11cc BdSpy - ok
    15:06:25.0272 0x11cc [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys
    15:06:25.0287 0x11cc Beep - ok
    15:06:25.0646 0x11cc [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE C:\Windows\System32\bfe.dll
    15:06:25.0896 0x11cc BFE - ok
    15:06:26.0270 0x11cc [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS C:\Windows\System32\qmgr.dll
    15:06:31.0995 0x11cc BITS - ok
    15:06:32.0151 0x11cc [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    15:06:32.0385 0x11cc blbdrive - ok
    15:06:32.0494 0x11cc [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    15:06:32.0588 0x11cc bowser - ok
    15:06:32.0682 0x11cc [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
    15:06:32.0900 0x11cc BrFiltLo - ok
    15:06:32.0947 0x11cc [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
    15:06:32.0994 0x11cc BrFiltUp - ok
    15:06:33.0056 0x11cc [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll
    15:06:33.0103 0x11cc Browser - ok
    15:06:33.0274 0x11cc [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys
    15:06:33.0540 0x11cc Brserid - ok
    15:06:33.0602 0x11cc [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
    15:06:33.0774 0x11cc BrSerWdm - ok
    15:06:34.0039 0x11cc [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
    15:06:34.0195 0x11cc BrUsbMdm - ok
    15:06:34.0335 0x11cc [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
    15:06:34.0366 0x11cc BrUsbSer - ok
    15:06:35.0068 0x11cc [ 3F92F8AAAA90AF4161679CC95532D926, 91D72C05F8320F4E4753C6C8202E075835E6D4E6092B7554EADFF710962248A6 ] BsBackup C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll
    15:06:35.0755 0x11cc BsBackup - ok
    15:06:36.0129 0x11cc [ 690CA0F920F2B6E60FBFA9F3313468B4, 74BA6BB61D18B9F0707C30EC9C15AE0150DB8B6E5F4E09F446C26AE3223B8EFB ] BsBhvScan C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
    15:06:37.0096 0x11cc BsBhvScan - ok
    15:06:37.0299 0x11cc [ 500D2B085E524D4D7314EC566B997489, 1F12571102B9B51B1150298C48BAD9F6E52E06EAB09CF7DD7CB486BB6D6F8DCE ] BsCache C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll
    15:06:37.0408 0x11cc BsCache - ok
    15:06:37.0689 0x11cc [ B2A9727FDC1531CCAF03946D3C8C7D23, 123E750A40863181DFD2B39351E5F83F0B2961BDB1FA29F7859349AAC21C102D ] BsFileScan c:\program files\bullguard ltd\bullguard\BsFileScan.dll
    15:06:38.0142 0x11cc BsFileScan - ok
    15:06:38.0391 0x11cc [ 91B2208897608A2B14C329B2331C7513, 7F05B2E73685B3240C6940C63F821E31E3D3771FF3A63F02ACE9298F8C2863A6 ] BsFire c:\program files\bullguard ltd\bullguard\BsFire.dll
    15:06:39.0780 0x11cc BsFire - ok
    15:06:40.0201 0x11cc [ 76DFABB1236F9A1426F9C9918F48C162, 9E717335D8CAFE9CB282696A348B8271D3CAEFF095F3899290149309D7435818 ] BsMailProxy c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll
    15:06:45.0177 0x11cc BsMailProxy - ok
    15:06:45.0411 0x11cc [ 1D079A31BD8DBA3043EB2726BCD7C121, FA2ED1A5226296DBF483FEC82F87B1ED2880CBF478FDABE6220A37F12770131F ] BsMain C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll
    15:06:45.0474 0x11cc BsMain - ok
    15:06:45.0536 0x11cc [ D066028A676451061249492F23348011, 1EE83BD3AEC35E6D0BFD9756877C5B5F5362C8DC3CD20981C953E7C1FA3DF8E7 ] BsScanner C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
    15:06:45.0552 0x11cc BsScanner - ok
    15:06:45.0864 0x11cc [ B5D0156C54A8391388DE772610EB4DC0, 9352B04674D0122F610FCD0596D2499E714F5428B03C1A8A4B73424CB2AA5746 ] BsUpdate C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
    15:06:46.0066 0x11cc BsUpdate - ok
    15:06:46.0129 0x11cc [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    15:06:46.0144 0x11cc BTHMODEM - ok
    15:06:46.0222 0x11cc [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    15:06:46.0269 0x11cc cdfs - ok
    15:06:46.0316 0x11cc [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    15:06:46.0332 0x11cc cdrom - ok
    15:06:46.0410 0x11cc [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc C:\Windows\System32\certprop.dll
    15:06:46.0425 0x11cc CertPropSvc - ok
    15:06:46.0456 0x11cc [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass C:\Windows\system32\drivers\circlass.sys
    15:06:46.0472 0x11cc circlass - ok
    15:06:46.0706 0x11cc [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS C:\Windows\system32\CLFS.sys
    15:06:46.0722 0x11cc CLFS - ok
    15:06:47.0143 0x11cc [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    15:06:47.0580 0x11cc clr_optimization_v2.0.50727_32 - ok
    15:06:47.0876 0x11cc [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    15:06:48.0703 0x11cc clr_optimization_v4.0.30319_32 - ok
    15:06:48.0937 0x11cc [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    15:06:48.0984 0x11cc CmBatt - ok
    15:06:49.0046 0x11cc [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    15:06:49.0124 0x11cc cmdide - ok
    15:06:49.0186 0x11cc [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    15:06:49.0249 0x11cc Compbatt - ok
    15:06:49.0280 0x11cc COMSysApp - ok
    15:06:49.0467 0x11cc [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    15:06:49.0483 0x11cc crcdisk - ok
    15:06:49.0530 0x11cc [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe C:\Windows\system32\drivers\crusoe.sys
    15:06:49.0576 0x11cc Crusoe - ok
    15:06:49.0670 0x11cc [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    15:06:49.0670 0x11cc CryptSvc - ok
    15:06:49.0717 0x11cc [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch C:\Windows\system32\rpcss.dll
    15:06:49.0795 0x11cc DcomLaunch - ok
    15:06:49.0873 0x11cc [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    15:06:49.0951 0x11cc DfsC - ok
    15:06:50.0481 0x11cc [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR C:\Windows\system32\DFSR.exe
    15:06:50.0590 0x11cc DFSR - ok
    15:06:50.0934 0x11cc [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
    15:06:51.0012 0x11cc Dhcp - ok
    15:06:51.0121 0x11cc [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk C:\Windows\system32\drivers\disk.sys
    15:06:51.0324 0x11cc disk - ok
    15:06:51.0417 0x11cc [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache C:\Windows\System32\dnsrslvr.dll
    15:06:51.0464 0x11cc Dnscache - ok
    15:06:51.0558 0x11cc [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc C:\Windows\System32\dot3svc.dll
    15:06:51.0558 0x11cc dot3svc - ok
    15:06:51.0667 0x11cc [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll
    15:06:51.0682 0x11cc DPS - ok
    15:06:51.0792 0x11cc [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    15:06:51.0854 0x11cc drmkaud - ok
    15:06:51.0948 0x11cc [ 5C2C209CDEFBC51D83D66E8A53B2BE89, 7AE68672A6BEEF601017BE28AA0BF3673318EFE97AA08E70F58A9391C54DF71F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    15:06:51.0979 0x11cc DXGKrnl - ok
    15:06:52.0010 0x11cc [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
    15:06:52.0088 0x11cc E1G60 - ok
    15:06:52.0166 0x11cc [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll
    15:06:52.0182 0x11cc EapHost - ok
    15:06:52.0275 0x11cc [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache C:\Windows\system32\drivers\ecache.sys
    15:06:52.0306 0x11cc Ecache - ok
    15:06:52.0431 0x11cc [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    15:06:52.0540 0x11cc elxstor - ok
    15:06:52.0946 0x11cc [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
    15:06:53.0164 0x11cc EMDMgmt - ok
    15:06:53.0258 0x11cc [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev C:\Windows\system32\drivers\errdev.sys
    15:06:53.0352 0x11cc ErrDev - ok
    15:06:53.0430 0x11cc [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem C:\Windows\system32\es.dll
    15:06:53.0445 0x11cc EventSystem - ok
    15:06:53.0695 0x11cc [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat C:\Windows\system32\drivers\exfat.sys
    15:06:53.0835 0x11cc exfat - ok
    15:06:53.0882 0x11cc [ 4E404505B3F62ECFBDBCBBCF0A72DBC5, 9F446ED06A31BFE52C4F1E8ACC400B8E3F47A3CC02FFC950DB861B2B3BA4C5B9 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    15:06:53.0929 0x11cc fastfat - ok
    15:06:54.0100 0x11cc [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    15:06:54.0178 0x11cc fdc - ok
    15:06:54.0210 0x11cc [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll
    15:06:54.0225 0x11cc fdPHost - ok
    15:06:54.0225 0x11cc [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll
    15:06:54.0241 0x11cc FDResPub - ok
    15:06:54.0256 0x11cc [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    15:06:54.0256 0x11cc FileInfo - ok
    15:06:54.0272 0x11cc [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    15:06:54.0334 0x11cc Filetrace - ok
    15:06:54.0381 0x11cc [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    15:06:54.0397 0x11cc flpydisk - ok
    15:06:54.0522 0x11cc [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    15:06:54.0584 0x11cc FltMgr - ok
    15:06:55.0130 0x11cc [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache C:\Windows\system32\FntCache.dll
    15:06:55.0161 0x11cc FontCache - ok
    15:06:55.0270 0x11cc [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    15:06:55.0364 0x11cc FontCache3.0.0.0 - ok
    15:06:55.0411 0x11cc [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    15:06:55.0473 0x11cc Fs_Rec - ok
    15:06:55.0536 0x11cc [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    15:06:55.0582 0x11cc gagp30kx - ok
    15:06:55.0832 0x11cc [ F84E17EEFC2EC0614265D2B204FEEE55, 59B7DE977A7E7B8B516706A4C1D6F2FA9F7894C527142B6579498C1724B5A3CF ] Garmin Core Update Service C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    15:06:55.0941 0x11cc Garmin Core Update Service - ok
    15:06:56.0113 0x11cc [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc C:\Windows\System32\gpsvc.dll
    15:06:56.0908 0x11cc gpsvc - ok
    15:06:57.0189 0x11cc [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    15:06:57.0532 0x11cc gupdate - ok
    15:06:57.0564 0x11cc [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    15:06:57.0564 0x11cc gupdatem - ok
    15:06:57.0751 0x11cc [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    15:06:58.0125 0x11cc gusvc - ok
    15:06:58.0250 0x11cc [ 3F90E001369A07243763BD5A523D8722, 25907F85787D879E75C3FE74C93567382AFB2D528BEEC61D71E3A6BE2D71DFBE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    15:06:58.0359 0x11cc HdAudAddService - ok
    15:06:58.0437 0x11cc [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    15:06:58.0468 0x11cc HDAudBus - ok
    15:06:58.0500 0x11cc [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys
    15:06:58.0531 0x11cc HidBth - ok
    15:06:58.0609 0x11cc [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr C:\Windows\system32\drivers\hidir.sys
    15:06:58.0640 0x11cc HidIr - ok
    15:06:58.0687 0x11cc [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv C:\Windows\system32\hidserv.dll
    15:06:58.0687 0x11cc hidserv - ok
    15:06:58.0718 0x11cc [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    15:06:58.0734 0x11cc HidUsb - ok
    15:06:58.0765 0x11cc [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll
    15:06:58.0796 0x11cc hkmsvc - ok
    15:06:58.0968 0x11cc [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
    15:07:00.0543 0x11cc HpCISSs - ok
    15:07:00.0855 0x11cc [ 0EEECA26C8D4BDE2A4664DB058A81937, 6F88567A116B1420BE1C9C8888F34D05F51378092C805EF4E489635CF92D416B ] HTTP C:\Windows\system32\drivers\HTTP.sys
    15:07:01.0620 0x11cc HTTP - ok
    15:07:01.0651 0x11cc hwdatacard - ok
    15:07:01.0666 0x11cc hwusbfake - ok
    15:07:01.0791 0x11cc [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
    15:07:02.0212 0x11cc i2omp - ok
    15:07:02.0400 0x11cc [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    15:07:02.0462 0x11cc i8042prt - ok
    15:07:02.0493 0x11cc [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
    15:07:02.0571 0x11cc iaStorV - ok
    15:07:03.0055 0x11cc [ DD386C45D2B5863740166783448A2E7A, 10B912BA70306644BE73A53AF4DCDFF63880C4C5860FF6DBA92B0914EB566718 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    15:07:03.0242 0x11cc idsvc - ok
    15:07:03.0679 0x11cc [ 8DAD27DD28A4274866767C89C0BF154F, E2E285DE595E2DC0E3A38AD79AF2605759B211BA06AE2904A3F0062F7F5ACB5E ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
    15:07:04.0506 0x11cc igfx - ok
    15:07:04.0599 0x11cc [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys
    15:07:04.0708 0x11cc iirsp - ok
    15:07:04.0786 0x11cc [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT C:\Windows\System32\ikeext.dll
    15:07:04.0927 0x11cc IKEEXT - ok
    15:07:05.0145 0x11cc [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide C:\Windows\system32\drivers\intelide.sys
    15:07:05.0332 0x11cc intelide - ok
    15:07:05.0426 0x11cc [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    15:07:05.0442 0x11cc intelppm - ok
    15:07:05.0520 0x11cc [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    15:07:05.0520 0x11cc IPBusEnum - ok
    15:07:05.0551 0x11cc [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    15:07:05.0566 0x11cc IpFilterDriver - ok
    15:07:05.0629 0x11cc [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    15:07:05.0676 0x11cc iphlpsvc - ok
    15:07:05.0691 0x11cc IpInIp - ok
    15:07:05.0722 0x11cc [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
    15:07:05.0738 0x11cc IPMIDRV - ok
    15:07:05.0769 0x11cc [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
    15:07:05.0785 0x11cc IPNAT - ok
    15:07:05.0832 0x11cc [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    15:07:05.0832 0x11cc IRENUM - ok
    15:07:05.0956 0x11cc [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    15:07:06.0128 0x11cc isapnp - ok
    15:07:06.0300 0x11cc [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    15:07:06.0456 0x11cc iScsiPrt - ok
    15:07:06.0596 0x11cc [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
    15:07:06.0643 0x11cc iteatapi - ok
    15:07:06.0674 0x11cc [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys
    15:07:06.0814 0x11cc iteraid - ok
    15:07:06.0939 0x11cc [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    15:07:07.0048 0x11cc kbdclass - ok
    15:07:07.0204 0x11cc [ 18247836959BA67E3511B62846B9C2E0, 9623FF990A1C11A707C358CC9FDD4306C2992A8C766A50DAFC9534A283AA011D ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    15:07:07.0251 0x11cc kbdhid - ok
    15:07:07.0298 0x11cc [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso C:\Windows\system32\lsass.exe
    15:07:07.0298 0x11cc KeyIso - ok
    15:07:07.0423 0x11cc [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    15:07:07.0860 0x11cc KSecDD - ok
    15:07:07.0953 0x11cc [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll
    15:07:08.0452 0x11cc KtmRm - ok
    15:07:08.0499 0x11cc [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer C:\Windows\system32\srvsvc.dll
    15:07:08.0546 0x11cc LanmanServer - ok
    15:07:08.0624 0x11cc [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    15:07:08.0624 0x11cc LanmanWorkstation - ok
    15:07:08.0702 0x11cc [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    15:07:08.0718 0x11cc lltdio - ok
    15:07:08.0749 0x11cc [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    15:07:08.0764 0x11cc lltdsvc - ok
    15:07:08.0780 0x11cc [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll
    15:07:08.0796 0x11cc lmhosts - ok
    15:07:08.0842 0x11cc [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    15:07:08.0920 0x11cc LSI_FC - ok
    15:07:08.0952 0x11cc [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    15:07:08.0967 0x11cc LSI_SAS - ok
    15:07:09.0014 0x11cc [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    15:07:09.0061 0x11cc LSI_SCSI - ok
    15:07:09.0108 0x11cc [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys
    15:07:09.0139 0x11cc luafv - ok
    15:07:09.0217 0x11cc [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas C:\Windows\system32\drivers\megasas.sys
    15:07:09.0279 0x11cc megasas - ok
    15:07:09.0357 0x11cc [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR C:\Windows\system32\drivers\megasr.sys
    15:07:09.0638 0x11cc MegaSR - ok
    15:07:09.0669 0x11cc [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll
    15:07:09.0669 0x11cc MMCSS - ok
    15:07:09.0685 0x11cc [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys
    15:07:09.0732 0x11cc Modem - ok
    15:07:09.0794 0x11cc [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    15:07:09.0810 0x11cc monitor - ok
    15:07:09.0825 0x11cc [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    15:07:09.0856 0x11cc mouclass - ok
    15:07:09.0903 0x11cc [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    15:07:09.0919 0x11cc mouhid - ok
    15:07:09.0934 0x11cc [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
    15:07:09.0950 0x11cc MountMgr - ok
    15:07:10.0012 0x11cc [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio C:\Windows\system32\drivers\mpio.sys
    15:07:10.0168 0x11cc mpio - ok
    15:07:10.0246 0x11cc [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    15:07:10.0278 0x11cc mpsdrv - ok
    15:07:10.0402 0x11cc [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc C:\Windows\system32\mpssvc.dll
    15:07:10.0512 0x11cc MpsSvc - ok
    15:07:10.0668 0x11cc [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
    15:07:10.0699 0x11cc Mraid35x - ok
    15:07:10.0730 0x11cc [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    15:07:10.0870 0x11cc MRxDAV - ok
    15:07:10.0980 0x11cc [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    15:07:11.0042 0x11cc mrxsmb - ok
    15:07:11.0120 0x11cc [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    15:07:11.0245 0x11cc mrxsmb10 - ok
    15:07:11.0260 0x11cc [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    15:07:11.0307 0x11cc mrxsmb20 - ok
    15:07:11.0432 0x11cc [ 5457DCFA7C0DA43522F4D9D4049C1472, C8B0FD8F96E4FC5CB4B74D5968E808F44B4371F0A797B1D368E6A6080CB862FD ] msahci C:\Windows\system32\drivers\msahci.sys
    15:07:11.0432 0x11cc msahci - ok
    15:07:11.0494 0x11cc [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    15:07:11.0588 0x11cc msdsm - ok
    15:07:11.0619 0x11cc [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe
    15:07:11.0697 0x11cc MSDTC - ok
    15:07:11.0713 0x11cc [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    15:07:11.0760 0x11cc Msfs - ok
    15:07:11.0838 0x11cc [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    15:07:12.0009 0x11cc msisadrv - ok
    15:07:12.0072 0x11cc [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    15:07:12.0150 0x11cc MSiSCSI - ok
    15:07:12.0150 0x11cc msiserver - ok
    15:07:12.0259 0x11cc [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    15:07:12.0384 0x11cc MSKSSRV - ok
    15:07:12.0462 0x11cc [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    15:07:12.0586 0x11cc MSPCLOCK - ok
    15:07:12.0633 0x11cc [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    15:07:12.0664 0x11cc MSPQM - ok
    15:07:12.0742 0x11cc [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    15:07:12.0789 0x11cc MsRPC - ok
    15:07:12.0836 0x11cc [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    15:07:12.0852 0x11cc mssmbios - ok
    15:07:12.0945 0x11cc [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    15:07:13.0008 0x11cc MSTEE - ok
    15:07:13.0070 0x11cc [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup C:\Windows\system32\Drivers\mup.sys
    15:07:13.0132 0x11cc Mup - ok
    15:07:13.0210 0x11cc [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent C:\Windows\system32\qagentRT.dll
    15:07:13.0226 0x11cc napagent - ok
    15:07:13.0273 0x11cc [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    15:07:13.0382 0x11cc NativeWifiP - ok
    15:07:13.0507 0x11cc [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS C:\Windows\system32\drivers\ndis.sys
    15:07:13.0569 0x11cc NDIS - ok
    15:07:13.0585 0x11cc [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    15:07:13.0600 0x11cc NdisTapi - ok
    15:07:13.0663 0x11cc [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    15:07:13.0678 0x11cc Ndisuio - ok
    15:07:13.0710 0x11cc [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    15:07:13.0788 0x11cc NdisWan - ok
    15:07:13.0819 0x11cc [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    15:07:13.0850 0x11cc NDProxy - ok
    15:07:13.0881 0x11cc [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    15:07:13.0928 0x11cc NetBIOS - ok
    15:07:13.0990 0x11cc [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
    15:07:14.0100 0x11cc netbt - ok
    15:07:14.0131 0x11cc [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon C:\Windows\system32\lsass.exe
    15:07:14.0131 0x11cc Netlogon - ok
    15:07:14.0209 0x11cc [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll
    15:07:14.0287 0x11cc Netman - ok
    15:07:14.0334 0x11cc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    15:07:14.0412 0x11cc NetMsmqActivator - ok
    15:07:14.0427 0x11cc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    15:07:14.0427 0x11cc NetPipeActivator - ok
    15:07:14.0490 0x11cc [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll
    15:07:14.0505 0x11cc netprofm - ok
    15:07:14.0521 0x11cc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    15:07:14.0521 0x11cc NetTcpActivator - ok
    15:07:14.0536 0x11cc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    15:07:14.0536 0x11cc NetTcpPortSharing - ok
    15:07:14.0599 0x11cc [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    15:07:14.0661 0x11cc nfrd960 - ok
    15:07:14.0708 0x11cc [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc C:\Windows\System32\nlasvc.dll
    15:07:14.0724 0x11cc NlaSvc - ok
    15:07:14.0802 0x11cc [ CA01A33633E45D122752581A4F19E161, FA98ED6E9953CE2D255E8A7C22944A68CD691104DEDEC3928CDB59CB04E5FA9B ] NovaShieldFilterDriver C:\Windows\system32\DRIVERS\NSKernel.sys
    15:07:14.0911 0x11cc NovaShieldFilterDriver - ok
    15:07:14.0958 0x11cc [ 3EFA383638F87788AD17EAEB2562C084, BD5CC8EF57862D41FB026EE498708B93EE95A629AA48E54AD930F03F1557075E ] NovaShieldTDIDriver C:\Windows\system32\DRIVERS\NSNetmon.sys
    15:07:14.0958 0x11cc NovaShieldTDIDriver - ok
    15:07:14.0989 0x11cc [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    15:07:15.0004 0x11cc Npfs - ok
    15:07:15.0051 0x11cc [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll
    15:07:15.0051 0x11cc nsi - ok
    15:07:15.0082 0x11cc [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    15:07:15.0098 0x11cc nsiproxy - ok
    15:07:15.0332 0x11cc [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    15:07:15.0441 0x11cc Ntfs - ok
    15:07:15.0488 0x11cc [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
    15:07:15.0504 0x11cc ntrigdigi - ok
    15:07:15.0597 0x11cc [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys
    15:07:15.0597 0x11cc Null - ok
    15:07:15.0675 0x11cc [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid C:\Windows\system32\drivers\nvraid.sys
    15:07:16.0018 0x11cc nvraid - ok
    15:07:16.0096 0x11cc [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    15:07:16.0143 0x11cc nvstor - ok
    15:07:16.0206 0x11cc [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    15:07:16.0330 0x11cc nv_agp - ok
    15:07:16.0346 0x11cc NwlnkFlt - ok
    15:07:16.0362 0x11cc NwlnkFwd - ok
    15:07:16.0393 0x11cc [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    15:07:16.0471 0x11cc ohci1394 - ok
    15:07:16.0596 0x11cc [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc C:\Windows\system32\p2psvc.dll
    15:07:16.0658 0x11cc p2pimsvc - ok
    15:07:16.0783 0x11cc [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc C:\Windows\system32\p2psvc.dll
    15:07:16.0798 0x11cc p2psvc - ok
    15:07:16.0861 0x11cc [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport C:\Windows\system32\drivers\parport.sys
    15:07:16.0954 0x11cc Parport - ok
    15:07:17.0001 0x11cc [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr C:\Windows\system32\drivers\partmgr.sys
    15:07:17.0017 0x11cc partmgr - ok
    15:07:17.0032 0x11cc [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
    15:07:17.0064 0x11cc Parvdm - ok
    15:07:17.0142 0x11cc [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll
    15:07:17.0157 0x11cc PcaSvc - ok
    15:07:17.0220 0x11cc [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci C:\Windows\system32\drivers\pci.sys
    15:07:17.0235 0x11cc pci - ok
    15:07:17.0313 0x11cc [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide C:\Windows\system32\drivers\pciide.sys
    15:07:17.0360 0x11cc pciide - ok
    15:07:17.0407 0x11cc [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    15:07:17.0469 0x11cc pcmcia - ok
    15:07:17.0594 0x11cc [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    15:07:17.0656 0x11cc PEAUTH - ok
    15:07:17.0828 0x11cc [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll
    15:07:17.0984 0x11cc pla - ok
    15:07:18.0031 0x11cc [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    15:07:18.0062 0x11cc PlugPlay - ok
    15:07:18.0140 0x11cc [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
    15:07:18.0234 0x11cc PNRPAutoReg - ok
    15:07:18.0280 0x11cc [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc C:\Windows\system32\p2psvc.dll
    15:07:18.0296 0x11cc PNRPsvc - ok
    15:07:18.0436 0x11cc [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    15:07:18.0483 0x11cc PolicyAgent - ok
    15:07:18.0577 0x11cc [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    15:07:18.0592 0x11cc PptpMiniport - ok
    15:07:18.0608 0x11cc [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor C:\Windows\system32\drivers\processr.sys
    15:07:18.0670 0x11cc Processor - ok
    15:07:18.0748 0x11cc [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc C:\Windows\system32\profsvc.dll
    15:07:18.0764 0x11cc ProfSvc - ok
    15:07:18.0780 0x11cc [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
    15:07:18.0795 0x11cc ProtectedStorage - ok
    15:07:18.0889 0x11cc [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
    15:07:18.0920 0x11cc PSched - ok
    15:07:19.0294 0x11cc [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    15:07:19.0825 0x11cc ql2300 - ok
    15:07:19.0872 0x11cc [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    15:07:19.0981 0x11cc ql40xx - ok
    15:07:20.0028 0x11cc [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll
    15:07:20.0043 0x11cc QWAVE - ok
    15:07:20.0090 0x11cc [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    15:07:20.0121 0x11cc QWAVEdrv - ok
    15:07:20.0199 0x11cc [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    15:07:20.0215 0x11cc RasAcd - ok
    15:07:20.0246 0x11cc [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll
    15:07:20.0262 0x11cc RasAuto - ok
    15:07:20.0277 0x11cc [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    15:07:20.0308 0x11cc Rasl2tp - ok
    15:07:20.0418 0x11cc [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan C:\Windows\System32\rasmans.dll
    15:07:20.0433 0x11cc RasMan - ok
    15:07:20.0464 0x11cc [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    15:07:20.0542 0x11cc RasPppoe - ok
    15:07:20.0605 0x11cc [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    15:07:20.0620 0x11cc RasSstp - ok
    15:07:20.0683 0x11cc [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    15:07:20.0761 0x11cc rdbss - ok
    15:07:20.0808 0x11cc [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    15:07:20.0823 0x11cc RDPCDD - ok
    15:07:20.0886 0x11cc [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
    15:07:20.0964 0x11cc rdpdr - ok
    15:07:20.0979 0x11cc [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    15:07:20.0995 0x11cc RDPENCDD - ok
    15:07:21.0073 0x11cc [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    15:07:21.0120 0x11cc RDPWD - ok
    15:07:21.0198 0x11cc [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll
    15:07:21.0213 0x11cc RemoteAccess - ok
    15:07:21.0244 0x11cc [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    15:07:21.0260 0x11cc RemoteRegistry - ok
    15:07:21.0276 0x11cc [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe
    15:07:21.0291 0x11cc RpcLocator - ok
    15:07:21.0400 0x11cc [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs C:\Windows\system32\rpcss.dll
    15:07:21.0416 0x11cc RpcSs - ok
    15:07:21.0447 0x11cc [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    15:07:21.0463 0x11cc rspndr - ok
    15:07:21.0556 0x11cc [ 9B09F336DE36A7A6CA871DE8A7847B65, 1F99D1F3298F0C66E93287E269EAB001140A9F2A6E867E11B30F21B04B720AB9 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
    15:07:21.0572 0x11cc RTSTOR - ok
    15:07:21.0603 0x11cc [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs C:\Windows\system32\lsass.exe
    15:07:21.0603 0x11cc SamSs - ok
    15:07:21.0650 0x11cc [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    15:07:21.0712 0x11cc sbp2port - ok
    15:07:21.0790 0x11cc [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    15:07:21.0806 0x11cc SCardSvr - ok
    15:07:21.0837 0x11cc [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule C:\Windows\system32\schedsvc.dll
    15:07:21.0931 0x11cc Schedule - ok
    15:07:21.0962 0x11cc [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc C:\Windows\System32\certprop.dll
    15:07:21.0962 0x11cc SCPolicySvc - ok
    15:07:22.0009 0x11cc [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    15:07:22.0024 0x11cc SDRSVC - ok
    15:07:22.0383 0x11cc [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    15:07:26.0892 0x11cc SDScannerService - ok
    15:07:27.0219 0x11cc [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    15:07:27.0609 0x11cc SDUpdateService - ok
    15:07:27.0718 0x11cc [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    15:07:27.0718 0x11cc SDWSCService - ok
    15:07:27.0812 0x11cc [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    15:07:37.0609 0x11cc secdrv - ok
    15:07:37.0749 0x11cc [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll
    15:07:37.0765 0x11cc seclogon - ok
    15:07:37.0905 0x11cc [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\System32\sens.dll
    15:07:37.0952 0x11cc SENS - ok
    15:07:37.0983 0x11cc [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum C:\Windows\system32\drivers\serenum.sys
    15:07:38.0077 0x11cc Serenum - ok
    15:07:38.0139 0x11cc [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial C:\Windows\system32\drivers\serial.sys
    15:07:38.0186 0x11cc Serial - ok
    15:07:38.0233 0x11cc [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    15:07:38.0295 0x11cc sermouse - ok
    15:07:38.0482 0x11cc [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll
    15:07:38.0529 0x11cc SessionEnv - ok
    15:07:38.0638 0x11cc [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    15:07:38.0685 0x11cc sffdisk - ok
    15:07:38.0779 0x11cc [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    15:07:38.0810 0x11cc sffp_mmc - ok
    15:07:38.0857 0x11cc [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    15:07:38.0950 0x11cc sffp_sd - ok
    15:07:39.0169 0x11cc [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    15:07:39.0262 0x11cc sfloppy - ok
    15:07:39.0450 0x11cc [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    15:07:39.0528 0x11cc SharedAccess - ok
    15:07:39.0699 0x11cc [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    15:07:39.0746 0x11cc ShellHWDetection - ok
    15:07:39.0808 0x11cc [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp C:\Windows\system32\drivers\sisagp.sys
    15:07:39.0902 0x11cc sisagp - ok
    15:07:39.0996 0x11cc [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
    15:07:40.0292 0x11cc SiSRaid2 - ok
    15:07:40.0448 0x11cc [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    15:07:40.0588 0x11cc SiSRaid4 - ok
    15:07:41.0415 0x11cc [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc C:\Windows\system32\SLsvc.exe
    15:07:42.0476 0x11cc slsvc - ok
    15:07:42.0570 0x11cc [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify C:\Windows\system32\SLUINotify.dll
    15:07:42.0585 0x11cc SLUINotify - ok
    15:07:42.0616 0x11cc [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb C:\Windows\system32\DRIVERS\smb.sys
    15:07:42.0632 0x11cc Smb - ok
    15:07:42.0772 0x11cc [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    15:07:42.0788 0x11cc SNMPTRAP - ok
    15:07:42.0866 0x11cc [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys
    15:07:42.0897 0x11cc spldr - ok
    15:07:43.0038 0x11cc [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler C:\Windows\System32\spoolsv.exe
    15:07:43.0053 0x11cc Spooler - ok
    15:07:43.0240 0x11cc sprtsvc_dellsupportcenter - ok
    15:07:43.0365 0x11cc [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv C:\Windows\system32\DRIVERS\srv.sys
    15:07:43.0740 0x11cc srv - ok
    15:07:43.0802 0x11cc [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    15:07:43.0880 0x11cc srv2 - ok
    15:07:43.0896 0x11cc [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    15:07:43.0958 0x11cc srvnet - ok
    15:07:44.0020 0x11cc [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    15:07:44.0020 0x11cc SSDPSRV - ok
    15:07:44.0301 0x11cc [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc C:\Windows\system32\sstpsvc.dll
    15:07:44.0317 0x11cc SstpSvc - ok
    15:07:44.0442 0x11cc [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc C:\Windows\System32\wiaservc.dll
    15:07:44.0520 0x11cc stisvc - ok
    15:07:44.0566 0x11cc [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    15:07:44.0582 0x11cc swenum - ok
    15:07:44.0629 0x11cc [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv C:\Windows\System32\swprv.dll
    15:07:44.0660 0x11cc swprv - ok
    15:07:44.0676 0x11cc [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
    15:07:44.0691 0x11cc Symc8xx - ok
    15:07:44.0738 0x11cc [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
    15:07:44.0832 0x11cc Sym_hi - ok
    15:07:44.0847 0x11cc [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
    15:07:44.0894 0x11cc Sym_u3 - ok
    15:07:44.0941 0x11cc [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain C:\Windows\system32\sysmain.dll
    15:07:45.0003 0x11cc SysMain - ok
    15:07:45.0034 0x11cc [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
    15:07:45.0081 0x11cc TabletInputService - ok
    15:07:45.0175 0x11cc [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv C:\Windows\System32\tapisrv.dll
    15:07:45.0222 0x11cc TapiSrv - ok
    15:07:45.0253 0x11cc [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS C:\Windows\System32\tbssvc.dll
    15:07:45.0253 0x11cc TBS - ok
    15:07:45.0471 0x11cc [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    15:07:45.0658 0x11cc Tcpip - ok
    15:07:45.0861 0x11cc [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
    15:07:45.0877 0x11cc Tcpip6 - ok
    15:07:45.0924 0x11cc [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    15:07:45.0924 0x11cc tcpipreg - ok
    15:07:45.0955 0x11cc [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    15:07:45.0970 0x11cc TDPIPE - ok
    15:07:46.0002 0x11cc [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    15:07:46.0064 0x11cc TDTCP - ok
    15:07:46.0204 0x11cc [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    15:07:46.0314 0x11cc tdx - ok
    15:07:46.0376 0x11cc [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    15:07:46.0470 0x11cc TermDD - ok
    15:07:46.0610 0x11cc [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService C:\Windows\System32\termsrv.dll
    15:07:46.0672 0x11cc TermService - ok
    15:07:46.0906 0x11cc [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes C:\Windows\system32\shsvcs.dll
    15:07:46.0969 0x11cc Themes - ok
    15:07:46.0969 0x11cc [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER C:\Windows\system32\mmcss.dll
    15:07:46.0969 0x11cc THREADORDER - ok
    15:07:47.0047 0x11cc [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks C:\Windows\System32\trkwks.dll
    15:07:47.0047 0x11cc TrkWks - ok
    15:07:47.0140 0x11cc [ F2AEE22231046CAD8D2F94D2C0F9BEFB, 6D4068DD104EB80BA87C142276FA25F71336000ECD2679EE985C0436C162C1B0 ] Trufos C:\Windows\system32\DRIVERS\Trufos.sys
    15:07:47.0203 0x11cc Trufos - ok
    15:07:47.0250 0x11cc [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    15:07:47.0265 0x11cc TrustedInstaller - ok
    15:07:47.0312 0x11cc [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    15:07:47.0390 0x11cc tssecsrv - ok
    15:07:47.0515 0x11cc [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
    15:07:47.0515 0x11cc tunmp - ok
    15:07:47.0640 0x11cc [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    15:07:47.0702 0x11cc tunnel - ok
    15:07:47.0733 0x11cc [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    15:07:47.0764 0x11cc uagp35 - ok
    15:07:47.0827 0x11cc [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    15:07:47.0858 0x11cc udfs - ok
    15:07:47.0920 0x11cc [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    15:07:47.0920 0x11cc UI0Detect - ok
    15:07:48.0045 0x11cc [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    15:07:48.0123 0x11cc uliagpkx - ok
    15:07:48.0154 0x11cc [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci C:\Windows\system32\drivers\uliahci.sys
    15:07:48.0186 0x11cc uliahci - ok
    15:07:48.0264 0x11cc [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata C:\Windows\system32\drivers\ulsata.sys
    15:07:48.0295 0x11cc UlSata - ok
    15:07:48.0326 0x11cc [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
    15:07:48.0342 0x11cc ulsata2 - ok
    15:07:48.0373 0x11cc [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    15:07:48.0388 0x11cc umbus - ok
    15:07:48.0404 0x11cc [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost C:\Windows\System32\upnphost.dll
    15:07:48.0420 0x11cc upnphost - ok
    15:07:48.0513 0x11cc [ CAF811AE4C147FFCD5B51750C7F09142, BD670CF88D8F932AD1C6BA91FB68A7204BC473657C6A057C92AFB84D164D393C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    15:07:48.0591 0x11cc usbccgp - ok
    15:07:48.0654 0x11cc [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    15:07:48.0747 0x11cc usbcir - ok
    15:07:48.0825 0x11cc [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    15:07:48.0856 0x11cc usbehci - ok
    15:07:48.0950 0x11cc [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    15:07:49.0090 0x11cc usbhub - ok
    15:07:49.0122 0x11cc [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci C:\Windows\system32\drivers\usbohci.sys
    15:07:49.0153 0x11cc usbohci - ok
    15:07:49.0184 0x11cc [ B51E52ACF758BE00EF3A58EA452FE360, 79E629EC5DE8AB7F31B0EE9AE94C71E8F703FED5C09A816228726974F7790C85 ] usbprint C:\Windows\system32\drivers\usbprint.sys
    15:07:49.0246 0x11cc usbprint - ok
    15:07:49.0340 0x11cc [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    15:07:49.0465 0x11cc USBSTOR - ok
    15:07:49.0527 0x11cc [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    15:07:49.0590 0x11cc usbuhci - ok
    15:07:49.0636 0x11cc [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms C:\Windows\System32\uxsms.dll
    15:07:49.0668 0x11cc UxSms - ok
    15:07:49.0777 0x11cc [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds C:\Windows\System32\vds.exe
    15:07:49.0808 0x11cc vds - ok
    15:07:49.0855 0x11cc [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    15:07:49.0917 0x11cc vga - ok
    15:07:49.0948 0x11cc [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave C:\Windows\System32\drivers\vga.sys
    15:07:49.0948 0x11cc VgaSave - ok
    15:07:49.0995 0x11cc [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp C:\Windows\system32\drivers\viaagp.sys
    15:07:50.0073 0x11cc viaagp - ok
    15:07:50.0198 0x11cc [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
    15:07:50.0276 0x11cc ViaC7 - ok
    15:07:50.0292 0x11cc [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide C:\Windows\system32\drivers\viaide.sys
    15:07:50.0479 0x11cc viaide - ok
    15:07:50.0526 0x11cc [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    15:07:50.0619 0x11cc volmgr - ok
    15:07:50.0728 0x11cc [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    15:07:51.0072 0x11cc volmgrx - ok
    15:07:51.0196 0x11cc [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    15:07:51.0415 0x11cc volsnap - ok
    15:07:51.0477 0x11cc [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    15:07:51.0774 0x11cc vsmraid - ok
    15:07:52.0023 0x11cc [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS C:\Windows\system32\vssvc.exe
    15:07:52.0491 0x11cc VSS - ok
    15:07:52.0678 0x11cc [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time C:\Windows\system32\w32time.dll
    15:07:52.0756 0x11cc W32Time - ok
    15:07:52.0819 0x11cc [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    15:07:52.0834 0x11cc WacomPen - ok
    15:07:52.0897 0x11cc [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
    15:07:53.0022 0x11cc Wanarp - ok
    15:07:53.0037 0x11cc [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    15:07:53.0037 0x11cc Wanarpv6 - ok
    15:07:53.0209 0x11cc [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    15:07:53.0365 0x11cc wcncsvc - ok
    15:07:53.0474 0x11cc [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    15:07:53.0521 0x11cc WcsPlugInService - ok
    15:07:53.0708 0x11cc [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd C:\Windows\system32\drivers\wd.sys
    15:07:53.0864 0x11cc Wd - ok
    15:07:54.0238 0x11cc [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    15:07:54.0831 0x11cc Wdf01000 - ok
    15:07:54.0909 0x11cc [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll
    15:07:54.0925 0x11cc WdiServiceHost - ok
    15:07:54.0925 0x11cc [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost C:\Windows\system32\wdi.dll
    15:07:54.0940 0x11cc WdiSystemHost - ok
    15:07:55.0050 0x11cc [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient C:\Windows\System32\webclnt.dll
    15:07:55.0174 0x11cc WebClient - ok
    15:07:55.0330 0x11cc Websteroids - ok
    15:07:55.0377 0x11cc [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc C:\Windows\system32\wecsvc.dll
    15:07:55.0518 0x11cc Wecsvc - ok
    15:07:55.0549 0x11cc [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport C:\Windows\System32\wercplsupport.dll
    15:07:55.0564 0x11cc wercplsupport - ok
    15:07:55.0596 0x11cc [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc C:\Windows\System32\WerSvc.dll
    15:07:55.0611 0x11cc WerSvc - ok
    15:07:55.0674 0x11cc WinHttpAutoProxySvc - ok
    15:07:55.0736 0x11cc [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    15:07:55.0752 0x11cc Winmgmt - ok
    15:07:56.0173 0x11cc [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM C:\Windows\system32\WsmSvc.dll
    15:07:56.0235 0x11cc WinRM - ok
    15:07:56.0407 0x11cc [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc C:\Windows\System32\wlansvc.dll
    15:07:56.0578 0x11cc Wlansvc - ok
    15:07:56.0594 0x11cc wltrysvc - ok
    15:07:56.0656 0x11cc [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    15:07:56.0688 0x11cc WmiAcpi - ok
    15:07:56.0781 0x11cc [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    15:07:56.0797 0x11cc wmiApSrv - ok
    15:07:57.0312 0x11cc [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    15:07:57.0405 0x11cc WMPNetworkSvc - ok
    15:07:57.0499 0x11cc [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc C:\Windows\System32\wpcsvc.dll
    15:07:57.0514 0x11cc WPCSvc - ok
    15:07:57.0577 0x11cc [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    15:07:57.0624 0x11cc WPDBusEnum - ok
    15:07:57.0686 0x11cc [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
    15:07:57.0733 0x11cc WpdUsb - ok
    15:07:57.0889 0x11cc [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    15:07:57.0998 0x11cc WPFFontCache_v0400 - ok
    15:07:58.0045 0x11cc [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    15:07:58.0092 0x11cc ws2ifsl - ok
    15:07:58.0201 0x11cc [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc C:\Windows\System32\wscsvc.dll
    15:07:58.0216 0x11cc wscsvc - ok
    15:07:58.0232 0x11cc WSearch - ok
    15:07:58.0638 0x11cc [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
    15:08:11.0742 0x11cc wuauserv - ok
    15:08:11.0820 0x11cc [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    15:08:11.0820 0x11cc WudfPf - ok
    15:08:11.0882 0x11cc [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    15:08:11.0898 0x11cc WUDFRd - ok
    15:08:12.0069 0x11cc [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    15:08:12.0085 0x11cc wudfsvc - ok
    15:08:12.0132 0x11cc yksvc - ok
    15:08:12.0288 0x11cc [ 1A51DF1A5C658D534ED980D18F7982DE, ACC33646033D43B8FBCAA1C03CC8307B89FEE40ACFE4630D2A226CFB56B9D992 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
    15:08:12.0319 0x11cc yukonwlh - ok
    15:08:12.0350 0x11cc ================ Scan global ===============================
    15:08:12.0475 0x11cc [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
    15:08:12.0600 0x11cc [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
    15:08:12.0724 0x11cc [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
    15:08:12.0818 0x11cc [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
    15:08:12.0849 0x11cc [ Global ] - ok
    15:08:12.0849 0x11cc ================ Scan MBR ==================================
    15:08:12.0865 0x11cc [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
    15:08:14.0503 0x11cc \Device\Harddisk0\DR0 - ok
    15:08:14.0503 0x11cc [ 8CB37AFC263A219EBB7586F9C495114E ] \Device\Harddisk1\DR2
    15:08:15.0954 0x11cc \Device\Harddisk1\DR2 - ok
    15:08:15.0954 0x11cc ================ Scan VBR ==================================
    15:08:15.0969 0x11cc [ 2FE44946F159A4AEF2212D1D8C92385D ] \Device\Harddisk0\DR0\Partition1
    15:08:16.0047 0x11cc \Device\Harddisk0\DR0\Partition1 - ok
    15:08:16.0063 0x11cc [ 1996C6A9818AAA78E4A51BF862515C78 ] \Device\Harddisk1\DR2\Partition1
    15:08:16.0063 0x11cc \Device\Harddisk1\DR2\Partition1 - ok
    15:08:16.0063 0x11cc ================ Scan generic autorun ======================
    15:08:16.0858 0x11cc [ 4B36C7D9710C60EA7725685753BBFA5C, 818AECC62445090CC336E06736B9B803CB96CFDB2E680F1AA1ED1CD25911D7EC ] C:\Windows\system32\WLTRAY.exe
    15:08:23.0754 0x11cc Broadcom Wireless Manager UI - ok
    15:08:23.0878 0x11cc [ 43E3F9C0F3BC940F2D6DA1A72B177E42, DA910F256A762045136DD271B399620EBD45B72D316788E83A37BEA600D186E1 ] C:\Windows\system32\igfxtray.exe
    15:08:31.0944 0x11cc IgfxTray - ok
    15:08:32.0053 0x11cc [ 2413EC683C216B8A96E1BBC9CD1E01A2, ECD770B15F2F55A72DECA4DAA398EC881CD572B71FB6CA625F45EECD09A7421B ] C:\Windows\system32\hkcmd.exe
    15:08:32.0302 0x11cc HotKeysCmds - ok
    15:08:32.0365 0x11cc [ 953E9E1A9A2D0E862BB75FBFDEDB58F4, 79ACD5F8B444AA1C0C627253859E4D569C2A7980EB5FA81634339A5903777171 ] C:\Windows\system32\igfxpers.exe
    15:08:32.0708 0x11cc Persistence - ok
    15:08:32.0942 0x11cc [ 186C9D39541CC0DFFCC454F79AA0B0BF, 71D333B9037362650E5E4DBF4EFA3CFD49034C53F27C7FFDE8DE6149ADB6471D ] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    15:08:33.0504 0x11cc PDVDDXSrv - ok
    15:08:33.0878 0x11cc [ 00D1FB0073B4A8BD2989EA8FF4CC792B, 001A26FF51BF6BABF6325983F512CF8D84CADEE1CA36F166A41702D94C1B0841 ] C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    15:08:33.0987 0x11cc DellSupportCenter - ok
    15:08:35.0001 0x11cc [ F21E12716F97300532E6CD9EB7CEC280, 958B27E49E23AF3538A9B4442C28C630A40300D76FE3411634E388DE40435259 ] C:\Program Files\Dell\QuickSet\QuickSet.exe
    15:08:37.0107 0x11cc QuickSet - ok
    15:08:37.0419 0x11cc [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
    15:08:37.0809 0x11cc Sidebar - ok
    15:08:37.0809 0x11cc WindowsWelcomeCenter - ok
    15:08:38.0043 0x11cc [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
    15:08:38.0074 0x11cc Sidebar - ok
    15:08:38.0074 0x11cc WindowsWelcomeCenter - ok
    15:08:38.0152 0x11cc [ 00D1FB0073B4A8BD2989EA8FF4CC792B, 001A26FF51BF6BABF6325983F512CF8D84CADEE1CA36F166A41702D94C1B0841 ] C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    15:08:38.0262 0x11cc DellSupportCenter - ok
    15:08:38.0262 0x11cc Skype - ok
    15:08:38.0511 0x11cc [ 10FA625F8AD264545358A2575190A6DD, E16340234FEFE27D9EEB31D239D1288A0A6C80F4B91B7E82566B0BBEC0FAFF3D ] C:\Program Files\Garmin\Express Tray\ExpressTray.exe
    15:08:39.0026 0x11cc GarminExpressTrayApp - ok
    15:08:41.0397 0x11cc [ B1949628130F192DA27FDBAEA516BB6E, 13E5A2EBF0FDAB29CEA1E7FAEB3141233198D9A28353BDBB6FDB03602BE32AC6 ] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe
    15:08:43.0332 0x11cc Spybot-S&D Cleaning - ok
    15:08:43.0347 0x11cc Waiting for KSN requests completion. In queue: 11
    15:08:44.0361 0x11cc Waiting for KSN requests completion. In queue: 11
    15:08:45.0375 0x11cc Waiting for KSN requests completion. In queue: 11
    15:08:46.0389 0x11cc Waiting for KSN requests completion. In queue: 11
    15:08:47.0403 0x11cc Waiting for KSN requests completion. In queue: 11
    15:08:48.0417 0x11cc Waiting for KSN requests completion. In queue: 11
    15:08:49.0431 0x11cc Waiting for KSN requests completion. In queue: 11
    15:08:50.0445 0x11cc Waiting for KSN requests completion. In queue: 11
    15:08:51.0459 0x11cc Waiting for KSN requests completion. In queue: 11
    15:08:52.0473 0x11cc Waiting for KSN requests completion. In queue: 11
    15:08:53.0487 0x11cc Waiting for KSN requests completion. In queue: 11
    15:08:54.0501 0x11cc Waiting for KSN requests completion. In queue: 11
    15:08:55.0515 0x11cc Waiting for KSN requests completion. In queue: 11
    15:08:57.0028 0x11cc AV detected via SS2: BullGuard Antivirus, c:\program files\bullguard ltd\bullguard\BullGuard.exe ( 15.0.0.0 ), 0x41000 ( enabled : updated )
    15:08:57.0044 0x11cc FW detected via SS2: BullGuard Firewall, c:\program files\bullguard ltd\bullguard\BullGuard.exe ( 15.0.0.0 ), 0x40010 ( disabled )
    15:08:57.0465 0x11cc Win FW state via NFP2: enabled
    15:09:00.0211 0x11cc ============================================================
    15:09:00.0211 0x11cc Scan finished
    15:09:00.0211 0x11cc ============================================================
    15:09:00.0258 0x1344 Detected object count: 0
    15:09:00.0258 0x1344 Actual detected object count: 0
    15:09:28.0291 0x1768 Deinitialize success

  4. #4
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Hi,

    Its been awhile. Lets get a couple more downloads. You can try on the machine in question or use your linux machine and transfer them. Two will remove adware items. The third you can keep and use as a antimalware app.

    Look in your add/remove programs file and uninstall: Ask and/or Asktoolbar and this: Websteroids-- Reboot machine after the uninstalls. then:

    1) Adwcleaner:

    Please download Adwcleaner.exe to your desktop.
    Right click on AdwCleaner.exe, select "run as admin"
    Click on the Scan button
    Once the scan is done click on the Delete button. Items will already be checked for removal.
    Machine may prompt for reboot to finish the process.
    At restart a log will be generated which you can copy/paste in your reply.
    Copy and paste the contents of the log file in your reply
    You can also find the logfile at C:\AdwCleaner[R1].txt as well

    2) JRT:

    Please download Junkware Removal Tool to your desktop.

    http://thisisudax.org/downloads/JRT.exe

    Double click the icon or Right click for Vista/W7,8 and select Run as administrator
    The tool will open and start scanning.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message

    3): Malwarebytes, free edition:

    These directions are old as the GUI has changed but its easy to figure out:
    Please download the free version of Malwarebytes to your desktop.

    Double-click mbam-setup.exe and follow the prompts to install the program.
    Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    If an update is found, it will download and install the latest version.
    Once the program has loaded, select Perform FULL SCAN, then click Scan.
    When the scan is complete, click OK, then Show Results to view the results.
    Be sure that everything is checked, and click *Remove Selected.*

    *A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

    Lets see what gets dragged up and we will go from there.
    Last edited by shelf life; 2014-11-13 at 02:26.
    How Can I Reduce My Risk?

  5. #5
    Member
    Join Date
    Jun 2013
    Posts
    31

    Default logs

    Hi there shelf life. All three checks have thrown up something, but I had to do them in safe mode as the machine is still very, very slow in normal mode. Even in safe mode when I tried ro download malwarebytes it was blocked. Thanks for all your help thus far. Here are the logs:

    # AdwCleaner v4.101 - Report created 14/11/2014 at 14:34:43
    # Updated 09/11/2014 by Xplode
    # Database : 2014-11-07.1 [Local]
    # Operating System : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
    # Username : LucioMags - LUCIOMAGS-PC
    # Running from : C:\Users\LucioMags\Downloads\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****

    Service Found : Websteroids

    ***** [ Files / Folders ] *****

    Folder Found : C:\Program Files\ParetoLogic
    Folder Found : C:\ProgramData\Ask
    Folder Found : C:\ProgramData\ParetoLogic
    Folder Found : C:\ProgramData\SpeedMaxPc
    Folder Found : C:\ProgramData\Websteroids
    Folder Found : C:\Users\LucioMags\AppData\Local\apn
    Folder Found : C:\Users\LucioMags\AppData\Local\AskToolbar
    Folder Found : C:\Users\LucioMags\AppData\Local\iac
    Folder Found : C:\Users\LucioMags\AppData\Local\Websteroids
    Folder Found : C:\Users\LucioMags\AppData\LocalLow\AskToolbar
    Folder Found : C:\Users\LucioMags\AppData\Roaming\DriverCure
    Folder Found : C:\Users\LucioMags\AppData\Roaming\ParetoLogic
    Folder Found : C:\Users\LucioMags\AppData\Roaming\SpeedMaxPc
    Folder Found : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

    ***** [ Scheduled Tasks ] *****

    Task Found : paretologic update version3
    Task Found : Scheduled Update for Ask Toolbar

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\APN
    Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Found : HKCU\Software\AppDataLow\Software\DynConIE
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3729F2E5-EF82-43F3-A5DA-0654CB94E9FE}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Websteroids
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Found : HKCU\Software\ParetoLogic
    Key Found : HKCU\Software\YahooPartnerToolbar
    Key Found : HKLM\SOFTWARE\APN
    Key Found : HKLM\SOFTWARE\AskToolbar
    Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
    Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Found : HKLM\SOFTWARE\ParetoLogic
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16584


    -\\ Google Chrome v38.0.2125.104

    [C:\Users\LucioMags\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
    [C:\Users\LucioMags\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=00F02D99-9361-4B22-8A4D-6E8C8DD3AB6E&apn_ptnrs=U3&apn_sauid=703DD0B0-69A8-42F9-8DF5-63EA6DA640A5&apn_dtid=OSJ000YYGB&q={searchTerms}
    [C:\Users\LucioMags\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=00F02D99-9361-4B22-8A4D-6E8C8DD3AB6E&apn_ptnrs=U3&apn_sauid=703DD0B0-69A8-42F9-8DF5-63EA6DA640A5&apn_dtid=OSJ000YYGB&q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [8613 octets] - [14/11/2014 14:34:43]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8673 octets] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.3.7 (11.08.2014:1)
    OS: Windows Vista (TM) Home Basic x86
    Ran by LucioMags on 14/11/2014 at 14:53:06.48
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ToolbarProtector
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ToolbarProtector.1
    Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
    Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"
    Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}
    Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}



    ~~~ Files

    Successfully deleted: [File] "C:\Windows\System32\Tasks\scheduled update for ask toolbar"
    Successfully deleted: [File] "C:\Windows\wininit.ini"



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 14/11/2014 at 14:54:44.15
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 14/11/2014
    Scan Time: 15:20:39
    Logfile: mal.txt
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.11.14.05
    Rootkit Database: v2014.11.12.01
    License: Trial
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows Vista Service Pack 2
    CPU: x86
    File System: NTFS
    User: LucioMags

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 295507
    Time Elapsed: 17 min, 40 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 1
    Rogue.Multiple, C:\ProgramData\28523121, , [dfced269215bba7c9478c23224de1be5],

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  6. #6
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi,

    So after the Scan with Adwcleaner you clicked on the Clean button? In my original directions I said after the scan click on the delete button, should be the Clean button. There is no delete button-- Your machine should have rebooted to finish the removal process and on reboot display a new log.

    Run adwcleaner again, click on scan then when the scans done click on the clean button. Machine will reboot and on restart display a new log showing what was removed. Please post the log.
    How Can I Reduce My Risk?

  7. #7
    Member
    Join Date
    Jun 2013
    Posts
    31

    Default sorry posted r0 instead of s0 log

    Here are the previous adwcleaner clean log and the new one. Sorry about that it's just that when adwcleaner rebooted the machine, it went into normal mode and even though it did eventually open up notepad with the s0 log, the machine was so slow, i couldn't do anything with it:

    # AdwCleaner v4.101 - Report created 14/11/2014 at 14:37:00
    # Updated 09/11/2014 by Xplode
    # Database : 2014-11-07.1 [Local]
    # Operating System : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
    # Username : LucioMags - LUCIOMAGS-PC
    # Running from : C:\Users\LucioMags\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : Websteroids

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\ParetoLogic
    Folder Deleted : C:\ProgramData\SpeedMaxPc
    Folder Deleted : C:\ProgramData\Websteroids
    Folder Deleted : C:\Program Files\ParetoLogic
    Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
    Folder Deleted : C:\Users\LucioMags\AppData\Local\apn
    Folder Deleted : C:\Users\LucioMags\AppData\Local\AskToolbar
    Folder Deleted : C:\Users\LucioMags\AppData\Local\iac
    Folder Deleted : C:\Users\LucioMags\AppData\Local\Websteroids
    Folder Deleted : C:\Users\LucioMags\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\LucioMags\AppData\Roaming\DriverCure
    Folder Deleted : C:\Users\LucioMags\AppData\Roaming\ParetoLogic
    Folder Deleted : C:\Users\LucioMags\AppData\Roaming\SpeedMaxPc

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3729F2E5-EF82-43F3-A5DA-0654CB94E9FE}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}
    Key Deleted : HKCU\Software\APN
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\ParetoLogic
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
    Key Deleted : HKLM\SOFTWARE\APN
    Key Deleted : HKLM\SOFTWARE\AskToolbar
    Key Deleted : HKLM\SOFTWARE\ParetoLogic
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Websteroids
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16584


    -\\ Google Chrome v38.0.2125.104

    [C:\Users\LucioMags\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
    [C:\Users\LucioMags\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=00F02D99-9361-4B22-8A4D-6E8C8DD3AB6E&apn_ptnrs=U3&apn_sauid=703DD0B0-69A8-42F9-8DF5-63EA6DA640A5&apn_dtid=OSJ000YYGB&q={searchTerms}
    [C:\Users\LucioMags\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=00F02D99-9361-4B22-8A4D-6E8C8DD3AB6E&apn_ptnrs=U3&apn_sauid=703DD0B0-69A8-42F9-8DF5-63EA6DA640A5&apn_dtid=OSJ000YYGB&q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [8753 octets] - [14/11/2014 14:34:43]
    AdwCleaner[S0].txt - [8751 octets] - [14/11/2014 14:37:00]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8811 octets] ##########

    # AdwCleaner v4.101 - Report created 15/11/2014 at 11:25:53
    # Updated 09/11/2014 by Xplode
    # Database : 2014-11-07.1 [Local]
    # Operating System : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
    # Username : LucioMags - LUCIOMAGS-PC
    # Running from : C:\Users\LucioMags\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16584


    -\\ Google Chrome v38.0.2125.104


    *************************

    AdwCleaner[R0].txt - [8753 octets] - [14/11/2014 14:34:43]
    AdwCleaner[R1].txt - [975 octets] - [15/11/2014 11:16:41]
    AdwCleaner[S0].txt - [8891 octets] - [14/11/2014 14:37:00]
    AdwCleaner[S1].txt - [808 octets] - [15/11/2014 11:25:53]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [867 octets] ##########

  8. #8
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    So your machine runs ok in safe mode but not after a normal boot? did you notice if it started after installing software or a driver? It just bogs down and takes a long time to complete a task?

    Even in safe mode when I tried ro download malwarebytes it was blocked
    What do you mean by 'it was blocked' you couldnt get to the website?
    How Can I Reduce My Risk?

  9. #9
    Member
    Join Date
    Jun 2013
    Posts
    31

    Default hi there again shelf life

    That is correct. I don't know, as I say, I'm fixing this for a friend, but I will ask and get back to you. Correct. Like I say, I give up on it opening the computer window and indeed any other window. What I mean by 'it was blocked' is, yes, it could not connect to the web page; Internet Explorer came up with the diagnose problem web page. Like I said in the original post I think this is a new one (especially because that tool to help with NT development comes up on the taskbar) and must admit I'm out of my depth now. Possibly there is a way to find out which services/programs are taking up most of the CPU time (possibly with task manager) and kill them, but wouldn't know how to go about this properly; also with the machine operating so slowly in normal mode, would this be viable?

  10. #10
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    This type of problem can be hard to troubleshoot via posts.
    I dont think its malware related. Something is running in normal boot thats not there in safe mode. You could compare task manager in both modes, alot ot the tasks would be normal Window processes though. You might notice something different.

    You could also uninstall software via the add/remove program panel in safe mode starting with anything you dont use or recognize. You could check device manager after a normal boot and see if anything has the yellow exclamation point. I would suspect a software or driver conflict.
    For the most part malware wants/needs a normally functioning machine to be successful.
    How Can I Reduce My Risk?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •