Jump to content
FallenWisp

BitCoinMiner and some other problems

Recommended Posts

Good day,

My laptop got infected with a BitCoinMiner, possibly the same situation as in this case:
https://www.reddit.com/r/techsupport/comments/afi615/bitcoin_mining_virus_on_my_laptop_mines_when_idle/ (reddit thread)
Guy found something in the task scheduler but I didn't find anything on my end. The DisallowRun thing he did didn't do anything for me either.
I tried System Restore but it didn't help. Used Malwarebytes to scan the problem and it found 4 .dll files in the AppContainer path mentioned in the reddit thread. I quarantined and deleted them, restarted the system but it didn't seem to help. Later Malwarebytes detected 2 of the 4 .dll files again, I deleted them. Since nothing helped, I decided to seek help here.

Also, today I found out that uTorrent (I know, this thing probably came from the torrents and after all these years of torrenting it finally happened) kinda deleted itself or something? Then Malwarebytes all of a sudden doesn't want to launch as well, giving me the «Unable to connect the Service» error. I tried reinstalling it but I couldn't even uninstall it because it was missing unins0001.msg file. I tried installing Malwarebytes on already exsiting files but the installation setup doesn't even want to start (task manager says it doesn't respond). So yesterday everything was fine, today Malwarebytes is kinda gone - can't launch, can't properly uninstall, can't install the new one...

I'm very worried about this situation now and I wonder if I made things even worse for myself which wouldn't be too surprising...

Please help

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Choose a File.
Navigate to the location of the File.
Click the file. It will appear in section.
Click the Saving button.

Wait for further instructions
====

Share this post


Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-08-2019
Ran by User (administrator) on FALLENWISP (Hewlett-Packard HP Pavilion 15 Notebook PC) (27-08-2019 15:26:51)
Running from C:\Users\User\Desktop\Help
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 8.1 Single Language (Update) (X64) Language: Русский (Россия)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
(CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Discord Inc. -> Discord Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.305\Discord.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) Smart Connect software -> ) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel(R) Smart Connect software -> Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Microsoft) [File not signed] C:\Users\User\AppData\Roaming\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Guard.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Softex Inc.) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TechPowerUp Ltd -> uWebb Software) C:\Users\User\Desktop\Games\RealTemp\RealTemp.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-06-17] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [506680 2014-06-19] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4509184 2012-12-27] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsInd00] => C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-18] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2839409425-609468984-1780624264-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-2839409425-609468984-1780624264-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3148576 2019-06-18] (Valve -> Valve Corporation)
HKU\S-1-5-21-2839409425-609468984-1780624264-1001\...\Run: [GarenaPlus] => "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
HKU\S-1-5-21-2839409425-609468984-1780624264-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-2839409425-609468984-1780624264-1001\...\Policies\Explorer\DisallowRun: [1] updatedg.exe
HKU\S-1-5-21-2839409425-609468984-1780624264-1001\...\Policies\Explorer\DisallowRun: [2] 
HKU\S-1-5-21-2839409425-609468984-1780624264-1001\...\Policies\Explorer\DisallowRun: [3] 
HKU\S-1-5-21-2839409425-609468984-1780624264-1001\...\MountPoints2: {36efd3fa-5886-11e5-826e-b01041efc924} - "H:\setup.exe" 
HKU\S-1-5-21-2839409425-609468984-1780624264-1001\...\MountPoints2: {36efdec3-5886-11e5-826e-b01041efc924} - "F:\setup.exe" 
HKU\S-1-5-21-2839409425-609468984-1780624264-1001\...\MountPoints2: {3ccfd6f4-03a8-11e9-8303-b01041efc924} - "E:\setup.exe" 
HKU\S-1-5-21-2839409425-609468984-1780624264-1001\...\MountPoints2: {79b50c7b-61cf-11e5-826f-b01041efc924} - "H:\autorun.exe" 
HKU\S-1-5-21-2839409425-609468984-1780624264-1001\...\MountPoints2: {84ab9fed-af9a-11e5-827d-b01041efc924} - "E:\setup.exe" 
HKU\S-1-5-21-2839409425-609468984-1780624264-1001\...\MountPoints2: {9b80979b-89d9-11e5-8275-b01041efc924} - "I:\Launch.exe" 
HKU\S-1-5-21-2839409425-609468984-1780624264-1001\...\MountPoints2: {adc50d67-7536-11e7-82cf-806e6f6e6963} - "F:\setup.exe" 
HKU\S-1-5-21-2839409425-609468984-1780624264-1001\...\MountPoints2: {b4266c02-03af-11e9-8303-b01041efc924} - "E:\setup.exe" 
HKU\S-1-5-21-2839409425-609468984-1780624264-1001\...\MountPoints2: {bb87b6a5-cbad-11e8-82fc-b01041efc924} - "E:\setup.exe" 
HKU\S-1-5-21-2839409425-609468984-1780624264-1001\...\MountPoints2: {d43a69f4-2552-11e5-825d-b01041efc924} - "J:\RunGame.exe" 
HKU\S-1-5-21-2839409425-609468984-1780624264-1001\...\MountPoints2: {e02ce01a-c55a-11e8-82f9-b01041efc924} - "E:\setup.exe" 
HKU\S-1-5-21-2839409425-609468984-1780624264-1001\...\MountPoints2: {ed2ba550-d13c-11e8-82fd-b01041efc924} - "E:\setup.exe" 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\Installer\chrmstp.exe [2019-08-08] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> C:\Program Files (x86)\CyberLink\YouCam\CLCredProv\x64\CLCredProv.dll [2014-06-18] (CyberLink Corp. -> CyberLink)
HKLM\Software\...\Authentication\Credential Providers: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2014-03-28] (Softex Inc..) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2014-03-28] (Softex Inc..) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-09-25]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel(R) Smart Connect software -> Intel Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FacebookGamesNotifier.exe.lnk [2016-06-12]
ShortcutTarget: FacebookGamesNotifier.exe.lnk -> C:\Users\User\AppData\Local\Facebook\Games\FacebookGamesNotifier.exe (No File)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Guard.lnk [2019-08-27]
ShortcutTarget: Guard.lnk -> C:\Users\User\AppData\Roaming\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Guard.exe (Microsoft) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {19566586-DED4-44AC-9ECF-F1592AB01398} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [542520 2014-06-03] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {52537E47-480F-4DC6-A1BE-2E01D2218A3C} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1354552 2014-05-19] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
Task: {7A737068-7DD1-412C-9859-4FD0A0152292} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2014-06-18] (CyberLink Corp. -> CyberLink Corp.)
Task: {8AC60677-5EF0-42F0-A5A5-38C2C83BA7DB} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_Plugin.exe [1457152 2019-02-18] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {8D76C5A6-2F75-44D6-A834-1DD5F589F692} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {9E00C13C-A222-4E83-B1F4-C366371E9E05} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [630584 2014-05-12] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {A190B3C8-DCF2-42C7-A1F6-14F40276FC63} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-05-20] (Google Inc -> Google LLC)
Task: {AAC1E720-7F59-43B3-964B-CE0F6B8D42AD} - System32\Tasks\{CB653881-1574-47B9-B433-A8EC0ED40F2D} => C:\Windows\system32\pcalua.exe -a C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe -c /UNINSTALL
Task: {B4DF5950-7B0C-4093-BF11-B1F26499E6A5} - System32\Tasks\{6B60790A-3699-46DE-9267-9457818F3A16} => C:\Windows\system32\pcalua.exe -a C:\Users\User\Desktop\Desu\th06e.exe -d C:\Users\User\Desktop\Desu
Task: {B5721181-1425-495A-AFA7-27FCB3A68F52} - System32\Tasks\Virtual Disk Service Manager => C:\Users\User\AppData\Roaming\Command and Conquer 3 Kanes Wrath\MSSvc\mssvc.exe
Task: {BB7FBD2E-1F57-4E8C-AF2A-FFA677B66F5C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [542520 2014-06-03] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {BFD73CF8-645C-4E2F-A5ED-7D64AE590F65} - System32\Tasks\{ECCC9A2B-02BE-4E0C-AB51-9459DB972196} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\THQ\Titan Quest Immortal Throne\Tqit.exe" -d "C:\Program Files (x86)\THQ\Titan Quest Immortal Throne"
Task: {E0791E28-FB7B-444C-9A73-28F89B827B8B} - System32\Tasks\{F8E27667-E223-40A3-8FD3-AC9EB6F4913F} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\R.G. Mechanics\Gatling Gears\Game\GatlingGears\GatlingGears.exe" -d "C:\Program Files (x86)\R.G. Mechanics\Gatling Gears\Game\GatlingGears"
Task: {EC149958-7B3D-430C-918E-44723AC8E50A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-05-20] (Google Inc -> Google LLC)
Task: {F627077A-096D-46D0-AA3C-08123CE085FC} - System32\Tasks\{26C11AFB-A9BA-4A9D-8BFD-BAD8C9C9A16F} => C:\Windows\system32\pcalua.exe -a "C:\Games\Majesty2 Cold Sunrise\Majesty2_launcher.exe" -d "C:\Games\Majesty2 Cold Sunrise\"
Task: {F6A33A6B-E39A-4172-BB9C-6CCFA7637717} - System32\Tasks\{D83DF9EB-D95C-46FA-BAA3-B7ED936F1E36} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Grey Goo\GooG.exe" -d "C:\Program Files (x86)\Grey Goo"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B7E32ADB-1C67-45CD-AD20-EBE47BD0B89F}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130850658070550226&GUID=5E1EAB67-A87D-6248-EAFF-803598739E39
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPALL14/36
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130850658070891245&GUID=5E1EAB67-A87D-6248-EAFF-803598739E39
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPALL14/36
HKU\S-1-5-21-2839409425-609468984-1780624264-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://casualgame.biz
HKU\S-1-5-21-2839409425-609468984-1780624264-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPALL14/36
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {8F323AEA-8300-44EC-AE1A-EAFC736F39C3} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2839409425-609468984-1780624264-1001 -> {8F323AEA-8300-44EC-AE1A-EAFC736F39C3} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: JoniCooupon -> {DD62485D-CB3C-40C9-BB05-B58A5D281D34} -> C:\Program Files (x86)\JoniCooupon\FyAdqQR0FatEBa.x64.dll => No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-08-07] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-08-07] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: JoniCooupon -> {DD62485D-CB3C-40C9-BB05-B58A5D281D34} -> C:\Program Files (x86)\JoniCooupon\FyAdqQR0FatEBa.dll => No File

FireFox:
========
FF DefaultProfile: abtjy82t.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\abtjy82t.default [2019-07-27]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_142.dll [2019-02-18] (Adobe Systems Incorporated -> )
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_142.dll [2019-02-18] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] (Foxit Corporation -> )
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] (Foxit Corporation -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-08-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-08-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-20] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-20] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-2839409425-609468984-1780624264-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> mail.ru/cnt/11956636?rciguc__PARAM__
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2019-08-27]
CHR Extension: (Google Презентации) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-15]
CHR Extension: (BetterTTV) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2018-07-29]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Get Styles) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cammakhaipbljopbkbbffhachjekcfki [2016-04-15]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (FrankerFaceZ) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2017-01-01]
CHR Extension: (Google Таблицы) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-15]
CHR Extension: (Google Документы офлайн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-14]
CHR Extension: (Into The Mist) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2016-12-15]
CHR Extension: (Superblock - Adblocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\miijbmhjndcihicbljlcieiajhemmdeb [2018-04-19]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-09]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2018-10-09]
CHR HKU\S-1-5-21-2839409425-609468984-1780624264-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ahnphcmhmhcjjcjhmnnjjlbmaeljecga] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2839409425-609468984-1780624264-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ehfjihahbphdpljpiadbkmgmhnfehhgi] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2018-11-19] (Apple Inc. -> Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd -> Disc Soft Ltd)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-06-03] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [475960 2014-06-19] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315376 2014-05-15] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] (Intel(R) Smart Connect software -> )
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
U2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-09] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-06-17] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [43320 2013-07-23] (Hewlett-Packard Company -> Hewlett-Packard)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Broadcom Corporation -> Windows (R) Win 7 DDK provider)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-07-10] (Disc Soft Ltd -> Disc Soft Ltd)
S3 EvolveVirtualAdapter; C:\Windows\system32\DRIVERS\evolve.sys [21656 2016-06-06] (Echobit, LLC -> Echobit, LLC)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-05-04] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [30520 2013-07-23] (Hewlett-Packard Company -> Hewlett-Packard)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] (Intel(R) Smart Connect software -> )
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] (Intel(R) Smart Connect software -> )
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] (Intel(R) Smart Connect software -> )
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] (Intel(R) Smart Connect software -> )
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-08-26] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation -> NVIDIA Corporation)
S3 qcfilter; C:\Windows\System32\drivers\qcusbfilter.sys [49208 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
S3 qcusbnet; C:\Windows\system32\DRIVERS\qcusbnet.sys [428600 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
S3 qcusbser; C:\Windows\system32\DRIVERS\qcusbser.sys [254520 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [476888 2014-03-22] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11376 2003-09-02] () [File not signed]
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-06-17] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-06-17] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 WinRing0_1_2_0; C:\Users\User\Desktop\Games\RealTemp\WinRing0x64.sys [14544 2008-07-26] (Noriyuki MIYAZAKI -> OpenLibSys.org)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
S3 DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 gkernel; \??\C:\Users\User\AppData\Local\Temp\gkernel.sys [X] <==== ATTENTION
S1 MpKslc4fcf727; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6BE51DAD-091F-47AD-82C3-B7789D847A3A}\MpKslc4fcf727.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-27 15:26 - 2019-08-27 15:26 - 000000000 ____D C:\FRST
2019-08-27 15:20 - 2019-08-27 15:26 - 000000000 ____D C:\Users\User\Desktop\Help
2019-08-27 01:44 - 2019-08-27 01:44 - 000003126 _____ C:\Windows\System32\Tasks\{CB653881-1574-47B9-B433-A8EC0ED40F2D}
2019-08-26 22:26 - 2019-08-26 22:26 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-08-21 18:19 - 2019-08-21 18:20 - 000000000 ____D C:\Users\User\Documents\My Spore Creations

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-27 15:24 - 2015-07-04 22:40 - 000000000 ____D C:\Users\User\Desktop\Games
2019-08-27 15:08 - 2015-05-15 11:35 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2839409425-609468984-1780624264-1001
2019-08-27 14:05 - 2019-03-13 11:37 - 000000000 ____D C:\Users\User\Documents\Youcam
2019-08-27 14:02 - 2016-09-10 18:36 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2019-08-27 01:51 - 2016-09-25 22:08 - 000000000 ____D C:\Users\User\AppData\Roaming\discord
2019-08-26 22:24 - 2013-08-22 17:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-08-26 22:23 - 2013-08-22 16:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2019-08-26 19:52 - 2015-07-10 22:35 - 000000000 ____D C:\Games
2019-08-26 19:12 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\system32\WinMetadata
2019-08-26 19:11 - 2019-03-18 23:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-08-26 19:11 - 2019-03-15 09:18 - 000000000 ____D C:\Users\User\AppData\Roaming\obs-studio
2019-08-26 19:11 - 2018-04-04 22:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-08-26 19:09 - 2013-08-22 18:36 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-26 19:01 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-08-26 19:01 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\system32\Macromed
2019-08-26 19:01 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\registration
2019-08-26 19:01 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\Inf
2019-08-26 19:00 - 2019-04-25 21:54 - 000000000 ____D C:\Users\User\AppData\Roaming\ShanghaiAlice
2019-08-26 19:00 - 2015-08-04 15:43 - 000000000 __RHD C:\MSOCache
2019-08-26 15:09 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\LiveKernelReports
2019-08-17 14:57 - 2017-11-15 18:39 - 000000000 ____D C:\Users\User\AppData\Local\Adobe
2019-08-14 02:52 - 2019-05-26 23:54 - 000001503 _____ C:\Users\User\Desktop\Tuhu 17.txt
2019-08-08 01:28 - 2015-08-01 09:22 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2019-08-08 01:28 - 2015-08-01 09:22 - 000000000 ____D C:\Program Files\paint.net
2019-08-08 00:35 - 2019-05-20 13:25 - 000002240 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-07 14:28 - 2015-08-04 17:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-08-07 14:28 - 2015-07-28 21:19 - 000000000 ____D C:\Program Files (x86)\Java
2019-08-07 14:26 - 2019-03-15 10:46 - 000098288 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2019-08-07 14:18 - 2014-08-28 04:08 - 000817002 _____ C:\Windows\system32\perfh019.dat
2019-08-07 14:18 - 2014-08-28 04:08 - 000173272 _____ C:\Windows\system32\perfc019.dat
2019-08-07 14:18 - 2014-03-18 12:53 - 001940736 _____ C:\Windows\system32\PerfStringBackup.INI
2019-07-31 23:30 - 2015-07-26 00:23 - 000000000 ____D C:\Program Files (x86)\Steam
2019-07-29 19:58 - 2019-01-12 23:02 - 000000000 ____D C:\Users\User\Downloads\Книги

==================== Files in the root of some directories ================

2016-11-07 18:51 - 2013-07-22 03:59 - 000012005 _____ () C:\Users\User\AppData\Roaming\alsoft.ini

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-08-26 17:28
==================== End of FRST.txt ============================

Addition.txt

Share this post


Link to post
Share on other sites

Are you looking through it?

It would be nice to know how much time on average it takes for you to respond, so I wouldn't worry about it

Share this post


Link to post
Share on other sites

Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome

Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset and clean up" > "Restore settings to their original defaults"
 
Restart Chrome.
<<<>>>

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Share this post


Link to post
Share on other sites

Good day,

Did as you said although the problem still persists.
I neve described the problem as to what exactly miner does, here it is:

I use the program called RealTemp to see the temperature of my laptop and when it got infected with the miner, whenever laptop was idling for 4 minutes, the program Mint.exe was trying to launch but was prompting an error since Malwarebytes deleted one of .dll files it needed. Despite this, RealTemp was showing an increase in temperature, probably because Mint.exe was trying to start its thing.
I managed to delete all visible (there could be invisible) miner files in the hidden folder where it was located, and this issue with this Mint.exe trying to start disppeared and the temperature no longer increases after idling.
It was located in C:\Users\MYNAME\AppData\Roaming\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings

In the reddit thread I mentioned in the 1st post there is another folder called cpu that goes after Internet Settings where Mint.exe was located.
There are other files and reddit user attached a screenshot which shows them.
C:\Users\MYNAME\AppData\Roaming\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\cpu
I suspect that these files are still intact and maybe something else is hidden somewhere, maybe in the registry?

The problem with mint.exe after idling wasn't the only one, there is another one as well:
Whenever I'm playing a game or watch a high quality (60 FPS, 1080p, etc.) Youtube video or stream on Twitch, the RealTemp would show an enormous increase in temperature (up to 100 C). These videos/streams would also start lagging a lot and the audio would start to crackle really hard. This is still the case, so I suspect that laptop is still infected with the miner to some degree.

On the bright side, MalwareBytes is working again, so that's good.
But I'm afraid that we're not done yet...

Here is the fixlog file

Fixlog.txt

Share this post


Link to post
Share on other sites

Sorry, the corect path is
C:\Users\User\AppData\Roaming\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\
and
C:\Users\User\AppData\Roaming\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\cpu

User instead of MYNAME after Users

Share this post


Link to post
Share on other sites

Hi,

Please download AdwCleaner by Malwarebytes your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.

IMPORTANT

  • If you click the Clean button all items listed in the report will be removed.

If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).


===

ownload and run the Farbar Fix with the Fixlist.txt attached.

Post the fresh Fixlog.txt for my review.
The fix should list all the remaining files in the Internet Setting folder.
===

p.s.

Syncing

If the problem persists and Chrome is Synced with other Devices check this out.

https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

Execute the suggested fix.

Restart the computer normally.
===========

Post the logs and keep me posted on the development.

fixlist.txt

Share this post


Link to post
Share on other sites

Here's the adwcleaner log and attached frst fixlog

# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build:    07-23-2019
# Database: 2019-08-27.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-29-2019
# Duration: 00:00:04
# OS:       Windows 8.1 Single Language
# Cleaned:  14
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\LibraryModule

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Amigo
Deleted       HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Deleted       HKCU\Software\Classes\ITVA
Deleted       HKCU\Software\Xpom
Deleted       HKLM\Software\Classes\ITVA
Deleted       HKLM\Software\Wow6432Node\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Deleted       HKLM\Software\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Deleted       HKLM\Software\Wow6432Node\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Deleted       HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Deleted       HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

***** [ Chromium (and derivatives) ] *****

Deleted       ahnphcmhmhcjjcjhmnnjjlbmaeljecga
Deleted       Домашняя страница Mail.Ru
Deleted       Домашняя страница Mail.Ru

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2595 octets] - [29/08/2019 12:48:51]
AdwCleaner[S01].txt - [2375 octets] - [29/08/2019 12:54:01]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Fixlog.txt

Share this post


Link to post
Share on other sites

The problem with increasing temperature from watching high quality streams or youtube videos still persists.
I forgot to tell but the increasing temperature is accompanied by a fan spinning really hard/making noise, so that's another way to know if the problem still persists.

Chrome is not Synced with other devices

Share this post


Link to post
Share on other sites

Hi,

The search did not report any files in the Internet Setting folder. Is this correct.?
C:\Users\User\AppData\Roaming\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\

If you do have files please post the the exact name.

If not file then Delete only the Internet Setting folder.

===

--RogueKiller--

  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED  
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.


=======

Read carefully and follow these steps.
TDSS

  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

  • If an infected file is detected, the default action will be Cure, click on Continue.

  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.

  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


===

p.s.
If you boot to Safe Mode with Networking  and use (quality streams or youtube videos) is the problem still present?

Share this post


Link to post
Share on other sites

Yes, the search didn't find anything in this path:
C:\Users\User\AppData\Roaming\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\
But what about this path?
C:\Users\User\AppData\Roaming\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\cpu
Cpu is an invisible folder in the internet settings folder and I can't open it or check whether there are any files in that folder

Btw, is it possible that this miner, considering that he used my videocard to mine stuff, somehow damaged my videocard or did something to the fan's cooling paste? Maybe because of that the temperature is rising since high quality videos/streams put a pressure on a damaged videocard or a fan?

Share this post


Link to post
Share on other sites

Hello,

Here's the RogueKiller log:

RogueKiller Anti-Malware V13.4.3.0 (x64) [Aug 20 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 8.1 (6.3.9600) 64 bits
Started in : Normal mode
User : User [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190828_155619, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/08/29 15:40:14 (Duration : 00:25:37)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> XX - Software
  [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-2839409425-609468984-1780624264-1001\Software\eSupport.com -- N/A -> Found
  [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-2839409425-609468984-1780624264-1001\Software\IM -- N/A -> Found
>>>>>> O87 - Firewall
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{D47E049A-9EE5-4467-80DB-A3E9B9976064}C:\programdata\faforever\bin\forgedalliance.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\programdata\faforever\bin\forgedalliance.exe|Name=forgedalliance|Desc=forgedalliance|Defer=User| (C:\programdata\faforever\bin\forgedalliance.exe) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{DD793C1C-A8AE-49CB-9369-9B1A81509C52}C:\programdata\faforever\bin\forgedalliance.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\programdata\faforever\bin\forgedalliance.exe|Name=forgedalliance|Desc=forgedalliance|Defer=User| (C:\programdata\faforever\bin\forgedalliance.exe) -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Hj.Hosts (Malicious)] rad.msn.com => 127.0.0.1 -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.MailRU (Potentially Malicious)] (folder) Mail.Ru -- C:\ProgramData\Mail.Ru -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 

-------

Here's the TDSS log:

16:40:41.0006 0x1bf8  TDSS rootkit removing tool 3.1.0.28 Apr  9 2019 21:11:46
16:40:41.0006 0x1bf8  UEFI system
16:40:44.0712 0x1bf8  ============================================================
16:40:44.0712 0x1bf8  Current date / time: 2019/08/29 16:40:44.0712
16:40:44.0712 0x1bf8  SystemInfo:
16:40:44.0712 0x1bf8  
16:40:44.0712 0x1bf8  OS Version: 6.3.9600 ServicePack: 0.0
16:40:44.0712 0x1bf8  Product type: Workstation
16:40:44.0712 0x1bf8  ComputerName: FALLENWISP
16:40:44.0712 0x1bf8  UserName: User
16:40:44.0712 0x1bf8  Windows directory: C:\Windows
16:40:44.0712 0x1bf8  System windows directory: C:\Windows
16:40:44.0712 0x1bf8  Running under WOW64
16:40:44.0712 0x1bf8  Processor architecture: Intel x64
16:40:44.0712 0x1bf8  Number of processors: 4
16:40:44.0712 0x1bf8  Page size: 0x1000
16:40:44.0712 0x1bf8  Boot type: Normal boot
16:40:44.0712 0x1bf8  CodeIntegrityOptions = 0x00000001
16:40:44.0712 0x1bf8  ============================================================
16:40:45.0290 0x1bf8  KLMD registered as C:\Windows\system32\drivers\37527874.sys
16:40:45.0290 0x1bf8  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 9600.19067, osProperties = 0x19
16:40:45.0509 0x1bf8  System UUID: {5CA0D464-108D-3DF8-D1C7-D12D99CA6B44}
16:40:46.0087 0x1bf8  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:40:46.0103 0x1bf8  ============================================================
16:40:46.0103 0x1bf8  \Device\Harddisk0\DR0:
16:40:46.0103 0x1bf8  GPT partitions:
16:40:46.0103 0x1bf8  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {00DA632E-8732-4CA9-A751-30BA00A9A30F}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x145000
16:40:46.0103 0x1bf8  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {C87D009A-B358-4366-971F-FB2233813006}, Name: EFI system partition, StartLBA 0x145800, BlocksNum 0x82000
16:40:46.0103 0x1bf8  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {485EE031-8117-4DD5-AEC8-A9DB61354771}, Name: Microsoft reserved partition, StartLBA 0x1C7800, BlocksNum 0x40000
16:40:46.0103 0x1bf8  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {884EF22B-197F-433A-858F-8C12C09DFD8F}, Name: Basic data partition, StartLBA 0x207800, BlocksNum 0x37A04800
16:40:46.0103 0x1bf8  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {70CEA76F-76B7-44B9-AA9F-F475A298E3DC}, Name: Basic data partition, StartLBA 0x37C0C000, BlocksNum 0x2777800
16:40:46.0103 0x1bf8  MBR partitions:
16:40:46.0103 0x1bf8  ============================================================
16:40:46.0119 0x1bf8 😄 <-> \Device\Harddisk0\DR0\Partition4
16:40:46.0165 0x1bf8 😧 <-> \Device\Harddisk0\DR0\Partition5
16:40:46.0197 0x1bf8  ============================================================
16:40:46.0197 0x1bf8  Initialize success
16:40:46.0197 0x1bf8  ============================================================
16:41:39.0521 0x1944  ============================================================
16:41:39.0521 0x1944  Scan started
16:41:39.0521 0x1944  Mode: Manual; 
16:41:39.0521 0x1944  ============================================================
16:41:39.0521 0x1944  KSN ping started
16:41:39.0599 0x1944  KSN ping finished: true
16:41:43.0528 0x1944  ================ Scan BIOS =================================
16:41:43.0528 0x1944  BIOS info: vendor = Insyde, version = F.11, releaseDate = 08/07/2014
16:41:43.0528 0x1944  Base board info: manufacturer = Hewlett-Packard, product = 2281, version = 77.25
16:41:43.0997 0x1944  [ E6A1066A12F8E1A95DF527617F33CF62, F765D8FD2E15ED5C5232E5F92845B69AA393F84DC34B6325E5DAA0A9DBA8A862 ] BIOS
16:41:43.0997 0x1944  BIOS - ok
16:41:43.0997 0x1944  ================ Scan system memory ========================
16:41:43.0997 0x1944  System memory - ok
16:41:44.0012 0x1944  ================ Scan services =============================
16:41:44.0169 0x1944  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
16:41:44.0184 0x1944  1394ohci - ok
16:41:44.0216 0x1944  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\Windows\system32\drivers\3ware.sys
16:41:44.0216 0x1944  3ware - ok
16:41:44.0247 0x1944  [ F39180029723D7779C80360F9E255709, F4831FEE79AAF4DB66BF58D3F89B8A6DD8F38CD546B3C653BFF7052DDA112CC6 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
16:41:44.0247 0x1944  Accelerometer - ok
16:41:44.0309 0x1944  [ 508526EB2308D259DB8542FF50E9112C, DBF657F5D8890E2F58D3EE47B5F5A98DFB838CDD2871CE580B3FC1BDDC2A590E ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:41:44.0325 0x1944  ACPI - ok
16:41:44.0341 0x1944  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
16:41:44.0341 0x1944  acpiex - ok
16:41:44.0356 0x1944  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
16:41:44.0356 0x1944  acpipagr - ok
16:41:44.0356 0x1944  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
16:41:44.0356 0x1944  AcpiPmi - ok
16:41:44.0372 0x1944  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
16:41:44.0372 0x1944  acpitime - ok
16:41:44.0403 0x1944  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\Windows\system32\drivers\ADP80XX.SYS
16:41:44.0429 0x1944  ADP80XX - ok
16:41:44.0476 0x1944  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:41:44.0476 0x1944  AeLookupSvc - ok
16:41:44.0538 0x1944  [ B246BEE99740A2A357E21D863A18774D, CE000059C157101D6C429594E76A69C4E863A9E752015D542E4F308E8D515386 ] AFD             C:\Windows\system32\drivers\afd.sys
16:41:44.0554 0x1944  AFD - ok
16:41:44.0569 0x1944  [ 20FFFCA6E9870E358DBE402F7DBD3E6C, 8F964219C777C86ECC572E8B340C814CA09A0B88E4F1CF3DE4D5F1FD115D73ED ] agp440          C:\Windows\system32\drivers\agp440.sys
16:41:44.0569 0x1944  agp440 - ok
16:41:44.0616 0x1944  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\Windows\system32\DRIVERS\ahcache.sys
16:41:44.0616 0x1944  ahcache - ok
16:41:44.0663 0x1944  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\Windows\System32\alg.exe
16:41:44.0663 0x1944  ALG - ok
16:41:44.0710 0x1944  [ 4A3FAD94DC163A7C145EB7609D38925C, 81F4745EDC3267412016EE5FF954D9AAD60122421B5D3D9AA814DB2E464397A0 ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
16:41:44.0726 0x1944  AmdK8 - ok
16:41:44.0741 0x1944  [ 466133F035543C450C6AC00B8860FDA4, 417F259B97E5AFD405ED9235551E31860A66D84868306AF90E94A46BAA0F6D75 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
16:41:44.0741 0x1944  AmdPPM - ok
16:41:44.0773 0x1944  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:41:44.0773 0x1944  amdsata - ok
16:41:44.0788 0x1944  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:41:44.0804 0x1944  amdsbs - ok
16:41:44.0819 0x1944  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:41:44.0819 0x1944  amdxata - ok
16:41:44.0867 0x1944  [ 9DCB42905F1EBF9CEC57EE5DF0BDA965, 4C888AAD0DDE01565FD7FBB6B70A500158CF2E4CECF9ADD4AFD302A993587269 ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
16:41:44.0867 0x1944  AppHostSvc - ok
16:41:44.0914 0x1944  [ 29A3E5D36112A738B354E4DF2691CE41, 135028B4ECB9C31B57CEA68B898B265EC379FF738FF924B6F412D7E5EB61C2A6 ] AppID           C:\Windows\system32\drivers\appid.sys
16:41:44.0914 0x1944  AppID - ok
16:41:44.0961 0x1944  [ 942C8297400FCFB13CEE3F3CD89C5CE5, AFD9EC35F6C44D86DD5943A2AB0B99B0C1B1783D70FD966F6467F97F0831403F ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:41:44.0961 0x1944  AppIDSvc - ok
16:41:44.0992 0x1944  [ 54ACF58A59A5FD3AD29EABBECA5B5BA4, B3B7572E93ACFF3CCB08968F33B796A6FC6DDCF75F48038A0626E46997AAD2D1 ] Appinfo         C:\Windows\System32\appinfo.dll
16:41:45.0007 0x1944  Appinfo - ok
16:41:45.0054 0x1944  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\Windows\system32\AppReadiness.dll
16:41:45.0070 0x1944  AppReadiness - ok
16:41:45.0148 0x1944  [ E0F846ADE7DED88981D0908DE56FF160, D8F536438091878724A5004849306ADFB96A2778A9D958ED3DCC0CD9E35160BB ] AppXSvc         C:\Windows\system32\appxdeploymentserver.dll
16:41:45.0195 0x1944  AppXSvc - ok
16:41:45.0226 0x1944  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:41:45.0226 0x1944  arcsas - ok
16:41:45.0367 0x1944  [ B29B39713E36AEDC517AEF58321B52D9, 016FFC93CB5BA15E6FA48B3334F69E8D80D0FC9B51B0477B4D4CEE0186303ABC ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:41:45.0383 0x1944  aspnet_state - ok
16:41:45.0398 0x1944  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:41:45.0398 0x1944  atapi - ok
16:41:45.0445 0x1944  [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
16:41:45.0461 0x1944  AudioEndpointBuilder - ok
16:41:45.0523 0x1944  [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:41:45.0554 0x1944  Audiosrv - ok
16:41:45.0586 0x1944  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:41:45.0586 0x1944  AxInstSV - ok
16:41:45.0625 0x1944  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
16:41:45.0641 0x1944  b06bdrv - ok
16:41:45.0672 0x1944  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
16:41:45.0672 0x1944  BasicDisplay - ok
16:41:45.0719 0x1944  [ BF002CF6CA41491665F7D3DCA51B7EFB, 4925B7689B47C583901CD75E7AB9160100838D5E33B829EB3CA4F71F7514958B ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
16:41:45.0719 0x1944  BasicRender - ok
16:41:45.0750 0x1944  [ F8FE7E12F8151E0A17C23CF840599F9A, 5D1AA3A5DAC08B521A7BE775F32434AFF1F5F19B69CD16D2D94B0D399E61C371 ] bcbtums         C:\Windows\system32\drivers\bcbtums.sys
16:41:45.0750 0x1944  bcbtums - ok
16:41:46.0000 0x1944  [ 4613137067E0E39B8CCF22284FBB4FD2, 8347CBD51AE51032A88F2FD92C3315B43C0FFC33E03C9DD073AA3E59A5CEC6B3 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl63a.sys
16:41:46.0329 0x1944  BCM43XX - ok
16:41:46.0410 0x1944  [ 43907773F7563AF4DF0999D47522E802, 2563666842008E202B6A64435F06169A259D6DC56D16AF7359114C20A4FA4400 ] BcmBtRSupport   C:\Windows\system32\BtwRSupportService.exe
16:41:46.0488 0x1944  BcmBtRSupport - ok
16:41:46.0504 0x1944  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\Windows\System32\drivers\bcmfn2.sys
16:41:46.0504 0x1944  bcmfn2 - ok
16:41:46.0551 0x1944  [ 174394F4EF93C117BF7BE3878046A1B1, D58E868342D1DAFC4B04384A3713F729DF07F408AA6AE4762E6A4244F976526A ] BDESVC          C:\Windows\System32\bdesvc.dll
16:41:46.0566 0x1944  BDESVC - ok
16:41:46.0582 0x1944  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\Windows\system32\drivers\Beep.sys
16:41:46.0582 0x1944  Beep - ok
16:41:46.0629 0x1944  [ 4BA5C192E77375B62D603B38B9D99128, E1BF8646DA927EF81A9B940D0FAE7E49116A713F335625C5E18224BBB79F165E ] BFE             C:\Windows\System32\bfe.dll
16:41:46.0660 0x1944  BFE - ok
16:41:46.0723 0x1944  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\Windows\System32\qmgr.dll
16:41:46.0754 0x1944  BITS - ok
16:41:46.0832 0x1944  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
16:41:46.0848 0x1944  Bonjour Service - ok
16:41:46.0879 0x1944  [ 4938A9236300A356F97E378491EE4844, 60D892960D48EEF48F8EC4DE4F174EBD0BC0E7B28B6D8723D554CD1979EB55B4 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:41:46.0894 0x1944  bowser - ok
16:41:46.0941 0x1944  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
16:41:46.0941 0x1944  BrokerInfrastructure - ok
16:41:46.0988 0x1944  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\Windows\System32\browser.dll
16:41:46.0988 0x1944  Browser - ok
16:41:47.0066 0x1944  [ 0E03E300CB28F30843F40069563CE2AD, 8D1E78A847B548F32E15573A39E403E6A65838C77628B9F9BFBDED527BAE9054 ] BrYNSvc         C:\Program Files (x86)\Browny02\BrYNSvc.exe
16:41:47.0066 0x1944  BrYNSvc - ok
16:41:47.0098 0x1944  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
16:41:47.0098 0x1944  BthAvrcpTg - ok
16:41:47.0144 0x1944  [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum         C:\Windows\System32\drivers\BthEnum.sys
16:41:47.0144 0x1944  BthEnum - ok
16:41:47.0191 0x1944  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
16:41:47.0191 0x1944  BthHFEnum - ok
16:41:47.0207 0x1944  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
16:41:47.0207 0x1944  bthhfhid - ok
16:41:47.0254 0x1944  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\Windows\System32\BthHFSrv.dll
16:41:47.0269 0x1944  BthHFSrv - ok
16:41:47.0301 0x1944  [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum       C:\Windows\system32\DRIVERS\BthLEEnum.sys
16:41:47.0316 0x1944  BthLEEnum - ok
16:41:47.0337 0x1944  [ 66B791F6B11DC4303DD18A224A501542, 502AE4D6FFC6B0FCED081B0E0F61F699F96F20DFEE737B53828F5DEE3BD0FCB1 ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
16:41:47.0337 0x1944  BTHMODEM - ok
16:41:47.0368 0x1944  [ D0AF91AF656E25AD8617EFA5B52EF457, FD723D99A0B8466BD991648DEED1831D32FD3A5995DD0E0837390746B8A7B439 ] BthPan          C:\Windows\System32\drivers\bthpan.sys
16:41:47.0383 0x1944  BthPan - ok
16:41:47.0462 0x1944  [ 0CC00ADC1B84C93FB46E1A0974E956E1, 64C759244651B916901F4D0C82C3D6034532A20714A72FD26FC9D050B99E230B ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
16:41:47.0508 0x1944  BTHPORT - ok
16:41:47.0555 0x1944  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\Windows\system32\bthserv.dll
16:41:47.0555 0x1944  bthserv - ok
16:41:47.0587 0x1944  [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
16:41:47.0602 0x1944  BTHUSB - ok
16:41:47.0634 0x1944  [ 8A44414F20A086D6C4F4CF6CA51E02F9, D360454AD7F20AFFD79BBD618CD8BE162DE59EBA9BC8D01D5C2480C9F3845EEB ] btwampfl        C:\Windows\system32\DRIVERS\btwampfl.sys
16:41:47.0634 0x1944  btwampfl - ok
16:41:47.0665 0x1944  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:41:47.0665 0x1944  cdfs - ok
16:41:47.0712 0x1944  [ D61EDE3D49B04E703AEC3B111C763F42, A07780B7AAA982B1971C1FE3B597840541BF9FCE9D8322807C9C12300F9D2987 ] cdrom           C:\Windows\System32\drivers\cdrom.sys
16:41:47.0712 0x1944  cdrom - ok
16:41:47.0759 0x1944  [ ACFDC4EE40EC6E4A0AB91D923B8288C8, D31555AB31F504C247049219BE0ECDF26BB18E210BE7C45E8575FD166FD7EE23 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:41:47.0759 0x1944  CertPropSvc - ok
16:41:47.0774 0x1944  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\Windows\System32\drivers\circlass.sys
16:41:47.0790 0x1944  circlass - ok
16:41:47.0837 0x1944  [ 83798256E1662C64991267FB95E1149F, F94E103CF66988B8235FCA0293C5F44C1A30D6D910ADBB05A9D638E0B0F64EE8 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
16:41:47.0837 0x1944  CLFS - ok
16:41:47.0868 0x1944  [ 5C646CAC91E086F7FF53C7F2E857F263, 67AF6FBF88B7EE530A9BA53833EAFCC78BF8362E82BF81180858F1D17DFC73E6 ] CLVirtualDrive  C:\Windows\system32\DRIVERS\CLVirtualDrive.sys
16:41:47.0868 0x1944  CLVirtualDrive - ok
16:41:47.0899 0x1944  [ 9731DAFDC7B690B2C7752FDFF045BFD8, 9DDBDC4FE519AF38993EAB2F16602B2B71CF8675BDD1F651F22DFA8C5C2C80F7 ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
16:41:47.0899 0x1944  clwvd - ok
16:41:47.0899 0x1944  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
16:41:47.0915 0x1944  CmBatt - ok
16:41:47.0962 0x1944  [ 6B3BFBC8A93CA85851CAF9C5ACF89824, 6921D52AFCCDF3B712E5192C7278B5CE141CF37D90BA9932A12F218209CE2829 ] CNG             C:\Windows\system32\Drivers\cng.sys
16:41:47.0977 0x1944  CNG - ok
16:41:48.0024 0x1944  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
16:41:48.0024 0x1944  CompositeBus - ok
16:41:48.0024 0x1944  COMSysApp - ok
16:41:48.0055 0x1944  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\Windows\system32\drivers\condrv.sys
16:41:48.0055 0x1944  condrv - ok
16:41:48.0118 0x1944  [ 370CE1518F8AC94F045BD9F74BD21F63, 2B697B7801A5ED46992E530CD271C44C3450BA3E17165D41AC15AF8E72781DCB ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
16:41:48.0118 0x1944  cphs - ok
16:41:48.0180 0x1944  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:41:48.0180 0x1944  CryptSvc - ok
16:41:48.0196 0x1944  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\Windows\system32\drivers\dam.sys
16:41:48.0196 0x1944  dam - ok
16:41:48.0275 0x1944  [ 2928249E4DD39C2ADD3E74F02427AB8B, E331028A55FFFD753BC09163F25765AA67B1FE55BD0EB2803CC50D841E14BDA6 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:41:48.0290 0x1944  DcomLaunch - ok
16:41:48.0369 0x1944  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\Windows\System32\defragsvc.dll
16:41:48.0384 0x1944  defragsvc - ok
16:41:48.0431 0x1944  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\Windows\system32\das.dll
16:41:48.0447 0x1944  DeviceAssociationService - ok
16:41:48.0494 0x1944  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
16:41:48.0494 0x1944  DeviceInstall - ok
16:41:48.0540 0x1944  [ D1049D4D1311D43F6FCF180CAA5BF78B, E32D3B0FB3CFE2E9C243E7540B9A534B6B5B53759A3883A231EB69F4A8C823C1 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
16:41:48.0540 0x1944  Dfsc - ok
16:41:48.0587 0x1944  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:41:48.0603 0x1944  Dhcp - ok
16:41:48.0697 0x1944  [ 0AC9F83A5508935DE89C447473085EEA, 223782B17BACEFB0A663EB13514B68B919C95EF641CDDA7AC30CB239BC4307EC ] DiagTrack       C:\Windows\system32\diagtrack.dll
16:41:48.0759 0x1944  DiagTrack - ok
16:41:48.0822 0x1944  [ 91DF13EC831BDCFA36A7A12CD13D66B9, 5054281FE91D4BE0DB446F6F30E3D59E669185555F6C20B988DEC250713FFCED ] Disc Soft Lite Bus Service C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
16:41:48.0869 0x1944  Disc Soft Lite Bus Service - ok
16:41:48.0916 0x1944  [ BF6D8575DDF30384939B2D5251F27C1F, 1605530BC61FB726F1095C5B5C8E27B18C06BCE01948550988E9EDCEBBCC0B3D ] disk            C:\Windows\system32\drivers\disk.sys
16:41:48.0916 0x1944  disk - ok
16:41:48.0947 0x1944  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
16:41:48.0947 0x1944  dmvsc - ok
16:41:48.0994 0x1944  [ 2777CAC4B6E23C95A7C6E11701F4ED62, 0B6E2D46FD66BFB1AACF80A4E42B31470A6335FE484F469E478BFCDBA9B84F66 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:41:49.0009 0x1944  Dnscache - ok
16:41:49.0056 0x1944  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:41:49.0056 0x1944  dot3svc - ok
16:41:49.0103 0x1944  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\Windows\system32\dps.dll
16:41:49.0119 0x1944  DPS - ok
16:41:49.0166 0x1944  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:41:49.0166 0x1944  drmkaud - ok
16:41:49.0181 0x1944  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
16:41:49.0197 0x1944  DsmSvc - ok
16:41:49.0212 0x1944  [ 496C3C6BC3D930D0960C9E75AA30F4A7, 3FE0E86DA8C2C6A990BB2F1B92C22BD3483882B8D69FF8025BB68A199362C234 ] dtlitescsibus   C:\Windows\System32\drivers\dtlitescsibus.sys
16:41:49.0212 0x1944  dtlitescsibus - ok
16:41:49.0306 0x1944  [ C8104980940704E2F86A6448C601FD06, 0EBA7901DB97AE6D09A12B7A82FF56587E7BA2772B59BE711CF1F216EAC4D3AE ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:41:49.0353 0x1944  DXGKrnl - ok
16:41:49.0406 0x1944  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\Windows\System32\eapsvc.dll
16:41:49.0406 0x1944  Eaphost - ok
16:41:49.0536 0x1944  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
16:41:49.0645 0x1944  ebdrv - ok
16:41:49.0694 0x1944  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\Windows\System32\lsass.exe
16:41:49.0694 0x1944  EFS - ok
16:41:49.0725 0x1944  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
16:41:49.0725 0x1944  EhStorClass - ok
16:41:49.0741 0x1944  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
16:41:49.0757 0x1944  EhStorTcgDrv - ok
16:41:49.0772 0x1944  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\Windows\System32\drivers\errdev.sys
16:41:49.0772 0x1944  ErrDev - ok
16:41:49.0850 0x1944  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\Windows\system32\es.dll
16:41:49.0866 0x1944  EventSystem - ok
16:41:49.0913 0x1944  [ A0539478593A00AA64E600CF7E19F195, BD835D70F3EE9BFEFFABE747AD65BC97C73AD8042F653BF93535277FB0CBD4CE ] EvolveVirtualAdapter C:\Windows\system32\DRIVERS\evolve.sys
16:41:49.0913 0x1944  EvolveVirtualAdapter - ok
16:41:49.0944 0x1944  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\Windows\system32\drivers\exfat.sys
16:41:49.0944 0x1944  exfat - ok
16:41:49.0991 0x1944  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:41:49.0991 0x1944  fastfat - ok
16:41:50.0053 0x1944  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\Windows\system32\fxssvc.exe
16:41:50.0069 0x1944  Fax - ok
16:41:50.0085 0x1944  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\Windows\System32\drivers\fdc.sys
16:41:50.0085 0x1944  fdc - ok
16:41:50.0125 0x1944  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:41:50.0125 0x1944  fdPHost - ok
16:41:50.0188 0x1944  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:41:50.0188 0x1944  FDResPub - ok
16:41:50.0219 0x1944  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\Windows\system32\fhsvc.dll
16:41:50.0219 0x1944  fhsvc - ok
16:41:50.0250 0x1944  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:41:50.0250 0x1944  FileInfo - ok
16:41:50.0266 0x1944  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:41:50.0281 0x1944  Filetrace - ok
16:41:50.0281 0x1944  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
16:41:50.0281 0x1944  flpydisk - ok
16:41:50.0328 0x1944  [ E8F02B7A595B9E7F0A38BDB1C40C60A5, 64E64BA029B798739C38E524E24530EE570897E327B72854A8CBCE4FAD7AD1E5 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:41:50.0344 0x1944  FltMgr - ok
16:41:50.0423 0x1944  [ 223CD19D2F84B7B42081F4FB530B658F, 4A9D1A6688C3C8F0B866B0FE2715C9FBA62BE66D4ADCC327A8CABF9EA876A664 ] FontCache       C:\Windows\system32\FntCache.dll
16:41:50.0486 0x1944  FontCache - ok
16:41:50.0569 0x1944  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:41:50.0569 0x1944  FontCache3.0.0.0 - ok
16:41:50.0616 0x1944  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:41:50.0616 0x1944  FsDepends - ok
16:41:50.0632 0x1944  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:41:50.0632 0x1944  Fs_Rec - ok
16:41:50.0694 0x1944  [ 2C8D12C3C6E6FA87795B3328BDA85EB0, 042885D56D56BF43BE9C67721F2095FF896A91BE8C958058765D5191B6375A5F ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:41:50.0710 0x1944  fvevol - ok
16:41:50.0725 0x1944  [ 49E44F7804BD7575639A833ADC89A1B4, D89605DF3284A92623A42C906EABFAED4A206B089C76869D232F6AD711FEF6DB ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
16:41:50.0725 0x1944  FxPPM - ok
16:41:50.0757 0x1944  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:41:50.0757 0x1944  gagp30kx - ok
16:41:50.0788 0x1944  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
16:41:50.0788 0x1944  gencounter - ok
16:41:50.0960 0x1944  [ AA561BD7D527EC7FC8F284FC16CE32BE, 209B6E4AAC3BCFA64FD8D3E7049B78BE9F2BE17F100852FDEF5D8B5DA61EA9C6 ] GoogleChromeElevationService C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\elevation_service.exe
16:41:51.0007 0x1944  GoogleChromeElevationService - ok
16:41:51.0054 0x1944  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
16:41:51.0054 0x1944  GPIOClx0101 - ok
16:41:51.0132 0x1944  [ 2DAFF4F76A90E3C523C2FE50338537E9, 625745E538208B50E8F5A9A2C09C6CD03D51E424BB16BC6C5B156CBC25373B6D ] gpsvc           C:\Windows\System32\gpsvc.dll
16:41:51.0179 0x1944  gpsvc - ok
16:41:51.0241 0x1944  [ 82F657B0AEE67A6A560321CF0927F9F7, 794CF7644115198DB451431BCA7C89FF9A97550482B1E3F7F13EB7ACA6120A11 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:41:51.0241 0x1944  gupdate - ok
16:41:51.0241 0x1944  [ 82F657B0AEE67A6A560321CF0927F9F7, 794CF7644115198DB451431BCA7C89FF9A97550482B1E3F7F13EB7ACA6120A11 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:41:51.0241 0x1944  gupdatem - ok
16:41:51.0288 0x1944  [ 7F79205B4EFA98F0767309479C8C01C6, 4B576903A83F33A8CF31D3887144A3D51C56D1187115C83AC99C0E9F6B4BF128 ] Hamachi         C:\Windows\system32\DRIVERS\Hamdrv.sys
16:41:51.0288 0x1944  Hamachi - ok
16:41:51.0319 0x1944  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:41:51.0335 0x1944  HdAudAddService - ok
16:41:51.0382 0x1944  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
16:41:51.0382 0x1944  HDAudBus - ok
16:41:51.0399 0x1944  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
16:41:51.0399 0x1944  HidBatt - ok
16:41:51.0446 0x1944  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
16:41:51.0446 0x1944  HidBth - ok
16:41:51.0446 0x1944  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
16:41:51.0446 0x1944  hidi2c - ok
16:41:51.0461 0x1944  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\Windows\System32\drivers\hidir.sys
16:41:51.0477 0x1944  HidIr - ok
16:41:51.0508 0x1944  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\Windows\system32\hidserv.dll
16:41:51.0508 0x1944  hidserv - ok
16:41:51.0586 0x1944  [ 49676FEC898AB2A11B157F848269A56E, 011E6DDEF9570212520F92FEFD205E1F8104F198B57C40D11BE857FCBCC5F68D ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
16:41:51.0586 0x1944  HidUsb - ok
16:41:51.0617 0x1944  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:41:51.0633 0x1944  hkmsvc - ok
16:41:51.0664 0x1944  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:41:51.0680 0x1944  HomeGroupListener - ok
16:41:51.0727 0x1944  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:41:51.0742 0x1944  HomeGroupProvider - ok
16:41:51.0789 0x1944  [ D304B2B9C544B66847359F2BAE1F3DE9, C54EC99BEFECBDF53779D36C8BA2B8B3352B0BAF1582051EE15A1086E95DEFE8 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
16:41:51.0789 0x1944  HP Support Assistant Service - ok
16:41:51.0822 0x1944  [ 8B8E6BD988EAF18C1B86704BF05E5C03, 84052C116032F3DC47B0D3A7A8FC8E86DF94DDB3136C866D8FC8A3DF23209DEC ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
16:41:51.0822 0x1944  hpdskflt - ok
16:41:51.0885 0x1944  [ D2946D9F020AE76E9CEF9B4A6DF838C0, C29CE594879385DA12B8EAA90B258905827B613839CCD820DE49215B68676995 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
16:41:51.0932 0x1944  hpqwmiex - ok
16:41:51.0948 0x1944  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:41:51.0948 0x1944  HpSAMD - ok
16:41:51.0963 0x1944  [ 0865F178E272C682B0689F1AA269128D, F8CC23EA339F0C917C3948FF35BEFE10664CCFF8796954898E41F4EC1618E5E1 ] hpsrv           C:\Windows\system32\Hpservice.exe
16:41:51.0963 0x1944  hpsrv - ok
16:41:52.0010 0x1944  [ 719594914B59973856155FF81F709A9D, 7FD064350B9EBD06ED2A7040F036BF7B5EBC9B07321651DCF2713012C4CF3868 ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
16:41:52.0010 0x1944  HPWMISVC - ok
16:41:52.0088 0x1944  [ E45EB7AE6C890F2C8DE8F160AC641C8A, 3637D1FCE42A5600BD7FCC1F602C926968B327097CB36EE5FAC9140DD99EEC2D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:41:52.0104 0x1944  HTTP - ok
16:41:52.0119 0x1944  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:41:52.0135 0x1944  hwpolicy - ok
16:41:52.0151 0x1944  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
16:41:52.0151 0x1944  hyperkbd - ok
16:41:52.0166 0x1944  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
16:41:52.0166 0x1944  HyperVideo - ok
16:41:52.0213 0x1944  [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
16:41:52.0213 0x1944  i8042prt - ok
16:41:52.0229 0x1944  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
16:41:52.0229 0x1944  iaLPSSi_GPIO - ok
16:41:52.0244 0x1944  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\Windows\System32\drivers\iaLPSSi_I2C.sys
16:41:52.0260 0x1944  iaLPSSi_I2C - ok
16:41:52.0307 0x1944  [ 4558F084BCB7EFA3E8321C95B4EE736F, 4E088E1A9F9CE9F3FCA9CA2954CA7969135D4A42F632E495070FBAC4051148C2 ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
16:41:52.0323 0x1944  iaStorA - ok
16:41:52.0369 0x1944  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\Windows\system32\drivers\iaStorAV.sys
16:41:52.0385 0x1944  iaStorAV - ok
16:41:52.0432 0x1944  [ 3FE5F886F28B78FCED4BD5668902B7FC, 500BF5292051C3E447E94CAE3638D68CEDC2775587787E4DE38D6BCD34160B36 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:41:52.0432 0x1944  IAStorDataMgrSvc - ok
16:41:52.0463 0x1944  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:41:52.0479 0x1944  iaStorV - ok
16:41:52.0479 0x1944  IEEtwCollectorService - ok
16:41:52.0619 0x1944  [ 623DB9620F552B480690AD882AFACED1, F44039122CF6001CB40A4032D3C108D9A83F06FC700A5B47D83EF605F83C9D2F ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
16:41:52.0760 0x1944  igfx - ok
16:41:52.0791 0x1944  [ E766B747824DA1FD97F0DDD8653CB5F4, 1FEFAEB2E672488BAAB9532E3DB368B41C3B200C525ADC3E4DB9E9FF0BC798FC ] igfxCUIService1.0.0.0 C:\Windows\system32\igfxCUIService.exe
16:41:52.0791 0x1944  igfxCUIService1.0.0.0 - ok
16:41:52.0823 0x1944  [ E71AC94964ED675B3ED0727059B7F97B, 5468B5E9B75B10EA0BFBD81827FFC9CABFC69A4065CC5A5792DBC289D4DA27EE ] ikbevent        C:\Windows\system32\DRIVERS\ikbevent.sys
16:41:52.0823 0x1944  ikbevent - ok
16:41:52.0901 0x1944  [ 3B6E74B3BE0CA74525A37B5C8E510084, BEA54067BAA524A13A2F67EB76C6B206546BA06567446725CF8BA0D7F6A30311 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:41:52.0948 0x1944  IKEEXT - ok
16:41:52.0979 0x1944  [ 2FDB67F5B9F4E96B40FDC9D1AA0B686F, B556328D54F886792A89588F3FEFE38F7129E3D7A417CDC012778FA4EF37A8C1 ] imsevent        C:\Windows\system32\DRIVERS\imsevent.sys
16:41:52.0979 0x1944  imsevent - ok
16:41:53.0010 0x1944  [ 3F2BB021CB280880F8C1B7A6FEF9B447, CEC0BF9D6C9CF6E6A9F9B4E656BD47208AC977EDDC11C1C3BCD07EB50BABC017 ] INETMON         C:\Windows\System32\Drivers\INETMON.sys
16:41:53.0010 0x1944  INETMON - ok
16:41:53.0041 0x1944  [ FC7C456AF9B9811499EDBD10616832EE, CA2D8B0E672D3AE449C2FF0B9E142D74E8C72FD877D11162A9F7CC51AF58220F ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
16:41:53.0041 0x1944  intaud_WaveExtensible - ok
16:41:53.0182 0x1944  [ 44ED7064A8CFF33E6D2BCC81412145F7, FFC2D581044D7E43D0287D13F33AA97CDF1F03D4B167ACD6BE551E92C9551C0E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:41:53.0307 0x1944  IntcAzAudAddService - ok
16:41:53.0354 0x1944  [ 890144FA6AB42F2B54EE633BF96A019A, 8741904C66170BA11C78D31681E3759537C0BF2338538678BC64234DB8FDE93F ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
16:41:53.0370 0x1944  IntcDAud - ok
16:41:53.0417 0x1944  [ DAE6C3099D291EED8922A65C29ABCF52, AD0A932345382824122F84AF97A8609BAE1B916A3B9FD608779A1411E37D3643 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
16:41:53.0448 0x1944  Intel(R) Capability Licensing Service Interface - ok
16:41:53.0479 0x1944  [ D45226E3E7A25F1E7CE8DF8FD0A2A098, 7BD74E9E3CB0A83D26BA3FD8177C6B9BA46A8695B6569CF7887FDC87947DA2D6 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
16:41:53.0495 0x1944  Intel(R) Capability Licensing Service TCP IP Interface - ok
16:41:53.0542 0x1944  [ 57739E742ABC085C2A4340D4404B4A8B, B4B85C35AC96D11F5940AFCB15A2B2A41D70E3C392E1D4D9353899FA140FF281 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
16:41:53.0542 0x1944  Intel(R) ME Service - ok
16:41:53.0574 0x1944  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:41:53.0574 0x1944  intelide - ok
16:41:53.0605 0x1944  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\Windows\system32\drivers\intelpep.sys
16:41:53.0605 0x1944  intelpep - ok
16:41:53.0652 0x1944  [ 24FF99B76037E1449E4E2E6DDF03F417, D001CFF6CF40B47E8D235378A563DAE22D32B4AE1D50755436567B6B2BB188A3 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
16:41:53.0652 0x1944  intelppm - ok
16:41:53.0667 0x1944  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:41:53.0683 0x1944  IpFilterDriver - ok
16:41:53.0753 0x1944  [ B452623C1DE60544054E784D94A7AA47, 57AECDEE0AB2B80DFFE11E43608988D46E9169288CB56D644DDE2CAFED6AFD40 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:41:53.0768 0x1944  iphlpsvc - ok
16:41:53.0831 0x1944  [ C800DCD904016B2BF6AB541083770A3A, 95A8FB9AB2818A4F44AFCBF2715B0B3024DCE38E1406EA639F2A5ECA105D2290 ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
16:41:53.0831 0x1944  IPMIDRV - ok
16:41:53.0847 0x1944  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:41:53.0847 0x1944  IPNAT - ok
16:41:53.0862 0x1944  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:41:53.0862 0x1944  IRENUM - ok
16:41:53.0894 0x1944  [ 00AD710037F4A4F00CDDD94CBA7BABEA, 234FD60D659D9338C9FA0A54D176840BFDDEEB358DAF67A8B13F7699D442CAC0 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:41:53.0894 0x1944  isapnp - ok
16:41:53.0940 0x1944  [ 6205F494094FC3DB755CB1139917D058, EFD5CBE86D4523F9693E26F78292A52B211B25451B47B26B8C3CBC00B3C86C25 ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
16:41:53.0940 0x1944  iScsiPrt - ok
16:41:53.0972 0x1944  [ 4EE2423C38F43D37F8497A672FD10BDC, 031C5272DD28809255CF4FA8E6DE45DBFBD9A363BBD5156D0AEE0787C4297980 ] ISCT            C:\Windows\System32\drivers\ISCTD64.sys
16:41:53.0972 0x1944  ISCT - ok
16:41:54.0003 0x1944  [ 2A676B190889ACEDF3AA8D64C269F8AF, 7830536B86BC4233AD4EDD30B6CDEFDCA3969BD53B970BAA6ADCE9C3B88B8593 ] ISCTAgent       C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
16:41:54.0019 0x1944  ISCTAgent - ok
16:41:54.0037 0x1944  [ A90C843F4FDD7A07129BA73C6BE13976, A76DEA9F09E3B2F18D3B646A0DD39E2773EC62E2F3C55421BA61C12190D78C1C ] iwdbus          C:\Windows\System32\drivers\iwdbus.sys
16:41:54.0037 0x1944  iwdbus - ok
16:41:54.0068 0x1944  [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
16:41:54.0068 0x1944  jhi_service - ok
16:41:54.0084 0x1944  [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
16:41:54.0084 0x1944  kbdclass - ok
16:41:54.0115 0x1944  [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
16:41:54.0115 0x1944  kbdhid - ok
16:41:54.0146 0x1944  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
16:41:54.0162 0x1944  kdnic - ok
16:41:54.0162 0x1944  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\Windows\system32\lsass.exe
16:41:54.0178 0x1944  KeyIso - ok
16:41:54.0209 0x1944  [ 304DA394D958BC3B62AF6DF514005B01, 8D17777C82F034E800181E82D30FCED800CBC46CD659AE2E0D972CA1381BD4C2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:41:54.0209 0x1944  KSecDD - ok
16:41:54.0256 0x1944  [ A9C617281ECE2711C02F3B7C951A1882, AD871D3C2A9EA9F4D1809C93093EC314DFFFF8CBCD176E96941F26AF9DB7AF4E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:41:54.0256 0x1944  KSecPkg - ok
16:41:54.0271 0x1944  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:41:54.0271 0x1944  ksthunk - ok
16:41:54.0318 0x1944  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:41:54.0334 0x1944  KtmRm - ok
16:41:54.0396 0x1944  [ B75ADC97905F43C7C946F1465A8697BD, AF50E3F5DBF222DB095B40FD4896650B5F8DD47153CB9A1ADE54D17FCE85C529 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:41:54.0412 0x1944  LanmanServer - ok
16:41:54.0428 0x1944  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:41:54.0443 0x1944  LanmanWorkstation - ok
16:41:54.0490 0x1944  [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc           C:\Windows\System32\GeofenceMonitorService.dll
16:41:54.0506 0x1944  lfsvc - ok
16:41:54.0537 0x1944  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:41:54.0537 0x1944  lltdio - ok
16:41:54.0615 0x1944  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:41:54.0615 0x1944  lltdsvc - ok
16:41:54.0662 0x1944  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:41:54.0662 0x1944  lmhosts - ok
16:41:54.0709 0x1944  [ E2952760B05A256FB1412D20A41C89C1, B5AF47DF90D5DC8E6549DE1AFF897669E8200D08083D43DF86E34F6EE19C59DA ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:41:54.0709 0x1944  LMS - ok
16:41:54.0724 0x1944  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:41:54.0740 0x1944  LSI_SAS - ok
16:41:54.0756 0x1944  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:41:54.0756 0x1944  LSI_SAS2 - ok
16:41:54.0771 0x1944  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\Windows\system32\drivers\lsi_sas3.sys
16:41:54.0771 0x1944  LSI_SAS3 - ok
16:41:54.0787 0x1944  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
16:41:54.0787 0x1944  LSI_SSS - ok
16:41:54.0849 0x1944  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\Windows\System32\lsm.dll
16:41:54.0881 0x1944  LSM - ok
16:41:54.0928 0x1944  [ B0AF753AF28303BB69C67BD85F06FFC9, 6B6805C17BC39F972BB7FF52BDF798B0B57EC5D5F3CE1C97415E86110235C603 ] luafv           C:\Windows\system32\drivers\luafv.sys
16:41:54.0928 0x1944  luafv - ok
16:41:55.0178 0x1944  [ 4223C695C09CC3027B839803BB0359A1, A6CD44D233429F40DF3D0E411C98D88F7188EF5F66052E2E3ED703BABADC9438 ] MBAMService     C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
16:41:55.0382 0x1944  MBAMService - ok
16:41:55.0413 0x1944  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\Windows\system32\drivers\megasas.sys
16:41:55.0413 0x1944  megasas - ok
16:41:55.0460 0x1944  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\Windows\system32\drivers\megasr.sys
16:41:55.0476 0x1944  megasr - ok
16:41:55.0507 0x1944  [ EB1D78140D6634C32A46AB1006105EDC, 586F988A7272A7E3F6AA2CC9A001A08A3D178A011AE8C095BB7EAD9FFB45AAB1 ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
16:41:55.0507 0x1944  MEIx64 - ok
16:41:55.0585 0x1944  Microsoft SharePoint Workspace Audit Service - ok
16:41:55.0616 0x1944  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\Windows\system32\mmcss.dll
16:41:55.0616 0x1944  MMCSS - ok
16:41:55.0632 0x1944  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\Windows\system32\drivers\modem.sys
16:41:55.0632 0x1944  Modem - ok
16:41:55.0647 0x1944  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\Windows\System32\drivers\monitor.sys
16:41:55.0663 0x1944  monitor - ok
16:41:55.0663 0x1944  [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
16:41:55.0663 0x1944  mouclass - ok
16:41:55.0710 0x1944  [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid          C:\Windows\System32\drivers\mouhid.sys
16:41:55.0710 0x1944  mouhid - ok
16:41:55.0757 0x1944  [ E5E8665272EBCD87A0A632314F0D221D, 37FDC4CEB8E5FC39C10DE875676863D090CFEA708AC3A8415114DCDD94BD7A1D ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:41:55.0757 0x1944  mountmgr - ok
16:41:55.0835 0x1944  [ 5B462C644A1BC0FD520F4B8778954C3D, 28E433E60BD567730B480DBBBDE49A9D1523F1CB61F2BD7528541F83151F4AC4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:41:55.0851 0x1944  MozillaMaintenance - ok
16:41:55.0897 0x1944  [ 2C8149371222053B82349A6E250900EB, CC6FE69C7B1F9D9EBCCD8568364CD062940962EF42903715CA7F8B877C6B40F7 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:41:55.0897 0x1944  mpsdrv - ok
16:41:55.0960 0x1944  [ 4D33C8B6159B61C7F13984ED10EA2A82, 2E6B8C104F34BFED3C521062F0F12B8D9B4A602221256C41791932771EB79B2C ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:41:55.0991 0x1944  MpsSvc - ok
16:41:56.0038 0x1944  [ 3F818C1518DA702C8F10259095C9BDE0, B98C1A6F9A3C01A10503B2B2C45CC89AFF17B346B15990F4DB4820F68BDC62C8 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:41:56.0038 0x1944  MRxDAV - ok
16:41:56.0101 0x1944  [ CF49856813FFDF2EB251762BB8B675C8, 5976D21C6B0A1FF489B406108DBE6ACDB22D706F437B12F58552A6EAA9D3BFD7 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:41:56.0101 0x1944  mrxsmb - ok
16:41:56.0165 0x1944  [ AFE6DC2E57E876175BA074AD2CB5594F, 004873302BA0BF1B1359A90A5399915BE00A9ED800F60E477A5AE4682C70A708 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:41:56.0165 0x1944  mrxsmb10 - ok
16:41:56.0212 0x1944  [ B37B58F9F80A51098C42663D5FA5F2BA, 996E2D8344F0095C136D1670D63A476E6B6F6BBA9DD773EEE5F0FD580562B000 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:41:56.0212 0x1944  mrxsmb20 - ok
16:41:56.0259 0x1944  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
16:41:56.0259 0x1944  MsBridge - ok
16:41:56.0306 0x1944  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\Windows\System32\msdtc.exe
16:41:56.0306 0x1944  MSDTC - ok
16:41:56.0337 0x1944  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:41:56.0337 0x1944  Msfs - ok
16:41:56.0353 0x1944  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
16:41:56.0353 0x1944  msgpiowin32 - ok
16:41:56.0368 0x1944  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:41:56.0368 0x1944  mshidkmdf - ok
16:41:56.0384 0x1944  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
16:41:56.0399 0x1944  mshidumdf - ok
16:41:56.0431 0x1944  [ 15552CD43BD9DA6C00659167403D19E6, B93BAE0FB5A132FA3F0218B07284117D424175DB0A69C4FB3E3C2E33F122207F ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:41:56.0431 0x1944  msisadrv - ok
16:41:56.0462 0x1944  [ A06142B3850B06972F1C89748FAA2C02, B1CCC5C8D100FEB384FCC85FED2A77F47DA4C9BA5F6889A130F4D73E30ACAA78 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:41:56.0478 0x1944  MSiSCSI - ok
16:41:56.0478 0x1944  msiserver - ok
16:41:56.0493 0x1944  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:41:56.0493 0x1944  MSKSSRV - ok
16:41:56.0524 0x1944  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
16:41:56.0540 0x1944  MsLldp - ok
16:41:56.0556 0x1944  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:41:56.0556 0x1944  MSPCLOCK - ok
16:41:56.0571 0x1944  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:41:56.0571 0x1944  MSPQM - ok
16:41:56.0587 0x1944  [ 493AA78266AA041593DB24155556B8BF, CBAF7FAD5215957D8B8C5956DB423249BB630FCFD03A10B9734E889D594F8EBD ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:41:56.0603 0x1944  MsRPC - ok
16:41:56.0618 0x1944  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
16:41:56.0618 0x1944  mssmbios - ok
16:41:56.0634 0x1944  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:41:56.0649 0x1944  MSTEE - ok
16:41:56.0649 0x1944  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
16:41:56.0649 0x1944  MTConfig - ok
16:41:56.0696 0x1944  [ 438EA7A2D8D4F9B8AFB64748ACA70BA8, AEEB7B657B645C4006C6D5E8D07ECE581DEE7AD22EA1A587C552574990CF091B ] Mup             C:\Windows\system32\Drivers\mup.sys
16:41:56.0696 0x1944  Mup - ok
16:41:56.0712 0x1944  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
16:41:56.0712 0x1944  mvumis - ok
16:41:56.0759 0x1944  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\Windows\system32\qagentRT.dll
16:41:56.0774 0x1944  napagent - ok
16:41:56.0837 0x1944  [ F3A70F2C79D91B7C95F78E959DEDAD0E, CB1826614D1EEC1C2E8E6F8D2B8DE486CE7AF628DAC6969655E57EC4BAF70C9D ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:41:56.0853 0x1944  NativeWifiP - ok
16:41:56.0884 0x1944  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\Windows\System32\ncasvc.dll
16:41:56.0899 0x1944  NcaSvc - ok
16:41:56.0931 0x1944  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\Windows\System32\ncbservice.dll
16:41:56.0931 0x1944  NcbService - ok
16:41:56.0978 0x1944  [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
16:41:56.0978 0x1944  NcdAutoSetup - ok
16:41:57.0056 0x1944  [ FFAA6C6E798FBA448FA7628A1B277F5C, 9E1F2C848A019CE6397F652A21AE43B76149EF95452BB8353249BD9E28D98083 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:41:57.0087 0x1944  NDIS - ok
16:41:57.0150 0x1944  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:41:57.0150 0x1944  NdisCap - ok
16:41:57.0181 0x1944  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
16:41:57.0197 0x1944  NdisImPlatform - ok
16:41:57.0228 0x1944  [ DC1D9F692C2AD84C214584C28501C1F7, 96FC0D1EC48FED963E02648541A2AAC8E72ED00D797EA8E3D0ED02F5EB4816C5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:41:57.0244 0x1944  NdisTapi - ok
16:41:57.0275 0x1944  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:41:57.0275 0x1944  Ndisuio - ok
16:41:57.0291 0x1944  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
16:41:57.0291 0x1944  NdisVirtualBus - ok
16:41:57.0353 0x1944  [ C3755FCF9A0B5C6FE8ED9E873B85D3CE, 4D3DAFAFA5FB2930522D6DA536E3A731BABE0C24613C190D2330DB415D1A6515 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:41:57.0353 0x1944  NdisWan - ok
16:41:57.0369 0x1944  [ C3755FCF9A0B5C6FE8ED9E873B85D3CE, 4D3DAFAFA5FB2930522D6DA536E3A731BABE0C24613C190D2330DB415D1A6515 ] NdisWanLegacy   C:\Windows\system32\DRIVERS\ndiswan.sys
16:41:57.0369 0x1944  NdisWanLegacy - ok
16:41:57.0400 0x1944  [ 4F5178EEF4CC259F0A8CF56C2F16ADDB, 1940275E4AB0A863B146736A189F797EE06841DD74376AF6E09033FB1EEB6643 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:41:57.0415 0x1944  NDProxy - ok
16:41:57.0447 0x1944  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
16:41:57.0462 0x1944  Ndu - ok
16:41:57.0478 0x1944  [ AD6A78E25BBC916354753A500C4E73C8, 52D10B07CA52B90E6934EC8916715B1BA78711A12600980A3A7A16EA5408F99A ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:41:57.0478 0x1944  NetBIOS - ok
16:41:57.0525 0x1944  [ 0FE750800DEEE91D22399D081371BA79, 7E1E01A5D5BAE68F975070D1676BD830ADF010E42A8046D4074D17B710230CD9 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:41:57.0525 0x1944  NetBT - ok
16:41:57.0540 0x1944  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\Windows\system32\lsass.exe
16:41:57.0540 0x1944  Netlogon - ok
16:41:57.0587 0x1944  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\Windows\System32\netman.dll
16:41:57.0587 0x1944  Netman - ok
16:41:57.0650 0x1944  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\Windows\System32\netprofmsvc.dll
16:41:57.0665 0x1944  netprofm - ok
16:41:57.0728 0x1944  [ 51CD641EFF20C9FFBA2C0F72C269795E, ADA16CBCF4C915EDE7BB57C5B6562077918380C55D9E967B87421A24BD43DDE7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:41:57.0775 0x1944  NetTcpPortSharing - ok
16:41:57.0822 0x1944  [ 39935F3D3582A8B3387E9A2ED4C85413, 4B0629CA22B9AEF90425991BC800043DBE18007AC90445809A8D5D122B41218D ] netvsc          C:\Windows\System32\drivers\netvsc63.sys
16:41:57.0837 0x1944  netvsc - ok
16:41:57.0884 0x1944  [ A0D7A655BC61C2421CB33F3A1CD97B8A, EF87D3CDB01789195E83FB629B0871ED03211C624BCF814260D86DDA57BD9B33 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:41:57.0900 0x1944  NlaSvc - ok
16:41:57.0931 0x1944  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:41:57.0931 0x1944  Npfs - ok
16:41:57.0931 0x1944  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
16:41:57.0931 0x1944  npsvctrig - ok
16:41:57.0982 0x1944  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\Windows\system32\nsisvc.dll
16:41:57.0982 0x1944  nsi - ok
16:41:58.0013 0x1944  [ 018510D88536798852DAE12F9BA6E138, C0D89C36F8737FD139CEA80BED65D1DB4248E667804645FF71C39BA92FEC4109 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:41:58.0013 0x1944  nsiproxy - ok
16:41:58.0107 0x1944  [ 9E60AD04B25D39986599D4397FD96FF8, F4004443A7982EDE01F6069F0601BBAB452B62F1D1F954AFFDA2FE8DA13BFCE5 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:41:58.0185 0x1944  Ntfs - ok
16:41:58.0201 0x1944  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\Windows\system32\drivers\Null.sys
16:41:58.0201 0x1944  Null - ok
16:41:58.0609 0x1944  [ DA35308DEDB50C91EFD46B42F991DE26, 86E72D446014ED655E3DD2BB85A1A21BF0BF3C0EE5266E8E3D893FCDE25F9BE4 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:41:58.0984 0x1944  nvlddmkm - ok
16:41:59.0094 0x1944  [ 020F45E362D3B57CCC5735582BB1A6EC, E2D953CEF208528382153D06FED8394BEB52657C547E4D2D2954E537C9A382DC ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
16:41:59.0157 0x1944  NvNetworkService - ok
16:41:59.0203 0x1944  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:41:59.0203 0x1944  nvraid - ok
16:41:59.0219 0x1944  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:41:59.0219 0x1944  nvstor - ok
16:41:59.0328 0x1944  [ F82BCEB9F57B2959F6AAE2A3DDA892A8, 5B02C74BAF0E12B84F239B1449DAA955B28BD5BA7D35D315DB57F45E042E0DB3 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
16:41:59.0328 0x1944  NvStreamKms - ok
16:41:59.0469 0x1944  [ 9209D57C1AA24841EF8D5DE6A5B2AAEB, C1A53621F5361DCE9C962A9B9B586D1904901C9EC20EFCA76C40ADCD98BEDF3C ] NvStreamNetworkSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
16:41:59.0579 0x1944  NvStreamNetworkSvc - ok
16:41:59.0720 0x1944  [ 0EDF9504CA5174075BA5902AFC1F57C8, 8E210E71BA91813D3BB6B59E5F6AD0889711336AD12B1B1C67CCC882A6ED3E53 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
16:41:59.0813 0x1944  NvStreamSvc - ok
16:41:59.0861 0x1944  [ A9FE27CA00E66C455520E8B75883B630, D2FEFC75C0881ECC0A80EA2DD92DD9D2A28EB26F81085F8C17DCEA3F717D86E9 ] nvsvc           C:\Windows\system32\nvvsvc.exe
16:41:59.0908 0x1944  nvsvc - ok
16:41:59.0955 0x1944  [ F37FE6B15A987AEEC08EEF531F2FAED7, CC768E7DE80C7A8CB2392F9BC528212B8A3A35A30A222ED0B0B959051E6F8065 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
16:41:59.0955 0x1944  nvvad_WaveExtensible - ok
16:42:00.0002 0x1944  [ 9D1D5F4A66790A6B6B83B49497DB7A9F, CEFB57674BB681A0F446307E6D10D141DC2F5C5650A481FCF4D7FA877F421D0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:42:00.0002 0x1944  nv_agp - ok
16:42:00.0048 0x1944  [ 8DD366F3B9F16ED722A6A66D956DA27F, 3A61B3D7B0D60CAA801FFDA086BFDDCF9C820CB11114DC60FDC9B30F828CC04F ] omniserv        C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
16:42:00.0064 0x1944  omniserv - ok
16:42:00.0142 0x1944  [ D21AC5BC8098D309FF47132451390679, 5CE539E25DB04CF474317188F6BED5CF302FF2805932426207969998E9E61B4A ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:42:00.0158 0x1944  ose - ok
16:42:00.0361 0x1944  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:42:00.0517 0x1944  osppsvc - ok
16:42:00.0580 0x1944  [ B0D4F47A4D74F6E6A3FF6B2D109D6734, B34F0AF0EAE3A39FCE8BF3871310A7308E2C0BEF3E2F4CAB5852F8D2B2A8B457 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:42:00.0595 0x1944  p2pimsvc - ok
16:42:00.0627 0x1944  [ 0B100C336809C1D7DBD108A75DAFFEF5, F8E5B7EBB5F751FD5BBBD0A5CE5CD60F2EE32CC75EFA68DAAD17E2B26B71AF4E ] p2psvc          C:\Windows\system32\p2psvc.dll
16:42:00.0642 0x1944  p2psvc - ok
16:42:00.0673 0x1944  [ 57DCE4FB0467986AE78E1C6FC5240D32, F7F3ADD1B48E4D6BB0A664A2FE556F71ED7453054B4FB667A29BE050C845045B ] Parport         C:\Windows\System32\drivers\parport.sys
16:42:00.0673 0x1944  Parport - ok
16:42:00.0720 0x1944  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:42:00.0720 0x1944  partmgr - ok
16:42:00.0767 0x1944  [ 10D35971E29936AE422A9C728014E761, 7B1547312663D50D72B76A7C13A01E532F41132A8E108AF5C6C086B456C86ACA ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:42:00.0783 0x1944  PcaSvc - ok
16:42:00.0845 0x1944  [ 9C1015B033ABDFC59584F480207AECDD, 288011A1F5A6C6D530122210EF3CAD09DF0BDA15E490CD5C52209037B3A0714F ] pci             C:\Windows\system32\drivers\pci.sys
16:42:00.0861 0x1944  pci - ok
16:42:00.0892 0x1944  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\Windows\system32\drivers\pciide.sys
16:42:00.0892 0x1944  pciide - ok
16:42:00.0908 0x1944  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:42:00.0908 0x1944  pcmcia - ok
16:42:00.0923 0x1944  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:42:00.0923 0x1944  pcw - ok
16:42:00.0970 0x1944  [ E6B3ACBA06BAF48594557FCCBFA66FD2, 44A0FAC6169D9130870456DEFBFFE563FCCC4AD7A9754B455D5A1C1A77F0699D ] pdc             C:\Windows\system32\drivers\pdc.sys
16:42:00.0970 0x1944  pdc - ok
16:42:01.0002 0x1944  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:42:01.0017 0x1944  PEAUTH - ok
16:42:01.0095 0x1944  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:42:01.0095 0x1944  PerfHost - ok
16:42:01.0189 0x1944  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\Windows\system32\pla.dll
16:42:01.0252 0x1944  pla - ok
16:42:01.0298 0x1944  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:42:01.0298 0x1944  PlugPlay - ok
16:42:01.0330 0x1944  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:42:01.0330 0x1944  PNRPAutoReg - ok
16:42:01.0361 0x1944  [ B0D4F47A4D74F6E6A3FF6B2D109D6734, B34F0AF0EAE3A39FCE8BF3871310A7308E2C0BEF3E2F4CAB5852F8D2B2A8B457 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:42:01.0377 0x1944  PNRPsvc - ok
16:42:01.0423 0x1944  [ 0FF8507A8B901B904E98EB36B9E347EE, FE4A9A6159A8490F3155D166656748722EFDEDCDC447C09155A5AD6D9F5D294D ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:42:01.0423 0x1944  PolicyAgent - ok
16:42:01.0439 0x1944  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\Windows\system32\umpo.dll
16:42:01.0455 0x1944  Power - ok
16:42:01.0580 0x1944  [ B7DB57A000D46D4DE75BC0C563E58072, 8183EB09DC4D44DFF027CA0AAA8C09921A14F088C1BC427B6ACA42340AAF69E6 ] PrintNotify     C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
16:42:01.0673 0x1944  PrintNotify - ok
16:42:01.0728 0x1944  [ 400E95F70BC0336D206139C930C3F7F6, 50D40C9E4B4BAEC25067B0A4E55A8FE0CEF6C6B66BDBAE62BBDB5A02C62DDF7E ] Processor       C:\Windows\System32\drivers\processr.sys
16:42:01.0728 0x1944  Processor - ok
16:42:01.0775 0x1944  [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc         C:\Windows\system32\profsvc.dll
16:42:01.0775 0x1944  ProfSvc - ok
16:42:01.0822 0x1944  [ DEF4D00D1E55B1E29138A1541D0B82D3, CB042B49BA34F501CAD5AE1277EBFC34BD7BC01C1251811733901566880FF280 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:42:01.0838 0x1944  Psched - ok
16:42:01.0869 0x1944  [ 4B09DE6B528BBCF85BC839A0438FC569, C7C059A2EC2DC11E1C63F07E3B522903FC4D0E4F0DE25011D3C3475DEC19A11E ] qcfilter        C:\Windows\System32\drivers\qcusbfilter.sys
16:42:01.0885 0x1944  qcfilter - ok
16:42:01.0932 0x1944  [ DF65D1F63D20049D2A3835CE023CBBB1, E7EE23D5F4886215D2C6625BCC7F76ABEFF41520A83D5247FB6EFB1D6D7BB7BE ] qcusbnet        C:\Windows\system32\DRIVERS\qcusbnet.sys
16:42:01.0947 0x1944  qcusbnet - ok
16:42:01.0963 0x1944  [ F5E76151C86C818A6ECA628B731E1DDA, 4D5880A9479C186D01895D49CDCAE79749F381266E259F406B7C37861F7BDB92 ] qcusbser        C:\Windows\system32\DRIVERS\qcusbser.sys
16:42:01.0963 0x1944  qcusbser - ok
16:42:02.0010 0x1944  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\Windows\system32\qwave.dll
16:42:02.0025 0x1944  QWAVE - ok
16:42:02.0072 0x1944  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:42:02.0072 0x1944  QWAVEdrv - ok
16:42:02.0088 0x1944  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:42:02.0088 0x1944  RasAcd - ok
16:42:02.0135 0x1944  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\Windows\System32\rasauto.dll
16:42:02.0150 0x1944  RasAuto - ok
16:42:02.0197 0x1944  [ 0A655DD285E4E1E2975CEAB8FDE75295, 023B73A71CB48578702548F8F1096BDF72BE09D836F2D324DDA869E4F0354133 ] RasMan          C:\Windows\System32\rasmans.dll
16:42:02.0213 0x1944  RasMan - ok
16:42:02.0244 0x1944  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:42:02.0244 0x1944  RasPppoe - ok
16:42:02.0291 0x1944  [ 3560C2D5A5DAC09BF81F5C5CD0029192, BF07AE75CAC322304024AF2385034847F18615439894306CC96D3F6F3C088CB5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:42:02.0307 0x1944  rdbss - ok
16:42:02.0322 0x1944  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
16:42:02.0322 0x1944  rdpbus - ok
16:42:02.0338 0x1944  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
16:42:02.0353 0x1944  RDPDR - ok
16:42:02.0385 0x1944  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:42:02.0385 0x1944  RdpVideoMiniport - ok
16:42:02.0400 0x1944  [ 468F9F3886DD3320357ECDBFF838DBBF, B8A8198A3D7CF19D662718AC9D33AD3722D179DA88D9F3FCFFB67AAA3F95C153 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:42:02.0416 0x1944  rdyboost - ok
16:42:02.0478 0x1944  [ D6B1EC83A1C6B7E49074429F0E0B3A6A, A1D61E8AAFE731EECD78865102707F65C62CF1B5A45F811C877EBC72939C8202 ] ReFS            C:\Windows\system32\drivers\ReFS.sys
16:42:02.0510 0x1944  ReFS - ok
16:42:02.0572 0x1944  [ DF78648AC3C8DC9D70E6714AF785382F, 56E104939ED0AB5B26AE07BAB1BBB7D15828DBD3A2AD35361423D7ADDA4BA551 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:42:02.0572 0x1944  RemoteAccess - ok
16:42:02.0619 0x1944  [ 7594FEFBAD6BA4645CE7AA175C19BAD0, 32625BA39B905576F0465E261F15D222ED228A19071E3A1BC4286B5FECA0F948 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:42:02.0635 0x1944  RemoteRegistry - ok
16:42:02.0682 0x1944  [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM          C:\Windows\System32\drivers\rfcomm.sys
16:42:02.0682 0x1944  RFCOMM - ok
16:42:02.0744 0x1944  [ 9E18DF158751CF968E7DF83256D70233, 89385DA5ABD283F289E37D7D9E33358B06216E9B3659B2E70F19FD5BA49C7F90 ] RichVideo64     C:\Program Files\CyberLink\Shared files\RichVideo64.exe
16:42:02.0744 0x1944  RichVideo64 - ok
16:42:02.0807 0x1944  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:42:02.0807 0x1944  RpcEptMapper - ok
16:42:02.0838 0x1944  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\Windows\system32\locator.exe
16:42:02.0853 0x1944  RpcLocator - ok
16:42:02.0900 0x1944  [ 2928249E4DD39C2ADD3E74F02427AB8B, E331028A55FFFD753BC09163F25765AA67B1FE55BD0EB2803CC50D841E14BDA6 ] RpcSs           C:\Windows\system32\rpcss.dll
16:42:02.0932 0x1944  RpcSs - ok
16:42:02.0994 0x1944  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:42:02.0994 0x1944  rspndr - ok
16:42:03.0025 0x1944  [ E8384111FDD1FC2D39FD114A50F79A84, AB8BC4251C2B1AFF3B890001CB9EAB905659EA0BEFEFB1F2126E10748196496D ] RSUSBSTOR       C:\Windows\System32\Drivers\RtsUStor.sys
16:42:03.0041 0x1944  RSUSBSTOR - ok
16:42:03.0057 0x1944  [ BCDE27DA663D2F1BE1EA262F2BFDA8D0, 07744F83C41503D8C948E8D8569628C7C9D283EBA3C20CB63BC81123812A0A25 ] RSUSBVSTOR      C:\Windows\System32\Drivers\RtsUVStor.sys
16:42:03.0072 0x1944  RSUSBVSTOR - ok
16:42:03.0119 0x1944  [ F1D20C2B36F78863530B251DF504CC51, A3C71BDB45B1DB321BC2D9889CB25CF7840E145DFB769882748B7D507A605A42 ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
16:42:03.0119 0x1944  RtkAudioService - ok
16:42:03.0166 0x1944  [ 48E042D6AAB285409AF06200966EA655, 64FD4305C4EBEC25AA7BC2058952BCB79DB0A054CF46F2413CC54FB1E550D5F4 ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
16:42:03.0197 0x1944  RTL8168 - ok
16:42:03.0213 0x1944  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
16:42:03.0228 0x1944  s3cap - ok
16:42:03.0275 0x1944  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\Windows\system32\lsass.exe
16:42:03.0275 0x1944  SamSs - ok
16:42:03.0291 0x1944  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:42:03.0291 0x1944  sbp2port - ok
16:42:03.0338 0x1944  [ 305B725E3FC1936162FE84A0BB526F22, 341E311BAF071F630E277BA41629883D5F8DB76E820425AB898BAC13D09971DC ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:42:03.0338 0x1944  SCardSvr - ok
16:42:03.0385 0x1944  [ 92D2FA1870F4EB4A9BA767DB6E0DEF6F, AB019E17D5F330CBB7F7CAF8CEB01F3F3DBBB181CDE19E4C2354AF51E66C8291 ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
16:42:03.0385 0x1944  ScDeviceEnum - ok
16:42:03.0400 0x1944  [ DEA731D96816F1F67C32F49E4EF248DD, 6A977D80164616A85BDAE437A3D50E055720E3163941259F19E8719F54BE267D ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:42:03.0416 0x1944  scfilter - ok
16:42:03.0479 0x1944  [ F5523FFAFFCE7937D076E4FE6F5BD9AD, 42B08D5B54C07331D3754688878122F9CD9C7C9253C5ED8C3185C4BF6F68D847 ] Schedule        C:\Windows\system32\schedsvc.dll
16:42:03.0525 0x1944  Schedule - ok
16:42:03.0557 0x1944  [ ACFDC4EE40EC6E4A0AB91D923B8288C8, D31555AB31F504C247049219BE0ECDF26BB18E210BE7C45E8575FD166FD7EE23 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:42:03.0557 0x1944  SCPolicySvc - ok
16:42:03.0619 0x1944  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\Windows\System32\drivers\sdbus.sys
16:42:03.0619 0x1944  sdbus - ok
16:42:03.0650 0x1944  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
16:42:03.0650 0x1944  sdstor - ok
16:42:03.0666 0x1944  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:42:03.0666 0x1944  secdrv - ok
16:42:03.0697 0x1944  [ 6627154693B6C2B8A59727F5B38728E8, F08251EE3436400295F120D48F3763E6F11BBF4132D674AD3E8112B6B3538455 ] seclogon        C:\Windows\system32\seclogon.dll
16:42:03.0697 0x1944  seclogon - ok
16:42:03.0744 0x1944  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\Windows\System32\sens.dll
16:42:03.0744 0x1944  SENS - ok
16:42:03.0807 0x1944  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:42:03.0822 0x1944  SensrSvc - ok
16:42:03.0838 0x1944  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
16:42:03.0853 0x1944  SerCx - ok
16:42:03.0869 0x1944  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
16:42:03.0885 0x1944  SerCx2 - ok
16:42:03.0916 0x1944  [ 1F0135949A6AD6025F363F80FE268251, DB2D503863143F2251E589F7B0B3E9FBF997D7333D54C55856590B5080B5513D ] Serenum         C:\Windows\System32\drivers\serenum.sys
16:42:03.0916 0x1944  Serenum - ok
16:42:03.0947 0x1944  [ 81633C87B42B63BA484A6177179AC750, A22BA40E9EC74E88D8098CBDC954E1D63B832FCB789E3C7B731DE5DA39BEE2CA ] Serial          C:\Windows\System32\drivers\serial.sys
16:42:03.0947 0x1944  Serial - ok
16:42:03.0979 0x1944  [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse        C:\Windows\System32\drivers\sermouse.sys
16:42:03.0979 0x1944  sermouse - ok
16:42:04.0041 0x1944  [ 624BB76941938B9F5776DEA56004D33E, D4EE7A23665D71646622D477CA962335B4C17BAC931A728122DF8C112CD5A560 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:42:04.0041 0x1944  SessionEnv - ok
16:42:04.0057 0x1944  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
16:42:04.0057 0x1944  sfloppy - ok
16:42:04.0119 0x1944  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:42:04.0135 0x1944  SharedAccess - ok
16:42:04.0197 0x1944  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:42:04.0244 0x1944  ShellHWDetection - ok
16:42:04.0275 0x1944  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:42:04.0275 0x1944  SiSRaid2 - ok
16:42:04.0291 0x1944  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:42:04.0291 0x1944  SiSRaid4 - ok
16:42:04.0322 0x1944  [ C73F57BF4B8CF29794F9FBC9B4AF3494, C7A01C1B3E77D8C84F5C2C3AEF42B9F548E3C41A091C2F826BBF82DEA54097FA ] SmbDrv          C:\Windows\System32\drivers\Smb_driver_AMDASF.sys
16:42:04.0322 0x1944  SmbDrv - ok
16:42:04.0338 0x1944  [ 6FDAA9A447D56E264B4C54B3ADCA4A7D, 9051A0E3E24AB0DA8C95AF556EFBF03B58916DF1BCA9D32E272E58621A18E71A ] SmbDrvI         C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
16:42:04.0338 0x1944  SmbDrvI - ok
16:42:04.0375 0x1944  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\Windows\System32\smphost.dll
16:42:04.0391 0x1944  smphost - ok
16:42:04.0422 0x1944  [ 961507DB02D7AC0B7A7828D457143B8E, F423BE6287C65960A955EBB3BFBAC047313BEB2F54920A6E57E51FCCE855F5E0 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:42:04.0422 0x1944  SNMPTRAP - ok
16:42:04.0485 0x1944  [ F6AF6499C3788105EA7AF1DA27769A77, F847789B0AD498CC9C985F334F7BA0906ACB41FB356CC2EF2A00C62C75D94A79 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
16:42:04.0500 0x1944  spaceport - ok
16:42:04.0516 0x1944  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
16:42:04.0516 0x1944  SpbCx - ok
16:42:04.0579 0x1944  [ 851F06253BED584E39F5126EB5C2D6DD, 5144AA4C45598B0749D4F2CF477BB8E9B75DFB858385888E31E703B7C8FB6463 ] Spooler         C:\Windows\System32\spoolsv.exe
16:42:04.0610 0x1944  Spooler - ok
16:42:04.0813 0x1944  [ F264662C057A54AA2DE41B3C7551712F, 2C123C6ACD967CDF1AD2855187CF3D8357B16A4FD9C2F18AE54CFA384165FA11 ] sppsvc          C:\Windows\system32\sppsvc.exe
16:42:05.0016 0x1944  sppsvc - ok
16:42:05.0079 0x1944  [ CA62440584866C8435AF39E70C8CDDDD, 8B4C6AF1CFD628632D20C17D4D64C70BA6609382E416007DE28E542C5E5C8798 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:42:05.0094 0x1944  srv - ok
16:42:05.0157 0x1944  [ C62A74CAF963057C3A98083D1177DA50, DCA30352D472F6DF4AB2F0BE30D321060584F58CB043B7EBF223538CF0C48BEA ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:42:05.0172 0x1944  srv2 - ok
16:42:05.0219 0x1944  [ 09F76E4F5B3B37474A2F49CC6F94B39A, D0ADDF3E5BBF7D6CB6B01430FA4D8C7E15CFE7356877604B40AAA944CB35970C ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:42:05.0235 0x1944  srvnet - ok
16:42:05.0282 0x1944  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:42:05.0282 0x1944  SSDPSRV - ok
16:42:05.0313 0x1944  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:42:05.0313 0x1944  SstpSvc - ok
16:42:05.0471 0x1944  [ 7D20CB98DFC65BBB00D12734C134077F, 9B53B1FEE017026A08DC85F3D283BED2A17AC7F09008CA7B917E66F67C254A2A ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
16:42:05.0518 0x1944  Steam Client Service - ok
16:42:05.0565 0x1944  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:42:05.0565 0x1944  stexstor - ok
16:42:05.0627 0x1944  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\Windows\System32\wiaservc.dll
16:42:05.0643 0x1944  stisvc - ok
16:42:05.0659 0x1944  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\Windows\system32\drivers\storahci.sys
16:42:05.0659 0x1944  storahci - ok
16:42:05.0690 0x1944  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
16:42:05.0705 0x1944  storflt - ok
16:42:05.0737 0x1944  [ 1D5A045F59D216448FCDE3A8D69970E2, CEDEB0843D93339D10FE4BC209CCFCB6E12C6064FD62694DA7675082E8B8C915 ] stornvme        C:\Windows\system32\drivers\stornvme.sys
16:42:05.0737 0x1944  stornvme - ok
16:42:05.0799 0x1944  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\Windows\system32\storsvc.dll
16:42:05.0799 0x1944  StorSvc - ok
16:42:05.0831 0x1944  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\Windows\system32\drivers\storvsc.sys
16:42:05.0831 0x1944  storvsc - ok
16:42:05.0862 0x1944  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\Windows\system32\svsvc.dll
16:42:05.0877 0x1944  svsvc - ok
16:42:05.0909 0x1944  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\Windows\System32\drivers\swenum.sys
16:42:05.0909 0x1944  swenum - ok
16:42:05.0971 0x1944  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\Windows\System32\swprv.dll
16:42:05.0987 0x1944  swprv - ok
16:42:06.0034 0x1944  [ 1646B613BD2ABAB87448DED453B104AE, 74CCD4EA332E8CBF9B1E28F52146A76694CB9A2ECA76A4B0F8468CF9CFF27061 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
16:42:06.0049 0x1944  SynTP - ok
16:42:06.0080 0x1944  [ 03DC62FC26B8237EE13194528E454FBF, CBC2F9D0A7D7E396A5304C8A8463D2523F1226BF6D335307CB813903905BE5D6 ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
16:42:06.0080 0x1944  SynTPEnhService - ok
16:42:06.0159 0x1944  [ 0404A539EC3D731EE42632AAFFF0666A, 5558B96C9A425ADEC69A020E0FEDB6D7562A60E403A2ECDCE58CAF2CA155549F ] SysMain         C:\Windows\system32\sysmain.dll
16:42:06.0205 0x1944  SysMain - ok
16:42:06.0252 0x1944  [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
16:42:06.0268 0x1944  SystemEventsBroker - ok
16:42:06.0315 0x1944  [ 54A1F83B166F1062000A0D816CB3B43A, 8A104B2141546984CFB988CC178EB1910F6B42A19CB75A30F4E74D5EE67901EB ] TabletInputService C:\Windows\System32\TabSvc.dll
16:42:06.0315 0x1944  TabletInputService - ok
16:42:06.0361 0x1944  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:42:06.0377 0x1944  TapiSrv - ok
16:42:06.0486 0x1944  [ CB10F295128E551C0631C1459752BEDB, EFD2BC496D4F78C301DFCBA5210BB9BF99B6124AD519E4DED366023EA59EB950 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:42:06.0565 0x1944  Tcpip - ok
16:42:06.0658 0x1944  [ CB10F295128E551C0631C1459752BEDB, EFD2BC496D4F78C301DFCBA5210BB9BF99B6124AD519E4DED366023EA59EB950 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:42:06.0705 0x1944  TCPIP6 - ok
16:42:06.0737 0x1944  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:42:06.0737 0x1944  tcpipreg - ok
16:42:06.0783 0x1944  [ 576FA545FAB846B06E79B324160DE25C, 14F1FD2769E7F5362E6452CA061564EF3DEBFDF6BC8EFF0CD4E22068A460A727 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:42:06.0799 0x1944  tdx - ok
16:42:06.0830 0x1944  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
16:42:06.0830 0x1944  terminpt - ok
16:42:06.0893 0x1944  [ 680396E9E1FA365C80CA470BEB7CEECF, C51E5E5EAD08E2CED701464C4030DD161877F9A291BC8BF12AF7A0358DCA1886 ] TermService     C:\Windows\System32\termsrv.dll
16:42:06.0940 0x1944  TermService - ok
16:42:06.0971 0x1944  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\Windows\system32\themeservice.dll
16:42:06.0971 0x1944  Themes - ok
16:42:07.0018 0x1944  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:42:07.0018 0x1944  THREADORDER - ok
16:42:07.0065 0x1944  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
16:42:07.0080 0x1944  TimeBroker - ok
16:42:07.0127 0x1944  [ 80A2FC1A089A71F2DBE5D8394FFB009F, DEA30E751F6EA42E43E16869713FC7E37832B15DAFA0062B1798DFA476981385 ] TPM             C:\Windows\system32\drivers\tpm.sys
16:42:07.0143 0x1944  TPM - ok
16:42:07.0174 0x1944  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\Windows\System32\trkwks.dll
16:42:07.0190 0x1944  TrkWks - ok
16:42:07.0221 0x1944  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:42:07.0221 0x1944  TrustedInstaller - ok
16:42:07.0236 0x1944  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:42:07.0236 0x1944  TsUsbFlt - ok
16:42:07.0283 0x1944  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
16:42:07.0283 0x1944  TsUsbGD - ok
16:42:07.0330 0x1944  [ E85916632CD3B9E9B546968DB950BF42, DECE3852C763CC6293C7D1B772296C43A0AE1E47BBCC4979C96B3B2AD70413F3 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:42:07.0330 0x1944  tunnel - ok
16:42:07.0362 0x1944  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:42:07.0362 0x1944  uagp35 - ok
16:42:07.0377 0x1944  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
16:42:07.0393 0x1944  UASPStor - ok
16:42:07.0440 0x1944  [ 42FF91AAAFB5BFA7FE0F5A31E8D83AE3, 11D4EF275357BB69F9431F9B24A5524A631D65610F8128F68290C6E839009BE2 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
16:42:07.0440 0x1944  UCX01000 - ok
16:42:07.0487 0x1944  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:42:07.0502 0x1944  udfs - ok
16:42:07.0533 0x1944  [ 5DFA6081BE0AE39EA5B3A38CAC6A961F, D2EC133CF68E794225DE4FAB678F9FECD20D82EC7539A450769076BA57C1914F ] UEFI            C:\Windows\System32\drivers\UEFI.sys
16:42:07.0533 0x1944  UEFI - ok
16:42:07.0580 0x1944  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:42:07.0580 0x1944  UI0Detect - ok
16:42:07.0612 0x1944  [ 4EF2D1DCFFC75ADFFFDD471BD9EBEDCC, 9B47DB34537B08D2F934C5FA0503B3441F718F0F8CEDF2483F77C684BD2D63E5 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:42:07.0627 0x1944  uliagpkx - ok
16:42:07.0643 0x1944  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\Windows\System32\drivers\umbus.sys
16:42:07.0643 0x1944  umbus - ok
16:42:07.0674 0x1944  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\Windows\System32\drivers\umpass.sys
16:42:07.0674 0x1944  UmPass - ok
16:42:07.0705 0x1944  [ 87743CF5FF2FB3F2B424F0D8DFF8FD8C, C14C979612426D4449274C109FCF25D3BE170DC5CD7EF8E230C7E8D5681904D3 ] UmRdpService    C:\Windows\System32\umrdp.dll
16:42:07.0721 0x1944  UmRdpService - ok
16:42:07.0768 0x1944  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\Windows\System32\upnphost.dll
16:42:07.0783 0x1944  upnphost - ok
16:42:07.0830 0x1944  [ 621317D14B93CBFBD5694767EFB6B40A, 84D3F4AA2CAFA11DF5EAD178889ACCAA2FF50D48AFE9518F63FBB862928630FB ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
16:42:07.0830 0x1944  usbccgp - ok
16:42:07.0877 0x1944  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
16:42:07.0877 0x1944  usbcir - ok
16:42:07.0924 0x1944  [ C996CBEF922B5653A01E3F50DDCE2F86, 231EB5A36E7EE242197E796D3B4AB12F945D2C8570587BC8D57D45530A0C59B4 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
16:42:07.0924 0x1944  usbehci - ok
16:42:07.0987 0x1944  [ E30B159760053C5A1297D2CD08046CD7, E45472CEEC31616DBE2B38C4FD9B90179ED7FF29041F21FB124334B4A53AE48C ] usbhub          C:\Windows\System32\drivers\usbhub.sys
16:42:08.0002 0x1944  usbhub - ok
16:42:08.0049 0x1944  [ 5C90D5379B53590FBB24BBAD4FA682EE, DC036340510C1C0999AB1CB845F8E6EB8B7696BAC9BBE6E936454C0000D1E9D4 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
16:42:08.0080 0x1944  USBHUB3 - ok
16:42:08.0096 0x1944  [ A0F0484C97D6441ED6A75D7426ECCC9E, FF928ADE1C5464E581BF929F7383D5762D110EA6C7E31A6F0887EA7357ADBEFE ] usbohci         C:\Windows\System32\drivers\usbohci.sys
16:42:08.0096 0x1944  usbohci - ok
16:42:08.0127 0x1944  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
16:42:08.0127 0x1944  usbprint - ok
16:42:08.0158 0x1944  [ 9D168BFA334D47BE404367EB58D4E130, 23279CBE6ACBD074E7B268BA2EDA14E2255C41F8117173B2BBE653D8259ECFA2 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
16:42:08.0174 0x1944  USBSTOR - ok
16:42:08.0190 0x1944  [ FC974B03C8B87455F44F734C8F31A3C8, D69F6EE8030F7DF96FF151D9EAA6AE65417ACAC5A267C7DB96E9611D5BC42D2C ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
16:42:08.0190 0x1944  usbuhci - ok
16:42:08.0237 0x1944  [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
16:42:08.0252 0x1944  usbvideo - ok
16:42:08.0268 0x1944  [ 3413BCA17155F82614A3F18518923475, A3C8FAB425CDC088CE9CC33A23B242291469C17848B8BE8DDEAC276905F7BAA4 ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
16:42:08.0283 0x1944  USBXHCI - ok
16:42:08.0299 0x1944  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\Windows\system32\lsass.exe
16:42:08.0299 0x1944  VaultSvc - ok
16:42:08.0330 0x1944  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:42:08.0330 0x1944  vdrvroot - ok
16:42:08.0402 0x1944  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\Windows\System32\vds.exe
16:42:08.0449 0x1944  vds - ok
16:42:08.0464 0x1944  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
16:42:08.0480 0x1944  VerifierExt - ok
16:42:08.0542 0x1944  [ 8ABB4BABF59F092DF0B43778D8FD1884, 94C2100CE86448543A8DD586AD4A128AB9EB37959238D70F33EF59202270AC6C ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
16:42:08.0558 0x1944  vhdmp - ok
16:42:08.0589 0x1944  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:42:08.0589 0x1944  viaide - ok
16:42:08.0621 0x1944  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
16:42:08.0621 0x1944  vmbus - ok
16:42:08.0652 0x1944  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
16:42:08.0652 0x1944  VMBusHID - ok
16:42:08.0714 0x1944  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
16:42:08.0730 0x1944  vmicguestinterface - ok
16:42:08.0746 0x1944  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
16:42:08.0761 0x1944  vmicheartbeat - ok
16:42:08.0777 0x1944  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
16:42:08.0777 0x1944  vmickvpexchange - ok
16:42:08.0808 0x1944  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\Windows\System32\ICSvc.dll
16:42:08.0808 0x1944  vmicrdv - ok
16:42:08.0824 0x1944  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
16:42:08.0839 0x1944  vmicshutdown - ok
16:42:08.0855 0x1944  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\Windows\System32\ICSvc.dll
16:42:08.0871 0x1944  vmictimesync - ok
16:42:08.0886 0x1944  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\Windows\System32\ICSvc.dll
16:42:08.0902 0x1944  vmicvss - ok
16:42:08.0949 0x1944  [ 436E1A724E7E683F6B612D3D58F04241, 939B5EF0090DF3759295F88402FD0EA33F499DDA9F89E5D0E90D1F9AED65D491 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:42:08.0949 0x1944  volmgr - ok
16:42:08.0996 0x1944  [ 7DD4EAE2E680948D9AFF3E1B5234C1D3, 7B893CEF2B72458F5C716C811A24E4A8856E12E2AC9F551606A64B59C9DCF272 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:42:09.0011 0x1944  volmgrx - ok
16:42:09.0042 0x1944  [ 17F7B0F2298D97F4B6C7A69511033D3D, 5BDFC225F31553786726808FB7952940FC05CA72B3977D684056F42AFAA59565 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:42:09.0042 0x1944  volsnap - ok
16:42:09.0089 0x1944  [ DAC438FB5FF85A9E72806E2341D5D732, B1D1EFCA8C588A6BF53CEC941CC59702C366F15C7D5943431736EC857E57C0A2 ] vpci            C:\Windows\System32\drivers\vpci.sys
16:42:09.0089 0x1944  vpci - ok
16:42:09.0121 0x1944  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:42:09.0136 0x1944  vsmraid - ok
16:42:09.0214 0x1944  [ D0CBA7B3531CCF2ADB985856D5F92434, 7FCBBCAF1AA85DCE8D75FB38DC4848AE12E8DD913CEBBC37BCD3D0123F0A3CAB ] VSS             C:\Windows\system32\vssvc.exe
16:42:09.0261 0x1944  VSS - ok
16:42:09.0293 0x1944  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
16:42:09.0308 0x1944  VSTXRAID - ok
16:42:09.0340 0x1944  [ 71066FF95C487327E44C8AF1B72EBE8B, EA2729126B452CAE0C80D07501779D804B08E47F1217B61D53277B40869FEC25 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:42:09.0355 0x1944  vwifibus - ok
16:42:09.0355 0x1944  [ 29AB43937FFDA0B0FB56984226E698C6, 6A1A559964FE5D594E54988C46149969E6FFD5A8D5A6862E14648B608794CC29 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:42:09.0371 0x1944  vwififlt - ok
16:42:09.0371 0x1944  [ 8B8624A93E3F88CB923AEB05B6313227, 2856B63CD376BF2B1A9129581E7B9207588D4EAFD29A2C8D98F176FEAFDE26A9 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
16:42:09.0386 0x1944  vwifimp - ok
16:42:09.0418 0x1944  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\Windows\system32\w32time.dll
16:42:09.0433 0x1944  W32Time - ok
16:42:09.0480 0x1944  [ 8E553C859C83784DEC08B10AFC3EAC92, 41D8DBA1500DBD3AC9783169ACF545805EF05069F12866238992A30794369254 ] w3logsvc        C:\Windows\system32\inetsrv\w3logsvc.dll
16:42:09.0480 0x1944  w3logsvc - ok
16:42:09.0496 0x1944  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
16:42:09.0496 0x1944  WacomPen - ok
16:42:09.0558 0x1944  [ 9A476AA8F78384678349BBC16502F4C4, C89A47C97EDF8BD09407C9BBE9BDC4FBFE8A54CA9AB4E1B82E8E0BAD6C18339B ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
16:42:09.0574 0x1944  WAS - ok
16:42:09.0652 0x1944  [ 841345442390953CBC8801B95D3D0540, FD4F9FD2C4C60A1A580177FFF2E9035009AC6A38E78D4236B0ED4773E3B263EE ] wbengine        C:\Windows\system32\wbengine.exe
16:42:09.0699 0x1944  wbengine - ok
16:42:09.0777 0x1944  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:42:09.0793 0x1944  WbioSrvc - ok
16:42:09.0840 0x1944  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
16:42:09.0855 0x1944  Wcmsvc - ok
16:42:09.0902 0x1944  [ A7F2B008F038EFFED5A847029852BC27, EC6C6DEC559AA0DD4307F87880939A84A4CFB13C73C92C444E9B53EBBDE80F79 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:42:09.0918 0x1944  wcncsvc - ok
16:42:09.0965 0x1944  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:42:09.0965 0x1944  WcsPlugInService - ok
16:42:09.0996 0x1944  [ F2E08D1C067FEFC3A42D21FD4810F1D3, A8AD114094D9AE3BC6F76940EF873FD21CCF130DE7F8712950F1962DCE25F1B3 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
16:42:09.0996 0x1944  WdBoot - ok
16:42:10.0043 0x1944  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:42:10.0074 0x1944  Wdf01000 - ok
16:42:10.0090 0x1944  [ E234820E6B84ABA5E84E00227F505AE8, 645B809B883D8F678F2535B575AA1D595F27EBFCE0A16433E9A54CC266BD74F2 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
16:42:10.0105 0x1944  WdFilter - ok
16:42:10.0136 0x1944  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:42:10.0136 0x1944  WdiServiceHost - ok
16:42:10.0136 0x1944  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:42:10.0152 0x1944  WdiSystemHost - ok
16:42:10.0168 0x1944  [ A74AD6D80AC26E1B5DD276FC927F2BAC, F73F090D46BB2AAA6A8D148C658B2EA8C07B16201BB800A9283F4017DC249809 ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
16:42:10.0168 0x1944  WdNisDrv - ok
16:42:10.0199 0x1944  WdNisSvc - ok
16:42:10.0246 0x1944  [ A70CAF5EA36CBA5FCA24244306D4D5C6, 76C3E20B62B89D9699A1E817377FAD70B144B877BCC5C850A5B64CC68184D8DA ] WebClient       C:\Windows\System32\webclnt.dll
16:42:10.0246 0x1944  WebClient - ok
16:42:10.0293 0x1944  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:42:10.0293 0x1944  Wecsvc - ok
16:42:10.0340 0x1944  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
16:42:10.0340 0x1944  WEPHOSTSVC - ok
16:42:10.0386 0x1944  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:42:10.0386 0x1944  wercplsupport - ok
16:42:10.0418 0x1944  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\Windows\System32\WerSvc.dll
16:42:10.0418 0x1944  WerSvc - ok
16:42:10.0465 0x1944  [ B3E08E32BD082100928C6BA18AE5E526, 1D93EB34B5A6DE9CEF3A0F41C346E2172CA43A3EEDD9230CB24DB1AC6F1974DF ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
16:42:10.0465 0x1944  WFPLWFS - ok
16:42:10.0511 0x1944  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\Windows\System32\wiarpc.dll
16:42:10.0511 0x1944  WiaRpc - ok
16:42:10.0527 0x1944  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:42:10.0527 0x1944  WIMMount - ok
16:42:10.0527 0x1944  WinDefend - ok
16:42:10.0574 0x1944  [ A083D80E73C2186C63A973971BD6E76D, 921BF84860F75FBDC841789B88E7C2835ADAB3DDCE7E7A7E61DE23D3376CAF96 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
16:42:10.0589 0x1944  WinHttpAutoProxySvc - ok
16:42:10.0668 0x1944  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:42:10.0668 0x1944  Winmgmt - ok
16:42:10.0777 0x1944  [ F81B96E455847919D2382098157DC20A, EDB286730D4F3D535F1F0B738DB39230B05B133FAFDD2F4904AD5B57C2705106 ] WinRM           C:\Windows\system32\WsmSvc.dll
16:42:10.0871 0x1944  WinRM - ok
16:42:10.0933 0x1944  [ 3AF1FA17F1C4ACBDB660D8F98B1A9C13, 99B0851410B462685F6705EBF832D10943FB9634030B02D15BF5D0C66F26F2C2 ] WinUSB          C:\Windows\System32\drivers\WinUSB.sys
16:42:10.0933 0x1944  WinUSB - ok
16:42:10.0949 0x1944  [ 4F2A80D65AE6F845776E2F06AE6782ED, 2455537C048115435D9EDE4B18F9F54C43912076AEF36BDEFEC35AF2140B8B2E ] WirelessButtonDriver C:\Windows\System32\drivers\WirelessButtonDriver64.sys
16:42:10.0949 0x1944  WirelessButtonDriver - ok
16:42:11.0043 0x1944  [ 2A4A54CB5198AEF84DF56560C679EDD9, 829BED307F9E57EEC38CEF91978034CC6846493AE33E51E76A1AC36EB5B1F197 ] WlanSvc         C:\Windows\System32\wlansvc.dll
16:42:11.0090 0x1944  WlanSvc - ok
16:42:11.0215 0x1944  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
16:42:11.0261 0x1944  wlidsvc - ok
16:42:11.0293 0x1944  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
16:42:11.0293 0x1944  WmiAcpi - ok
16:42:11.0340 0x1944  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:42:11.0355 0x1944  wmiApSrv - ok
16:42:11.0371 0x1944  WMPNetworkSvc - ok
16:42:11.0386 0x1944  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\Windows\system32\drivers\Wof.sys
16:42:11.0402 0x1944  Wof - ok
16:42:11.0484 0x1944  [ EDFA5CEDBE174FAAA4A09A6B297AEA42, 5998FE15462E4AD9C7B1444E5E2C17BD470DA3A5D474A0A118E02E47DADC678A ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
16:42:11.0547 0x1944  workfolderssvc - ok
16:42:11.0583 0x1944  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
16:42:11.0583 0x1944  wpcfltr - ok
16:42:11.0630 0x1944  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:42:11.0630 0x1944  WPCSvc - ok
16:42:11.0677 0x1944  [ 25BE82B325AC22FE563A58A1AC29F4C1, 4247BAA9A44C964446F81ED44F18B28F1F730F46851EC2B756BAC57FB9D86700 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:42:11.0677 0x1944  WPDBusEnum - ok
16:42:11.0693 0x1944  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
16:42:11.0693 0x1944  WpdUpFltr - ok
16:42:11.0708 0x1944  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:42:11.0708 0x1944  ws2ifsl - ok
16:42:11.0755 0x1944  [ 501D5EFAB9711039479AE48401386D2B, C8C1184DE93E9D2C4E8A60E4E9980745C4E5470E5DA9B59165D18705330ADEFE ] wscsvc          C:\Windows\System32\wscsvc.dll
16:42:11.0755 0x1944  wscsvc - ok
16:42:11.0782 0x1944  [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice  C:\Windows\System32\drivers\WSDPrint.sys
16:42:11.0782 0x1944  WSDPrintDevice - ok
16:42:11.0808 0x1944  [ 58035FD3369879E02D65989C44D27450, B9245DB5C17F7CE94FAA20AB4B0D06A4DFB6133C6E82343758CDC713EB64DFEF ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
16:42:11.0808 0x1944  WSDScan - ok
16:42:11.0808 0x1944  WSearch - ok
16:42:11.0949 0x1944  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\Windows\System32\WSService.dll
16:42:12.0074 0x1944  WSService - ok
16:42:12.0231 0x1944  [ D9FFD9E4DECC180ECFD85C44B5459D7B, 863BB388B855407BFE45A71EB64EF683C72332C6B948888BD9953D644C044F85 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:42:12.0356 0x1944  wuauserv - ok
16:42:12.0403 0x1944  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:42:12.0418 0x1944  WudfPf - ok
16:42:12.0450 0x1944  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
16:42:12.0465 0x1944  WUDFRd - ok
16:42:12.0465 0x1944  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP    C:\Windows\System32\drivers\WUDFRd.sys
16:42:12.0465 0x1944  WUDFSensorLP - ok
16:42:12.0528 0x1944  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:42:12.0528 0x1944  wudfsvc - ok
16:42:12.0543 0x1944  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\Windows\System32\drivers\WUDFRd.sys
16:42:12.0543 0x1944  WUDFWpdFs - ok
16:42:12.0559 0x1944  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp      C:\Windows\system32\DRIVERS\WUDFRd.sys
16:42:12.0559 0x1944  WUDFWpdMtp - ok
16:42:12.0606 0x1944  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:42:12.0621 0x1944  WwanSvc - ok
16:42:12.0637 0x1944  ================ Scan global ===============================
16:42:12.0700 0x1944  [ 3500AF0BA2EF095BF313EEB75D2366C6, C755E57B02BFA82151A182DF964349859575570EA5C3FBA81F747B8D2134A4D0 ] C:\Windows\system32\basesrv.dll
16:42:12.0747 0x1944  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\Windows\system32\winsrv.dll
16:42:12.0793 0x1944  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\Windows\system32\sxssrv.dll
16:42:12.0856 0x1944  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\Windows\system32\services.exe
16:42:12.0872 0x1944  [ Global ] - ok
16:42:12.0872 0x1944  ================ Scan MBR ==================================
16:42:12.0887 0x1944  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
16:42:12.0887 0x1944  \Device\Harddisk0\DR0 - ok
16:42:12.0887 0x1944  ================ Scan VBR ==================================
16:42:12.0903 0x1944  [ B453EC453D2C5215C931DEE91DCB38F1 ] \Device\Harddisk0\DR0\Partition1
16:42:12.0903 0x1944  \Device\Harddisk0\DR0\Partition1 - ok
16:42:12.0918 0x1944  [ D9A3CF3777D4831B2751D3A0DFD5EF76 ] \Device\Harddisk0\DR0\Partition2
16:42:12.0918 0x1944  \Device\Harddisk0\DR0\Partition2 - ok
16:42:12.0934 0x1944  [ 47C24E0AE6750EF6FD9C9EBC81909B82 ] \Device\Harddisk0\DR0\Partition3
16:42:12.0934 0x1944  \Device\Harddisk0\DR0\Partition3 - ok
16:42:12.0952 0x1944  [ BDF39DF96BEA82277FCDCAF669E76851 ] \Device\Harddisk0\DR0\Partition4
16:42:12.0952 0x1944  \Device\Harddisk0\DR0\Partition4 - ok
16:42:12.0983 0x1944  [ 975C9911D0466B4B833B01F515B91DAE ] \Device\Harddisk0\DR0\Partition5
16:42:12.0983 0x1944  \Device\Harddisk0\DR0\Partition5 - ok
16:42:12.0983 0x1944  ================ Scan generic autorun ======================
16:42:13.0265 0x1944  [ EE0170917D3E6BC75D668C1D39815CAD, 138297BFC2B37FA694D5CFC126AF08516F9CD3372B4CCEC3B950BBC8250C428F ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
16:42:13.0499 0x1944  RTHDVCPL - ok
16:42:13.0656 0x1944  [ 94A8196066774252DF015EEDF02CCA44, AD2DFDA427E3CCB5C8404F0AFAFE71C64B862D2E26A67E1BFC2B40738FD0B873 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
16:42:13.0734 0x1944  NvBackend - ok
16:42:13.0890 0x1944  [ DE9938F17D9B173B1CA83E218F03CCC0, BC007746535036743640A17E4AB495114F1370A7522BA6391309266C0B7789A2 ] C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
16:42:14.0046 0x1944  SimplePass - ok
16:42:14.0078 0x1944  [ 9159063E3EF84A832DB5251447BACE9C, EE1DD20A5176816F484DD6945674750F43EC37B13355815FD20459097028EAA5 ] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
16:42:14.0078 0x1944  OPBHOBroker - ok
16:42:14.0109 0x1944  [ AC382EA1AA21E592C808E46D95E6533D, B2941B6AAB48C245B47E94C74F0A1149A66428586ED3747C74C45BBFDA03741E ] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
16:42:14.0124 0x1944  OPBHOBrokerDesktop - ok
16:42:14.0124 0x1944  SynTPEnh - ok
16:42:14.0184 0x1944  [ FD8635F0976F6538C43CD306AF4A3BE5, 6108A2B39DEF7947317F2BEC881153939A1122391AEEE85356C3915AF2FFE9AC ] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
16:42:14.0184 0x1944  AccelerometerSysTrayApplet - ok
16:42:14.0214 0x1944  [ 5C62CE5C736F9F3FE7731BB313D1B521, F8CD6CE19996472350A966772ADEE3BF7C62087509CAAEB401A58E9AB2B8C995 ] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
16:42:14.0229 0x1944  HPMessageService - ok
16:42:14.0276 0x1944  [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
16:42:14.0276 0x1944  BCSSync - ok
16:42:14.0511 0x1944  [ F5281FA7188154C928ED27911B0BA6FD, 6CBF1F4E0D04986EF60A42A8A826FDB9681370EB30DB37958716FBB717757DEA ] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
16:42:14.0652 0x1944  BrStsMon00 - ok
16:42:14.0762 0x1944  [ 9DEF1B844FF294FE5900711764F82B72, 155BC2F63E395D4A20073329044A9D6AB13CCC6CA14DF63B43DE34C5F5ED035F ] C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe
16:42:14.0824 0x1944  BrStsInd00 - ok
16:42:14.0902 0x1944  [ 91988A31FB052AD9ADFA1FA97881C6D5, 4807ABC2A3AB127A39418EB0412DC4CAD95A07B5B1071C8D50B4C754A09A13F1 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
16:42:14.0918 0x1944  SunJavaUpdateSched - ok
16:42:15.0090 0x1944  [ 3D5D4137594D2EBA8868EAD504B89366, D5FEB5B8303B083A79A4617E59B2FB34FAD71BE72F3F8DD6E4B69B3D03FE658A ] C:\Program Files\DAEMON Tools Lite\DTAgent.exe
16:42:15.0231 0x1944  DAEMON Tools Lite Automount - ok
16:42:15.0402 0x1944  [ 53FA80D59C4AAB29D2913F26BF6F0786, BEAA015C567B6263FBDEDB511AF2401DD9158ACF2356A797CAE60F1F721CF043 ] C:\Program Files (x86)\Steam\steam.exe
16:42:15.0512 0x1944  Steam - ok
16:42:15.0527 0x1944  Waiting for KSN requests completion. In queue: 169
16:42:16.0587 0x1944  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.209.0 ), 0x60110 ( disabled : outofdate )
16:42:16.0587 0x1944  AV detected via SS2: Malwarebytes, C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe ( 3.0.0.198 ), 0x61000 ( enabled : updated )
16:42:16.0634 0x1944  Win FW state via NFP2: enabled ( trusted )
16:42:16.0696 0x1944  ============================================================
16:42:16.0696 0x1944  Scan finished
16:42:16.0696 0x1944  ============================================================
16:42:16.0696 0x0308  Detected object count: 0
16:42:16.0696 0x0308  Actual detected object count: 0
16:45:35.0006 0x0e40  Deinitialize success

-------

P.s. I tried watching a high quality stream in Safe Mode with Networking. Unfortunately, RealTemp couldn't launch, so I could only judge by the sound of the fan.
It was getting pretty loud, so, I think, the problem persists even in Safe Mode

Share this post


Link to post
Share on other sites

Hi,

Only in the RogueKiller do I found any reference to forgedalliance.exe
If you no longer use this program I suggest you fix it with the RogueKiller program.

You should also remove this item.

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.MailRU (Potentially Malicious)] (folder) Mail.Ru -- C:\ProgramData\Mail.Ru -> Found.

---

Reset your router. It may be infected.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html

How is it now?

Share this post


Link to post
Share on other sites

Hi,

Yeah, I deleted ForgedAlliance and Mail.ru but they seem to be just the leftovers.

About the router... I'm using neighbour's Wi-Fi, so I don't think I can do anything in that regard

Share this post


Link to post
Share on other sites
Posted (edited)


Nothing I can do about the Router.

Lets remove the remant forgedalliance.exe items on the registry.

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Open your Task Manager and see if an application is using a lot of the CPU. Check all of the tabs.
https://winaero.com/blog/all-ways-to-open-task-manager-in-windows-8-1-and-windows-8/


Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Edited by nasdaq

Share this post


Link to post
Share on other sites

Good day,

Nothing uses a lot of CPU in the Task Manager, aside form the task manager window itself for a brief second when I open it. Then it's fine.
The problem with the fan making noise when I watch high quality streams/videos, play games still persists.

Tbh, I feel like we may have killed the miner already? What if this fan problem is just the damage caused by the miner, a consequence of the miner infecting a laptop?
A hardware problem?

Here's the FRST Fixlog

Fixlog.txt

Share this post


Link to post
Share on other sites

Hi,

p.s.
There are may error on your Addition.txt log referring to Windows Defender.
Can you update it as it's presently out dated.

===

A running process may be causing this temporary peek in the CPU.

You should try to find the culprit using a clean boot.

How to perform a clean boot.
https://support.microsoft.com/en-ca/help/929135/how-to-perform-a-clean-boot-in-windows

Select the the Windows 8.1 link.
Print the instructions if you can. It will help you manage your search.

===

The principle is to Hide all Microsoft services check box, and then tap or click Disable all.

Restart the computer.

If the problem is solved then one of the running application is the cause.

By trial and error you should be able to find it.

That means to disable some of the Non windows processes and restarting the computer each time to find out if one of the 3rd party processes disabled is the culprit.
===

Make sure you enable all the processes as suggested when all is well.

Keep me posted.

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.