[RESOLVED] Infected laptop

[HandsomeDevil]

Hi there.

I was given a laptop with the understanding that the emails and documents needed recovering/transferring over to his new laptop, but beyond that, I could have it. In the process of trying to burn his Outlook .pst to DVD, I noticed standard Windows processes were having to close, and simply browsing through his HDD was causing Explorer to crash. I checked msconfig and a number of suspicious executable were starting up, and discovered he had no anti-virus - and it wasn't allowing me to enable Windows Defender. I disabled the handful of suspicious processes on startup and installed an offline version of AVG, running it in safe mode. It found a fair amount of viruses/trojans and looks to have cleaned them (although I was a bit perturbed at the number of 'file locked' results). I haven't connected it to our network, because I don't trust that it's clean now, and am worried about infecting others on the network - unfortunately the down sides of this is that the AVG definitions need manually updating via d/l & transferring a 90MB .bin and pointing it to that - but AVG is up to date, and now showing clean. However, those processes on startup are still showing in msconfig, even if the executables are no longer there, and when trying to enable the Windows Security Centre service, as advised by Action Centre, it tells me it can't - which makes me concerned whether the adverse effects of the infection are still apparent, even if the viruses aren't.

So, apologies if the above isn't the suggested route.

Note: the scan for Malwarebytes posted below was without the capability to update it (if you can point me to a file to manually update the definitions, that'd be a help, and I can rescan) and DDS won't generate a dds.txt. It keeps telling me it's produced 1 log, which is the attach.txt I've pasted below


Malwarebytes

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 29/10/2014
Scan Time: 10:10:11
Logfile: mbam-complete.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.09.19.05
Rootkit Database: v2014.09.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x86
File System: NTFS
User: presentation

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 288721
Time Elapsed: 36 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Hijack.Autorun, HKU\S-1-5-21-2352433161-3608982554-448722011-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\COMMAND PROCESSOR|AutoRun, "C:\Users\presentation\AppData\Roaming\Microsoft\Windows\IEUpdate\esentutl.exe", Quarantined, [8af7ae4118633df9f2761b1d55ae7e82]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

DDS - Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 04/02/2011 09:15:17
System Uptime: 29/10/2014 08:38:14 (3 hours ago)
.
Motherboard: NEC COMPUTERS INTERNATIONAL | | NEC Versa Premium
Processor: Intel(R) Celeron(R) M processor 1.40GHz | mPGA478 | 1393/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 43 GiB total, 6.894 GiB free.
F: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\MTC0007\4&2D1D018E&0
Manufacturer:
Name:
PNP Device ID: ACPI\MTC0007\4&2D1D018E&0
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Image File Execution Options =============
.
.
==== Installed Programs ======================
.
.
==== End Of File ===========================

Thanks in advance for any help.

[HandsomeDevil]

Note: [...] DDS won't generate a dds.txt. It keeps telling me it's produced 1 log, which is the attach.txt I've pasted below

Uninstalling AVG, and/or running in safe mode doesn't resolve it: DDS still won't work for me, beyond generating the Attach log. I found newer definitions for MBAM (however, these are still outdated), so I'm running a new scan with them.

[photolady]

Broni will not read your attachments. And he will be along soon to explain things to you but you need to have patience.

[HandsomeDevil]

Broni will not read your attachments. And he will be along soon to explain things to you but you need to have patience.

Hi, I hope my posts don't come off as impatient, I just wanted to expand on my initial post's issues, but couldn't because of my inability to edit my posts after a certain amount of time (imagine this is forum-wide?). Broni's helped me before, and I understand we're on different timezones, so I wasn't expecting help yet - but wanted to give him all the information I have for when he does get a chance at looking at it.

Hmm, I'm confused by your opening sentence - I haven't attached anything? I've quoted my pastes - like I've done in the past for ease of reading.

Malwarebytes

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 29/10/2014
Scan Time: 15:22:20
Logfile: mbam2.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.06.06
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x86
File System: NTFS
User: presentation

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 290128
Time Elapsed: 34 min, 11 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 2
Trojan.Agent, HKU\S-1-5-21-2352433161-3608982554-448722011-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|Run, "C:\Users\presentation\AppData\Roaming\Microsoft\Windows\IEUpdate\esentutl.exe", Quarantined, [0b73ed24cbb16cca46cf2ee06f94ab55]
Trojan.Ransom.Gen, HKU\S-1-5-21-2352433161-3608982554-448722011-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GoziVfoxe, regsvr32.exe "C:\ProgramData\GoziVfoxe\GoziVfoxe.dat", Quarantined, [c1bdd9383745ee482e1b2e4cac5841bf]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

[photolady]

They can't be quoted either, you need to follow the rules to get Broni to even take a look at your logs and help you.

These rules:

http://discussions.virtualdr.com/sho...ated-4-1-2014)

I am sorry, I saw DDS - Attach and thought that meant you had used attaching, instead of quoting. My fault. Sorry.

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

Download TDSSKiller and save it to your desktop.

• Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

[HandsomeDevil]

TDSSKiller Log #1 - Part 1

09:07:16.0916 0x0f20 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
09:07:39.0291 0x0f20 ============================================================
09:07:39.0291 0x0f20 Current date / time: 2014/10/30 09:07:39.0291
09:07:39.0291 0x0f20 SystemInfo:
09:07:39.0291 0x0f20
09:07:39.0291 0x0f20 OS Version: 6.1.7600 ServicePack: 0.0
09:07:39.0291 0x0f20 Product type: Workstation
09:07:39.0306 0x0f20 ComputerName: QHSE
09:07:39.0306 0x0f20 UserName: presentation
09:07:39.0306 0x0f20 Windows directory: C:\Windows
09:07:39.0306 0x0f20 System windows directory: C:\Windows
09:07:39.0306 0x0f20 Processor architecture: Intel x86
09:07:39.0306 0x0f20 Number of processors: 1
09:07:39.0306 0x0f20 Page size: 0x1000
09:07:39.0306 0x0f20 Boot type: Normal boot
09:07:39.0306 0x0f20 ============================================================
09:07:41.0181 0x0f20 KLMD registered as C:\Windows\system32\drivers\62079618.sys
09:07:41.0947 0x0f20 System UUID: {9E389817-9927-C219-1F89-1C439CC09BD8}
09:07:43.0041 0x0f20 Drive \Device\Harddisk0\DR0 - Size: 0xBA5541C00 ( 46.58 Gb ), SectorSize: 0x200, Cylinders: 0x17C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:07:43.0041 0x0f20 Drive \Device\Harddisk1\DR1 - Size: 0xF6800000 ( 3.85 Gb ), SectorSize: 0x200, Cylinders: 0x1F6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:07:43.0041 0x0f20 ============================================================
09:07:43.0041 0x0f20 \Device\Harddisk0\DR0:
09:07:43.0041 0x0f20 MBR partitions:
09:07:43.0041 0x0f20 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x80344B, BlocksNum 0x5523375
09:07:43.0041 0x0f20 \Device\Harddisk1\DR1:
09:07:43.0041 0x0f20 MBR partitions:
09:07:43.0041 0x0f20 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x230, BlocksNum 0x7B3DD0
09:07:43.0041 0x0f20 ============================================================
09:07:43.0087 0x0f20 C: <-> \Device\Harddisk0\DR0\Partition1
09:07:43.0087 0x0f20 ============================================================
09:07:43.0087 0x0f20 Initialize success
09:07:43.0087 0x0f20 ============================================================
09:07:51.0087 0x0ddc ============================================================
09:07:51.0087 0x0ddc Scan started
09:07:51.0087 0x0ddc Mode: Manual;
09:07:51.0087 0x0ddc ============================================================
09:07:51.0087 0x0ddc KSN ping started
09:07:51.0134 0x0ddc KSN ping finished: false
09:07:52.0259 0x0ddc ================ Scan system memory ========================
09:07:52.0259 0x0ddc System memory - ok
09:07:52.0275 0x0ddc ================ Scan services =============================
09:07:52.0681 0x0ddc [ 6D2ACA41739BFE8CB86EE8E85F29697D, 74A4F53C8309A8E5E94CDE4D440DD5308566185E6D8D98FD08E70A25BD728C91 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
09:07:52.0697 0x0ddc 1394ohci - ok
09:07:52.0822 0x0ddc [ F0E07D144C8685B8774BC32FC8DA4DF0, 39816ED2623CA9ABE2B2EDCDB2F8481634742F00FEEF7E324F34D2BAAD668A67 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
09:07:52.0837 0x0ddc ACPI - ok
09:07:52.0931 0x0ddc [ 98D81CA942D19F7D9153B095162AC013, ACE5C073323176621F3312AA9B1EE1A3382F8CDD590D90DC57B34035FD6BC281 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
09:07:52.0931 0x0ddc AcpiPmi - ok
09:07:53.0228 0x0ddc [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:07:53.0228 0x0ddc AdobeARMservice - ok
09:07:53.0369 0x0ddc [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:07:53.0384 0x0ddc AdobeFlashPlayerUpdateSvc - ok
09:07:53.0541 0x0ddc [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:07:53.0572 0x0ddc adp94xx - ok
09:07:53.0666 0x0ddc [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:07:53.0697 0x0ddc adpahci - ok
09:07:53.0759 0x0ddc [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:07:53.0759 0x0ddc adpu320 - ok
09:07:53.0837 0x0ddc [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:07:53.0837 0x0ddc AeLookupSvc - ok
09:07:53.0916 0x0ddc [ DDC040FDB01EF1712A6B13E52AFB104C, BF17E91BBB85A04F1EEF580CD006101332CDE5B876A0D04C6932F30707BB184F ] AFD C:\Windows\system32\drivers\afd.sys
09:07:53.0931 0x0ddc AFD - ok
09:07:54.0009 0x0ddc [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
09:07:54.0009 0x0ddc aic78xx - ok
09:07:54.0541 0x0ddc [ 7997B6F02CBDA0E31FA18CC85871B938, 1960717C0328ADCEDEEF281FB98E1DD899BFFF9FBEC025B732E20D9E9F3A956B ] ALCXWDM C:\Windows\system32\drivers\RTKVAC.SYS
09:07:54.0994 0x0ddc ALCXWDM - ok
09:07:55.0103 0x0ddc [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
09:07:55.0119 0x0ddc ALG - ok
09:07:55.0166 0x0ddc [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
09:07:55.0166 0x0ddc aliide - ok
09:07:55.0197 0x0ddc [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
09:07:55.0212 0x0ddc amdagp - ok
09:07:55.0259 0x0ddc [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
09:07:55.0275 0x0ddc amdide - ok
09:07:55.0322 0x0ddc [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:07:55.0322 0x0ddc AmdK8 - ok
09:07:55.0400 0x0ddc [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:07:55.0400 0x0ddc AmdPPM - ok
09:07:55.0447 0x0ddc [ 2101A86C25C154F8314B24EF49D7FBC2, E4C1326CF55850793B45B2BFDF361C4E98A07FB13E08BFD6DB50135489700998 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
09:07:55.0447 0x0ddc amdsata - ok
09:07:55.0541 0x0ddc [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:07:55.0556 0x0ddc amdsbs - ok
09:07:55.0603 0x0ddc [ B81C2B5616F6420A9941EA093A92B150, DA2000C9E06533232F8716A6674BC9DFD5C3AAE1FC46F7A91B8E917DB913F42F ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
09:07:55.0603 0x0ddc amdxata - ok
09:07:55.0650 0x0ddc [ FEB834C02CE1E84B6A38F953CA067706, E5A7F8B632ABFBD1283C3D44FB02449814EDB653B204E1720DAA780A6D64FD01 ] AppID C:\Windows\system32\drivers\appid.sys
09:07:55.0666 0x0ddc AppID - ok
09:07:55.0712 0x0ddc [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:07:55.0712 0x0ddc AppIDSvc - ok
09:07:55.0775 0x0ddc [ 7DEAD9E3F65DCB2794F2711003BBF650, F541C30EEFD1BDB70F361B878B6E51DC728873695DD137148CE531FBACCDA21B ] Appinfo C:\Windows\System32\appinfo.dll
09:07:55.0775 0x0ddc Appinfo - ok
09:07:55.0884 0x0ddc [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll
09:07:55.0884 0x0ddc AppMgmt - ok
09:07:55.0962 0x0ddc [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
09:07:55.0962 0x0ddc arc - ok
09:07:56.0009 0x0ddc [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:07:56.0025 0x0ddc arcsas - ok
09:07:56.0072 0x0ddc [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:07:56.0087 0x0ddc AsyncMac - ok
09:07:56.0134 0x0ddc [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\DRIVERS\atapi.sys
09:07:56.0134 0x0ddc atapi - ok
09:07:56.0353 0x0ddc [ 76BAB0C824E2D05B940C4DD40A9B08BF, 237C60123F5AFF06C20757E2791C0CA383DE094DB634C239E375639B1B923844 ] athr C:\Windows\system32\DRIVERS\athr.sys
09:07:56.0509 0x0ddc athr - ok
09:07:56.0619 0x0ddc [ 510C873BFA135AA829F4180352772734, BC528D840EB338B0C5D11801C63D8EADD40AF8043DC77ACB4B42E8D20767538F ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:07:56.0650 0x0ddc AudioEndpointBuilder - ok
09:07:56.0744 0x0ddc [ 510C873BFA135AA829F4180352772734, BC528D840EB338B0C5D11801C63D8EADD40AF8043DC77ACB4B42E8D20767538F ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:07:56.0775 0x0ddc Audiosrv - ok
09:07:56.0916 0x0ddc [ EA2D28BBE98256654397CD1F6EAEBDD8, 97BBE5A2C9F2AE4675E6652AD79B1FCAEA76064FB37DBF238947ACA81D3017DF ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
09:07:56.0916 0x0ddc Autodesk Licensing Service - ok
09:07:57.0009 0x0ddc [ DD6A431B43E34B91A767D1CE33728175, 8BFF6474C9DFBEC96FA7B2789EF9B17C7910B52DBCF70CDA1F0C698CFA5EFB6E ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:07:57.0025 0x0ddc AxInstSV - ok
09:07:57.0134 0x0ddc [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
09:07:57.0181 0x0ddc b06bdrv - ok
09:07:57.0275 0x0ddc [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
09:07:57.0306 0x0ddc b57nd60x - ok
09:07:57.0400 0x0ddc [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
09:07:57.0400 0x0ddc BDESVC - ok
09:07:57.0462 0x0ddc [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
09:07:57.0462 0x0ddc Beep - ok
09:07:57.0572 0x0ddc [ 85AC71C045CEB054ED48A7841AAE0C11, BA0C0CC50E5C49838116AC9A12A7CF1A683601FD08D3CF6EC06620C51C0806FF ] BFE C:\Windows\System32\bfe.dll
09:07:57.0619 0x0ddc BFE - ok
09:07:57.0744 0x0ddc [ 53F476476F55A27F580661BDE09C4EC4, 90DFBF97F011CFF41D2CFA2E33978BC746A7E693AC75EED1436130C4F10B4E67 ] BITS C:\Windows\System32\qmgr.dll
09:07:57.0822 0x0ddc BITS - ok
09:07:57.0884 0x0ddc [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:07:57.0884 0x0ddc blbdrive - ok
09:07:57.0916 0x0ddc [ FCAFAEF6798D7B51FF029F99A9898961, BFB37686B1386EB883B99DB6AC342C20514939F8B7A5CEC5D63865B3DC2B4D4F ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:07:57.0916 0x0ddc bowser - ok
09:07:57.0962 0x0ddc [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:07:57.0962 0x0ddc BrFiltLo - ok
09:07:57.0994 0x0ddc [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:07:57.0994 0x0ddc BrFiltUp - ok
09:07:58.0056 0x0ddc [ 598E1280E7FF3744F4B8329366CC5635, 9B6392AEBE7EF26253487AF8C7C114822ABB187BA32DA8DBF622DB1B8DA6F1C0 ] Browser C:\Windows\System32\browser.dll
09:07:58.0072 0x0ddc Browser - ok
09:07:58.0134 0x0ddc [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:07:58.0181 0x0ddc Brserid - ok
09:07:58.0212 0x0ddc [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:07:58.0212 0x0ddc BrSerWdm - ok
09:07:58.0244 0x0ddc [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:07:58.0244 0x0ddc BrUsbMdm - ok
09:07:58.0306 0x0ddc [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:07:58.0306 0x0ddc BrUsbSer - ok
09:07:58.0353 0x0ddc [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:07:58.0369 0x0ddc BTHMODEM - ok
09:07:58.0462 0x0ddc [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
09:07:58.0462 0x0ddc bthserv - ok
09:07:58.0525 0x0ddc [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:07:58.0541 0x0ddc cdfs - ok
09:07:58.0603 0x0ddc [ BA6E70AA0E6091BC39DE29477D866A77, A17A68BDA46995F75FB1C2C593A81CD3B2BFE290CEAA45FA2380DDF5537A23C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:07:58.0619 0x0ddc cdrom - ok
09:07:58.0681 0x0ddc [ 628A9E30EC5E18DD5DE6BE4DBDC12198, DDA43DCCB195440D6BD5752BD00D984F45BD6D23DBE2A656C33E3CD1E5D17AD7 ] CertPropSvc C:\Windows\System32\certprop.dll
09:07:58.0681 0x0ddc CertPropSvc - ok
09:07:58.0728 0x0ddc [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:07:58.0728 0x0ddc circlass - ok
09:07:58.0822 0x0ddc [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
09:07:58.0853 0x0ddc CLFS - ok
09:07:58.0994 0x0ddc [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:07:59.0009 0x0ddc clr_optimization_v2.0.50727_32 - ok
09:07:59.0056 0x0ddc [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:07:59.0056 0x0ddc CmBatt - ok
09:07:59.0087 0x0ddc [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
09:07:59.0103 0x0ddc cmdide - ok
09:07:59.0181 0x0ddc [ 1B675691ED940766149C93E8F4488D68, A55C41B2B343B1CF53D737ED1752D0510052094FFC60FDB833279A8A52398132 ] CNG C:\Windows\system32\Drivers\cng.sys
09:07:59.0212 0x0ddc CNG - ok
09:07:59.0275 0x0ddc [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:07:59.0275 0x0ddc Compbatt - ok
09:07:59.0337 0x0ddc [ F1724BA27E97D627F808FB0BA77A28A6, F7D69082EEFEC0FB8B309F6AEE282D4A5DFC1A40851ED65904AA9582C5DEA5AB ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
09:07:59.0337 0x0ddc CompositeBus - ok
09:07:59.0369 0x0ddc COMSysApp - ok
09:07:59.0416 0x0ddc [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:07:59.0431 0x0ddc crcdisk - ok
09:07:59.0525 0x0ddc [ 9C231178CE4FB385F4B54B0A9080B8A4, 08EFAEBFF68D5CCE432D75116ED4BDC63FEA651459C9AD363CBEEDB769806527 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:07:59.0525 0x0ddc CryptSvc - ok
09:07:59.0619 0x0ddc [ 27C9490BDD0AE48911AB8CF1932591ED, 751F576F797F8A7BA576C32598BD6FD2E60D4FACC7836CC5BA3F68C38D27CCCA ] CSC C:\Windows\system32\drivers\csc.sys
09:07:59.0666 0x0ddc CSC - ok
09:07:59.0775 0x0ddc [ 56FB5F222EA30D3D3FC459879772CB73, 2C4646774575858E26DBA9C73853E06D0BD18CC8A4C73C633071FF5FE04CA0F4 ] CscService C:\Windows\System32\cscsvc.dll
09:07:59.0853 0x0ddc CscService - ok
09:07:59.0947 0x0ddc [ B82CD39E336973359D7C9BF911E8E84F, 45DB8F1E88FC25A81D2F3C2F8A8CDB6B34C44950B038E24FB71DCDD9823DB22A ] DcomLaunch C:\Windows\system32\rpcss.dll
09:07:59.0978 0x0ddc DcomLaunch - ok
09:08:00.0056 0x0ddc [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
09:08:00.0072 0x0ddc defragsvc - ok
09:08:00.0134 0x0ddc [ 8E09E52EE2E3CEB199EF3DD99CF9E3FB, B03D0CF11C1D0DCBB76E74D796F3AFA2F9598C918017C29670BED4E3A9962EF5 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:08:00.0134 0x0ddc DfsC - ok
09:08:00.0244 0x0ddc [ C56495FBD770712367CAD35E5DE72DA6, 9D5456A2E208F542F0B6C951EFCABA2A10919777C4287D7298A28F543D5BAC32 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:08:00.0259 0x0ddc Dhcp - ok
09:08:00.0291 0x0ddc [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
09:08:00.0306 0x0ddc discache - ok
09:08:00.0384 0x0ddc [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:08:00.0384 0x0ddc Disk - ok
09:08:00.0447 0x0ddc [ D0722E963D3C6145446874241401B209, 542B3E6EC7E0161AB4732380343139959775E749996A97684A5D423833DDB196 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:08:00.0462 0x0ddc Dnscache - ok
09:08:00.0509 0x0ddc [ 4408C85C21EEA48EB0CE486BAEEF0502, 67EA726F4053665D94D7790EC89616EA0698A7548073A9211E3F75937B4384BE ] dot3svc C:\Windows\System32\dot3svc.dll
09:08:00.0525 0x0ddc dot3svc - ok
09:08:00.0619 0x0ddc [ 7FA81C6E11CAA594ADB52084DA73A1E5, 9ED1C585D9CA091E75E4A2A1E5B923B104EBDC5FC9D12154DE909C583E4D0CAE ] DPS C:\Windows\system32\dps.dll
09:08:00.0634 0x0ddc DPS - ok
09:08:00.0697 0x0ddc [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:08:00.0712 0x0ddc drmkaud - ok
09:08:00.0822 0x0ddc [ 39806CFEDDCC55E686A49BCCD2972F23, EFD5816D3E8E7F0F8D8E52AB9C534737F32D2D6D3EACCA78940792C553881C64 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:08:00.0900 0x0ddc DXGKrnl - ok
09:08:00.0994 0x0ddc [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
09:08:00.0994 0x0ddc EapHost - ok
09:08:01.0369 0x0ddc [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
09:08:01.0634 0x0ddc ebdrv - ok
09:08:01.0728 0x0ddc [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] EFS C:\Windows\System32\lsass.exe
09:08:01.0728 0x0ddc EFS - ok
09:08:01.0869 0x0ddc [ 3A74A6E33685662B125A3269B1F2114F, 183E180E4B35E549B5D7363D926E17226FF70CFDE7328F7B0B3676B9A27E2569 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:08:01.0916 0x0ddc ehRecvr - ok
09:08:01.0978 0x0ddc [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
09:08:01.0994 0x0ddc ehSched - ok
09:08:02.0087 0x0ddc [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:08:02.0134 0x0ddc elxstor - ok
09:08:02.0166 0x0ddc [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
09:08:02.0166 0x0ddc ErrDev - ok
09:08:02.0291 0x0ddc [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
09:08:02.0337 0x0ddc EventSystem - ok
09:08:02.0416 0x0ddc [ 82E7EB9F12321052CD9A904B13724EE2, 47025BCC20F0C86E4ADD127D25402813CE2DEBB768A99CF54BE08466E4D29206 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
09:08:02.0431 0x0ddc ewusbnet - ok
09:08:02.0478 0x0ddc [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
09:08:02.0494 0x0ddc exfat - ok
09:08:02.0541 0x0ddc [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:08:02.0556 0x0ddc fastfat - ok
09:08:02.0681 0x0ddc [ F7EA23CC5E6BF2181F3F399D54F6EFC1, 4659A2EDC5D5171668FB20BED7B56466A674876888519D6F524F7456EBD11263 ] Fax C:\Windows\system32\fxssvc.exe
09:08:02.0728 0x0ddc Fax - ok
09:08:02.0791 0x0ddc [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:08:02.0791 0x0ddc fdc - ok
09:08:02.0837 0x0ddc [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
09:08:02.0853 0x0ddc fdPHost - ok
09:08:02.0884 0x0ddc [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
09:08:02.0900 0x0ddc FDResPub - ok
09:08:02.0962 0x0ddc [ F5CB6CB6D12F495516BE27CFFCCDE4BF, 52F61636E9C7CD967A78DC4401C4CF7D7768B9C940F1DCC01EB4DD1A48837E89 ] FETNDIS C:\Windows\system32\DRIVERS\fetnd6.sys
09:08:02.0962 0x0ddc FETNDIS - ok
09:08:02.0994 0x0ddc [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:08:03.0009 0x0ddc FileInfo - ok
09:08:03.0056 0x0ddc [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:08:03.0056 0x0ddc Filetrace - ok
09:08:03.0103 0x0ddc [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:08:03.0103 0x0ddc flpydisk - ok
09:08:03.0166 0x0ddc [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:08:03.0181 0x0ddc FltMgr - ok
09:08:03.0369 0x0ddc [ B6512A85815FDC3D560C3705F5BDB93D, A04D60BF4649DD7582C0E26E9CED93841D8B2729FDF6E1551F48A94AFD5A6436 ] FontCache C:\Windows\system32\FntCache.dll
09:08:03.0462 0x0ddc FontCache - ok
09:08:03.0556 0x0ddc [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:08:03.0556 0x0ddc FontCache3.0.0.0 - ok
09:08:03.0619 0x0ddc [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:08:03.0619 0x0ddc FsDepends - ok
09:08:03.0650 0x0ddc [ A574B4360E438977038AAE4BF60D79A2, 7255CCDDDAC4853FA72E6487408C4B7390CBA37549CE952929B2A9CF3327C616 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:08:03.0650 0x0ddc Fs_Rec - ok
09:08:03.0728 0x0ddc [ 5592F5DBA26282D24D2B080EB438A4D7, 5376D6CFFE9A1406CFA0BF4325EB65206F57A5C50034DA7EB4238BEB08D4D6DB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:08:03.0759 0x0ddc fvevol - ok
09:08:03.0822 0x0ddc [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:08:03.0822 0x0ddc gagp30kx - ok
09:08:03.0947 0x0ddc [ 8BA3C04702BF8F927AB36AE8313CA4EE, 3B6460C8134AA9D6E4FB978201B35FE9B67DD5BBB6C8D9625F3097DDA30C2893 ] gpsvc C:\Windows\System32\gpsvc.dll
09:08:04.0025 0x0ddc gpsvc - ok
09:08:04.0166 0x0ddc [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
09:08:04.0181 0x0ddc gupdate - ok
09:08:04.0259 0x0ddc [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
09:08:04.0259 0x0ddc gupdatem - ok
09:08:04.0337 0x0ddc [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:08:04.0353 0x0ddc gusvc - ok
09:08:04.0400 0x0ddc [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:08:04.0416 0x0ddc hcw85cir - ok
09:08:04.0462 0x0ddc [ 717A2207FD6F13AD3E664C7D5A43C7BF, BF28A6F00B64FA0E801493E3289CFFD5E313E724DF7B5AB521C9E37A20890DCF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:08:04.0462 0x0ddc HDAudBus - ok
09:08:04.0509 0x0ddc [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:08:04.0509 0x0ddc HidBatt - ok
09:08:04.0541 0x0ddc [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:08:04.0556 0x0ddc HidBth - ok
09:08:04.0634 0x0ddc [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:08:04.0634 0x0ddc HidIr - ok
09:08:04.0681 0x0ddc [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
09:08:04.0681 0x0ddc hidserv - ok
09:08:04.0775 0x0ddc [ 25072FB35AC90B25F9E4E3BACF774102, EBCE089947CC5A251A517CB91E81FCB948B18405FBACA04C874D4A48AF88676D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:08:04.0775 0x0ddc HidUsb - ok
09:08:04.0837 0x0ddc [ 741C2A45CA8407E374AABA3E330B7872, FCF31C46297CFDF8240F0E783A61C8463FEDB1EF7A676AB89DFF0EAE9F3534B4 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:08:04.0837 0x0ddc hkmsvc - ok
09:08:04.0916 0x0ddc [ A768CA158BB06782A2835B907F4873C3, EFF736C6BA38FB8FC8807286AB273E7274F505E8E59D952E8563DF77C412C5AE ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:08:04.0931 0x0ddc HomeGroupListener - ok
09:08:04.0994 0x0ddc [ FB08DEC5EF43D0C66D83B8E9694E7549, 9C9ECE9E90F524791FC5DCE797BAE39605F966592126FF058BA3FA0BEFD07BEB ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:08:04.0994 0x0ddc HomeGroupProvider - ok
09:08:05.0072 0x0ddc [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
09:08:05.0087 0x0ddc HpSAMD - ok
09:08:05.0166 0x0ddc [ C531C7FD9E8B62021112787C4E2C5A5A, 09205E2A5BFB6C623B312B8AC82F7F7CA8A922B1D9A0E3952BD3BA47BBE1F18C ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:08:05.0244 0x0ddc HTTP - ok
09:08:05.0353 0x0ddc [ 348C3A9D01E68A0222A246346924AA55, 6F8803BA37760043A78DC1E0D4E20853E5ABEF55B0201676B281EC2685E951DD ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
09:08:05.0353 0x0ddc hwdatacard - ok
09:08:05.0384 0x0ddc [ 8305F33CDE89AD6C7A0763ED0B5A8D42, A7CA4978DC1FF6105EA39124DF854F0B1FD478476B871ED0E018AF3AE2165282 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:08:05.0384 0x0ddc hwpolicy - ok
09:08:05.0478 0x0ddc [ AC6B4AABF92867584445D0C435B9248F, D65827515221F20E2F3F6A4C5EFA388E851847A1B13A7E4FE350FB9D1F42D25C ] hwusbdev C:\Windows\system32\DRIVERS\ewusbdev.sys
09:08:05.0494 0x0ddc hwusbdev - ok
09:08:05.0603 0x0ddc [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:08:05.0603 0x0ddc i8042prt - ok
09:08:05.0697 0x0ddc [ 934AF4D7C5F457B9F0743F4299B77B67, F232554352BB7CD716D6173FC1AB2661E49480994BB22E9A6FE7A33B51F0A51B ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
09:08:05.0728 0x0ddc iaStorV - ok
09:08:05.0900 0x0ddc [ 5AF815EB5BC9802E5A064E2BA62BFC0C, DC8CED05F623D30C57E8A7A382A219B4266C9C766ABF8A8D71783EACB8607B82 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:08:05.0994 0x0ddc idsvc - ok
09:08:06.0056 0x0ddc [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:08:06.0056 0x0ddc iirsp - ok
09:08:06.0197 0x0ddc [ FAC0EE6562B121B1399D6E855583F7A5, 034C9EE9232EB2CE64297EC4BCBEB5DA443ED9176C436CC754EF84FFB4AD4B08 ] IKEEXT C:\Windows\System32\ikeext.dll
09:08:06.0291 0x0ddc IKEEXT - ok
09:08:06.0353 0x0ddc [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
09:08:06.0353 0x0ddc intelide - ok
09:08:06.0416 0x0ddc [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:08:06.0416 0x0ddc intelppm - ok
09:08:06.0478 0x0ddc [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:08:06.0494 0x0ddc IPBusEnum - ok
09:08:06.0541 0x0ddc [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:08:06.0556 0x0ddc IpFilterDriver - ok
09:08:06.0666 0x0ddc [ 477397B432A256A50EE7E4339EB9EA14, 3722938E69D16962F773F39669E9B90279DC9527BBC63564B33C89DAFD283497 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:08:06.0728 0x0ddc iphlpsvc - ok
09:08:06.0775 0x0ddc [ E4454B6C37D7FFD5649611F6496308A7, 5B2AA8C06076C9A1FF944E5EA07C29BA7FABEBB38E6BFB388ED46933EAC465FB ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
09:08:06.0775 0x0ddc IPMIDRV - ok
09:08:06.0837 0x0ddc [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:08:06.0853 0x0ddc IPNAT - ok
09:08:06.0916 0x0ddc [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:08:06.0916 0x0ddc IRENUM - ok
09:08:06.0962 0x0ddc [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
09:08:06.0962 0x0ddc isapnp - ok
09:08:07.0025 0x0ddc [ ED46C223AE46C6866AB77CDC41C404B7, 1B2A4A3FF0E5F8F02717F20983D57612D62DFF809064A7E524700E7254BB7DB3 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
09:08:07.0041 0x0ddc iScsiPrt - ok
09:08:07.0150 0x0ddc [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:08:07.0150 0x0ddc kbdclass - ok
09:08:07.0197 0x0ddc [ 3D9F0EBF350EDCFD6498057301455964, B3CB5F0C045B06C86E683F3C67DC0D4E37AF16E20B189B05C926A5A7011438FB ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:08:07.0197 0x0ddc kbdhid - ok
09:08:07.0244 0x0ddc [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] KeyIso C:\Windows\system32\lsass.exe
09:08:07.0244 0x0ddc KeyIso - ok
09:08:07.0306 0x0ddc [ E36A061EC11B373826905B21BE10948F, CB9F8B76E0A99307A841B66CBD96C7087CC0B068699CBEF01040E37C6EA60E6A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:08:07.0306 0x0ddc KSecDD - ok
09:08:07.0353 0x0ddc [ 26C046977E85B95036453D7B88BA1820, 375B284AFB407CAE417D2090B112A0ED1CCD516ABFDDBFCD5D6AADE859F14ACD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:08:07.0369 0x0ddc KSecPkg - ok
09:08:07.0431 0x0ddc [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
09:08:07.0462 0x0ddc KtmRm - ok
09:08:07.0541 0x0ddc [ BCA92CB047A4326925ECEF759DBAA233, C2A188F5526882A2E3AC4CC0190452DA37CBD93043DFE5571A20E8EFE9D56DA3 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:08:07.0556 0x0ddc LanmanServer - ok
09:08:07.0634 0x0ddc [ B9891F885DCF1F0513A51CB58493CB1F, C883D243E1E7B7AEA031FB90FE4FCEED631F835DC95F9D9D60BC554E6EC358C2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:08:07.0634 0x0ddc LanmanWorkstation - ok
09:08:07.0697 0x0ddc [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:08:07.0697 0x0ddc lltdio - ok
09:08:07.0775 0x0ddc [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:08:07.0791 0x0ddc lltdsvc - ok
09:08:07.0837 0x0ddc [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:08:07.0837 0x0ddc lmhosts - ok
09:08:07.0916 0x0ddc [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:08:07.0931 0x0ddc LSI_FC - ok
09:08:07.0994 0x0ddc [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:08:07.0994 0x0ddc LSI_SAS - ok
09:08:08.0056 0x0ddc [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:08:08.0056 0x0ddc LSI_SAS2 - ok
09:08:08.0103 0x0ddc [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:08:08.0119 0x0ddc LSI_SCSI - ok
09:08:08.0166 0x0ddc [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
09:08:08.0181 0x0ddc luafv - ok
09:08:08.0228 0x0ddc lxec_device - ok
09:08:08.0275 0x0ddc [ E2B0887816ED336685954E3D8FDAA51D, 4DCB08ADC6A89DCA68D1285734B283B567888EF72249F6BBA73A63D1BD462466 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:08:08.0291 0x0ddc Mcx2Svc - ok
09:08:08.0353 0x0ddc [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:08:08.0353 0x0ddc megasas - ok
09:08:08.0462 0x0ddc [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:08:08.0462 0x0ddc MegaSR - ok
09:08:08.0587 0x0ddc [ FAFE367D032ED82E9332B4C741A20216, 7B123766E360570E0FCB211835B7910D6A1806C25A06BCA9227AB9E993376CA8 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
09:08:08.0587 0x0ddc Microsoft Office Groove Audit Service - ok
09:08:08.0634 0x0ddc [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
09:08:08.0650 0x0ddc MMCSS - ok
09:08:08.0697 0x0ddc [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
09:08:08.0697 0x0ddc Modem - ok
09:08:08.0806 0x0ddc [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:08:08.0806 0x0ddc monitor - ok
09:08:08.0853 0x0ddc [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:08:08.0869 0x0ddc mouclass - ok
09:08:08.0916 0x0ddc [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:08:08.0916 0x0ddc mouhid - ok
09:08:08.0962 0x0ddc [ 921C18727C5920D6C0300736646931C2, 19ACE502982E9C5B0134676102EAEE96675C9CA237E410DB36C389D6B4078301 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:08:08.0962 0x0ddc mountmgr - ok
09:08:09.0025 0x0ddc [ 2AF5997438C55FB79D33D015C30E1974, E8F048A02FEB400C133D0BFC1659921E73B59549E3F7D2A13929901B87A1901F ] mpio C:\Windows\system32\DRIVERS\mpio.sys
09:08:09.0025 0x0ddc mpio - ok
09:08:09.0103 0x0ddc [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:08:09.0103 0x0ddc mpsdrv - ok
09:08:09.0244 0x0ddc [ 5CD996CECF45CBC3E8D109C86B82D69E, ABE40DA4DA555D3D5054BE28BF82E775D90DCB9E31409DC95FABF2F016B17700 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:08:09.0306 0x0ddc MpsSvc - ok
09:08:09.0369 0x0ddc [ B1BE47008D20E43DA3ADC37C24CDB89D, 6E8555E84B42E5098227B35EA5ABADF2CD3AC247B37CB9E9304FF67064EBE59B ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:08:09.0384 0x0ddc MRxDAV - ok
09:08:09.0431 0x0ddc [ F4A054BE78AF7F410129C4B64B07DC9B, 65E14D38CCAB4FBB0C0D4A12F11B2E150AEC00AC692EE92A5CE6C982CF1190F5 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:08:09.0431 0x0ddc mrxsmb - ok
09:08:09.0494 0x0ddc [ DEFFA295BD1895C6ED8E3078412AC60B, 3F13CD67659EC2C8ABADC2C5B48B939ECDC6DB7CAAAAC3C2823AC12842BC1630 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:08:09.0509 0x0ddc mrxsmb10 - ok
09:08:09.0572 0x0ddc [ 24D76ABE5DCAD22F19D105F76FDF0CE1, D0A7E033B4DF4AA5A9600A2A7A890FDE20AC7CE87C660817EB92FE10E2DAD343 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:08:09.0572 0x0ddc mrxsmb20 - ok
09:08:09.0603 0x0ddc [ 4326D168944123F38DD3B2D9C37A0B12, 322AE93418BE3BA6B3E11C86431EC3F4B23CADC3B968B92978A08A7C0D0D8902 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
09:08:09.0619 0x0ddc msahci - ok
09:08:09.0666 0x0ddc [ 455029C7174A2DBB03DBA8A0D8BDDD9A, 614D71978B024109ADD9A7A74F74ABD5FAA1C36A2E859AF288398EAE7CD76DF2 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
09:08:09.0681 0x0ddc msdsm - ok
09:08:09.0728 0x0ddc [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
09:08:09.0744 0x0ddc MSDTC - ok
09:08:09.0775 0x0ddc [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:08:09.0791 0x0ddc Msfs - ok
09:08:09.0837 0x0ddc [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:08:09.0837 0x0ddc mshidkmdf - ok
09:08:09.0884 0x0ddc [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
09:08:09.0884 0x0ddc msisadrv - ok
09:08:09.0962 0x0ddc [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:08:09.0978 0x0ddc MSiSCSI - ok
09:08:10.0009 0x0ddc msiserver - ok
09:08:10.0072 0x0ddc [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:08:10.0072 0x0ddc MSKSSRV - ok
09:08:10.0103 0x0ddc [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:08:10.0103 0x0ddc MSPCLOCK - ok
09:08:10.0166 0x0ddc [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:08:10.0166 0x0ddc MSPQM - ok
09:08:10.0228 0x0ddc [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:08:10.0244 0x0ddc MsRPC - ok
09:08:10.0306 0x0ddc [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:08:10.0306 0x0ddc mssmbios - ok
09:08:10.0337 0x0ddc [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:08:10.0337 0x0ddc MSTEE - ok
09:08:10.0384 0x0ddc [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:08:10.0384 0x0ddc MTConfig - ok
09:08:10.0494 0x0ddc [ 8CC4AB0F1FDB5FC7F58779DAB0B1D22E, CE0260F3AC98400860A0DA6974A2DE63DE787CB6F2FAD0D32F72D73D7D867DDE ] Mtlmnt5 C:\Windows\system32\DRIVERS\SLDRV\Mtlmnt5.sys
09:08:10.0525 0x0ddc Mtlmnt5 - ok
09:08:10.0744 0x0ddc [ C3556A7AEAFA2E71F270531FF2F401FD, 1AC3D6DA4E47DFFFD80E680F0A1F945D4B296FE2A1BC7CAC572992ED0719C56E ] Mtlstrm C:\Windows\system32\DRIVERS\SLDRV\Mtlstrm.sys
09:08:10.0900 0x0ddc Mtlstrm - ok
09:08:10.0962 0x0ddc [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
09:08:10.0962 0x0ddc Mup - ok
09:08:11.0072 0x0ddc [ 80284F1985C70C86F0B5F86DA2DFE1DF, 424A5BBC28C72DA0DBABEB9E423B8C409754CD1BA3DFC9E174BF22D8BCE1BE63 ] napagent C:\Windows\system32\qagentRT.dll
09:08:11.0103 0x0ddc napagent - ok
09:08:11.0181 0x0ddc [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:08:11.0197 0x0ddc NativeWifiP - ok
09:08:11.0306 0x0ddc [ 23759D175A0A9BAAF04D05047BC135A8, 2C8C553B4E1ED3A644F619F16BCEDD5A3C6D74A17E6E75A3E740E06B1D636348 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:08:11.0384 0x0ddc NDIS - ok
09:08:11.0447 0x0ddc [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:08:11.0447 0x0ddc NdisCap - ok
09:08:11.0509 0x0ddc [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:08:11.0525 0x0ddc NdisTapi - ok
09:08:11.0556 0x0ddc [ B30AE7F2B6D7E343B0DF32E6C08FCE75, 39BBBF7AF886732CB9ED3E6C06DA4318554089F3BEA74C74328FE1C6EF68E70B ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:08:11.0556 0x0ddc Ndisuio - ok
09:08:11.0603 0x0ddc [ 267C415EADCBE53C9CA873DEE39CF3A4, BAA8626BDA7B68176B19A99FBBD40FB2A774C8F44B56F9FFB99A1F5C16A1C555 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:08:11.0619 0x0ddc NdisWan - ok
09:08:11.0666 0x0ddc [ AF7E7C63DCEF3F8772726F86039D6EB4, 1CFDED48E8844138864786DBF9D5519162A6DB28F885A781934E8AFBD52EAC50 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:08:11.0666 0x0ddc NDProxy - ok
09:08:11.0728 0x0ddc [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:08:11.0728 0x0ddc NetBIOS - ok
09:08:11.0791 0x0ddc [ DD52A733BF4CA5AF84562A5E2F963B91, 5CEB9664CED3D120F5408A12035748728710D41090A289CF66023CED4C838A1F ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:08:11.0806 0x0ddc NetBT - ok
09:08:11.0837 0x0ddc [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] Netlogon C:\Windows\system32\lsass.exe
09:08:11.0837 0x0ddc Netlogon - ok
09:08:11.0931 0x0ddc [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
09:08:11.0978 0x0ddc Netman - ok
09:08:12.0056 0x0ddc [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
09:08:12.0103 0x0ddc netprofm - ok
09:08:12.0150 0x0ddc [ FE2AA5A684B0DD9B1FAE57B7817C198B, 59137B15AD038C31BEB909EC11019E08C072DD7EE611B9618B7523880453BD4F ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:08:12.0150 0x0ddc NetTcpPortSharing - ok
09:08:12.0228 0x0ddc [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:08:12.0228 0x0ddc nfrd960 - ok
09:08:12.0306 0x0ddc [ 2226496E34BD40734946A054B1CD657F, 98392D98C9213822268971432BB55047ABD8B4EBD42483FA69BF50FB8FAD64A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:08:12.0322 0x0ddc NlaSvc - ok
09:08:12.0369 0x0ddc [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:08:12.0369 0x0ddc Npfs - ok
09:08:12.0431 0x0ddc [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll

[HandsomeDevil]

TDSSKiller Log #1 - Part 2

09:08:12.0431 0x0ddc nsi - ok
09:08:12.0478 0x0ddc [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:08:12.0478 0x0ddc nsiproxy - ok
09:08:12.0681 0x0ddc [ 3795DCD21F740EE799FB7223234215AF, B03DBFD33B201134473D23038E0BD86CFE64556754BF4EBA42C10B67AEECAEA6 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:08:12.0822 0x0ddc Ntfs - ok
09:08:12.0884 0x0ddc [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
09:08:12.0884 0x0ddc Null - ok
09:08:12.0947 0x0ddc [ 3F3D04B1D08D43C16EA7963954EC768D, BA82C1D3D9F4AA5F1C9729D61D4E06DB961FDF2B1E9B483D29DB308204DF0754 ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
09:08:12.0947 0x0ddc nvraid - ok
09:08:12.0994 0x0ddc [ C99F251A5DE63C6F129CF71933ACED0F, 24D48A5F5D699AB0DD4D4435F8F7C6B73A924AEF8F9D1170FD644E26499546A2 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
09:08:13.0009 0x0ddc nvstor - ok
09:08:13.0041 0x0ddc [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
09:08:13.0056 0x0ddc nv_agp - ok
09:08:13.0212 0x0ddc [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:08:13.0275 0x0ddc odserv - ok
09:08:13.0322 0x0ddc [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
09:08:13.0337 0x0ddc ohci1394 - ok
09:08:13.0400 0x0ddc [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:08:13.0416 0x0ddc ose - ok
09:08:13.0509 0x0ddc [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:08:13.0525 0x0ddc p2pimsvc - ok
09:08:13.0603 0x0ddc [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
09:08:13.0666 0x0ddc p2psvc - ok
09:08:13.0728 0x0ddc [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:08:13.0728 0x0ddc Parport - ok
09:08:13.0775 0x0ddc [ FF4218952B51DE44FE910953A3E686B9, 871E4F8300AFE2AE770B8F00C12911A08D8BBD8E07C37A11AFF67CA92607A602 ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:08:13.0791 0x0ddc partmgr - ok
09:08:13.0822 0x0ddc [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
09:08:13.0822 0x0ddc Parvdm - ok
09:08:13.0900 0x0ddc [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:08:13.0916 0x0ddc PcaSvc - ok
09:08:13.0978 0x0ddc [ C858CB77C577780ECC456A892E7E7D0F, 21AE545B736739DE5A7B02CF227516BA6D02B1AAAECD8CC516CCF9F1FD710BCF ] pci C:\Windows\system32\DRIVERS\pci.sys
09:08:13.0994 0x0ddc pci - ok
09:08:14.0041 0x0ddc [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\DRIVERS\pciide.sys
09:08:14.0041 0x0ddc pciide - ok
09:08:14.0119 0x0ddc [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:08:14.0134 0x0ddc pcmcia - ok
09:08:14.0166 0x0ddc [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
09:08:14.0181 0x0ddc pcw - ok
09:08:14.0275 0x0ddc [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:08:14.0322 0x0ddc PEAUTH - ok
09:08:14.0494 0x0ddc [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:08:14.0603 0x0ddc PeerDistSvc - ok
09:08:14.0947 0x0ddc [ 9C1BFF7910C89A1D12E57343475840CB, 62E00E1278BD263B2AC8CB803C31F2818C54DB143C49470FAD07731E04BD2DE3 ] pla C:\Windows\system32\pla.dll
09:08:15.0150 0x0ddc pla - ok
09:08:15.0244 0x0ddc [ 2CC2008F1296968FBA162ED9F9AFE328, 670E2BE4EB8210C9D6AEA635DFA20E390936762A22B2BB413BF9C7AF418150D6 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:08:15.0259 0x0ddc PlugPlay - ok
09:08:15.0291 0x0ddc [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:08:15.0306 0x0ddc PNRPAutoReg - ok
09:08:15.0353 0x0ddc [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:08:15.0369 0x0ddc PNRPsvc - ok
09:08:15.0478 0x0ddc [ 48E1B75C6DC0232FD92BAAE4BD344721, 5BA4EB5A60725836D8085EABF87F51160BA57E318A0C4378410217911A393CE7 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:08:15.0525 0x0ddc PolicyAgent - ok
09:08:15.0587 0x0ddc [ DBFF83F709A91049621C1D35DD45C92C, 0A722A44F431CAB5EA77FF5F25EB6975C2111B605564FF9FB59751067E7CD3A7 ] Power C:\Windows\system32\umpo.dll
09:08:15.0619 0x0ddc Power - ok
09:08:15.0681 0x0ddc [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:08:15.0697 0x0ddc PptpMiniport - ok
09:08:15.0744 0x0ddc [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:08:15.0759 0x0ddc Processor - ok
09:08:15.0837 0x0ddc [ 630CF26F0227498B7D5A92B12548960F, 7B6E2A3C398DF2E8F63C03ED5B59BB8DA47D5C1ACA9F37438F71F35633ACD6CD ] ProfSvc C:\Windows\system32\profsvc.dll
09:08:15.0837 0x0ddc ProfSvc - ok
09:08:15.0884 0x0ddc [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:08:15.0900 0x0ddc ProtectedStorage - ok
09:08:15.0947 0x0ddc [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:08:15.0962 0x0ddc Psched - ok
09:08:16.0134 0x0ddc [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:08:16.0244 0x0ddc ql2300 - ok
09:08:16.0306 0x0ddc [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:08:16.0322 0x0ddc ql40xx - ok
09:08:16.0384 0x0ddc [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
09:08:16.0416 0x0ddc QWAVE - ok
09:08:16.0447 0x0ddc [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:08:16.0447 0x0ddc QWAVEdrv - ok
09:08:16.0494 0x0ddc [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:08:16.0494 0x0ddc RasAcd - ok
09:08:16.0556 0x0ddc [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:08:16.0556 0x0ddc RasAgileVpn - ok
09:08:16.0619 0x0ddc [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
09:08:16.0619 0x0ddc RasAuto - ok
09:08:16.0697 0x0ddc [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:08:16.0697 0x0ddc Rasl2tp - ok
09:08:16.0791 0x0ddc [ 0CE66EC736B7FC526D78F7624C7D2A94, D70B45AA413691CF84B24E966EBA1689955E54BDDA206380CAB7CD50F56D5CEB ] RasMan C:\Windows\System32\rasmans.dll
09:08:16.0806 0x0ddc RasMan - ok
09:08:16.0869 0x0ddc [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:08:16.0884 0x0ddc RasPppoe - ok
09:08:16.0916 0x0ddc [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:08:16.0931 0x0ddc RasSstp - ok
09:08:16.0978 0x0ddc [ 835D7E81BF517A3B72384BDCC85E1CE6, DC855AF17150C1B27926293115C01B5E1FD00FABCE18AFAEAB3DC68BDE4C908B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:08:16.0994 0x0ddc rdbss - ok
09:08:17.0056 0x0ddc [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:08:17.0056 0x0ddc rdpbus - ok
09:08:17.0087 0x0ddc [ 1E016846895B15A99F9A176A05029075, 78AE674B6E7D3A69099B24AC07E06563A4C867F9DCD8548E4DAAE6FC5ACA4E29 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:08:17.0087 0x0ddc RDPCDD - ok
09:08:17.0166 0x0ddc [ C5FF95883FFEF704D50C40D21CFB3AB5, 26CC53DDE126A6BD99F606695F063BB7FDC4BBABB9F75F7AD7A84B58C837EEAA ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:08:17.0166 0x0ddc RDPDR - ok
09:08:17.0244 0x0ddc [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:08:17.0244 0x0ddc RDPENCDD - ok
09:08:17.0291 0x0ddc [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:08:17.0291 0x0ddc RDPREFMP - ok
09:08:17.0337 0x0ddc [ 801371BA9782282892D00AADB08EE367, 884DDC24B8400E76F65F54C249053333AD29543224F9EC156C64A6BDF584DDCD ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:08:17.0369 0x0ddc RDPWD - ok
09:08:17.0431 0x0ddc [ 4EA225BF1CF05E158853F30A99CA29A7, F211480F13E2FE36C31110AE67ABE74E9D572D3A36BEEDE29E14ECBD8C246878 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:08:17.0447 0x0ddc rdyboost - ok
09:08:17.0494 0x0ddc [ 5DF1543B5258AF20DEDDBB32808470C5, 16D532F8A9D8B41758F492761C981CBBD33F8869B68A44AFA7DAF42FC7278BC7 ] RecAgent C:\Windows\system32\DRIVERS\SLDRV\RecAgent.sys
09:08:17.0494 0x0ddc RecAgent - ok
09:08:17.0556 0x0ddc [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:08:17.0572 0x0ddc RemoteAccess - ok
09:08:17.0619 0x0ddc [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:08:17.0634 0x0ddc RemoteRegistry - ok
09:08:17.0681 0x0ddc [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:08:17.0697 0x0ddc RpcEptMapper - ok
09:08:17.0744 0x0ddc [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
09:08:17.0759 0x0ddc RpcLocator - ok
09:08:17.0822 0x0ddc [ B82CD39E336973359D7C9BF911E8E84F, 45DB8F1E88FC25A81D2F3C2F8A8CDB6B34C44950B038E24FB71DCDD9823DB22A ] RpcSs C:\Windows\system32\rpcss.dll
09:08:17.0837 0x0ddc RpcSs - ok
09:08:17.0931 0x0ddc [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:08:17.0931 0x0ddc rspndr - ok
09:08:18.0072 0x0ddc [ A77E6087129E463CDAB8080F5B846888, 677E1731578EAC1320EB3C6A7B8EBD6C6F68DEE770B50B0C9C11DE34EF587168 ] RTL8192cu C:\Windows\system32\DRIVERS\RTL8192cu.sys
09:08:18.0181 0x0ddc RTL8192cu - ok
09:08:18.0244 0x0ddc [ 5423D8437051E89DD34749F242C98648, 28FD190E13676B0FD452A73C3069B72206E2938DB2240BAA9BDB56687C748A2B ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
09:08:18.0244 0x0ddc s3cap - ok
09:08:18.0275 0x0ddc [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] SamSs C:\Windows\system32\lsass.exe
09:08:18.0275 0x0ddc SamSs - ok
09:08:18.0337 0x0ddc [ 34EE0C44B724E3E4CE2EFF29126DE5B5, D27AAF77CB8830893558A600E19CDBF9A6AA7D69DE4B34F317ED4AFD38E8CAFB ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
09:08:18.0337 0x0ddc sbp2port - ok
09:08:18.0416 0x0ddc [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:08:18.0416 0x0ddc SCardSvr - ok
09:08:18.0462 0x0ddc [ A95C54B2AC3CC9C73FCDF9E51A1D6B51, 8C0189A6AF9AEC46CBA4DA422C52B2D3E4858B2F2658DB6CA7996B5F368D2503 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:08:18.0462 0x0ddc scfilter - ok
09:08:18.0603 0x0ddc [ 3E8B0C453E25613A1F59762A5C42AA75, 86801C49664441A08F7E95031E52AD2518D61CCB945A857A18F0714351A8158C ] Schedule C:\Windows\system32\schedsvc.dll
09:08:18.0697 0x0ddc Schedule - ok
09:08:18.0759 0x0ddc [ 628A9E30EC5E18DD5DE6BE4DBDC12198, DDA43DCCB195440D6BD5752BD00D984F45BD6D23DBE2A656C33E3CD1E5D17AD7 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:08:18.0759 0x0ddc SCPolicySvc - ok
09:08:18.0837 0x0ddc [ 5FD90ABDBFAEE85986802622CBB03446, 0A8D9DC09C2ACA9EAABED04737E9EBF6EFB92BB2B9E5F37F10BFDF47CBF7DEDB ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:08:18.0837 0x0ddc SDRSVC - ok
09:08:18.0947 0x0ddc [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:08:18.0947 0x0ddc secdrv - ok
09:08:19.0009 0x0ddc [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
09:08:19.0009 0x0ddc seclogon - ok
09:08:19.0041 0x0ddc [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll
09:08:19.0056 0x0ddc SENS - ok
09:08:19.0134 0x0ddc [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:08:19.0134 0x0ddc SensrSvc - ok
09:08:19.0181 0x0ddc [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:08:19.0181 0x0ddc Serenum - ok
09:08:19.0228 0x0ddc [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:08:19.0228 0x0ddc Serial - ok
09:08:19.0275 0x0ddc [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:08:19.0275 0x0ddc sermouse - ok
09:08:19.0369 0x0ddc [ 8F55CE568C543D5ADF45C409D16718FC, 64D45854A91B656C1AF36EB272FDC54E9B5FB0200CB93E20F7D997DDA109EF7F ] SessionEnv C:\Windows\system32\sessenv.dll
09:08:19.0369 0x0ddc SessionEnv - ok
09:08:19.0431 0x0ddc [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
09:08:19.0431 0x0ddc sffdisk - ok
09:08:19.0462 0x0ddc [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
09:08:19.0462 0x0ddc sffp_mmc - ok
09:08:19.0494 0x0ddc [ 4F1E5B0FE7C8050668DBFADE8999AEFB, E36DAACC3D11F004808A3F44C471BBFDC2F33411D9F5C18B55B0DB2A6DA6E74C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
09:08:19.0494 0x0ddc sffp_sd - ok
09:08:19.0525 0x0ddc [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:08:19.0525 0x0ddc sfloppy - ok
09:08:19.0634 0x0ddc [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:08:19.0666 0x0ddc SharedAccess - ok
09:08:19.0744 0x0ddc [ CD2E48FA5B29EE2B3B5858056D246EF2, B743F92D0121CF3D827753C85F1F5A14C2DAA1CAFD42C7810C3BECB853DB6175 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:08:19.0759 0x0ddc ShellHWDetection - ok
09:08:19.0822 0x0ddc [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:08:19.0837 0x0ddc SiSRaid2 - ok
09:08:19.0869 0x0ddc [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:08:19.0884 0x0ddc SiSRaid4 - ok
09:08:20.0009 0x0ddc [ E61F4A8551ED6D42245EC5C4A29C120B, 1242D5CF8389D6633304CED276FD845DE2A487C3CB232F8F36BBC57CC1B8E173 ] Slntamr C:\Windows\system32\DRIVERS\SLDRV\slntamr.sys
09:08:20.0072 0x0ddc Slntamr - ok
09:08:20.0134 0x0ddc [ A553E8FBB9D09AF1454531E87019B10E, ECEBB9D94857935DB3A7839FA8FD60BCD02EC2B83E3DB42B58D2F49D6841BE79 ] SlNtHal C:\Windows\system32\DRIVERS\SLDRV\Slnthal.sys
09:08:20.0134 0x0ddc SlNtHal - ok
09:08:20.0181 0x0ddc SLService - ok
09:08:20.0228 0x0ddc [ 58F389DAEA07A855F7F38DD0D66E20C2, F28B04393F809E6B66DDD6C52FAA2EA5E6EC61C5FFBD9CEA1AAFF51633058519 ] SlWdmSup C:\Windows\system32\DRIVERS\SLDRV\SlWdmSup.sys
09:08:20.0228 0x0ddc SlWdmSup - ok
09:08:20.0291 0x0ddc [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:08:20.0306 0x0ddc Smb - ok
09:08:20.0384 0x0ddc [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:08:20.0384 0x0ddc SNMPTRAP - ok
09:08:20.0431 0x0ddc [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
09:08:20.0431 0x0ddc spldr - ok
09:08:20.0525 0x0ddc [ 49B6DD6AB3715B7A67965F17194E98A9, 331D69F3630BA978AC13471A2E7465351D04416343A595C62B94BADFFCD02B3A ] Spooler C:\Windows\System32\spoolsv.exe
09:08:20.0556 0x0ddc Spooler - ok
09:08:21.0072 0x0ddc [ 4C287F9069FEDBD791178876EE9DE536, 6099E76FF6FBA002EBA2BA7BE4E3238D91332E077524D1DD402E0C9ADA22E852 ] sppsvc C:\Windows\system32\sppsvc.exe
09:08:21.0494 0x0ddc sppsvc - ok
09:08:21.0587 0x0ddc [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7, E7A8A5774C62DC12B56DC3E0A385ACA9069F3A5E6AC664AD0C383EF44DCF81B3 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:08:21.0587 0x0ddc sppuinotify - ok
09:08:21.0681 0x0ddc [ 2BA4EBC7DFBA845A1EDBE1F75913BE33, 58D0B957469D55026A53C3963508C8B36BDB360A0A5B870332B79A39200DB3AC ] srv C:\Windows\system32\DRIVERS\srv.sys
09:08:21.0712 0x0ddc srv - ok
09:08:21.0775 0x0ddc [ DCE7E10FEAABD4CAE95948B3DE5340BB, B1E9CD14DC24BB161EFC83D83CE95D0A98008AD790041785C6C8B87564A491D7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:08:21.0822 0x0ddc srv2 - ok
09:08:21.0853 0x0ddc [ B5665BAA2120B8A54E22E9CD07C05106, 86E50853D412ACDC752AD182ED52B49DD679D75843E1E9D6A6425E750594692C ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:08:21.0869 0x0ddc srvnet - ok
09:08:21.0931 0x0ddc [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:08:21.0962 0x0ddc SSDPSRV - ok
09:08:21.0994 0x0ddc [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:08:22.0009 0x0ddc SstpSvc - ok
09:08:22.0072 0x0ddc [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:08:22.0072 0x0ddc stexstor - ok
09:08:22.0150 0x0ddc [ EDB05BD63148796F23EA78506404A538, 8EBF623D3DEB6CCAC75AAFCF8B23271029A28BE29D459088E40FBF109E80AA17 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
09:08:22.0150 0x0ddc StillCam - ok
09:08:22.0259 0x0ddc [ A22825E7BB7018E8AF3E229A5AF17221, 5C97557F8BC6ABBB5BE624AE41AAC22C3D845F76C3E930337A4C07B2381086D7 ] StiSvc C:\Windows\System32\wiaservc.dll
09:08:22.0322 0x0ddc StiSvc - ok
09:08:22.0369 0x0ddc [ 957E346CA948668F2496A6CCF6FF82CC, 5C0E0F0E0F2D36E3213885C60BC3B075AFD2257FEB4B8186FC1FE253E0C218AF ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
09:08:22.0369 0x0ddc storflt - ok
09:08:22.0416 0x0ddc [ D5751969DC3E4B88BF482AC8EC9FE019, DAEB50C0045364C75965B0E94744C6E2E1E85C8D00F1E8A5593F3EC780BDD7D9 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
09:08:22.0416 0x0ddc storvsc - ok
09:08:22.0462 0x0ddc [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:08:22.0462 0x0ddc swenum - ok
09:08:22.0556 0x0ddc [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
09:08:22.0587 0x0ddc swprv - ok
09:08:22.0775 0x0ddc [ 04105C8DA62353589C29BDAEB8D88BD8, CC7A3A779A143E09FE5C0AA6795A7B13496C4E121347949CB23F7946EE5E2DED ] SysMain C:\Windows\system32\sysmain.dll
09:08:22.0916 0x0ddc SysMain - ok
09:08:22.0962 0x0ddc [ FCFB6C552FBC0DA299799CBD50AD9FD4, A2A90829087B1A7F9B57D6F184EB4AE38D10B2986B0DC8D2ACA5EE9412CA3976 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:08:22.0962 0x0ddc TabletInputService - ok
09:08:23.0025 0x0ddc [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF, FF66CBA014F3F8B721088F5AB3D004C1711E7F587CC8D4AC3DCFB45CDB746800 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:08:23.0056 0x0ddc TapiSrv - ok
09:08:23.0103 0x0ddc [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
09:08:23.0119 0x0ddc TBS - ok
09:08:23.0306 0x0ddc [ 2CC3D75488ABD3EC628BBB9A4FC84EFC, 62917CDBC6529D1CC3D7F6E211C717DC44033955749333DCBD052F9BF6639767 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:08:23.0462 0x0ddc Tcpip - ok
09:08:23.0681 0x0ddc [ 2CC3D75488ABD3EC628BBB9A4FC84EFC, 62917CDBC6529D1CC3D7F6E211C717DC44033955749333DCBD052F9BF6639767 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:08:23.0759 0x0ddc TCPIP6 - ok
09:08:23.0822 0x0ddc [ E64444523ADD154F86567C469BC0B17F, FBE8A1DC28C102068183754F6BF0D03F5D18FD24BEB7E4B57D1CFCEBB13B381F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:08:23.0822 0x0ddc tcpipreg - ok
09:08:23.0884 0x0ddc [ 1875C1490D99E70E449E3AFAE9FCBADF, FFDF03826DAB748D51B53B648B632E79B3CD6238F684FDEA749B4D0F93BE5A77 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:08:23.0884 0x0ddc TDPIPE - ok
09:08:23.0916 0x0ddc [ 7551E91EA999EE9A8E9C331D5A9C31F3, C98C97DFD6C7276CD999545A7BC67B56E1BDDFB2886412E9198012322F95A10D ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:08:23.0916 0x0ddc TDTCP - ok
09:08:23.0978 0x0ddc [ CB39E896A2A83702D1737BFD402B3542, FA77D98EA3606CA2FCEF0E0949FDE2C32A080B47CAFDE46CE903CA3CBFC5DF35 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:08:23.0994 0x0ddc tdx - ok
09:08:24.0056 0x0ddc [ C36F41EE20E6999DBF4B0425963268A5, 9DB789A17DF2C283D6E803EEA15F2BDFC56EE3BE342A5606DD5C179C3550ECA6 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:08:24.0056 0x0ddc TermDD - ok
09:08:24.0166 0x0ddc [ A01E50A04D7B1960B33E92B9080E6A94, 0512BF11F2FD62BDBD2B1AA34D509BE82AC374C37B925C8C0ED119C6331930FD ] TermService C:\Windows\System32\termsrv.dll
09:08:24.0259 0x0ddc TermService - ok
09:08:24.0322 0x0ddc [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
09:08:24.0337 0x0ddc Themes - ok
09:08:24.0369 0x0ddc [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
09:08:24.0384 0x0ddc THREADORDER - ok
09:08:24.0447 0x0ddc [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
09:08:24.0462 0x0ddc TrkWks - ok
09:08:24.0556 0x0ddc [ 41A4C781D2286208D397D72099304133, 447CAAD5589AA499EEE49FBA2CB53210359DB76AFF1DF2F0BD4D92A397037C1D ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:08:24.0572 0x0ddc TrustedInstaller - ok
09:08:24.0619 0x0ddc [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242, 9606DACB8CBDAF520282BE8C8F064535767405F138D9E9A215D2C59183E93CC1 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:08:24.0619 0x0ddc tssecsrv - ok
09:08:24.0697 0x0ddc [ 3E461D890A97F9D4C168F5FDA36E1D00, 82A8778F404F7AC5102802CF46F279F1E58AC74244665D06FD0C68A8BD887536 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:08:24.0697 0x0ddc tunnel - ok
09:08:24.0759 0x0ddc [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:08:24.0759 0x0ddc uagp35 - ok
09:08:24.0853 0x0ddc [ 09CC3E16F8E5EE7168E01CF8FCBE061A, 81EEAC72A7C4D72666C743DEFF8096FDB465AA1FA8076C60D19CC192846F01CA ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:08:24.0900 0x0ddc udfs - ok
09:08:24.0994 0x0ddc [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:08:25.0009 0x0ddc UI0Detect - ok
09:08:25.0056 0x0ddc [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
09:08:25.0056 0x0ddc uliagpkx - ok
09:08:25.0134 0x0ddc [ 049B3A50B3D646BAEEEE9EEC9B0668DC, 5774438BBD0976424C20559E14BA2AC158D9FF5D4E1FDC1C9C9F4D7A5CE8C377 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:08:25.0134 0x0ddc umbus - ok
09:08:25.0181 0x0ddc [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:08:25.0181 0x0ddc UmPass - ok
09:08:25.0259 0x0ddc [ 8ECACA5454844F66386F7BE4AE0D7CD1, F3B02A9F598C6A9EFA019F5833959DD1A86FDFDB9FDDF99A8687BBB6211AAD00 ] UmRdpService C:\Windows\System32\umrdp.dll
09:08:25.0291 0x0ddc UmRdpService - ok
09:08:25.0337 0x0ddc [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
09:08:25.0384 0x0ddc upnphost - ok
09:08:25.0431 0x0ddc [ 8455C4ED038EFD09E99327F9D2D48FFA, D166F98EA3D85F7DD6B5258949C186714A17EF89B6FDC9804165F7B4FA811C30 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:08:25.0447 0x0ddc usbccgp - ok
09:08:25.0478 0x0ddc [ 04EC7CEC62EC3B6D9354EEE93327FC82, 6CB41D8644618A5F701F6CA91FB65BB94AA83EA48992133B5262DC539B334B2E ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
09:08:25.0494 0x0ddc usbcir - ok
09:08:25.0541 0x0ddc [ 1C333BFD60F2FED2C7AD5DAF533CB742, 97AE9CA39482B886FCD063E80B8AB153E1FC1459452657393D8B1745EF69E1C3 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:08:25.0541 0x0ddc usbehci - ok
09:08:25.0603 0x0ddc [ EE6EF93CCFA94FAE8C6AB298273D8AE2, CBEE16CEAD02E994F0C2AD77DD8C01CB9964C6B42DE49FF7A787849CD25767B4 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:08:25.0619 0x0ddc usbhub - ok
09:08:25.0650 0x0ddc [ A6FB7957EA7AFB1165991E54CE934B74, 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
09:08:25.0650 0x0ddc usbohci - ok
09:08:25.0728 0x0ddc [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:08:25.0728 0x0ddc usbprint - ok
09:08:25.0791 0x0ddc [ 576096CCBC07E7C4EA4F5E6686D6888F, 8C643F43BD0017979548389C4DB36A1EE872CCF19C86FAE3752A4989173E28ED ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:08:25.0806 0x0ddc usbscan - ok
09:08:25.0869 0x0ddc [ D8889D56E0D27E57ED4591837FE71D27, DB1B65EEBFB036086EC3347C1181D9D01FF65870EAEC4A1BA08AF43C35075647 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:08:25.0869 0x0ddc USBSTOR - ok
09:08:25.0900 0x0ddc [ 78780C3EBCE17405B1CCD07A3A8A7D72, FBFF3111E22EE0B4BCAFA81F89AAE985135BFF48EEFD130C09B49CCF8A9946B9 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:08:25.0900 0x0ddc usbuhci - ok
09:08:25.0962 0x0ddc [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
09:08:25.0962 0x0ddc UxSms - ok
09:08:25.0994 0x0ddc [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] VaultSvc C:\Windows\system32\lsass.exe
09:08:26.0009 0x0ddc VaultSvc - ok
09:08:26.0072 0x0ddc [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
09:08:26.0087 0x0ddc vdrvroot - ok
09:08:26.0181 0x0ddc [ 8C4E7C49D3641BC9E299E466A7F8867D, 4F2E742EFE2DE47EE187B3BCDFDCB525FE484B74700A226D7894F9633F957AFA ] vds C:\Windows\System32\vds.exe
09:08:26.0244 0x0ddc vds - ok
09:08:26.0306 0x0ddc [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:08:26.0306 0x0ddc vga - ok
09:08:26.0337 0x0ddc [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:08:26.0337 0x0ddc VgaSave - ok
09:08:26.0384 0x0ddc [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583, 33DF8F7C9A3176175113CA10D69FAF17A5412C055943F14DDC9923531FADB82D ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
09:08:26.0400 0x0ddc vhdmp - ok
09:08:26.0462 0x0ddc [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
09:08:26.0462 0x0ddc viaagp - ok
09:08:26.0509 0x0ddc [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
09:08:26.0525 0x0ddc ViaC7 - ok
09:08:26.0572 0x0ddc [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
09:08:26.0572 0x0ddc viaide - ok
09:08:26.0634 0x0ddc [ 379B349F65F453D2A6E75EA6B7448E49, F52B1B3AE9F5D38B45C889A7B1EBE59533C17E73678D355D1466B5EF3338BF16 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
09:08:26.0650 0x0ddc vmbus - ok
09:08:26.0681 0x0ddc [ EC2BBAB4B84D0738C6C83D2234DC36FE, 8BA2FA187DAC6994D5A29897AE5F46E6424FB53C827553E0BB148E31825D6676 ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
09:08:26.0681 0x0ddc VMBusHID - ok
09:08:26.0759 0x0ddc [ 384E5A2AA49934295171E499F86BA6F3, C79271F98506392422325C075144F45436F9979FE1E002B57F9426F3DA96CEF0 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
09:08:26.0759 0x0ddc volmgr - ok
09:08:26.0822 0x0ddc [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:08:26.0837 0x0ddc volmgrx - ok
09:08:26.0900 0x0ddc [ 58DF9D2481A56EDDE167E51B334D44FD, C77D7BE83CF1C0DEC80429C5A519E794FD2E8C1E6DAD6F5C92B5EB5694CEB8EA ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
09:08:26.0931 0x0ddc volsnap - ok
09:08:26.0994 0x0ddc [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:08:26.0994 0x0ddc vsmraid - ok
09:08:27.0150 0x0ddc [ 7EA2BCD94D9CFAF4C556F5CC94532A6C, 7CD6637BE0A08E3B0F9991D79751DCA8AEC9224B83301821DAA29C9F42B7A9E3 ] VSS C:\Windows\system32\vssvc.exe
09:08:27.0244 0x0ddc VSS - ok
09:08:27.0306 0x0ddc [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:08:27.0306 0x0ddc vwifibus - ok
09:08:27.0337 0x0ddc [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:08:27.0337 0x0ddc vwififlt - ok
09:08:27.0400 0x0ddc [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
09:08:27.0447 0x0ddc W32Time - ok
09:08:27.0509 0x0ddc [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:08:27.0509 0x0ddc WacomPen - ok
09:08:27.0572 0x0ddc [ 692A712062146E96D28BA0B7D75DE31B, B6D260272330E0C8EBFAD8F09212F48F1EFED42E6BD3F29A5780D0B691D55B34 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:08:27.0587 0x0ddc WANARP - ok
09:08:27.0603 0x0ddc [ 692A712062146E96D28BA0B7D75DE31B, B6D260272330E0C8EBFAD8F09212F48F1EFED42E6BD3F29A5780D0B691D55B34 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:08:27.0619 0x0ddc Wanarpv6 - ok
09:08:27.0791 0x0ddc [ 7790B77FE1E5EE47DCC66247095BB4C9, FFB541F83CDE32E65007D41217C2F46CDDF68121E2846B638EAB620ACA940B05 ] wbengine C:\Windows\system32\wbengine.exe
09:08:27.0947 0x0ddc wbengine - ok
09:08:28.0025 0x0ddc [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:08:28.0041 0x0ddc WbioSrvc - ok
09:08:28.0103 0x0ddc [ D0F88AA11EE1A62BCC6D6A8A7783CA11, 3DBC1806E6F8CD58A9E93EA2A0CDC83C1A90E37B5E385209E4D9A0C81922F447 ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:08:28.0119 0x0ddc wcncsvc - ok
09:08:28.0166 0x0ddc [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:08:28.0181 0x0ddc WcsPlugInService - ok
09:08:28.0228 0x0ddc [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:08:28.0228 0x0ddc Wd - ok
09:08:28.0306 0x0ddc [ 9950E3D0F08141C7E89E64456AE7DC73, DE4B96812B305A63F5874BBF2DC40354FB45B3D96C1D33436E677099760BA448 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:08:28.0353 0x0ddc Wdf01000 - ok
09:08:28.0400 0x0ddc [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:08:28.0400 0x0ddc WdiServiceHost - ok
09:08:28.0431 0x0ddc [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:08:28.0447 0x0ddc WdiSystemHost - ok
09:08:28.0509 0x0ddc [ D87C7D2C517F82A5AB7A73E203063D9E, 8861AB4ECEDAE801008BE0406FCB19418AA2864E89D0776B94E25773E6DB5E88 ] WebClient C:\Windows\System32\webclnt.dll
09:08:28.0525 0x0ddc WebClient - ok
09:08:28.0572 0x0ddc [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:08:28.0587 0x0ddc Wecsvc - ok
09:08:28.0634 0x0ddc [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:08:28.0650 0x0ddc wercplsupport - ok
09:08:28.0697 0x0ddc [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
09:08:28.0697 0x0ddc WerSvc - ok
09:08:28.0791 0x0ddc [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:08:28.0791 0x0ddc WfpLwf - ok
09:08:28.0822 0x0ddc [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:08:28.0822 0x0ddc WIMMount - ok
09:08:28.0962 0x0ddc [ 3FAE8F94296001C32EAB62CD7D82E0FD, 180FAECC426CF8F46700C855022E5865D528B1A20686F96D11080AB2FE2E0430 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
09:08:29.0025 0x0ddc WinDefend - ok
09:08:29.0072 0x0ddc WinHttpAutoProxySvc - ok
09:08:29.0166 0x0ddc [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:08:29.0181 0x0ddc Winmgmt - ok
09:08:29.0337 0x0ddc [ C4F5D3901D1B41D602DDC196E0B95B51, 20FF2A9DEE3ECBFB163DFA62A407E30ED49F609EF46936F286C2A08A24EA3E7C ] WinRM C:\Windows\system32\WsmSvc.dll
09:08:29.0478 0x0ddc WinRM - ok
09:08:29.0603 0x0ddc [ 30FC6E5448D0CBAAA95280EEEF7FEDAE, 04374450882504D9031951F4E9317E5A128EBA5A22A3555ACD28BC742861AF9C ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:08:29.0619 0x0ddc WinUsb - ok
09:08:29.0775 0x0ddc [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:08:29.0884 0x0ddc Wlansvc - ok
09:08:29.0931 0x0ddc [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
09:08:29.0931 0x0ddc WmiAcpi - ok
09:08:30.0009 0x0ddc [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:08:30.0025 0x0ddc wmiApSrv - ok
09:08:30.0244 0x0ddc [ 77FBD400984CF72BA0FC4B3489D65F74, 9AA404F17177FEB43A9EA1A86061B452E7C4A93C873E61B68269047519CD433E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:08:30.0384 0x0ddc WMPNetworkSvc - ok
09:08:30.0447 0x0ddc [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:08:30.0447 0x0ddc WPCSvc - ok
09:08:30.0494 0x0ddc [ B7F658A2EBC07129538AD9AB35212637, 86774A760189E4B126C972A778F890C00C1C30EDD28044DD43B40644A8778B4D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:08:30.0509 0x0ddc WPDBusEnum - ok
09:08:30.0541 0x0ddc [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:08:30.0541 0x0ddc ws2ifsl - ok
09:08:30.0587 0x0ddc [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\System32\wscsvc.dll
09:08:30.0587 0x0ddc wscsvc - ok
09:08:30.0619 0x0ddc WSearch - ok
09:08:30.0947 0x0ddc [ A33408CC036F9C08142B11BE5E93F0A1, A6CE3681EE4DE3C9A8B8B5DA4E8E46DB4443A32D1339F7D0893F1F2153635D86 ] wuauserv C:\Windows\system32\wuaueng.dll
09:08:31.0212 0x0ddc wuauserv - ok
09:08:31.0275 0x0ddc [ 6F9B6C0C93232CFF47D0F72D6DB1D21E, C685A458951820ED0F09E6197251CE6FC55AAB75D4FBEFF2992805309239A47A ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:08:31.0291 0x0ddc WudfPf - ok
09:08:31.0353 0x0ddc [ F91FF1E51FCA30B3C3981DB7D5924252, D7052B58F22638CA8B59C6FD7408D6D6DD1C33910912CACC05C133472CE0DDCE ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:08:31.0369 0x0ddc WUDFRd - ok
09:08:31.0431 0x0ddc [ DDEE3682FE97037C45F4D7AB467CB8B6, D5A8F07AF4EDD9D7E17FEC6222D187E2981C177A479511E407756E0E5CB8D387 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:08:31.0431 0x0ddc wudfsvc - ok
09:08:31.0494 0x0ddc [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc C:\Windows\System32\wwansvc.dll
09:08:31.0509 0x0ddc WwanSvc - ok
09:08:31.0634 0x0ddc ================ Scan global ===============================
09:08:31.0697 0x0ddc [ 9A595DF601070DA78C40481120DD2C06, 4C2D6216F212DE9346339ED29152962A39E4435E70F18DD655156727E70818F6 ] C:\Windows\system32\basesrv.dll
09:08:31.0744 0x0ddc [ 827E4F75901CA3F990B1487D3301841E, A0B17C83D52DB95EDBA81C6ABD78E5E4E3BB65CB57F977B07172A96D4C2B743B ] C:\Windows\system32\winsrv.dll
09:08:31.0791 0x0ddc [ 827E4F75901CA3F990B1487D3301841E, A0B17C83D52DB95EDBA81C6ABD78E5E4E3BB65CB57F977B07172A96D4C2B743B ] C:\Windows\system32\winsrv.dll
09:08:31.0853 0x0ddc [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
09:08:31.0931 0x0ddc [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
09:08:31.0947 0x0ddc [ Global ] - ok
09:08:31.0962 0x0ddc ================ Scan MBR ==================================
09:08:31.0978 0x0ddc [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:08:32.0337 0x0ddc \Device\Harddisk0\DR0 - ok
09:08:32.0353 0x0ddc [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR1
09:08:32.0369 0x0ddc \Device\Harddisk1\DR1 - ok
09:08:32.0369 0x0ddc ================ Scan VBR ==================================
09:08:32.0400 0x0ddc [ 57B80FD4BDDBEE66C409EBAF82688D76 ] \Device\Harddisk0\DR0\Partition1
09:08:32.0400 0x0ddc \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
09:08:32.0400 0x0ddc \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
09:08:32.0431 0x0ddc [ FD911C1354DD31BCA3DA0DBA1655686E ] \Device\Harddisk1\DR1\Partition1
09:08:32.0431 0x0ddc \Device\Harddisk1\DR1\Partition1 - ok
09:08:32.0431 0x0ddc ================ Scan generic autorun ======================
09:08:32.0478 0x0ddc [ 38D198A2DD54A67120040566A38103BA, 01604BD91A5B2C0DDC7B52036511F8219952626716E75979D8464F2C56BA0114 ] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
09:08:32.0478 0x0ddc GrooveMonitor - ok
09:08:32.0572 0x0ddc [ B70BCC55743C5A5BD7C7C6D6A02BB6F9, 3D0FDBDF7E280D2597732C582DAA99726A0D2EEC60FB1D0FD797EF834A49FD22 ] C:\Windows\SOUNDMAN.EXE
09:08:32.0634 0x0ddc SoundMan - ok
09:08:32.0853 0x0ddc [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
09:08:32.0962 0x0ddc Adobe ARM - ok
09:08:33.0259 0x0ddc [ A8CC36ADD42E4EAA3F7FBED3B4997C1A, B9D1C8426D5D0A8FDF6D1D0E1254130CF6278749830E78DF661BB527A03DD729 ] C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
09:08:33.0322 0x0ddc lxecmon.exe - ok
09:08:33.0400 0x0ddc [ 8CC27D0295AA9622BF556654BFB177B3, 47DD4098A08AE5ABD9D4EE8C09276419D734435E2256AD5D1C21F5E85694BF72 ] C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
09:08:33.0416 0x0ddc EzPrint - ok
09:08:33.0525 0x0ddc [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
09:08:33.0525 0x0ddc HP Software Update - ok
09:08:33.0759 0x0ddc [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files\Windows Sidebar\Sidebar.exe
09:08:33.0900 0x0ddc Sidebar - ok
09:08:33.0978 0x0ddc [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
09:08:33.0994 0x0ddc mctadmin - ok
09:08:34.0181 0x0ddc [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files\Windows Sidebar\Sidebar.exe
09:08:34.0228 0x0ddc Sidebar - ok
09:08:34.0275 0x0ddc [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
09:08:34.0275 0x0ddc mctadmin - ok
09:08:34.0337 0x0ddc Mobile Partner - ok
09:08:35.0322 0x0ddc [ CC78200C3ECFFA178E78308A0E160D80, 4E02D6827A99401781032A397663770FA7BE56397AA20F6E2FACE0A0004109C5 ] C:\Users\presentation\AppData\Local\Akamai\netsession_win.exe
09:08:35.0869 0x0ddc Akamai NetSession Interface - ok
09:08:36.0275 0x0ddc Jolopo - ok
09:08:36.0384 0x0ddc Win FW state via NFP2: enabled
09:08:36.0384 0x0ddc ============================================================
09:08:36.0384 0x0ddc Scan finished
09:08:36.0384 0x0ddc ============================================================
09:08:36.0431 0x0ef8 Detected object count: 1
09:08:36.0431 0x0ef8 Actual detected object count: 1
09:08:55.0150 0x0ef8 \Device\Harddisk0\DR0\Partition1 - copied to quarantine
09:08:55.0166 0x0ef8 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
09:08:55.0197 0x0ef8 \Device\Harddisk0\DR0\Partition1 - ok
09:08:55.0197 0x0ef8 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure
09:08:55.0494 0x0ef8 KLMD registered as C:\Windows\system32\drivers\92499659.sys
09:09:05.0869 0x0f1c Deinitialize success

[HandsomeDevil]

TDSSKiller Log #2

09:11:57.0065 0x0458 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
09:11:57.0127 0x0458 ============================================================
09:11:57.0127 0x0458 Current date / time: 2014/10/30 09:11:57.0127
09:11:57.0127 0x0458 SystemInfo:
09:11:57.0127 0x0458
09:11:57.0127 0x0458 OS Version: 6.1.7600 ServicePack: 0.0
09:11:57.0127 0x0458 Product type: Workstation
09:11:57.0127 0x0458 ComputerName: QHSE
09:11:57.0127 0x0458 UserName: presentation
09:11:57.0127 0x0458 Windows directory: C:\Windows
09:11:57.0127 0x0458 System windows directory: C:\Windows
09:11:57.0127 0x0458 Processor architecture: Intel x86
09:11:57.0127 0x0458 Number of processors: 1
09:11:57.0127 0x0458 Page size: 0x1000
09:11:57.0127 0x0458 Boot type: Normal boot
09:11:57.0127 0x0458 ============================================================
09:11:57.0127 0x0458 BG loaded
09:11:58.0206 0x0458 System UUID: {9E389817-9927-C219-1F89-1C439CC09BD8}
09:12:04.0081 0x0458 Drive \Device\Harddisk0\DR0 - Size: 0xBA5541C00 ( 46.58 Gb ), SectorSize: 0x200, Cylinders: 0x17C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:12:04.0112 0x0458 ============================================================
09:12:04.0112 0x0458 \Device\Harddisk0\DR0:
09:12:04.0143 0x0458 MBR partitions:
09:12:04.0143 0x0458 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x80344B, BlocksNum 0x5523375
09:12:04.0143 0x0458 ============================================================
09:12:04.0393 0x0458 C: <-> \Device\Harddisk0\DR0\Partition1
09:12:04.0393 0x0458 ============================================================
09:12:04.0393 0x0458 Initialize success
09:12:04.0393 0x0458 ============================================================

That's both logs, cheers.

[Broni]

Good

Re-run DSS and see if it'll produce both logs.

Next...

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/...t-all-windows/

Download Malwarebytes Anti-Rootkit to your desktop.

• Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
• Double click on downloaded file. OK self extracting prompt.
• MBAR will start. Click "Next" to continue.
• Click in the following screen "Update" to obtain the latest malware definitions.
• Once the update is complete select "Next" and click "Scan".
• When the scan is finished and no malware has been found select "Exit".
• If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
• Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  
  
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"
  
  

[HandsomeDevil]

Yes, DDS has successfully produced both logs, now.

DDS

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.16385
Run by presentation at 23:11:55 on 2014-10-30
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.960.464 [GMT 0:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\lxeccoms.exe
C:\Windows\system32\slmdmsr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Users\presentation\AppData\Local\Akamai\netsession_win.exe
C:\Users\presentation\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - c:\program files\lexmark printable web\bho.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Mobile Partner] c:\program files\3mobilewifi\3MobileWiFi
uRun: [Akamai NetSession Interface] "c:\users\presentation\appdata\local\akamai\netsession_win.exe"
uRun: [Jolopo] c:\users\presentation\appdata\local\temp\actyej\jolopo.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [lxecmon.exe] "c:\program files\lexmark pro800-pro900 series\lxecmon.exe"
mRun: [EzPrint] "c:\program files\lexmark pro800-pro900 series\ezprint.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Xeuwufehen] "c:\users\presentation\appdata\roaming\vigymeu\wulez.exe"
mRun: [Ahhexoo] "c:\users\presentation\appdata\roaming\reysfo\yzwaa.exe"
StartupFolder: c:\users\presen~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\esentutl.lnk - c:\users\presentation\appdata\roaming\microsoft\windows\ieupdate\esentutl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart16.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tp-lin~1.lnk - c:\program files\tp-link\tp-link wireless configuration utility\TWCU.exe
uPolicies-Explorer: TaskbarNoNotification = dword:0
uPolicies-Explorer: HideSCAHealth = dword:0
mPolicies-Explorer: TaskbarNoNotification = dword:0
mPolicies-Explorer: HideSCAHealth = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smart print\SmartPrintSetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{60FB8B9B-CA79-48FB-B3E5-4F7F3CBAAD9F} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{6749F7EF-78CA-48D3-974C-D6D18761240D} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{A85E3B90-41F2-42F4-AE78-5C0BA1E0D6E9} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.104\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe -service --> c:\windows\system32\lxeccoms.exe -service [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2013-11-4 112128]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2013-11-4 101248]
S3 RTL8192cu;TP-LINK 300Mbps Mini Wireless N USB Adapter;c:\windows\system32\drivers\RTL8192cu.sys [2013-11-20 801896]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADLTScriptFile=c:\windows\system32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2014-10-30 09:08:55 -------- d-----w- C:\TDSSKiller_Quarantine
2014-10-29 14:53:11 -------- d--h--w- c:\windows\PIF
2014-10-29 10:09:45 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-29 10:09:17 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-29 10:09:17 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-29 10:09:17 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-24 13:43:47 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2014-10-24 08:48:01 -------- d-----w- c:\windows\pss
2014-10-23 15:34:29 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-10-23 15:25:19 -------- d-----w- c:\users\presentation\appdata\roaming\Malwarebytes
2014-10-23 15:25:01 -------- d-----w- c:\programdata\Malwarebytes
2014-10-23 15:24:48 -------- d-----w- c:\users\presentation\appdata\local\Programs
2014-10-23 13:37:44 -------- d-----w- c:\users\presentation\appdata\roaming\AVG2015
2014-10-23 13:33:16 -------- d-----w- c:\users\presentation\appdata\roaming\TuneUp Software
2014-10-23 13:06:13 -------- d--h--w- C:\$AVG
2014-10-23 13:06:11 -------- d-----w- c:\programdata\AVG2015
2014-10-23 12:57:43 -------- d--h--w- c:\programdata\Common Files
2014-10-23 12:57:43 -------- d-----w- c:\users\presentation\appdata\local\Avg2015
2014-10-23 12:57:42 -------- d-----w- c:\users\presentation\appdata\local\MFAData
2014-10-23 12:57:42 -------- d-----w- c:\programdata\MFAData
2014-10-23 11:56:40 -------- d-sh--w- C:\%APPDATA%
2014-10-23 11:17:03 -------- d-sh--w- c:\windows\system32\%APPDATA%
2014-10-22 10:56:07 -------- d-----w- c:\users\presentation\appdata\roaming\Loqanea
2014-10-22 09:20:04 -------- d-----w- c:\users\presentation\appdata\roaming\Ykynpib
2014-10-22 05:55:39 -------- d-----w- c:\users\presentation\appdata\roaming\Yhluy
2014-10-22 05:55:39 -------- d-----w- c:\users\presentation\appdata\roaming\Usufr
2014-10-21 17:17:18 -------- d-----w- c:\users\presentation\appdata\local\dkmeuwbp
2014-10-16 11:36:48 -------- d-----w- c:\users\presentation\appdata\roaming\Neenal
2014-10-16 11:08:49 -------- d-----w- c:\users\presentation\appdata\roaming\Ihgaxy
2014-10-11 07:57:45 -------- d-----w- c:\users\presentation\appdata\roaming\Idqulav
2014-10-08 09:55:18 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-10-08 09:55:16 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-08 09:48:59 -------- d-----w- c:\programdata\ZoxedEnxag
2014-10-08 09:45:37 -------- d-----w- c:\programdata\GoziVfoxe
.
==================== Find3M ====================
.
.
============= FINISH: 23:13:14.79 ===============

Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 04/02/2011 09:15:17
System Uptime: 30/10/2014 23:10:40 (0 hours ago)
.
Motherboard: NEC COMPUTERS INTERNATIONAL | | NEC Versa Premium
Processor: Intel(R) Celeron(R) M processor 1.40GHz | mPGA478 | 1393/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 43 GiB total, 4.341 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\MTC0007\4&2D1D018E&0
Manufacturer:
Name:
PNP Device ID: ACPI\MTC0007\4&2D1D018E&0
Service:
.
==== System Restore Points ===================
.
RP134: 30/10/2014 09:43:03 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
3MobileWiFi
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Reader X (10.1.12)
Akamai NetSession Interface
AutoCAD 2006 - English
AutoCAD LT 2009 - English
Autodesk Design Review 2009
Autodesk DWF Viewer
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HP Deskjet 2540 series Basic Device Software
HP Deskjet 2540 series Help
HP Photo Creations
HP Update
Lexmark Printable Web
Lexmark Pro800-Pro900 Series
Lexmark Toolbar
Lexmark Tools for Office
Malwarebytes Anti-Malware version 2.0.3.1025
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Product Improvement Study for HP Deskjet 2540 series
Realtek AC'97 Audio
TP-LINK TL-WN823N Driver
TP-LINK Wireless Configuration Utility
Visual Studio 2012 x86 Redistributables
.
==== Event Viewer Messages From Past Week ========
.
30/10/2014 23:10:47, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
29/10/2014 16:31:14, Error: volsnap [28] - The shadow copy of volume C: could not be created due to a failure in creating the necessary on disk structures.
29/10/2014 16:31:14, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\DR0.
29/10/2014 14:43:51, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
29/10/2014 14:43:35, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.
29/10/2014 12:56:25, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.
29/10/2014 12:51:38, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
29/10/2014 12:51:38, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
29/10/2014 12:51:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
29/10/2014 12:51:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
29/10/2014 12:51:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
29/10/2014 12:51:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
29/10/2014 12:51:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
29/10/2014 12:50:51, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgdiskx AVGIDSDriver AVGIDSShim Avgldx86 Avgtdix CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
29/10/2014 12:50:49, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
29/10/2014 12:50:49, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
29/10/2014 12:50:49, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
29/10/2014 12:50:49, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
29/10/2014 12:50:49, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
29/10/2014 12:50:49, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
29/10/2014 12:50:49, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
29/10/2014 12:50:49, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
29/10/2014 12:50:49, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
29/10/2014 12:50:49, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
29/10/2014 12:50:49, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================

RogueKiller

RogueKiller V10.0.4.0 [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : presentation [Administrator]
Mode : Delete -- Date : 10/30/2014 23:28:31

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 7 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Xeuwufehen : "C:\Users\presentation\AppData\Roaming\Vigymeu\wulez.exe" [x] -> Deleted
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Ahhexoo : "C:\Users\presentation\AppData\Roaming\Reysfo\yzwaa.exe" [x] -> Deleted
[Suspicious.Path] HKEY_USERS\S-1-5-21-2352433161-3608982554-448722011-1000\Software\Microsoft\Windows\CurrentVersion\Run | Jolopo : C:\Users\presentation\AppData\Local\Temp\Actyej\jolopo.exe [x] -> Deleted
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr (\??\C:\Users\PRESEN~1\AppData\Local\Temp\mbr.sys) -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr (\??\C:\Users\PRESEN~1\AppData\Local\Temp\mbr.sys) -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 7 ¤¤¤
[Suspicious.Path] \\Security Center Update - 2349207627 -- C:\Users\presentation\AppData\Roaming\Loqanea\yzfyma.exe -> Deleted
[Suspicious.Path] \\Security Center Update - 2441939767 -- C:\Users\presentation\AppData\Roaming\Ihgaxy\evhabo.exe -> Deleted
[Suspicious.Path] \\Security Center Update - 2672395117 -- C:\Users\presentation\AppData\Roaming\Reysfo\yzwaa.exe -> Deleted
[Suspicious.Path] \\Security Center Update - 2735411735 -- C:\Users\presentation\AppData\Roaming\Vigymeu\wulez.exe -> Deleted
[Suspicious.Path] \\Security Center Update - 31121315 -- C:\Users\presentation\AppData\Roaming\Ykynpib\okezy.exe -> Deleted
[Suspicious.Path] \\Security Center Update - 3817064615 -- C:\Users\presentation\AppData\Roaming\Neenal\zesyu.exe -> Deleted
[Suspicious.Path] \\Security Center Update - 3842256493 -- C:\Users\presentation\AppData\Roaming\Idqulav\apgyyng.exe -> Deleted

¤¤¤ Files : 1 ¤¤¤
[Suspicious.Path][File] esentutl.lnk -- C:\Users\presentation\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\esentutl.lnk [LNK@] C:\Users\presentation\AppData\Roaming\Microsoft\Windows\IEUpdate\esentutl.exe -> Deleted

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST950212A ATA Device +++++
--- User ---
[MBR] 66e020383ff729c5d03d20d00cc767ac
[BSP] bb1307d25a8bb6b17c06203ea11b9850 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 63 | Size: 4102 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 8401995 | Size: 43590 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_10302014_232802.log

[HandsomeDevil]

• Click in the following screen "Update" to obtain the latest malware definitions.
• Once the update is complete select "Next" and click "Scan".

Broni, the Update failed because I don't have access to the internet - do you have a link to a newer database with which I can download and update via transferring, or should I proceed without updating? Current definitions are v2014.05.21.07.

[Broni]

As long as you don't share any files between computers there is no way this computer can affect other computers.
Get online and update MBAR.

I can also see that your MBAM was outdated as well.
Update MBAM and run one more scan.

[HandsomeDevil]

It'll have to wait until the morning then. The only ethernet cable I have to hand no longer works and it's a similar story for the inbuilt wifi adapter in the laptop. I'd nip out and get one, but it's midnight here.

[Broni]

No problem